From sle-container-updates at lists.suse.com Tue Apr 1 07:05:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 1 Apr 2025 09:05:23 +0200 (CEST) Subject: SUSE-IU-2025:830-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250401070523.CF9D1FB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:830-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.156 , suse/sle-micro/base-5.5:latest Image Release : 5.8.156 Severity : moderate Type : security References : 1234452 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1063-1 Released: Mon Mar 31 11:04:42 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issues: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). The following package changes have been done: - libapparmor1-3.0.4-150500.11.12.2 updated - apparmor-parser-3.0.4-150500.11.12.2 updated From sle-container-updates at lists.suse.com Tue Apr 1 07:05:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 1 Apr 2025 09:05:56 +0200 (CEST) Subject: SUSE-IU-2025:831-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250401070556.73556FB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:831-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.298 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.298 Severity : moderate Type : security References : 1234452 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1063-1 Released: Mon Mar 31 11:04:42 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issues: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). The following package changes have been done: - libapparmor1-3.0.4-150500.11.12.2 updated From sle-container-updates at lists.suse.com Tue Apr 1 07:06:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 1 Apr 2025 09:06:44 +0200 (CEST) Subject: SUSE-IU-2025:832-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250401070644.0AF95FB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:832-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.348 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.348 Severity : moderate Type : security References : 1234452 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1063-1 Released: Mon Mar 31 11:04:42 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issues: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). The following package changes have been done: - libapparmor1-3.0.4-150500.11.12.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.266 updated From sle-container-updates at lists.suse.com Tue Apr 1 07:07:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 1 Apr 2025 09:07:35 +0200 (CEST) Subject: SUSE-IU-2025:833-1: Security update of suse/sle-micro/5.5 Message-ID: <20250401070735.DFA30FB9D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:833-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.266 , suse/sle-micro/5.5:latest Image Release : 5.5.266 Severity : moderate Type : security References : 1234452 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1063-1 Released: Mon Mar 31 11:04:42 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issues: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). The following package changes have been done: - libapparmor1-3.0.4-150500.11.12.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.156 updated From sle-container-updates at lists.suse.com Wed Apr 2 07:07:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 2 Apr 2025 09:07:46 +0200 (CEST) Subject: SUSE-CU-2025:2300-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250402070746.64306FB9D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2300-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.21 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.21 Severity : moderate Type : recommended References : 1236982 1237695 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1071-1 Released: Mon Mar 31 16:42:30 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1236982,1237695 This update for dracut fixes the following issue: - Version update 059+suse.557.gccd6ab94 * fix(iscsi) make sure services are shut down when switching root (bsc#1237695). * fix(iscsi) don't require network setup for qedi. * fix(network-legacy) do not require pgrep when using wicked (bsc#1236982). The following package changes have been done: - dracut-059+suse.557.gccd6ab94-150600.3.20.2 updated From sle-container-updates at lists.suse.com Wed Apr 2 07:08:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 2 Apr 2025 09:08:26 +0200 (CEST) Subject: SUSE-CU-2025:2301-1: Recommended update of bci/kiwi Message-ID: <20250402070826.78050FB9D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2301-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.26 , bci/kiwi:latest Container Release : 22.26 Severity : moderate Type : recommended References : 1221790 1236504 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1082-1 Released: Tue Apr 1 11:04:14 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: moderate References: 1221790,1236504 This update for python-kiwi fixes the following issues: - Fixed bundle extension for archives and vagrant types - Fixed file references in kiwi bundler result files (bsc#1221790, bsc#1236504) - On multipath systems find and use the underlying child device instead of using the parent device The following package changes have been done: - kiwi-tools-9.24.43-150100.3.93.1 updated - kiwi-systemdeps-core-9.24.43-150100.3.93.1 updated - dracut-kiwi-lib-9.24.43-150100.3.93.1 updated - kiwi-systemdeps-filesystems-9.24.43-150100.3.93.1 updated - dracut-kiwi-oem-repart-9.24.43-150100.3.93.1 updated - python3-kiwi-9.24.43-150100.3.93.1 updated From sle-container-updates at lists.suse.com Thu Apr 3 07:03:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Apr 2025 09:03:54 +0200 (CEST) Subject: SUSE-IU-2025:834-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250403070354.729CDF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:834-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.6 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.6 Severity : important Type : security References : 1186673 1213004 1213008 1221063 1221928 1222834 1222840 1224113 1224167 1225904 1227456 1229010 1229072 1229449 1231472 1233289 1233322 1234660 1236567 1236619 1236826 1237040 1237041 1237498 CVE-2025-24528 CVE-2025-26465 CVE-2025-26466 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 243 Released: Fri Mar 14 09:40:18 2025 Summary: Recommended update for aardvark-dns, netavark Type: recommended Severity: moderate References: 1224167,1234660,1236567 This update for aardvark-dns, netavark fixes the following issues: - Update to version 1.12.2 ----------------------------------------------------------------- Advisory ID: 244 Released: Fri Mar 14 12:51:07 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches - modified patches ----------------------------------------------------------------- Advisory ID: 245 Released: Fri Mar 14 12:55:02 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1233289,1233322 This update for elemental-toolkit fixes the following issues: - Bump yip to v1.9.6 (bsc#1233322) - Make lint happy - Fixes squashfs images creation (bsc#1233289) ----------------------------------------------------------------- Advisory ID: 251 Released: Wed Mar 19 11:42:10 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: 259 Released: Tue Mar 25 10:02:20 2025 Summary: Security update for openssh Type: security Severity: important References: 1186673,1213004,1213008,1221063,1221928,1222840,1225904,1227456,1229010,1229072,1229449,1236826,1237040,1237041,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). Other bugfixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). - Add #include in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Added missing struct initializer, added missing parameter (bsc#1222840). - Remove OPENSSL_HAVE_EVPGCM-ifdef, which is no longer supported by upstream (bsc#1221928). - Use %config(noreplace) for sshd_config. In any case, it's recommended to drop a file in sshd_config.d instead of editing sshd_config (bsc#1221063). - Add a patch to fix a regression introduced in 9.6 that makes X11 forwarding very slow (bsc#1229449). - Drop keycat binary that is not supported, except of the code that is used by other SELinux patches (bsc#1229072). - Fix RFC4256 implementation that keyboard-interactive authentication method can send instructions and sshd shows them to users (bsc#1229010). - Add attempts to mitigate instances of secrets lingering in memory after a session exits (bsc#1186673, bsc#1213004, bsc#1213008). - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) ----------------------------------------------------------------- Advisory ID: 262 Released: Mon Mar 31 08:37:17 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1237498 This update for elemental-operator fixes the following issues: - Update to version 1.6.7: * Bump default operator channel to Micro 6.1 images * [v1.6.x][BACKPORT] seedimage: clean-up service on image download deadline (bsc#1237498) * No need to install yq neither to create a GH release ----------------------------------------------------------------- Advisory ID: 269 Released: Wed Apr 2 16:29:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834,1224113 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - findutils-4.9.0-4.1 updated - SL-Micro-release-6.0-25.12 updated - libfreebl3-3.101.2-2.1 updated - krb5-1.20.1-6.1 updated - mozilla-nss-certs-3.101.2-2.1 updated - mozilla-nss-3.101.2-2.1 updated - libsoftokn3-3.101.2-2.1 updated - elemental-register-1.6.7-1.1 updated - elemental-support-1.6.7-1.1 updated - elemental-toolkit-2.1.2-1.1 updated - aardvark-dns-1.12.2-1.1 updated - openssh-common-9.6p1-3.1 updated - netavark-1.12.2-1.1 updated - openssh-server-9.6p1-3.1 updated - openssh-clients-9.6p1-3.1 updated - openssh-9.6p1-3.1 updated - container:SL-Micro-base-container-2.1.3-6.5 updated From sle-container-updates at lists.suse.com Thu Apr 3 07:04:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Apr 2025 09:04:48 +0200 (CEST) Subject: SUSE-IU-2025:836-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250403070448.61393F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:836-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.5 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.5 Severity : moderate Type : security References : 1222834 1224113 1231472 1233289 1233322 1236619 1237498 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 244 Released: Fri Mar 14 12:51:07 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches - modified patches ----------------------------------------------------------------- Advisory ID: 245 Released: Fri Mar 14 12:55:02 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1233289,1233322 This update for elemental-toolkit fixes the following issues: - Bump yip to v1.9.6 (bsc#1233322) - Make lint happy - Fixes squashfs images creation (bsc#1233289) ----------------------------------------------------------------- Advisory ID: 251 Released: Wed Mar 19 11:42:10 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: 262 Released: Mon Mar 31 08:37:17 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1237498 This update for elemental-operator fixes the following issues: - Update to version 1.6.7: * Bump default operator channel to Micro 6.1 images * [v1.6.x][BACKPORT] seedimage: clean-up service on image download deadline (bsc#1237498) * No need to install yq neither to create a GH release ----------------------------------------------------------------- Advisory ID: 269 Released: Wed Apr 2 16:29:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834,1224113 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - findutils-4.9.0-4.1 updated - SL-Micro-release-6.0-25.12 updated - libfreebl3-3.101.2-2.1 updated - krb5-1.20.1-6.1 updated - mozilla-nss-certs-3.101.2-2.1 updated - mozilla-nss-3.101.2-2.1 updated - libsoftokn3-3.101.2-2.1 updated - elemental-register-1.6.7-1.1 updated - elemental-support-1.6.7-1.1 updated - elemental-toolkit-2.1.2-1.1 updated - container:SL-Micro-base-container-2.1.3-6.5 updated From sle-container-updates at lists.suse.com Thu Apr 3 07:04:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Apr 2025 09:04:20 +0200 (CEST) Subject: SUSE-IU-2025:835-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250403070420.F0A2FF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:835-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-6.5 , suse/sl-micro/6.0/base-os-container:latest Image Release : 6.5 Severity : important Type : security References : 1012628 1194869 1214954 1215199 1216813 1218470 1220711 1220773 1222834 1224095 1224113 1224726 1225743 1225820 1225897 1226980 1227445 1228526 1228592 1229809 1229833 1230205 1230413 1230697 1231016 1231472 1231854 1231909 1231963 1232087 1232101 1232158 1232161 1232193 1232198 1232201 1232418 1232419 1232420 1232421 1232436 1232882 1233038 1233055 1233070 1233096 1233112 1233200 1233204 1233239 1233259 1233260 1233289 1233322 1233324 1233328 1233461 1233467 1233469 1233488 1233546 1233558 1233637 1233638 1233642 1233772 1233778 1233837 1234024 1234069 1234071 1234073 1234075 1234076 1234077 1234079 1234086 1234139 1234140 1234141 1234142 1234143 1234144 1234145 1234146 1234147 1234148 1234149 1234150 1234153 1234155 1234156 1234158 1234159 1234160 1234161 1234162 1234163 1234164 1234165 1234166 1234167 1234168 1234169 1234170 1234171 1234172 1234173 1234174 1234175 1234176 1234177 1234178 1234179 1234180 1234181 1234182 1234183 1234184 1234185 1234186 1234187 1234188 1234189 1234190 1234191 1234192 1234193 1234194 1234195 1234196 1234197 1234198 1234199 1234200 1234201 1234203 1234204 1234205 1234207 1234208 1234209 1234219 1234220 1234221 1234237 1234238 1234239 1234240 1234241 1234242 1234243 1234278 1234279 1234280 1234281 1234282 1234294 1234338 1234357 1234381 1234454 1234464 1234605 1234619 1234635 1234651 1234652 1234654 1234655 1234657 1234658 1234659 1234668 1234683 1234690 1234693 1234725 1234726 1234810 1234811 1234825 1234826 1234827 1234829 1234832 1234834 1234843 1234846 1234848 1234853 1234855 1234856 1234863 1234884 1234887 1234888 1234889 1234891 1234893 1234898 1234899 1234900 1234901 1234905 1234906 1234907 1234909 1234911 1234912 1234916 1234918 1234920 1234921 1234922 1234923 1234929 1234930 1234931 1234934 1234937 1234947 1234948 1234950 1234952 1234957 1234960 1234962 1234963 1234968 1234969 1234970 1234971 1234973 1234974 1234989 1234999 1235000 1235001 1235002 1235003 1235004 1235007 1235009 1235011 1235016 1235019 1235031 1235032 1235033 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235045 1235046 1235050 1235051 1235053 1235054 1235056 1235057 1235059 1235061 1235065 1235070 1235073 1235075 1235100 1235108 1235112 1235115 1235117 1235122 1235123 1235125 1235128 1235132 1235133 1235134 1235138 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235246 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235409 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235437 1235439 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235507 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235550 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235686 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235894 1235902 1235903 1235906 1235918 1235919 1235920 1235924 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236120 1236125 1236127 1236131 1236138 1236143 1236144 1236145 1236160 1236161 1236163 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236227 1236245 1236247 1236248 1236260 1236262 1236619 1236628 1236688 1236696 1236703 1236732 1236733 1236878 1237498 CVE-2023-52923 CVE-2024-12133 CVE-2024-26924 CVE-2024-27397 CVE-2024-35839 CVE-2024-36476 CVE-2024-36908 CVE-2024-39282 CVE-2024-39480 CVE-2024-41042 CVE-2024-43913 CVE-2024-44934 CVE-2024-44996 CVE-2024-45828 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47678 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49569 CVE-2024-49854 CVE-2024-49884 CVE-2024-49915 CVE-2024-49948 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50016 CVE-2024-50018 CVE-2024-50039 CVE-2024-50047 CVE-2024-50051 CVE-2024-50106 CVE-2024-50143 CVE-2024-50151 CVE-2024-50154 CVE-2024-50199 CVE-2024-50202 CVE-2024-50203 CVE-2024-50211 CVE-2024-50228 CVE-2024-50256 CVE-2024-50262 CVE-2024-50272 CVE-2024-50278 CVE-2024-50280 CVE-2024-50299 CVE-2024-52332 CVE-2024-53050 CVE-2024-53064 CVE-2024-53090 CVE-2024-53091 CVE-2024-53095 CVE-2024-53099 CVE-2024-53103 CVE-2024-53105 CVE-2024-53111 CVE-2024-53113 CVE-2024-53117 CVE-2024-53118 CVE-2024-53119 CVE-2024-53120 CVE-2024-53122 CVE-2024-53125 CVE-2024-53126 CVE-2024-53127 CVE-2024-53129 CVE-2024-53130 CVE-2024-53131 CVE-2024-53133 CVE-2024-53134 CVE-2024-53136 CVE-2024-53141 CVE-2024-53142 CVE-2024-53144 CVE-2024-53146 CVE-2024-53148 CVE-2024-53150 CVE-2024-53151 CVE-2024-53154 CVE-2024-53155 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158 CVE-2024-53159 CVE-2024-53160 CVE-2024-53161 CVE-2024-53162 CVE-2024-53164 CVE-2024-53166 CVE-2024-53168 CVE-2024-53169 CVE-2024-53170 CVE-2024-53171 CVE-2024-53172 CVE-2024-53173 CVE-2024-53174 CVE-2024-53175 CVE-2024-53179 CVE-2024-53180 CVE-2024-53185 CVE-2024-53187 CVE-2024-53188 CVE-2024-53190 CVE-2024-53191 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53200 CVE-2024-53201 CVE-2024-53202 CVE-2024-53203 CVE-2024-53206 CVE-2024-53207 CVE-2024-53208 CVE-2024-53209 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214 CVE-2024-53215 CVE-2024-53216 CVE-2024-53217 CVE-2024-53222 CVE-2024-53224 CVE-2024-53227 CVE-2024-53229 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53234 CVE-2024-53236 CVE-2024-53237 CVE-2024-53239 CVE-2024-53240 CVE-2024-53241 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56536 CVE-2024-56538 CVE-2024-56539 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56549 CVE-2024-56551 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56566 CVE-2024-56567 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56576 CVE-2024-56577 CVE-2024-56578 CVE-2024-56582 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56599 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56604 CVE-2024-56605 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56667 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56752 CVE-2024-56754 CVE-2024-56755 CVE-2024-56756 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2024-8805 CVE-2025-21632 CVE-2025-21645 CVE-2025-21646 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21674 CVE-2025-21676 CVE-2025-21682 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 244 Released: Fri Mar 14 12:51:07 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches - modified patches ----------------------------------------------------------------- Advisory ID: 245 Released: Fri Mar 14 12:55:02 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1233289,1233322 This update for elemental-toolkit fixes the following issues: - Bump yip to v1.9.6 (bsc#1233322) - Make lint happy - Fixes squashfs images creation (bsc#1233289) ----------------------------------------------------------------- Advisory ID: 251 Released: Wed Mar 19 11:42:10 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: kernel-3 Released: Thu Mar 27 16:23:42 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1214954,1215199,1216813,1218470,1220711,1220773,1224095,1224726,1225743,1225820,1225897,1226980,1227445,1228526,1228592,1229809,1229833,1230205,1230413,1230697,1231016,1231854,1231909,1231963,1232087,1232101,1232158,1232161,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1232882,1233038,1233055,1233070,1233096,1233112,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233469,1233488,1233546,1233558,1233637,1233638,1233642,1233772,1233778,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,1234192,1234193,1 234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234619,1234635,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234683,1234690,1234693,1234725,1234726,1234810,1234811,1234825,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234863,1234884,1234887,1234888,1234889,1234891,1234893,1234898,1234899,1234900,1234901,1234905,1234906,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234923,1234929,1234930,1234931,1234934,1234937,1234947,1234948,1234950,1234952,1234957,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235000,1235001,1235002,1235003,1235004,1235007,1235009,1235011,1235016,1235019,1235031,1235032,1235033,1235035,1235037,123503 8,1235039,1235040,1235042,1235043,1235045,1235046,1235050,1235051,1235053,1235054,1235056,1235057,1235059,1235061,1235065,1235070,1235073,1235075,1235100,1235108,1235112,1235115,1235117,1235122,1235123,1235125,1235128,1235132,1235133,1235134,1235138,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235246,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235409,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235444,1235445,1235449,1235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235507,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235550,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,1235584,1235587,123 5611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235894,1235902,1235903,1235906,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,1236080,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236688,1236696,1236703,1236732,1236733,CVE-2023-52923,CVE-2024-26924,CVE-2024-27397,CVE-2024-35839,CVE-2024-36476,CVE-2 024-36908,CVE-2024-39282,CVE-2024-39480,CVE-2024-41042,CVE-2024-43913,CVE-2024-44934,CVE-2024-44996,CVE-2024-45828,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47678,CVE-2024-47809,CVE-2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50016,CVE-2024-50018,CVE-2024-50039,CVE-2024-50047,CVE-2024-50051,CVE-2024-50106,CVE-2024-50143,CVE-2024-50151,CVE-2024-50154,CVE-2024-50199,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50280,CVE-2024-50299,CVE-2024-52332,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53091,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-531 34,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53164,CVE-2024-53166,CVE-2024-53168,CVE-2024-53169,CVE-2024-53170,CVE-2024-53171,CVE-2024-53172,CVE-2024-53173,CVE-2024-53174,CVE-2024-53175,CVE-2024-53179,CVE-2024-53180,CVE-2024-53185,CVE-2024-53187,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53194,CVE-2024-53195,CVE-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-53203,CVE-2024-53206,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53234,CVE-2024-53236,CVE-2024-53237,CVE-2024-53239,CVE-2024-53240,CVE- 2024-53241,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56536,CVE-2024-56538,CVE-2024-56539,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56549,CVE-2024-56551,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56576,CVE-2024-56577,CVE-2024-56578,CVE-2024-56582,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56599,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56604,CVE-2024-56605,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56 620,CVE-2024-56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56667,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE -2024-56746,CVE-2024-56747,CVE-2024-56748,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE-2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-5 7938,CVE-2024-57940,CVE-2024-57946,CVE-2024-8805,CVE-2025-21632,CVE-2025-21645,CVE-2025-21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21674,CVE-2025-21676,CVE-2025-21682 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469). - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772). - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069). - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079). - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221) - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003). - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). The following non-security bugs were fixed: - 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes). - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: Fix memory resource type union access (git-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes). - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes). - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes). - ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes). - ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Check UMP support for midi_version change (git-fixes). - ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes). - ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes). - ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes). - ALSA: seq: ump: Use guard() for locking (stable-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes). - ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: US16x08: Initialize array before use (git-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes). - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes). - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes). - ASoC: amd: yc: Fix the wrong return value (git-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: hdmi-codec: reorder channel allocation list (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes). - Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: MGMT: Fix possible deadlocks (git-fixes). - Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes). - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - Bluetooth: iso: Fix recursive locking warning (git-fixes). - Delete XHCI patch for regression (bsc#1235550) - Disable ceph (jsc#PED-7242) - Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - Drop downstream TPM fix patch (bsc#1233260 bsc#1233259 bsc#1232421) - Drop uvcvideo fix due to regression (bsc#1235894) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Async COPY result needs to return a write verifier (git-fixes). - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Remove a never-true comparison (git-fixes). - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes). - PCI/AER: Disable AER service on suspend (stable-fixes). - PCI/MSI: Handle lack of irqdomain gracefully (git-fixes). - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes). - PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes). - PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes). - PCI: Add T_PERST_CLK_US macro (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: Detect and trust built-in Thunderbolt chips (stable-fixes). - PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes). - PCI: Use preserve_config in place of pci_flags (stable-fixes). - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes). - PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes). - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: j721e: Add PCIe 4x lane selection support (stable-fixes). - PCI: j721e: Add per platform maximum lane settings (stable-fixes). - PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes). - PCI: j721e: Add suspend and resume support (git-fixes). - PCI: j721e: Use T_PERST_CLK_US macro (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: qcom: Add support for IPQ9574 (stable-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes). - PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). - RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes) - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes) - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes) - RDMA/bnxt_re: Disable use of reserved wqes (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes) - RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes) - RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/bnxt_re: Remove always true dattr validity check (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes) - RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes) - RDMA/hns: Fix missing flush CQE for DWQE (git-fixes) - RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - RDMA/uverbs: Prevent integer overflow issue (git-fixes) - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146). - Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)' - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413) - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413) - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413) - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'unicode: Do not special case ignorable code points' (stable-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - Revert 'arm64: Kconfig: Make SME depend on BROKEN for now' - Revert 0dd78566990 ('Disable ceph (jsc#PED-7242)') - SUNRPC: make sure cache entry active before cache_show (git-fixes). - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MediaTek T7XX compositions (stable-fixes). - USB: serial: option: add MeiG Smart SLM770A (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes). - USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes). - USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes). - accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes). - accel/habanalabs: fix debugfs files permissions (stable-fixes). - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes). - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes). - af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725). - afs: Automatically generate trace tag enums (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix missing subdir edit when renamed between parent dirs (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - amdgpu/uvd: get ring reference from rq scheduler (git-fixes). - arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773). - arch: Remove cmpxchg_double (bsc#1220773). - arch: consolidate arch_irq_work_raise prototypes (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Force position-independent veneers (git-fixes). - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) - arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - batman-adv: Do not let TT changes list grows indefinitely (git-fixes). - batman-adv: Do not send uninitialized TT changes (git-fixes). - batman-adv: Remove uninitialized data in full table TT response (git-fixes). - blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726). - blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139). - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144). - blk-iocost: do not WARN if iocg was already offlined (bsc#1234147). - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140). - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149). - block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150). - block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160). - block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280). - block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279). - block/mq-deadline: Fix the tag reservation code (bsc#1234148). - block: Call .limit_depth() after .hctx has been set (bsc#1234148). - block: Fix where bio IO priority gets set (bsc#1234145). - block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142). - block: update the stable_writes flag in bdev_add (bsc#1234141). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes). - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes). - bnxt_en: Set backplane link modes correctly for ethtool (git-fixes). - bpf, x86: Fix PROBE_MEM runtime load check (git-fixes). - bpf: verifier: prevent userspace memory access (git-fixes). - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128) - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes). - can: j1939: fix error in J1939 documentation (stable-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - checkpatch: always parse orig_commit in fixes tag (git-fixes). - checkpatch: check for missing Fixes tags (stable-fixes). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes). - clocksource/drivers:sp804: Make user selectable (git-fixes). - counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes). - counter: ti-ecap-capture: Add check for clk_enable() (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qat - disable IOV in adf_dev_stop() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes). - cyrpto/b128ops: Remove struct u128 (bsc#1220773). - devcoredump: cleanup some comments (git-fixes). - devlink: Fix length of eswitch inline-mode (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dma-buf: fix dma_fence_array_signaled v4 (stable-fixes). - dma-debug: fix a possible deadlock on radix_lock (stable-fixes). - dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes). - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes). - dmaengine: dw: Select only supported masters for ACPI devices (git-fixes). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes). - dmaengine: tegra: Return correct DMA status when paused (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - driver core: fw_devlink: Improve logs for cycle detection (stable-fixes). - driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes). - drm/amd/display: Add HDR workaround for specific eDP (stable-fixes). - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Revert Avoid overflow assignment (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amd/pm: fix the high voltage issue after unload (stable-fixes). - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes). - drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes). - drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes). - drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes). - drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes). - drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes). - drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes). - drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes). - drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: do not access invalid sched (git-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: fix usage slab after free (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes). - drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/amdkfd: Use device based logging for errors (stable-fixes). - drm/amdkfd: Use the correct wptr size (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/amdkfd: pause autosuspend when creating pdd (stable-fixes). - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/bridge: it6505: Enable module autoloading (stable-fixes). - drm/bridge: it6505: Fix inverted reset polarity (git-fixes). - drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes). - drm/display: Fix building with GCC 15 (stable-fixes). - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes). - drm/dp_mst: Fix MST sideband message body length check (stable-fixes). - drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes). - drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes). - drm/i915/dg1: Fix power gate sequence (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes). - drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes). - drm/mcde: Enable module autoloading (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes). - drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes). - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes). - drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes). - drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes). - drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes). - drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - drm: adv7511: Drop dsi single lane support (git-fixes). - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes). - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - erofs: avoid debugging output for (de)compressed data (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - ext4: add a new helper to check if es must be kept (bsc#1234170). - ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164). - ext4: add missed brelse in update_backups (bsc#1234171). - ext4: allow for the last group to be marked as trimmed (bsc#1234278). - ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180). - ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193). - ext4: avoid overlapping preallocations due to overflow (bsc#1234162). - ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192). - ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187). - ext4: check the extent status again before inserting delalloc block (bsc#1234186). - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190). - ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178). - ext4: correct best extent lstart adjustment logic (bsc#1234179). - ext4: correct grp validation in ext4_mb_good_group (bsc#1234163). - ext4: correct return value of ext4_convert_meta_bg (bsc#1234172). - ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178). - ext4: correct the start block of counting reserved clusters (bsc#1234169). - ext4: do not let fstrim block system suspend (bsc#1234166). - ext4: do not trim the group with corrupted block bitmap (bsc#1234177). - ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170). - ext4: factor out a common helper to query extent map (bsc#1234186). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176). - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188). - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188). - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix potential unnitialized variable (bsc#1234183). - ext4: fix race between writepages and remount (bsc#1234168). - ext4: fix rec_len verify error (bsc#1234167). - ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170). - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185). - ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178). - ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170). - ext4: make ext4_es_insert_extent() return void (bsc#1234170). - ext4: make ext4_es_remove_extent() return void (bsc#1234170). - ext4: make ext4_zeroout_es() return void (bsc#1234170). - ext4: make sure allocate pending entry not fail (bsc#1234170). - ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175). - ext4: move 'ix' sanity check to corrent position (bsc#1234174). - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165). - ext4: nested locking for xattr inode (bsc#1234189). - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194). - ext4: refactor ext4_da_map_blocks() (bsc#1234178). - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173). - ext4: remove the redundant folio_wait_stable() (bsc#1234184). - ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182). - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181). - ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170). - ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - filemap: Fix bounds checking in filemap_read() (bsc#1234209). - filemap: add a per-mapping stable writes flag (bsc#1234141). - firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes). - fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200). - fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207). - fsnotify: fix sending inotify event with unexpected filename (bsc#1234198). - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes). - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes). - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: grgpio: Add NULL check in grgpio_probe (git-fixes). - gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - hvc/xen: fix console unplug (git-fixes). - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes). - hvc/xen: fix event channel handling for secondary consoles (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes). - hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes). - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes). - hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes). - hwmon: (tmp513) Fix Current Register value interpretation (git-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes). - hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes). - hwmon: (tmp513) Use SI constants from units.h (stable-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes). - i2c: microchip-core: actually use repeated sends (git-fixes). - i2c: microchip-core: fix 'ghost' detections (git-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: pnx: Fix timeout in wait functions (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: riic: Always round-up when calculating bus period (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - i40e: Fix handling changed priv flags (git-fixes). - i915/guc: Accumulate active runtime on gt reset (git-fixes). - i915/guc: Ensure busyness counter increases motonically (git-fixes). - i915/guc: Reset engine utilization buffer before registration (git-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ice: Unbind the workqueue (bsc#1234989) - ice: change q_index variable type to s16 to store -1 value (git-fixes). - ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes). - ice: fix PHY Clock Recovery availability check (git-fixes). - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - igb: Fix potential invalid memory access in igb_init_module() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - instrumentation: Wire up cmpxchg128() (bsc#1220773). - intel_th: core: fix kernel-doc warnings (git-fixes). - io_uring/rw: avoid punting to io-wq directly (git-fixes). - io_uring/tctx: work around xa_store() allocation error issue (git-fixes). - io_uring: Fix registered ring file refcount leak (git-fixes). - io_uring: always lock __io_cqring_overflow_flush (git-fixes). - io_uring: check if iowq is killed before queuing (git-fixes). - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes). - isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199). - ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes). - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes). - kabi/severities: make vcap_find_actionfield PASS (bsc#1220773) - kasan: make report_lock a raw spinlock (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kdb: Fix buffer overflow during tab-complete (bsc#1234652). - kdb: Fix console handling when editing and tab-completing commands (bsc#1234655). - kdb: Merge identical case statements in kdb_read() (bsc#1234657). - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658). - kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654). - kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654). - kdb: address -Wformat-security warnings (bsc#1234659). - kgdb: Flush console before entering kgdb on panic (bsc#1234651). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes). - locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix). - loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143). - mac80211: fix user-power when emulating chanctx (stable-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes). - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes). - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - mfd: da9052-spi: Change read-mask to write-mask (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/readahead: do not allow order-1 folio (bsc#1234205). - mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes). - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes). - mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes). - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes). - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes). - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes). - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes). - mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes). - mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes). - net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes). - net/mlx5e: clear xdp features on non-uplink representors (git-fixes). - net/qed: allow old cards not supporting 'num_images' to work (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Quectel RG650V (stable-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nfs: ignore SB_RDONLY when mounting nfs (git-fixes). - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - nfsd: release svc_expkey/svc_export with rcu_work (git-fixes). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes). - nvme-rdma: unquiesce admin_q before destroy it (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme-tcp: fix the memleak while create new ctrl failed (git-fixes). - nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: apple: fix device reference counting (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvme: fix metadata handling in nvme-passthrough (git-fixes). - nvmet-loop: avoid using mutex in IO hotpath (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes). - ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes). - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes). - of: Fix error path in of_parse_phandle_with_args_map() (git-fixes). - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes). - of: address: Report error on resource bounds overflow (stable-fixes). - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - parisc: Raise minimal GCC version (bsc#1220773). - parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix). - percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773). - percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix). - percpu: Wire up cmpxchg128 (bsc#1220773). - phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes). - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes). - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes). - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes). - phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes). - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes). - phy: rockchip: naneng-combphy: fix phy reset (git-fixes). - phy: usb: Toggle the PHY power during init (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes). - pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes). - pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - pinmux: Use sequential access to access desc->pinmux data (stable-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes). - platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes). - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes). - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - power: supply: gpio-charger: Fix set charge current limits (git-fixes). - powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - quota: Fix rcu annotations of inode dquot pointers (bsc#1234197). - quota: explicitly forbid quota files from being encrypted (bsc#1234196). - quota: flush quota_release_work upon quota writeback (bsc#1234195). - quota: simplify drop_dquot_ref() (bsc#1234197). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208). - regmap: Use correct format specifier for logging range errors (stable-fixes). - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390/cio: Do not unregister the subchannel based on DNV (git-fixes). - s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773). - s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes). - s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes). - s390/facility: Disable compile time optimization for decompressor code (git-fixes). - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes). - s390/pageattr: Implement missing kernel_page_present() (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)). - scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409). - scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409). - scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409). - scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409). - scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409). - scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409). - scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409). - scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409). - scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409). - scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409). - scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406). - scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406). - scsi: qla2xxx: Fix use after free on unload (bsc#1235406). - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406). - scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406). - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406). - scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406). - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes). - serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes). - serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes). - serial: 8250_fintek: Add support for F81216E (stable-fixes). - serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes). - serial: amba-pl011: Fix RX stall when DMA is used (git-fixes). - serial: amba-pl011: Use port lock wrappers (stable-fixes). - serial: amba-pl011: fix build regression (git-fixes). - serial: do not use uninitialized value in uart_poll_init() (git-fixes). - serial: imx: only set receiver level if it is zero (git-fixes). - serial: imx: set receiver level before starting uart (git-fixes). - serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes). - serial: qcom-geni: disable interrupts during console writes (git-fixes). - serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes). - serial: qcom-geni: fix console corruption (git-fixes). - serial: qcom-geni: fix dma rx cancellation (git-fixes). - serial: qcom-geni: fix false console tx restart (git-fixes). - serial: qcom-geni: fix fifo polling timeout (git-fixes). - serial: qcom-geni: fix hard lockup on buffer flush (git-fixes). - serial: qcom-geni: fix polled console corruption (git-fixes). - serial: qcom-geni: fix polled console initialisation (git-fixes). - serial: qcom-geni: fix receiver enable (git-fixes). - serial: qcom-geni: fix shutdown race (git-fixes). - serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes). - serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes). - serial: qcom-geni: revert broken hibernation support (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes). - serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes). - slub: Replace cmpxchg_double() (bsc#1220773). - slub: Replace cmpxchg_double() - KABI fix (bsc#1220773). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642] - soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes). - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes). - soc: imx8m: Probe the SoC driver as platform driver (stable-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: Add check devm_kasprintf() returned value (stable-fixes). - soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes). - soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes). - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes). - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8645) - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes). - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes). - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tools: hv: change permissions of NetworkManager configuration file (git-fixes). - tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes). - types: Introduce [us]128 (bsc#1220773). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - udf: Fix lock ordering in udf_evict_inode() (bsc#1234238). - udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243). - udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239). - udf: refactor inode_bmap() to handle error (bsc#1234242). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes). - usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes). - usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes). - usb: dwc2: Fix HCD port connection race (git-fixes). - usb: dwc2: Fix HCD resume (git-fixes). - usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes). - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes). - usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes). - usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes). - usb: host: max3421-hcd: Correctly abort a USB request (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes). - usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes). - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes). - vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes). - vdpa: solidrun: Fix UB bug with devres (git-fixes). - vfs: fix readahead(2) on block devices (bsc#1234201). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes). - wifi: ath5k: add PCI ID for SX76X (git-fixes). - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix station NSS capability initialization order (git-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes). - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203). - x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773). - x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773). - x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). - xfs: do not allocate COW extents when unsharing a hole (git-fixes). - xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes). - xfs: remove unknown compat feature check in superblock write validation (git-fixes). - xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes). - xfs: sb_spino_align is not verified (git-fixes). - xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes). - xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes). ----------------------------------------------------------------- Advisory ID: 262 Released: Mon Mar 31 08:37:17 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1237498 This update for elemental-operator fixes the following issues: - Update to version 1.6.7: * Bump default operator channel to Micro 6.1 images * [v1.6.x][BACKPORT] seedimage: clean-up service on image download deadline (bsc#1237498) * No need to install yq neither to create a GH release ----------------------------------------------------------------- Advisory ID: 266 Released: Tue Apr 1 12:11:15 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: Fixed potential DoS in handling of numerous SEQUENCE OF or SET OF elements (bsc#1236878). ----------------------------------------------------------------- Advisory ID: 269 Released: Wed Apr 2 16:29:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834,1224113 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - libtasn1-6-4.19.0-4.1 updated - findutils-4.9.0-4.1 updated - SL-Micro-release-6.0-25.12 updated - kernel-default-6.4.0-25.1 updated - libfreebl3-3.101.2-2.1 updated - krb5-1.20.1-6.1 updated - mozilla-nss-certs-3.101.2-2.1 updated - mozilla-nss-3.101.2-2.1 updated - libsoftokn3-3.101.2-2.1 updated - elemental-register-1.6.7-1.1 updated - elemental-support-1.6.7-1.1 updated - elemental-toolkit-2.1.2-1.1 updated - container:suse-toolbox-image-1.0.0-7.11 updated From sle-container-updates at lists.suse.com Thu Apr 3 07:05:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Apr 2025 09:05:17 +0200 (CEST) Subject: SUSE-IU-2025:837-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250403070517.82510F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:837-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.6 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.6 Severity : important Type : security References : 1012628 1065729 1181674 1194869 1207948 1214954 1215199 1216702 1216813 1218470 1219170 1219596 1220021 1220328 1220430 1220711 1220773 1221044 1221303 1221858 1222426 1222608 1222721 1222775 1222780 1222834 1223020 1223023 1223024 1223038 1223039 1223041 1223046 1223051 1223052 1223058 1223061 1223076 1223113 1223187 1223285 1223315 1223591 1223592 1223633 1223637 1223641 1223649 1223650 1223651 1223652 1223654 1223660 1223661 1223665 1223666 1223671 1223675 1223677 1223678 1223696 1223698 1223705 1223712 1223718 1223728 1223739 1223741 1223744 1223747 1223748 1223750 1223752 1223754 1223757 1223759 1223761 1223762 1223782 1223787 1223788 1223789 1223790 1223802 1223805 1223827 1223831 1223834 1223869 1223874 1224095 1224113 1224174 1224177 1224180 1224423 1224432 1224433 1224437 1224438 1224443 1224445 1224449 1224479 1224480 1224482 1224486 1224487 1224491 1224492 1224494 1224495 1224500 1224501 1224504 1224505 1224506 1224507 1224508 1224509 1224513 1224517 1224519 1224521 1224524 1224526 1224537 1224542 1224546 1224552 1224555 1224557 1224558 1224559 1224562 1224566 1224567 1224568 1224569 1224571 1224573 1224576 1224577 1224578 1224579 1224582 1224585 1224586 1224587 1224588 1224592 1224596 1224598 1224600 1224601 1224603 1224605 1224607 1224609 1224611 1224613 1224615 1224617 1224618 1224620 1224622 1224623 1224624 1224626 1224627 1224629 1224630 1224632 1224633 1224634 1224637 1224639 1224640 1224643 1224644 1224646 1224647 1224650 1224651 1224653 1224654 1224657 1224660 1224663 1224665 1224666 1224671 1224675 1224676 1224677 1224680 1224681 1224682 1224683 1224685 1224686 1224687 1224688 1224692 1224696 1224697 1224699 1224701 1224703 1224704 1224705 1224706 1224707 1224709 1224710 1224712 1224714 1224716 1224717 1224719 1224722 1224723 1224726 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224741 1224747 1224749 1224803 1224804 1225502 1225579 1225593 1225692 1225694 1225695 1225698 1225699 1225704 1225705 1225708 1225710 1225715 1225720 1225722 1225728 1225734 1225735 1225736 1225743 1225747 1225748 1225749 1225750 1225769 1225775 1225820 1225897 1226980 1227445 1228526 1228592 1229025 1229809 1229833 1230205 1230697 1231016 1231472 1231854 1231909 1231963 1232087 1232101 1232158 1232161 1232193 1232198 1232201 1232418 1232419 1232420 1232421 1232436 1232882 1233038 1233055 1233070 1233096 1233112 1233200 1233204 1233239 1233259 1233260 1233289 1233322 1233324 1233328 1233461 1233467 1233469 1233488 1233546 1233558 1233637 1233638 1233642 1233772 1233778 1233837 1234024 1234069 1234071 1234073 1234075 1234076 1234077 1234079 1234086 1234139 1234140 1234141 1234142 1234143 1234144 1234145 1234146 1234147 1234148 1234149 1234150 1234153 1234155 1234156 1234158 1234159 1234160 1234161 1234162 1234163 1234164 1234165 1234166 1234167 1234168 1234169 1234170 1234171 1234172 1234173 1234174 1234175 1234176 1234177 1234178 1234179 1234180 1234181 1234182 1234183 1234184 1234185 1234186 1234187 1234188 1234189 1234190 1234191 1234192 1234193 1234194 1234195 1234196 1234197 1234198 1234199 1234200 1234201 1234203 1234204 1234205 1234207 1234208 1234209 1234219 1234220 1234221 1234237 1234238 1234239 1234240 1234241 1234242 1234243 1234278 1234279 1234280 1234281 1234282 1234294 1234338 1234357 1234381 1234454 1234464 1234605 1234619 1234635 1234651 1234652 1234654 1234655 1234657 1234658 1234659 1234668 1234683 1234690 1234693 1234725 1234726 1234810 1234811 1234825 1234826 1234827 1234829 1234832 1234834 1234843 1234846 1234848 1234853 1234855 1234856 1234863 1234884 1234887 1234888 1234889 1234891 1234893 1234898 1234899 1234900 1234901 1234905 1234906 1234907 1234909 1234911 1234912 1234916 1234918 1234920 1234921 1234922 1234923 1234929 1234930 1234931 1234934 1234937 1234947 1234948 1234950 1234952 1234957 1234960 1234962 1234963 1234968 1234969 1234970 1234971 1234973 1234974 1234989 1234999 1235000 1235001 1235002 1235003 1235004 1235007 1235009 1235011 1235016 1235019 1235031 1235032 1235033 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235045 1235046 1235050 1235051 1235053 1235054 1235056 1235057 1235059 1235061 1235065 1235070 1235073 1235075 1235100 1235108 1235112 1235115 1235117 1235122 1235123 1235125 1235128 1235132 1235133 1235134 1235138 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235246 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235409 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235437 1235439 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235507 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235550 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235686 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235894 1235902 1235903 1235906 1235918 1235919 1235920 1235924 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236120 1236125 1236127 1236131 1236138 1236143 1236144 1236145 1236160 1236161 1236163 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236227 1236245 1236247 1236248 1236260 1236262 1236619 1236628 1236688 1236696 1236703 1236732 1236733 1237498 CVE-2023-47233 CVE-2023-52463 CVE-2023-52472 CVE-2023-52591 CVE-2023-52653 CVE-2023-52657 CVE-2023-52658 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52663 CVE-2023-52664 CVE-2023-52667 CVE-2023-52669 CVE-2023-52670 CVE-2023-52671 CVE-2023-52673 CVE-2023-52675 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52681 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52687 CVE-2023-52690 CVE-2023-52691 CVE-2023-52693 CVE-2023-52694 CVE-2023-52695 CVE-2023-52696 CVE-2023-52697 CVE-2023-52882 CVE-2023-52923 CVE-2024-22099 CVE-2024-26611 CVE-2024-26742 CVE-2024-26761 CVE-2024-26764 CVE-2024-26786 CVE-2024-26794 CVE-2024-26846 CVE-2024-26853 CVE-2024-26854 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26858 CVE-2024-26861 CVE-2024-26866 CVE-2024-26868 CVE-2024-26870 CVE-2024-26881 CVE-2024-26900 CVE-2024-26903 CVE-2024-26922 CVE-2024-26924 CVE-2024-26932 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26940 CVE-2024-26943 CVE-2024-26949 CVE-2024-26950 CVE-2024-26951 CVE-2024-26957 CVE-2024-26961 CVE-2024-26962 CVE-2024-26963 CVE-2024-26964 CVE-2024-26973 CVE-2024-26983 CVE-2024-26984 CVE-2024-26986 CVE-2024-26988 CVE-2024-26989 CVE-2024-26994 CVE-2024-26995 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27002 CVE-2024-27003 CVE-2024-27004 CVE-2024-27008 CVE-2024-27027 CVE-2024-27028 CVE-2024-27029 CVE-2024-27030 CVE-2024-27031 CVE-2024-27046 CVE-2024-27057 CVE-2024-27062 CVE-2024-27067 CVE-2024-27080 CVE-2024-27388 CVE-2024-27389 CVE-2024-27397 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27405 CVE-2024-27410 CVE-2024-27411 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27432 CVE-2024-27434 CVE-2024-27435 CVE-2024-27436 CVE-2024-35784 CVE-2024-35786 CVE-2024-35788 CVE-2024-35789 CVE-2024-35790 CVE-2024-35794 CVE-2024-35795 CVE-2024-35796 CVE-2024-35799 CVE-2024-35800 CVE-2024-35801 CVE-2024-35806 CVE-2024-35808 CVE-2024-35809 CVE-2024-35810 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35815 CVE-2024-35817 CVE-2024-35819 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35824 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35834 CVE-2024-35835 CVE-2024-35836 CVE-2024-35837 CVE-2024-35838 CVE-2024-35839 CVE-2024-35841 CVE-2024-35842 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35850 CVE-2024-35851 CVE-2024-35875 CVE-2024-35878 CVE-2024-35879 CVE-2024-35883 CVE-2024-35885 CVE-2024-35887 CVE-2024-35889 CVE-2024-35891 CVE-2024-35901 CVE-2024-35904 CVE-2024-35907 CVE-2024-35909 CVE-2024-35911 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35916 CVE-2024-35922 CVE-2024-35924 CVE-2024-35927 CVE-2024-35928 CVE-2024-35930 CVE-2024-35932 CVE-2024-35933 CVE-2024-35936 CVE-2024-35937 CVE-2024-35938 CVE-2024-35940 CVE-2024-35945 CVE-2024-35946 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35953 CVE-2024-35954 CVE-2024-35955 CVE-2024-35958 CVE-2024-35959 CVE-2024-35960 CVE-2024-35961 CVE-2024-35963 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35971 CVE-2024-35972 CVE-2024-35973 CVE-2024-35974 CVE-2024-35975 CVE-2024-35977 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35986 CVE-2024-35989 CVE-2024-35990 CVE-2024-35992 CVE-2024-35995 CVE-2024-35997 CVE-2024-36002 CVE-2024-36009 CVE-2024-36011 CVE-2024-36012 CVE-2024-36014 CVE-2024-36018 CVE-2024-36019 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36026 CVE-2024-36029 CVE-2024-36032 CVE-2024-36476 CVE-2024-36880 CVE-2024-36885 CVE-2024-36891 CVE-2024-36893 CVE-2024-36894 CVE-2024-36895 CVE-2024-36896 CVE-2024-36897 CVE-2024-36898 CVE-2024-36906 CVE-2024-36908 CVE-2024-36921 CVE-2024-36922 CVE-2024-36928 CVE-2024-36930 CVE-2024-36931 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36955 CVE-2024-36959 CVE-2024-39282 CVE-2024-39480 CVE-2024-41042 CVE-2024-43913 CVE-2024-44934 CVE-2024-44996 CVE-2024-45828 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47678 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49569 CVE-2024-49854 CVE-2024-49884 CVE-2024-49915 CVE-2024-49948 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50016 CVE-2024-50018 CVE-2024-50039 CVE-2024-50047 CVE-2024-50051 CVE-2024-50106 CVE-2024-50143 CVE-2024-50151 CVE-2024-50154 CVE-2024-50199 CVE-2024-50202 CVE-2024-50203 CVE-2024-50211 CVE-2024-50228 CVE-2024-50256 CVE-2024-50262 CVE-2024-50272 CVE-2024-50278 CVE-2024-50280 CVE-2024-50299 CVE-2024-52332 CVE-2024-53050 CVE-2024-53064 CVE-2024-53090 CVE-2024-53091 CVE-2024-53095 CVE-2024-53099 CVE-2024-53103 CVE-2024-53105 CVE-2024-53111 CVE-2024-53113 CVE-2024-53117 CVE-2024-53118 CVE-2024-53119 CVE-2024-53120 CVE-2024-53122 CVE-2024-53125 CVE-2024-53126 CVE-2024-53127 CVE-2024-53129 CVE-2024-53130 CVE-2024-53131 CVE-2024-53133 CVE-2024-53134 CVE-2024-53136 CVE-2024-53141 CVE-2024-53142 CVE-2024-53144 CVE-2024-53146 CVE-2024-53148 CVE-2024-53150 CVE-2024-53151 CVE-2024-53154 CVE-2024-53155 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158 CVE-2024-53159 CVE-2024-53160 CVE-2024-53161 CVE-2024-53162 CVE-2024-53164 CVE-2024-53166 CVE-2024-53168 CVE-2024-53169 CVE-2024-53170 CVE-2024-53171 CVE-2024-53172 CVE-2024-53173 CVE-2024-53174 CVE-2024-53175 CVE-2024-53179 CVE-2024-53180 CVE-2024-53185 CVE-2024-53187 CVE-2024-53188 CVE-2024-53190 CVE-2024-53191 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53200 CVE-2024-53201 CVE-2024-53202 CVE-2024-53203 CVE-2024-53206 CVE-2024-53207 CVE-2024-53208 CVE-2024-53209 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214 CVE-2024-53215 CVE-2024-53216 CVE-2024-53217 CVE-2024-53222 CVE-2024-53224 CVE-2024-53227 CVE-2024-53229 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53234 CVE-2024-53236 CVE-2024-53237 CVE-2024-53239 CVE-2024-53240 CVE-2024-53241 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56536 CVE-2024-56538 CVE-2024-56539 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56549 CVE-2024-56551 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56566 CVE-2024-56567 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56576 CVE-2024-56577 CVE-2024-56578 CVE-2024-56582 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56599 CVE-2024-5660 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56604 CVE-2024-56605 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56667 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56752 CVE-2024-56754 CVE-2024-56755 CVE-2024-56756 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2024-8805 CVE-2025-21632 CVE-2025-21645 CVE-2025-21646 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21674 CVE-2025-21676 CVE-2025-21682 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 244 Released: Fri Mar 14 12:51:07 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches - modified patches ----------------------------------------------------------------- Advisory ID: 245 Released: Fri Mar 14 12:55:02 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1233289,1233322 This update for elemental-toolkit fixes the following issues: - Bump yip to v1.9.6 (bsc#1233322) - Make lint happy - Fixes squashfs images creation (bsc#1233289) ----------------------------------------------------------------- Advisory ID: 251 Released: Wed Mar 19 11:42:10 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: kernel-4 Released: Fri Mar 28 08:51:47 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1181674,1194869,1207948,1214954,1215199,1216702,1216813,1218470,1219170,1219596,1220021,1220328,1220430,1220711,1220773,1221044,1221303,1221858,1222426,1222608,1222721,1222775,1222780,1223020,1223023,1223024,1223038,1223039,1223041,1223046,1223051,1223052,1223058,1223061,1223076,1223113,1223187,1223285,1223315,1223591,1223592,1223633,1223637,1223641,1223649,1223650,1223651,1223652,1223654,1223660,1223661,1223665,1223666,1223671,1223675,1223677,1223678,1223696,1223698,1223705,1223712,1223718,1223728,1223739,1223741,1223744,1223747,1223748,1223750,1223752,1223754,1223757,1223759,1223761,1223762,1223782,1223787,1223788,1223789,1223790,1223802,1223805,1223827,1223831,1223834,1223869,1223874,1224095,1224174,1224177,1224180,1224423,1224432,1224433,1224437,1224438,1224443,1224445,1224449,1224479,1224480,1224482,1224486,1224487,1224491,1224492,1224494,1224495,1224500,1224501,1224504,1224505,1224506,1224507,1224508,1224509,1224513,1224517,1224519,1224521,1224524,1 224526,1224537,1224542,1224546,1224552,1224555,1224557,1224558,1224559,1224562,1224566,1224567,1224568,1224569,1224571,1224573,1224576,1224577,1224578,1224579,1224582,1224585,1224586,1224587,1224588,1224592,1224596,1224598,1224600,1224601,1224603,1224605,1224607,1224609,1224611,1224613,1224615,1224617,1224618,1224620,1224622,1224623,1224624,1224626,1224627,1224629,1224630,1224632,1224633,1224634,1224637,1224639,1224640,1224643,1224644,1224646,1224647,1224650,1224651,1224653,1224654,1224657,1224660,1224663,1224665,1224666,1224671,1224675,1224676,1224677,1224680,1224681,1224682,1224683,1224685,1224686,1224687,1224688,1224692,1224696,1224697,1224699,1224701,1224703,1224704,1224705,1224706,1224707,1224709,1224710,1224712,1224714,1224716,1224717,1224719,1224722,1224723,1224726,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224741,1224747,1224749,1224803,1224804,1225502,1225579,1225593,1225692,1225694,1225695,1225698,1225699,1225704,1225705,1225708,122571 0,1225715,1225720,1225722,1225728,1225734,1225735,1225736,1225743,1225747,1225748,1225749,1225750,1225769,1225775,1225820,1225897,1226980,1227445,1228526,1228592,1229025,1229809,1229833,1230205,1230697,1231016,1231854,1231909,1231963,1232087,1232101,1232158,1232161,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1232882,1233038,1233055,1233070,1233096,1233112,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233469,1233488,1233546,1233558,1233637,1233638,1233642,1233772,1233778,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,123 4192,1234193,1234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234619,1234635,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234683,1234690,1234693,1234725,1234726,1234810,1234811,1234825,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234863,1234884,1234887,1234888,1234889,1234891,1234893,1234898,1234899,1234900,1234901,1234905,1234906,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234923,1234929,1234930,1234931,1234934,1234937,1234947,1234948,1234950,1234952,1234957,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235000,1235001,1235002,1235003,1235004,1235007,1235009,1235011,1235016,1235019,1235031,1235032,1235033,1235035, 1235037,1235038,1235039,1235040,1235042,1235043,1235045,1235046,1235050,1235051,1235053,1235054,1235056,1235057,1235059,1235061,1235065,1235070,1235073,1235075,1235100,1235108,1235112,1235115,1235117,1235122,1235123,1235125,1235128,1235132,1235133,1235134,1235138,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235246,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235409,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235444,1235445,1235449,1235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235507,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235550,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,12355 84,1235587,1235611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235894,1235902,1235903,1235906,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,1236080,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236688,1236696,1236703,1236732,1236733,CVE-2023-47233,CVE-2023-52463,CVE-2023-52472,CVE-2023-52591,CVE-20 23-52653,CVE-2023-52657,CVE-2023-52658,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52663,CVE-2023-52664,CVE-2023-52667,CVE-2023-52669,CVE-2023-52670,CVE-2023-52671,CVE-2023-52673,CVE-2023-52675,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52681,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52687,CVE-2023-52690,CVE-2023-52691,CVE-2023-52693,CVE-2023-52694,CVE-2023-52695,CVE-2023-52696,CVE-2023-52697,CVE-2023-52882,CVE-2023-52923,CVE-2024-22099,CVE-2024-26611,CVE-2024-26742,CVE-2024-26761,CVE-2024-26764,CVE-2024-26786,CVE-2024-26794,CVE-2024-26846,CVE-2024-26853,CVE-2024-26854,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26858,CVE-2024-26861,CVE-2024-26866,CVE-2024-26868,CVE-2024-26870,CVE-2024-26881,CVE-2024-26900,CVE-2024-26903,CVE-2024-26922,CVE-2024-26924,CVE-2024-26932,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26940,CVE-2024-26943,CVE-2024-26949,CVE-2024-26950,CVE-2024-26951,CVE-2024-26957,CVE-2024-26961,CVE-2024-2696 2,CVE-2024-26963,CVE-2024-26964,CVE-2024-26973,CVE-2024-26983,CVE-2024-26984,CVE-2024-26986,CVE-2024-26988,CVE-2024-26989,CVE-2024-26994,CVE-2024-26995,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27002,CVE-2024-27003,CVE-2024-27004,CVE-2024-27008,CVE-2024-27027,CVE-2024-27028,CVE-2024-27029,CVE-2024-27030,CVE-2024-27031,CVE-2024-27046,CVE-2024-27057,CVE-2024-27062,CVE-2024-27067,CVE-2024-27080,CVE-2024-27388,CVE-2024-27389,CVE-2024-27397,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27405,CVE-2024-27410,CVE-2024-27411,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27432,CVE-2024-27434,CVE-2024-27435,CVE-2024-27436,CVE-2024-35784,CVE-2024-35786,CVE-2024-35788,CVE-2024-35789,CVE-2024-35790,CVE-2024-35794,CVE-2024-35795,CVE-2024-35796,CVE-2024-35799,CVE-2024-35800,CVE-2024-35801,CVE-2024-35806,CVE-2024-35808,CVE-2024-35809,CVE-2024-35810,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35815,CVE-2024-35817,CVE-2024-35819,CVE-2 024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35824,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35834,CVE-2024-35835,CVE-2024-35836,CVE-2024-35837,CVE-2024-35838,CVE-2024-35839,CVE-2024-35841,CVE-2024-35842,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-35850,CVE-2024-35851,CVE-2024-35875,CVE-2024-35878,CVE-2024-35879,CVE-2024-35883,CVE-2024-35885,CVE-2024-35887,CVE-2024-35889,CVE-2024-35891,CVE-2024-35901,CVE-2024-35904,CVE-2024-35907,CVE-2024-35909,CVE-2024-35911,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35916,CVE-2024-35922,CVE-2024-35924,CVE-2024-35927,CVE-2024-35928,CVE-2024-35930,CVE-2024-35932,CVE-2024-35933,CVE-2024-35936,CVE-2024-35937,CVE-2024-35938,CVE-2024-35940,CVE-2024-35945,CVE-2024-35946,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35953,CVE-2024-35954,CVE-2024-35955,CVE-2024-35958,CVE-2024-35959,CVE-2024-35960,CVE-2024-35961,CVE-2024-35963,CVE-2024-35965,CVE-2024-35966,CVE-2024-359 67,CVE-2024-35971,CVE-2024-35972,CVE-2024-35973,CVE-2024-35974,CVE-2024-35975,CVE-2024-35977,CVE-2024-35978,CVE-2024-35982,CVE-2024-35984,CVE-2024-35986,CVE-2024-35989,CVE-2024-35990,CVE-2024-35992,CVE-2024-35995,CVE-2024-35997,CVE-2024-36002,CVE-2024-36009,CVE-2024-36011,CVE-2024-36012,CVE-2024-36014,CVE-2024-36018,CVE-2024-36019,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36026,CVE-2024-36029,CVE-2024-36032,CVE-2024-36476,CVE-2024-36880,CVE-2024-36885,CVE-2024-36891,CVE-2024-36893,CVE-2024-36894,CVE-2024-36895,CVE-2024-36896,CVE-2024-36897,CVE-2024-36898,CVE-2024-36906,CVE-2024-36908,CVE-2024-36921,CVE-2024-36922,CVE-2024-36928,CVE-2024-36930,CVE-2024-36931,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36955,CVE-2024-36959,CVE-2024-39282,CVE-2024-39480,CVE-2024-41042,CVE-2024-43913,CVE-2024-44934,CVE-2024-44996,CVE-2024-45828,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47678,CVE-2024-47809,CVE- 2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50016,CVE-2024-50018,CVE-2024-50039,CVE-2024-50047,CVE-2024-50051,CVE-2024-50106,CVE-2024-50143,CVE-2024-50151,CVE-2024-50154,CVE-2024-50199,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50280,CVE-2024-50299,CVE-2024-52332,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53091,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-53134,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53 158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53164,CVE-2024-53166,CVE-2024-53168,CVE-2024-53169,CVE-2024-53170,CVE-2024-53171,CVE-2024-53172,CVE-2024-53173,CVE-2024-53174,CVE-2024-53175,CVE-2024-53179,CVE-2024-53180,CVE-2024-53185,CVE-2024-53187,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53194,CVE-2024-53195,CVE-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-53203,CVE-2024-53206,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53234,CVE-2024-53236,CVE-2024-53237,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56536,CVE -2024-56538,CVE-2024-56539,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56549,CVE-2024-56551,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56576,CVE-2024-56577,CVE-2024-56578,CVE-2024-56582,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56599,CVE-2024-5660,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56604,CVE-2024-56605,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56620,CVE-2024-56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56 641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56667,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE-2024-56746,CVE-2024-56747,CVE-2024-56748,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE -2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-57938,CVE-2024-57940,CVE-2024-57946,CVE-2024-8805,CVE-2025-21632,CVE-2025-21645,CVE-2025-21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21 655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21674,CVE-2025-21676,CVE-2025-21682 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469). - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772). - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069). - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079). - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221) - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003). - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). Features added: * - Disable ceph (jsc#PED-7242) * - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). * - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). * - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8645) The following non-security bugs were fixed: - 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes). - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: Fix memory resource type union access (git-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes). - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes). - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes). - ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes). - ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Check UMP support for midi_version change (git-fixes). - ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes). - ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes). - ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes). - ALSA: seq: ump: Use guard() for locking (stable-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes). - ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: US16x08: Initialize array before use (git-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes). - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes). - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes). - ASoC: amd: yc: Fix the wrong return value (git-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: hdmi-codec: reorder channel allocation list (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Add already cherry-picked ids to AMDGPU patch - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes). - Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: MGMT: Fix possible deadlocks (git-fixes). - Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes). - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - Bluetooth: iso: Fix recursive locking warning (git-fixes). - Delete XHCI patch for regression (bsc#1235550) - Disable ceph (jsc#PED-7242) - Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - Drop downstream TPM fix patch (bsc#1233260 bsc#1233259 bsc#1232421) - Drop uvcvideo fix due to regression (bsc#1235894) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - Move kABI workaround patch to correct folder - Move upstreamed DRM patch into sorted section - Move upstreamed NFS patch into sorted section - Move upstreamed TPM patch into sorted section - Move upstreamed lpfc patches into sorted section - Move upstreamed ppc patch into sorted section - Move upstreamed sound patch into sorted section - Move upstreamed sound patches into sorted section - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Async COPY result needs to return a write verifier (git-fixes). - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Remove a never-true comparison (git-fixes). - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes). - PCI/AER: Disable AER service on suspend (stable-fixes). - PCI/MSI: Handle lack of irqdomain gracefully (git-fixes). - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes). - PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes). - PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes). - PCI: Add T_PERST_CLK_US macro (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: Detect and trust built-in Thunderbolt chips (stable-fixes). - PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes). - PCI: Use preserve_config in place of pci_flags (stable-fixes). - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes). - PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes). - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: j721e: Add PCIe 4x lane selection support (stable-fixes). - PCI: j721e: Add per platform maximum lane settings (stable-fixes). - PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes). - PCI: j721e: Add suspend and resume support (git-fixes). - PCI: j721e: Use T_PERST_CLK_US macro (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: qcom: Add support for IPQ9574 (stable-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes). - PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). - RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes) - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes) - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes) - RDMA/bnxt_re: Disable use of reserved wqes (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes) - RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes) - RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/bnxt_re: Remove always true dattr validity check (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes) - RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes) - RDMA/hns: Fix missing flush CQE for DWQE (git-fixes) - RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - RDMA/uverbs: Prevent integer overflow issue (git-fixes) - README.BRANCH: Remove copy of branch name - Refresh patches.suse/ALSA-hda-realtek-Add-support-for-Samsung-Galaxy-Book.patch. - Refresh patches.suse/cpufreq-intel_pstate-Temporarily-boost-P-state-when-.patch. - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146). - Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)' - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'unicode: Do not special case ignorable code points' (stable-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - Revert 'arm64: Kconfig: Make SME depend on BROKEN for now' This reverts commit 2ccfee6be929dd4ea49ef59a7ae686473aae40b6 CONFIG_ARM64_SME is enabled by default so some customers may rely on SME. We need further analysis to evaluate to what extent we are impacted and in case we'll disable SME support later. - Revert 0dd78566990 ('Disable ceph (jsc#PED-7242)') Apparently, jsc#PED-7242 is only deprecate ceph for 15-SP6 and disable for 15-SP7. Revert the disabling. - SUNRPC: make sure cache entry active before cache_show (git-fixes). - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MediaTek T7XX compositions (stable-fixes). - USB: serial: option: add MeiG Smart SLM770A (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes). - USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes). - USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes). - accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes). - accel/habanalabs: fix debugfs files permissions (stable-fixes). - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes). - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes). - af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725). - afs: Automatically generate trace tag enums (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix missing subdir edit when renamed between parent dirs (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - amdgpu/uvd: get ring reference from rq scheduler (git-fixes). - arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773). - arch: Remove cmpxchg_double (bsc#1220773). - arch: consolidate arch_irq_work_raise prototypes (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Force position-independent veneers (git-fixes). - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) Update arm64 default configuration file - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes). - arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - batman-adv: Do not let TT changes list grows indefinitely (git-fixes). - batman-adv: Do not send uninitialized TT changes (git-fixes). - batman-adv: Remove uninitialized data in full table TT response (git-fixes). - blacklist.conf: printk/sysctl: breaks kernel without pre-requisite patches (bsc#1229025) - blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726). - blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139). - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144). - blk-iocost: do not WARN if iocg was already offlined (bsc#1234147). - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140). - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149). - block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150). - block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160). - block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280). - block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279). - block/mq-deadline: Fix the tag reservation code (bsc#1234148). - block: Call .limit_depth() after .hctx has been set (bsc#1234148). - block: Fix where bio IO priority gets set (bsc#1234145). - block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142). - block: update the stable_writes flag in bdev_add (bsc#1234141). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes). - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes). - bnxt_en: Set backplane link modes correctly for ethtool (git-fixes). - bpf, x86: Fix PROBE_MEM runtime load check (git-fixes). - bpf: verifier: prevent userspace memory access (git-fixes). - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128) - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes). - can: j1939: fix error in J1939 documentation (stable-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - checkpatch: always parse orig_commit in fixes tag (git-fixes). - checkpatch: check for missing Fixes tags (stable-fixes). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes). - clocksource/drivers:sp804: Make user selectable (git-fixes). - counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes). - counter: ti-ecap-capture: Add check for clk_enable() (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qat - disable IOV in adf_dev_stop() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes). - cyrpto/b128ops: Remove struct u128 (bsc#1220773). - devcoredump: cleanup some comments (git-fixes). - devlink: Fix length of eswitch inline-mode (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dma-buf: fix dma_fence_array_signaled v4 (stable-fixes). - dma-debug: fix a possible deadlock on radix_lock (stable-fixes). - dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes). - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes). - dmaengine: dw: Select only supported masters for ACPI devices (git-fixes). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes). - dmaengine: tegra: Return correct DMA status when paused (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - driver core: fw_devlink: Improve logs for cycle detection (stable-fixes). - driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes). - drm/amd/display: Add HDR workaround for specific eDP (stable-fixes). - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Revert Avoid overflow assignment (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amd/pm: fix the high voltage issue after unload (stable-fixes). - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes). - drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes). - drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes). - drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes). - drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes). - drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes). - drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes). - drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes). - drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: do not access invalid sched (git-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: fix usage slab after free (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes). - drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/amdkfd: Use device based logging for errors (stable-fixes). - drm/amdkfd: Use the correct wptr size (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/amdkfd: pause autosuspend when creating pdd (stable-fixes). - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/bridge: it6505: Enable module autoloading (stable-fixes). - drm/bridge: it6505: Fix inverted reset polarity (git-fixes). - drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes). - drm/display: Fix building with GCC 15 (stable-fixes). - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes). - drm/dp_mst: Fix MST sideband message body length check (stable-fixes). - drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes). - drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes). - drm/i915/dg1: Fix power gate sequence (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes). - drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes). - drm/mcde: Enable module autoloading (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes). - drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes). - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes). - drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes). - drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes). - drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes). - drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - drm: adv7511: Drop dsi single lane support (git-fixes). - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes). - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - erofs: avoid debugging output for (de)compressed data (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - ext4: add a new helper to check if es must be kept (bsc#1234170). - ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164). - ext4: add missed brelse in update_backups (bsc#1234171). - ext4: allow for the last group to be marked as trimmed (bsc#1234278). - ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180). - ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193). - ext4: avoid overlapping preallocations due to overflow (bsc#1234162). - ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192). - ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187). - ext4: check the extent status again before inserting delalloc block (bsc#1234186). - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190). - ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178). - ext4: correct best extent lstart adjustment logic (bsc#1234179). - ext4: correct grp validation in ext4_mb_good_group (bsc#1234163). - ext4: correct return value of ext4_convert_meta_bg (bsc#1234172). - ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178). - ext4: correct the start block of counting reserved clusters (bsc#1234169). - ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166). - ext4: do not trim the group with corrupted block bitmap (bsc#1234177). - ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170). - ext4: factor out a common helper to query extent map (bsc#1234186). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176). - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188). - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188). - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix potential unnitialized variable (bsc#1234183). - ext4: fix race between writepages and remount (bsc#1234168). - ext4: fix rec_len verify error (bsc#1234167). - ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170). - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185). - ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178). - ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170). - ext4: make ext4_es_insert_extent() return void (bsc#1234170). - ext4: make ext4_es_remove_extent() return void (bsc#1234170). - ext4: make ext4_zeroout_es() return void (bsc#1234170). - ext4: make sure allocate pending entry not fail (bsc#1234170). - ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175). - ext4: move 'ix' sanity check to corrent position (bsc#1234174). - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165). - ext4: nested locking for xattr inode (bsc#1234189). - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194). - ext4: refactor ext4_da_map_blocks() (bsc#1234178). - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173). - ext4: remove the redundant folio_wait_stable() (bsc#1234184). - ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182). - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181). - ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170). - ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - filemap: Fix bounds checking in filemap_read() (bsc#1234209). - filemap: add a per-mapping stable writes flag (bsc#1234141). - firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes). - fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200). - fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207). - fsnotify: fix sending inotify event with unexpected filename (bsc#1234198). - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes). - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes). - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: grgpio: Add NULL check in grgpio_probe (git-fixes). - gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - hvc/xen: fix console unplug (git-fixes). - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes). - hvc/xen: fix event channel handling for secondary consoles (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes). - hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes). - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes). - hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes). - hwmon: (tmp513) Fix Current Register value interpretation (git-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes). - hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes). - hwmon: (tmp513) Use SI constants from units.h (stable-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes). - i2c: microchip-core: actually use repeated sends (git-fixes). - i2c: microchip-core: fix 'ghost' detections (git-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: pnx: Fix timeout in wait functions (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: riic: Always round-up when calculating bus period (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - i40e: Fix handling changed priv flags (git-fixes). - i915/guc: Accumulate active runtime on gt reset (git-fixes). - i915/guc: Ensure busyness counter increases motonically (git-fixes). - i915/guc: Reset engine utilization buffer before registration (git-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ice: Unbind the workqueue (bsc#1234989) - ice: change q_index variable type to s16 to store -1 value (git-fixes). - ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes). - ice: fix PHY Clock Recovery availability check (git-fixes). - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - igb: Fix potential invalid memory access in igb_init_module() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - instrumentation: Wire up cmpxchg128() (bsc#1220773). - intel_th: core: fix kernel-doc warnings (git-fixes). - io_uring/rw: avoid punting to io-wq directly (git-fixes). - io_uring/tctx: work around xa_store() allocation error issue (git-fixes). - io_uring: Fix registered ring file refcount leak (git-fixes). - io_uring: always lock __io_cqring_overflow_flush (git-fixes). - io_uring: check if iowq is killed before queuing (git-fixes). - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes). - isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199). - ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes). - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes). - kabi/severities: make vcap_find_actionfield PASS (bsc#1220773) - kasan: make report_lock a raw spinlock (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kdb: Fix buffer overflow during tab-complete (bsc#1234652). - kdb: Fix console handling when editing and tab-completing commands (bsc#1234655). - kdb: Merge identical case statements in kdb_read() (bsc#1234657). - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658). - kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654). - kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654). - kdb: address -Wformat-security warnings (bsc#1234659). - kgdb: Flush console before entering kgdb on panic (bsc#1234651). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes). - locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix). - loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143). - mac80211: fix user-power when emulating chanctx (stable-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes). - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes). - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - mfd: da9052-spi: Change read-mask to write-mask (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/readahead: do not allow order-1 folio (bsc#1234205). - mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes). - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes). - mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes). - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes). - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes). - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes). - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes). - mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes). - mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes). - net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes). - net/mlx5e: clear xdp features on non-uplink representors (git-fixes). - net/qed: allow old cards not supporting 'num_images' to work (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Quectel RG650V (stable-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nfs: ignore SB_RDONLY when mounting nfs (git-fixes). - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - nfsd: release svc_expkey/svc_export with rcu_work (git-fixes). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes). - nvme-rdma: unquiesce admin_q before destroy it (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme-tcp: fix the memleak while create new ctrl failed (git-fixes). - nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: apple: fix device reference counting (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvme: fix metadata handling in nvme-passthrough (git-fixes). - nvmet-loop: avoid using mutex in IO hotpath (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes). - ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes). - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes). - of: Fix error path in of_parse_phandle_with_args_map() (git-fixes). - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes). - of: address: Report error on resource bounds overflow (stable-fixes). - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - parisc: Raise minimal GCC version (bsc#1220773). - parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix). - percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773). - percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix). - percpu: Wire up cmpxchg128 (bsc#1220773). - phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes). - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes). - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes). - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes). - phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes). - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes). - phy: rockchip: naneng-combphy: fix phy reset (git-fixes). - phy: usb: Toggle the PHY power during init (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes). - pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes). - pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - pinmux: Use sequential access to access desc->pinmux data (stable-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes). - platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes). - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes). - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - power: supply: gpio-charger: Fix set charge current limits (git-fixes). - powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - quota: Fix rcu annotations of inode dquot pointers (bsc#1234197). - quota: explicitly forbid quota files from being encrypted (bsc#1234196). - quota: flush quota_release_work upon quota writeback (bsc#1234195). - quota: simplify drop_dquot_ref() (bsc#1234197). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208). - regmap: Use correct format specifier for logging range errors (stable-fixes). - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390/cio: Do not unregister the subchannel based on DNV (git-fixes). - s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773). - s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes). - s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes). - s390/facility: Disable compile time optimization for decompressor code (git-fixes). - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes). - s390/pageattr: Implement missing kernel_page_present() (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)). - scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409). - scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409). - scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409). - scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409). - scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409). - scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409). - scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409). - scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409). - scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409). - scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409). - scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406). - scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406). - scsi: qla2xxx: Fix use after free on unload (bsc#1235406). - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406). - scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406). - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406). - scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406). - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes). - serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes). - serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes). - serial: 8250_fintek: Add support for F81216E (stable-fixes). - serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes). - serial: amba-pl011: Fix RX stall when DMA is used (git-fixes). - serial: amba-pl011: Use port lock wrappers (stable-fixes). - serial: amba-pl011: fix build regression (git-fixes). - serial: do not use uninitialized value in uart_poll_init() (git-fixes). - serial: imx: only set receiver level if it is zero (git-fixes). - serial: imx: set receiver level before starting uart (git-fixes). - serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes). - serial: qcom-geni: disable interrupts during console writes (git-fixes). - serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes). - serial: qcom-geni: fix console corruption (git-fixes). - serial: qcom-geni: fix dma rx cancellation (git-fixes). - serial: qcom-geni: fix false console tx restart (git-fixes). - serial: qcom-geni: fix fifo polling timeout (git-fixes). - serial: qcom-geni: fix hard lockup on buffer flush (git-fixes). - serial: qcom-geni: fix polled console corruption (git-fixes). - serial: qcom-geni: fix polled console initialisation (git-fixes). - serial: qcom-geni: fix receiver enable (git-fixes). - serial: qcom-geni: fix shutdown race (git-fixes). - serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes). - serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes). - serial: qcom-geni: revert broken hibernation support (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes). - serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes). - series.conf: temporarily disable upstream patch patches.suse/ocfs2-fix-UBSAN-warning-in-ocfs2_verify_volume.patch (bsc#1236138) - slub: Replace cmpxchg_double() (bsc#1220773). - slub: Replace cmpxchg_double() - KABI fix (bsc#1220773). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642] - soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes). - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes). - soc: imx8m: Probe the SoC driver as platform driver (stable-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: Add check devm_kasprintf() returned value (stable-fixes). - soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes). - soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes). - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes). - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8645) - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes). - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes). - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tools: hv: change permissions of NetworkManager configuration file (git-fixes). - tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes). - types: Introduce [us]128 (bsc#1220773). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - udf: Fix lock ordering in udf_evict_inode() (bsc#1234238). - udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243). - udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239). - udf: refactor inode_bmap() to handle error (bsc#1234242). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes). - usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes). - usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes). - usb: dwc2: Fix HCD port connection race (git-fixes). - usb: dwc2: Fix HCD resume (git-fixes). - usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes). - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes). - usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes). - usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes). - usb: host: max3421-hcd: Correctly abort a USB request (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes). - usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes). - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes). - vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes). - vdpa: solidrun: Fix UB bug with devres (git-fixes). - vfs: fix readahead(2) on block devices (bsc#1234201). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes). - wifi: ath5k: add PCI ID for SX76X (git-fixes). - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix station NSS capability initialization order (git-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes). - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203). - x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773). - x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773). - x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). - xfs: do not allocate COW extents when unsharing a hole (git-fixes). - xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes). - xfs: remove unknown compat feature check in superblock write validation (git-fixes). - xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes). - xfs: sb_spino_align is not verified (git-fixes). - xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes). - xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes). ----------------------------------------------------------------- Advisory ID: 262 Released: Mon Mar 31 08:37:17 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1237498 This update for elemental-operator fixes the following issues: - Update to version 1.6.7: * Bump default operator channel to Micro 6.1 images * [v1.6.x][BACKPORT] seedimage: clean-up service on image download deadline (bsc#1237498) * No need to install yq neither to create a GH release ----------------------------------------------------------------- Advisory ID: 269 Released: Wed Apr 2 16:29:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834,1224113 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). - FIPS: enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). The following package changes have been done: - findutils-4.9.0-4.1 updated - SL-Micro-release-6.0-25.12 updated - libfreebl3-3.101.2-2.1 updated - krb5-1.20.1-6.1 updated - mozilla-nss-certs-3.101.2-2.1 updated - mozilla-nss-3.101.2-2.1 updated - libsoftokn3-3.101.2-2.1 updated - elemental-register-1.6.7-1.1 updated - elemental-support-1.6.7-1.1 updated - elemental-toolkit-2.1.2-1.1 updated - kernel-rt-6.4.0-25.1 updated - container:SL-Micro-container-2.1.3-6.6 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:02:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:02:55 +0200 (CEST) Subject: SUSE-CU-2025:2317-1: Security update of containers/milvus Message-ID: <20250404070255.31115FCF8@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2317-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.81 Container Release : 7.81 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - libprotobuf25_5_0-25.5-150600.2.51 updated - container:registry.suse.com-bci-bci-base-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:03:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:03:57 +0200 (CEST) Subject: SUSE-CU-2025:2319-1: Security update of containers/ollama Message-ID: <20250404070357.C06CFF783@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2319-1 Container Tags : containers/ollama:0 , containers/ollama:0.6.2 , containers/ollama:0.6.2-8.4 Container Release : 8.4 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:05:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:05:56 +0200 (CEST) Subject: SUSE-IU-2025:838-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250404070556.A90D5FCF8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:838-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.157 , suse/sle-micro/base-5.5:latest Image Release : 5.8.157 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:08:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:08:01 +0200 (CEST) Subject: SUSE-IU-2025:841-1: Security update of suse/sle-micro/5.5 Message-ID: <20250404070801.04524FCF8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:841-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.268 , suse/sle-micro/5.5:latest Image Release : 5.5.268 Severity : important Type : security References : 1238591 1239625 1239637 CVE-2023-40403 CVE-2024-55549 CVE-2025-24855 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1125-1 Released: Thu Apr 3 13:49:28 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) The following package changes have been done: - libxslt1-1.1.34-150400.3.6.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.157 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:05:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:05:02 +0200 (CEST) Subject: SUSE-CU-2025:2320-1: Security update of containers/open-webui Message-ID: <20250404070502.0294AF783@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2320-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.23 Container Release : 9.23 Severity : important Type : security References : 1234798 1238591 1239625 1239637 1240009 1240343 1240414 CVE-2023-40403 CVE-2024-55549 CVE-2025-24855 CVE-2025-31115 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1125-1 Released: Thu Apr 3 13:49:28 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - ca-certificates-mozilla-2.74-150200.38.1 updated - libxslt1-1.1.34-150400.3.6.1 updated - libprotobuf25_5_0-25.5-150600.2.51 updated - python311-protobuf-4.25.5-150600.2.51 updated - python311-certifi-2024.7.4-150600.1.30 updated - python311-cchardet-2.1.19-150600.1.26 updated - python311-numpy1-1.26.4-150600.1.31 updated - python311-scipy-1.14.1-150600.1.32 updated - python311-pandas-2.2.3-150600.1.32 updated - python311-pyarrow-17.0.0-150600.2.34 updated - python311-scikit-learn-1.5.1-150600.1.34 updated - python311-open-webui-0.5.14-150600.1.16 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:13:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:13:05 +0200 (CEST) Subject: SUSE-CU-2025:2324-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250404071305.61F80F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2324-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.108 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.108 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:16:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:16:13 +0200 (CEST) Subject: SUSE-CU-2025:2326-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250404071613.6245AF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2326-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.108 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.108 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:16:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:16:38 +0200 (CEST) Subject: SUSE-IU-2025:842-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250404071638.36B17F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:842-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.7 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.7 Severity : moderate Type : recommended References : 1221720 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 270 Released: Thu Apr 3 09:50:34 2025 Summary: Recommended update for container-selinux Type: recommended Severity: moderate References: 1221720 This update for container-selinux fixes the following issues: - Update to version 2.236.0: * Allow super privileged containers to use RealtimeKit for scheduling * Add container_ro_file_t to the podman artifact store - Update to version 2.235.0: * Bump to v2.235.0 * container_log{reader,writer}_t: allow watch file * RPM: Update gating config * Enable aarch64 testing * TMT: simplify podman tests * feat: support /var/lib/crio - Update to version 2.234.2: * TMT: enable epel idomatically * Packit: switch back to fedora-all * RPM: Bump Epoch to 4 * rpm: ship manpage * Add proper labeling for RamaLama * Packit: remove rhel / epel jobs * packit: remove unused file - Add BuildRequires selinux-policy-%{selinuxtype} to enable building for SLFO. Might be removed in the future again when 1231252 is fixed. - Update to version 2.233.0: * container_engine_t: small change to allow non root exec in a container * RPM: explicitly list ghosted paths and skip mode verification * container-selinux install on non selinux-policy-targeted systems (#332) * set container_log_t type for /var/log/kube-apiserver * Allow kubelet_t to create a sock file kubelet_var_lib_t * dontaudit spc_t to mmap_zero * Packit: update targets (#330) * container_engine_t: another round of small improvements (#327) * Allow container_device_plugin_t to use the network (#325) * RPM: cleanup changelog (#324) * TMT: Simplify tests - Update to version 2.232.1: * Bump to v2.232.1 * TMT: fix srpm download syntax on rawhide * Bump to 2.232.0 * Packit: remove `update_release` key from downstream jobs (#313) * Update container-selinux.8 man page * Add ownership of /usr/share/udica (#312) * Packit/TMT: upstream maintenance of downstream gating tests * extend container_engine_t again * Allow spc_t to use localectl * Allow spc_t to use timedatectl * introduce container_use_xserver_devices boolean to allow GPU access - Update to version 2.231.0: * Allow container domains to communicate with spc_t unix_stream_sockets * Move to %posttrans to ensure selinux-policy got updated before the commands run (bsc#1221720) - Manual update to version 2.230.0+git4.a8e389d to include this commit that is needed for the main selinux-policy update to work: * Rename all /var/run file context entries to /run - Update to version 2.230.0: * Move to tar_scm based packaging: added _service and _servicedata * Allow containers to unmount file systems * Add buildah as a container_runtime_exec_t label * Additional rules for container_user_t * improve container_engine_t - Update to version 2.228: * Allow container domains to watch fifo_files * container_engine_t: improve for podman in kubernetes case * Allow spc_t to transition to install_t domain * Default to allowing containers to use dri devices * Allow access to BPF Filesystems * Fix kubernetes transition rule * Label kubensenter as well as kubenswrapper * Allow container domains to execute container_runtime_tmpfs_t files * Allow container domains to ptrace themselves * Allow container domains to use container_runtime_tmpfs_t as an entrypoint * Add boolean to allow containers to use dri devices * Give containers access to pod resources endpoint * Label kubenswrapper kubelet_exec_t - Update to version 2.222: * Allow containers to read/write inherited dri devices - Update to version 2.221: * Allow containers to shutdown sockets inherited from container runtimes * Allow spc_t to use execmod libraries on container file systems * Add boolean to allow containers to read all cert files * More MLS Policy allow rules * Allow container runtimes using pasta bind icmp_socket to port_t * Fix spc_t transitions from container_runtime_domain - Update to version 2.215.0: * Add some MLS rules to policy * Allow container runtime to dyntransition to spc_t * Tighten controls on confined users * Add labels for /var/lib/shared * Cleanup entrypoint definitions * Allow container_device_plugin_t access to debugfs * Allow containers which use devices to map them The following package changes have been done: - container-selinux-2.236.0-1.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:19:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:19:08 +0200 (CEST) Subject: SUSE-CU-2025:2332-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250404071908.677C6F783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2332-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.64 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.64 , suse/ltss/sle15.3/sle15:latest Container Release : 2.64 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:20:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:20:03 +0200 (CEST) Subject: SUSE-CU-2025:2334-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250404072003.374CBF783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2334-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.31 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.31 , suse/ltss/sle15.4/sle15:latest Container Release : 2.31 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:22:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:22:17 +0200 (CEST) Subject: SUSE-CU-2025:2335-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250404072217.4B641F783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2335-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.21 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.21 , suse/ltss/sle15.5/sle15:latest Container Release : 4.21 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:22:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:22:50 +0200 (CEST) Subject: SUSE-CU-2025:2336-1: Security update of suse/389-ds Message-ID: <20250404072250.9DDE8F783@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2336-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.22 , suse/389-ds:latest Container Release : 36.22 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:24:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:24:00 +0200 (CEST) Subject: SUSE-CU-2025:2339-1: Security update of bci/bci-base-fips Message-ID: <20250404072400.5FC49F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2339-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.20.22 , bci/bci-base-fips:latest Container Release : 20.22 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:24:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:24:10 +0200 (CEST) Subject: SUSE-CU-2025:2340-1: Recommended update of bci/bci-busybox Message-ID: <20250404072410.ED0D9F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2340-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.30.3 , bci/bci-busybox:latest Container Release : 30.3 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:24:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:24:18 +0200 (CEST) Subject: SUSE-CU-2025:2341-1: Security update of suse/cosign Message-ID: <20250404072418.9BAAFF783@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2341-1 Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.45 , suse/cosign:latest Container Release : 8.45 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:24:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:24:40 +0200 (CEST) Subject: SUSE-CU-2025:2342-1: Security update of suse/registry Message-ID: <20250404072440.B7FB9F783@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2342-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-34.6 , suse/registry:latest Container Release : 34.6 Severity : important Type : security References : 1234798 1240009 1240343 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - container:bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:26:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:26:31 +0200 (CEST) Subject: SUSE-CU-2025:2347-1: Security update of bci/gcc Message-ID: <20250404072631.3238AF783@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2347-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.47 , bci/gcc:latest Container Release : 8.47 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:26:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:26:57 +0200 (CEST) Subject: SUSE-CU-2025:2348-1: Security update of suse/git Message-ID: <20250404072657.7E1C6F783@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2348-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-37.18 , suse/git:latest Container Release : 37.18 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:27:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:27:24 +0200 (CEST) Subject: SUSE-CU-2025:2349-1: Security update of bci/golang Message-ID: <20250404072724.9DF63F783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2349-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.49 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.49 Container Release : 55.49 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:27:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:27:51 +0200 (CEST) Subject: SUSE-CU-2025:2350-1: Security update of bci/golang Message-ID: <20250404072751.CB4A7F783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2350-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.1 , bci/golang:1.24.1-1.34.29 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.29 Container Release : 34.29 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 07:28:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 09:28:21 +0200 (CEST) Subject: SUSE-CU-2025:2351-1: Security update of bci/golang Message-ID: <20250404072821.4122DF783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2351-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.48 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.48 Container Release : 55.48 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:17:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:17:08 +0200 (CEST) Subject: SUSE-CU-2025:2351-1: Security update of bci/golang Message-ID: <20250404081708.045CFF783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2351-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.48 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.48 Container Release : 55.48 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:17:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:17:25 +0200 (CEST) Subject: SUSE-CU-2025:2352-1: Security update of suse/helm Message-ID: <20250404081725.08D0EF783@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2352-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.2 , suse/helm:3.17.2-37.17 , suse/helm:latest Container Release : 37.17 Severity : important Type : security References : 1234798 1240009 1240343 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - ca-certificates-mozilla-2.74-150200.38.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:17:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:17:53 +0200 (CEST) Subject: SUSE-CU-2025:2353-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250404081753.8D72FF783@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2353-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.23 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.23 Severity : important Type : security References : 1234452 1234798 1240009 1240343 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - liblzma5-5.4.1-150600.3.3.1 updated - xz-5.4.1-150600.3.3.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:18:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:18:33 +0200 (CEST) Subject: SUSE-CU-2025:2354-1: Security update of bci/kiwi Message-ID: <20250404081833.E8B95F783@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2354-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.31 , bci/kiwi:latest Container Release : 22.31 Severity : important Type : security References : 1234452 1234798 1238591 1239625 1239637 1240009 1240343 1240414 CVE-2023-40403 CVE-2024-55549 CVE-2025-24855 CVE-2025-31115 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1125-1 Released: Thu Apr 3 13:49:28 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - ca-certificates-mozilla-2.74-150200.38.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - libxslt1-1.1.34-150400.3.6.1 updated - xz-5.4.1-150600.3.3.1 updated - xz-devel-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:18:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:18:51 +0200 (CEST) Subject: SUSE-CU-2025:2357-1: Recommended update of bci/bci-micro Message-ID: <20250404081851.0A98FF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2357-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.30.3 , bci/bci-micro:latest Container Release : 30.3 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:19:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:19:05 +0200 (CEST) Subject: SUSE-CU-2025:2358-1: Security update of bci/bci-minimal Message-ID: <20250404081905.3B018F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2358-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.32.8 , bci/bci-minimal:latest Container Release : 32.8 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:19:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:19:31 +0200 (CEST) Subject: SUSE-CU-2025:2359-1: Security update of suse/nginx Message-ID: <20250404081931.428FCF783@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2359-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.50 , suse/nginx:latest Container Release : 51.50 Severity : important Type : security References : 1238591 1239625 1239637 1240414 CVE-2023-40403 CVE-2024-55549 CVE-2025-24855 CVE-2025-31115 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1125-1 Released: Thu Apr 3 13:49:28 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - libxslt1-1.1.34-150400.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:19:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:19:39 +0200 (CEST) Subject: SUSE-CU-2025:2360-1: Security update of bci/nodejs Message-ID: <20250404081939.D489FF783@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2360-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.40 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.40 Container Release : 31.40 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:19:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:19:45 +0200 (CEST) Subject: SUSE-CU-2025:2361-1: Security update of bci/openjdk Message-ID: <20250404081945.B1B4FF783@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2361-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-4.16 Container Release : 4.16 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:20:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:20:19 +0200 (CEST) Subject: SUSE-CU-2025:2362-1: Security update of bci/openjdk Message-ID: <20250404082019.A74CFF783@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2362-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.25 , bci/openjdk:latest Container Release : 33.25 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:20:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:20:46 +0200 (CEST) Subject: SUSE-CU-2025:2363-1: Security update of bci/php-apache Message-ID: <20250404082046.EC5C4F783@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2363-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.28 , bci/php-apache:8.2.28-48.53 , bci/php-apache:latest Container Release : 48.53 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - xz-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:21:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:21:12 +0200 (CEST) Subject: SUSE-CU-2025:2364-1: Security update of bci/php-fpm Message-ID: <20250404082112.14770F783@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2364-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.28 , bci/php-fpm:8.2.28-48.54 , bci/php-fpm:latest Container Release : 48.54 Severity : important Type : security References : 1234452 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:21:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:21:38 +0200 (CEST) Subject: SUSE-CU-2025:2365-1: Security update of suse/postgres Message-ID: <20250404082138.1EF3EF783@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2365-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-61.16 Container Release : 61.16 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:21:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:21:49 +0200 (CEST) Subject: SUSE-CU-2025:2366-1: Security update of suse/postgres Message-ID: <20250404082149.9CAE1F783@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2366-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-42.16 , suse/postgres:latest Container Release : 42.16 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:22:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:22:28 +0200 (CEST) Subject: SUSE-CU-2025:2367-1: Security update of bci/python Message-ID: <20250404082228.CAC9CF783@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2367-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-62.13 Container Release : 62.13 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:23:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:23:01 +0200 (CEST) Subject: SUSE-CU-2025:2368-1: Security update of bci/python Message-ID: <20250404082301.055DFF783@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2368-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-63.13 , bci/python:latest Container Release : 63.13 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:23:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:23:29 +0200 (CEST) Subject: SUSE-CU-2025:2369-1: Security update of bci/python Message-ID: <20250404082329.A8996F783@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2369-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.51 Container Release : 60.51 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:23:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:23:48 +0200 (CEST) Subject: SUSE-CU-2025:2370-1: Security update of suse/mariadb-client Message-ID: <20250404082348.BF144F783@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2370-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-56.30 , suse/mariadb-client:latest Container Release : 56.30 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:24:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:24:12 +0200 (CEST) Subject: SUSE-CU-2025:2371-1: Security update of suse/mariadb Message-ID: <20250404082412.2BF1DF783@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2371-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.37 , suse/mariadb:latest Container Release : 62.37 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:24:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:24:33 +0200 (CEST) Subject: SUSE-CU-2025:2372-1: Security update of suse/rmt-server Message-ID: <20250404082433.34EEDF783@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2372-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-37.20 , suse/rmt-server:latest Container Release : 37.20 Severity : important Type : security References : 1238591 1239625 1239637 1240414 CVE-2023-40403 CVE-2024-55549 CVE-2025-24855 CVE-2025-31115 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1125-1 Released: Thu Apr 3 13:49:28 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - libxslt1-1.1.34-150400.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:25:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:25:03 +0200 (CEST) Subject: SUSE-CU-2025:2373-1: Security update of bci/ruby Message-ID: <20250404082503.F2752F783@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2373-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.53 , bci/ruby:latest Container Release : 31.53 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:39:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:39:57 +0200 (CEST) Subject: SUSE-CU-2025:2373-1: Security update of bci/ruby Message-ID: <20250404083957.82A91F783@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2373-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.53 , bci/ruby:latest Container Release : 31.53 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:40:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:40:29 +0200 (CEST) Subject: SUSE-CU-2025:2374-1: Security update of bci/rust Message-ID: <20250404084029.5D5C4F783@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2374-1 Container Tags : bci/rust:1.85 , bci/rust:1.85.0 , bci/rust:1.85.0-1.2.12 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.12 Container Release : 2.12 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:42:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:42:22 +0200 (CEST) Subject: SUSE-CU-2025:2375-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250404084222.7E9E9F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2375-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.26 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.26 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - xz-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:42:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:42:51 +0200 (CEST) Subject: SUSE-CU-2025:2376-1: Security update of suse/sle15 Message-ID: <20250404084251.8F222F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2376-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.24 , suse/sle15:15.6 , suse/sle15:15.6.47.20.24 Container Release : 47.20.24 Severity : important Type : security References : 1234798 1240009 1240343 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated - liblzma5-5.4.1-150600.3.3.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:43:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:43:31 +0200 (CEST) Subject: SUSE-CU-2025:2377-1: Security update of bci/spack Message-ID: <20250404084331.70C1EF783@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2377-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-6.2 , bci/spack:latest Container Release : 6.2 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - xz-5.4.1-150600.3.3.1 updated - xz-devel-5.4.1-150600.3.3.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:43:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:43:39 +0200 (CEST) Subject: SUSE-CU-2025:2379-1: Security update of suse/stunnel Message-ID: <20250404084339.EE8FCF783@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2379-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-38.15 , suse/stunnel:latest Container Release : 38.15 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:43:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:43:51 +0200 (CEST) Subject: SUSE-CU-2025:2381-1: Security update of bci/bci-base-fips Message-ID: <20250404084351.210F3F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2381-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-3.75 Container Release : 3.75 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:sles15-image-15.7.0-4.2.50 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:43:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:43:58 +0200 (CEST) Subject: SUSE-CU-2025:2383-1: Recommended update of bci/bci-busybox Message-ID: <20250404084358.45795F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2383-1 Container Tags : bci/bci-busybox:15.7 , bci/bci-busybox:15.7-3.45 Container Release : 3.45 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:44:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:44:07 +0200 (CEST) Subject: SUSE-CU-2025:2385-1: Security update of bci/bci-init Message-ID: <20250404084407.5ADB9F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2385-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-3.73 Container Release : 3.73 Severity : important Type : security References : 1234452 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - container:sles15-image-15.7.0-4.2.50 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:44:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:44:15 +0200 (CEST) Subject: SUSE-CU-2025:2387-1: Recommended update of bci/bci-micro Message-ID: <20250404084415.7BB8CF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2387-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-3.45 Container Release : 3.45 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:44:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:44:23 +0200 (CEST) Subject: SUSE-CU-2025:2389-1: Security update of bci/bci-minimal Message-ID: <20250404084423.DD3A5F783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2389-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-3.49 Container Release : 3.49 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:micro-image-15.7.0-3.45 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:44:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:44:39 +0200 (CEST) Subject: SUSE-CU-2025:2392-1: Security update of bci/ruby Message-ID: <20250404084439.88CDEF783@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2392-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-4.20 Container Release : 4.20 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:sles15-image-15.7.0-4.2.50 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:44:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:44:50 +0200 (CEST) Subject: SUSE-CU-2025:2394-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250404084450.D2BEEF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2394-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.68 Container Release : 4.68 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - xz-5.4.1-150600.3.3.1 updated - container:sles15-image-15.7.0-4.2.50 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:45:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:45:02 +0200 (CEST) Subject: SUSE-CU-2025:2396-1: Security update of suse/sle15 Message-ID: <20250404084502.06190F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2396-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.50 , suse/sle15:15.7 , suse/sle15:15.7-4.2.50 Container Release : 4.2.50 Severity : important Type : security References : 1234798 1240009 1240343 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated - liblzma5-5.4.1-150600.3.3.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:45:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:45:06 +0200 (CEST) Subject: SUSE-CU-2025:2397-1: Security update of bci/spack Message-ID: <20250404084506.EA436F783@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2397-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-7.1 Container Release : 7.1 Severity : important Type : security References : 1195391 1207053 1207784 1208751 1214222 1216941 1219480 1221471 1221503 1227637 1233307 1234015 1235144 1236165 1236643 1236886 1237606 1238610 1240414 CVE-2024-11168 CVE-2025-1632 CVE-2025-25724 CVE-2025-31115 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:1706-1 Released: Fri Mar 31 05:31:07 2023 Summary: Feature update for spack Type: feature Severity: important References: 1195391,1207053,1207784,1208751 This update for spack fixes the following issues: Version update from 0.17.1 to 0.19.1 (jsc#PED-2803, jsc#PED-3000): - For the full list of features and upstream fixes implemented by this update please consult the release notes at: * https://github.com/spack/spack/releases/tag/v0.19.1 * https://github.com/spack/spack/releases/tag/v0.19.0 * https://github.com/spack/spack/releases/tag/v0.18.1 * https://github.com/spack/spack/releases/tag/v0.18.0 - Bug fixes and improvements: * Make sure the spack environment is set up correctly in spack-generated Dockerfiles (bsc#1207784) * Fix MPI packages not being recognized any more (bsc#1208751) * Fix syntax in post scripts (bsc#1195391) * Fix var_path which that is set incorrectly in version 0.19.0 (bsc#1207053) * Move repositories to `/usr/share/spack`: `/var` is strictly for local data * Improve error message for requirements * Fix libtool filter for Fujitsu compilers * Fix `spack mirror create` to not change paths to urls - Improve `run-find-external.sh` script: * Extend to run `spack compiler find` * Separate triggers for packages and compilers * Better handle when search patterns match multiple directories - Removals and Deprecations: * Support for Python 3.5 is dropped. Only Python 3.6+ are officially supported. * `LD_LIBRARY_PATH` is no longer set by default by spack load or module loads. Setting `LD_LIBRARY_PATH` in Spack environments/modules can cause binaries from outside of Spack to crash, and Spack's own builds use `RPATH` and do not need `LD_LIBRARY_PATH` set in order to run. If you still want the old behavior, you can run these commands to configure Spack to set LD_LIBRARY_PATH: `spack config add modules:prefix_inspections:lib64:[LD_LIBRARY_PATH]` `spack config add modules:prefix_inspections:lib:[LD_LIBRARY_PATH]` * The `spack:concretization:[together|separately]` has been deprecatred. Now use `concretizer:unify:[true|false]` * `config:module_roots` is no longer supported. Use configuration in module sets instead * `spack activate` and `spack deactivate` are no longer supported, having been deprecated in v0.18. Use an environment with a view instead of activating/deactivating (docs) * The old YAML format for buildcaches is now deprecated. If you are using an old buildcache with YAML metadata you will need to regenerate it with JSON metadata. * `spack bootstrap trust` and `spack bootstrap untrust` are deprecated in favor of `spack bootstrap enable` and `spack bootstrap disable` * The `graviton2` architecture has been renamed to `neoverse_n1`, and `graviton3` is now `neoverse_v1`. Buildcaches using the old architecture names will need to be rebuilt * The terms 'blacklist' and 'whitelist' have been replaced with 'include' and 'exclude' in all configuration files. You can use `spack config update` to automatically fix your configuration files ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3990-1 Released: Fri Oct 6 06:51:17 2023 Summary: Recommended update for spack Type: recommended Severity: moderate References: 1214222 This update for spack fixes the following issues: - Update to version 0.20.1 with the following changes: * Package level fixes: + Fix SPACK_ROOT setting in /etc/profile.d/spack.[c]sh (bsc#1214222). + Add hwloc-devel and sqlite3 to the packages that trigger a `spack external find`. + Make sure, libhwloc and hwloc are installed together when spack is installed. * Bug fixes: + Fix spec removed from an environment where not actually removed if `--force` was not given. + Hotfix for a few recipes that treat CMake as a link dependency. + Fix re-running stand-alone test a second time, which was getting a trailing spurious failure. + Fix reading JSON manifest on Cray, reporting non-concrete specs. + Fix a few bugs when generating Dockerfiles from Spack. + Fix a few long-standing bugs when generating module files. + Fix issues with building Python extensions when using an external Python. + Fix `spack compiler remove`: remove from command line even if they appear in different scopes. * Features: + Speed-up module file generation. + Show external status as `[e]`. + Backport `archspec` fixes. + Improve a few error messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4569-1 Released: Mon Nov 27 06:40:01 2023 Summary: Recommended update for spack Type: recommended Severity: moderate References: 1216941 This update for spack fixes the following issues: - Updated to version 0.20.3 with the following changes (bsc#1216941): * Bug fixes: + Fix a bug where `spack mirror set-url` would drop configured connection info. + Fix a minor issue with package hash computation for Python 3.12. + Improve escaping in Tcl module files. + Make repo cache work on repositouries with zero mtime. + Ignore errors for newer, incompatible buildcache version. + Print an error when git is required, but missing. + Ensure missing build dependencies get installed when using `spack install --overwrite`. + Fix an issue where Spack freezes when the build process unexpectedly exits. + Fix a bug where installation failures cause an unrelated `NameError` to be thrown. + Fix an issue where Spack package versions would be incorrectly derived from git tags. + Fix a bug triggered when file locking fails internally. + Prevent `spack external find` to error out when a directory cannot be accessed. + Fix multiple performance regressions in environments. + Add more ignored modules to `pyproject.toml` for `mypy`. * Features: + Spack now supports Python 3.12. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:453-1 Released: Tue Feb 13 02:39:42 2024 Summary: Recommended update for spack Type: recommended Severity: moderate References: 1219480 This update for spack fixes the following issues: spack was updated to version 0.21.1 (bsc#1219480): - Version 0.21.1: * Add support for reading buildcaches created by Spack v0.22 * Bugfixes: + `spack graph`: fix coloring with environments + `spack info`: sort variants in --variants-by-name + `Spec.format`: error on old style format strings + ASP-based solver: - fix infinite recursion when computing concretization errors - don't error for type mismatch on preferences - don't emit spurious debug output. + Improve the error message for deprecated preferences + Fix multi-word aliases + Add a warning for unconfigured compiler + environment: fix an issue with deconcretization/reconcretization of specs + buildcache: don't error if a patch is missing, when installing from binaries - Version 0.21.0: * New features: + Better error messages with condition chaining: In v0.18, we added better error messages that could tell you what problem happened, but they couldn't tell you why it happened. 0.21 adds condition chaining to the solver, and Spack can now trace back through the conditions that led to an error and build a tree of causes potential causes and where they came from. + OCI build caches: You can now use an arbitrary OCI registry as a build cache: - For Dockerhub: `$ spack mirror add my_registry oci://user/image` - For another registry (GHCR): `$ spack mirror add my_registry oci://ghcr.io/haampie/spack-test` Then set the login credentials: `$ spack mirror set --push --oci-username ... --oci-password ... my_registry` and push to it: `$ spack buildcache push my_registry [specs...]` You can optionally add a base image to get runnable images: ``` $ spack buildcache push --base-image leap:15.5 my_registry python` Pushed ... as [image]:python-3.11.2-65txfcpqbmpawclvtasuog4yzmxwaoia.spack $ docker run --rm -it [image]:python-3.11.2-65txfcpqbmpawclvtasuog4yzmxwaoia.spack ``` This creates a container image from the Spack installations on the host system, without the need to run `spack install` from a `Dockerfile` or `sif` file. It also addresses the inconvenience of losing binaries of dependencies when `RUN spack install` fails inside `docker build`. Further, the container image layers and build cache tarballs are the same files. This means that `spack install` and `docker pull` use the exact same underlying binaries. If you previously used `spack install` inside of docker build, this feature helps you save storage by a factor two. + Multiple versions of build dependencies: Increasingly, complex package builds require multiple versions of some build dependencies. For example, Python packages frequently require very specific versions of `setuptools`, `cython`, while different physics packages require different versions of Python to build. The concretizer enforced that every solve was unified, i.e., so that there was only one version of every package. The concretizer now supports 'duplicate' nodes for build dependencies, but enforces unification through transitive link and run dependencies. This will allow it to better resolve complex dependency graphs in ecosystems like Python. + Cherry-picking virtual dependencies: You can now select only a subset of virtual dependencies from a spec that may provide more. For example, to make mpich your mpi provider, you can be explicit by writing: `hdf5 ^[virtuals=mpi] mpich` Or, to use, e.g., `intel-parallel-studio` for blas along with an external `lapack` like `openblas`, you could write: ``` strumpack ^[virtuals=mpi] intel-parallel-studio+mkl ^[virtuals=lapack] openblas` ``` The `virtuals=mpi` is an edge attribute, and dependency edges in Spack graphs now track which virtuals they satisfied. + The `spack deconcretize` command gives you control over what you want to update in an already concrete environment. As an example, with an environment built with meson, and you want to update your meson version, you can run: `$spack deconcretize meson` and have everything that depends on meson rebuilt the next time you run spack concretize. In the future, we'll handle this in a single command, but for now you can use this to drop bits of your lockfile and resolve your dependencies again. + UI Improvements: The `spack info` received a rework to make the output more appealing. It is now on par with the rest of Spack's UI. `spack info` now makes much better use of terminal space and shows variants, their values, and their descriptions more clearly. Conditional variants are grouped separately so you can more easily understand how packages are structured. `spack checksum` now allows you to filter versions from your editor, or by version range. It also notifies you about potential download URL changes. + Environments can include definitions: Spack did not previously support using `include:` with The definitions section of an environment, but now it does. You can use this to curate lists of specs and more easily reuse them across environments. + Aliases: You can now add aliases to Spack commands in `config.yaml`, e.g. this might enshrine your favorite args to `spack find` as `spack f`: ``` config: aliases: f: find -lv ``` + Improved autoloading of modules: In this release, you can start using `hide_implicits: true` instead, which exposes only explicitly installed packages to the user, while still autoloading dependencies. On top of that, you can safely use `hash_length: 0`, as this config now only applies to the modules exposed to the user -- you don't have to worry about file name clashes for hidden dependencies. Note: for Tcl this feature requires Modules 4.7 or higher * Other new commands and directives: + `spack env activate` without arguments now loads a default environment that you do not have to create. + `spack find -H` / `--hashes`: a new shortcut for piping spack find output to other commands. + Add `spack checksum --verify`, fix `--add`. + New `default_args` context manager factors out common args for directives. + `spack compiler find --[no]-mixed-toolchain` lets you easily mix clang and gfortran on Linux * Performance improvements: + `spack external find execution` is now much faster. + `spack location -i` is now much faster on success. + Drop redundant rpaths post install. + ASP-based solver: avoid cycles in clingo using hidden directive. + Fix multiple quadratic complexity issues in environments * Other new features of note: + archspec: update to v0.2.2, support for Sapphire Rapids, Power10, Neoverse V2. + Propagate variants across nodes that don't have that variant + Implement fish shell completion. + Can now distinguish between source/binary mirror; don't ping mirror.spack.io as much. + Improve status reporting on `spack install` (add [n/total] display...). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:950-1 Released: Thu Mar 21 08:54:02 2024 Summary: Recommended update for spack Type: recommended Severity: important References: 1221471,1221503 This update for spack fixes the following issues: - Spack was updated to version 0.21.2: * Bugs fixed: + Containerize: accommodate nested or pre-existing `spack-env` paths. + Fix `setup-env` script, when going back and forth between instances. + Fix using fully-qualified namespaces from root specs. + Fix a bug when a required provider is requested for multiple virtuals. + OCI buildcaches: * only push in parallel when forking. * use pickleable errors (#42160) + Fix using sticky variants in externals. + Fix a rare issue with conditional requirements and multi-valued variants. * Recipy updates: + `rust`: add v1.75, rework a few variants. + `py-transformers`: add v4.35.2. - Fix path to setup-env.sh in the Apptainer template (bsc#1221471). - Add libgfortran, libfl2 and libzip5 to the Spack runtime container as the Spack build container has the corresponding devel packages but these libraries are not installed in a BCI-style base container by default (bsc#1221503). - Make python version used configurable. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3969-1 Released: Mon Nov 11 10:06:18 2024 Summary: Recommended update for spack Type: recommended Severity: moderate References: This update for spack fixes the following issues: - spack was updated from version 0.21.2 to 0.21.3: * Bugs fixed: - Forward compatibility with Spack 0.23 packages with language dependencies. - Forward compatibility with `urllib` from Python 3.12.6+. - Bump archspec to 0.2.5-dev for better aarch64 support. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2025:323-1 Released: Mon Feb 3 09:12:14 2025 Summary: Feature update for spack Type: feature Severity: moderate References: 1235144 This update for spack fixes the following issues: spack was updated from version 0.21.3 to 0.23.0: - Improved documentation generation (bsc#1235144) - Version v0.23.0: * New features: + Spec splicing + Broader variant propagation + Ability to query specs by namespace + `spack spec` now respects environment settings and `unify:true` + Improved and polished `spack spec` and `spack find -c` output + The command `spack -C ` allows to use an environment's configuration without activation * New commands, options, and directives: + The new `spack env track` command takes a non-managed Spack environment and adds a symlink to Spack's `$environments_root` directory. + Added `-t` short option for `spack --backtrace` to output backtrace errors + `gc` now allows to garbage-collect specific packages through the command line + `oci buildcaches` now supports the option `--only=package` * Highlighted bugfixes: + Externals no longer override the preferred provider + Composable `cflags` + Fixed concretizer Unification for included environments * Deprecations, removals, and syntax changes: + The old concretizer has been removed from Spack, along with the `config:concretizer` config option + Best-effort expansion of spec matrices has been removed + The old Cray `platform` (based on Cray PE modules) has been removed, and `platform=cray` is no longer supported + The `config:install_missing_compilers` config option has beendeprecated + Config options that deprecated in `v0.21` have been removed + Spack's old test interface has been removed + The `spack versions --safe-only` option, deprecated since `v0.21.0`, has been removed + The `--dependencies` and `--optimize` arguments to `spack ci` have been deprecated - Version 0.22.2: * Bugs fixed: + Bumped vendored `archspec` for better aarch64 support + Fixed regression in `{variants.X}` and `{variants.X.value}` format strings + Ensure shell escaping of environment variable values in load and activate commands + Fixed an issue where `spec[pkg]` considers specs outside the current DAG + Do not halt concretization on unknown variants in externals + Improved validation of `develop` config section/ + Explicitly disable `ccache` if turned off in config, to avoid cache pollution + Improved backwards compatibility in `include_concrete` + Fixed issue where package tags were sometimes repeated + Make `setup-env.sh` 'sourced only' by dropping execution bits + Make certain source/binary fetch errors recoverable instead of a hard error + Do not initialize previous store state in `use_store` - Update to 0.22.1. * Bugs fixed: + Fix reuse of externals on Linux + Ensure parent gcc-runtime version >= child + Ensure the latest gcc-runtime is rpath'ed when multiple exist among link deps + Improve version detection of glibc + Improve heuristics for solver + Make strong preferences override reuse + Reduce verbosity when C compiler is missing + Make missing ccache executable an error when required + Make every environment view containing `python` a `venv` + Fix external detection for compilers with os but no target. + Fix version optimization for roots. + Handle common implementations of pagination of tags in OCI build caches. + Apply fetched patches to develop specs + Avoid Windows wrappers for filesystem utilities on non-Windows + Fix formatting issue in `spack audit` * Other changes: + Give 'site' scope a lower precedence than 'system' scope - Version 0.22.0: * New features: + Compiler dependencies are moving from `compilers.yaml` to `packages.yaml` + Improved spack find UI for Environments + Improved command-line string quoting + Revert default spack install behavior to `--reuse` + The `install` command now offers three options + More control over reused specs + New `conflict:` and `prefer:` syntax for package preferences + `include_concrete` in environments + `python-venv` isolation + Packages can now specify whether they may be distributed in source or binary form * Removals, deprecations, and syntax changes: + Removed `dpcpp` compiler and package + `spack load`: removed `--only` argument * Bugs fixed: + repo.py: drop deleted packages from provider cache + Allow `+` in module file names + `cmd/python`: use runpy to allow multiprocessing in scripts + Show extension commands with `spack -h` + Support environment variable expansion inside module projections + Alert user to failed concretizations + `shell`: fix `zsh` color formatting for PS1 in environments + `spack mirror create --all`: include patches ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:717-1 Released: Wed Feb 26 06:38:58 2025 Summary: Recommended update for spack Type: recommended Severity: moderate References: This update for spack fixes the following issues: - spack was updated from version 0.23.0 to version 0.23.1: * Fixed a correctness issue of `ArchSpec.intersects`. * Make extra_attributes order independent in Spec hashing. * Fixed issue where system proxy settings were not respected in OCI build caches. * Fixed an issue where the `--test` concretizer flag was not forwarded correctly. * Ensure proper UTF-8 encoding/decoding in logging. * Fixed issues related `to filter_file`. * Fixed an issue related to creating bootstrap source mirrors. * Fixed an issue where command line config arguments were not always top level. * Fixed an incorrect typehint of `concretized()`. * Improved mention of next Spack version in warning. Tests: fixed forward compatibility with Python 3.13. * Docs: encourage use of `--oci-username-variable` and `--oci-password-variable`. * Docs: ensure Getting Started has bootstrap list output in correct place. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:985-1 Released: Fri Mar 21 18:45:14 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1237606,1238610,CVE-2025-1632,CVE-2025-25724 This update for libarchive fixes the following issues: - CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606) - CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.12 updated - libgcrypt20-1.11.0-150700.2.17 updated - libopenssl-3-fips-provider-3.2.3-150700.3.12 updated - libudev1-254.24-150600.4.28.1 updated - openssl-3-3.2.3-150700.3.12 updated - libnettle8-3.10.1-150700.2.11 updated - libopenssl1_1-1.1.1w-150700.9.25 updated - xz-5.4.1-150600.3.3.1 updated - libsystemd0-254.24-150600.4.28.1 updated - libarchive13-3.7.2-150600.3.12.1 updated - libhogweed6-3.10.1-150700.2.11 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - xz-devel-5.4.1-150600.3.3.1 updated - libopenssl-3-devel-3.2.3-150700.3.12 updated - spack-recipes-0.23.1-150400.24.1 updated - spack-0.23.1-150400.24.1 updated - container:sles15-image-15.7.0-4.2.50 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:47:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:47:43 +0200 (CEST) Subject: SUSE-CU-2025:2402-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250404084743.F220EF783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2402-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.10 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.10 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated - container:sles15-ltss-image-15.4.0-2.31 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:49:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:49:54 +0200 (CEST) Subject: SUSE-CU-2025:2405-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250404084954.2985CF783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2405-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.15 , suse/manager/4.3/proxy-tftpd:4.3.15.9.53.6 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.53.6 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated - container:sles15-ltss-image-15.4.0-2.31 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:51:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:51:08 +0200 (CEST) Subject: SUSE-CU-2025:2406-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250404085108.AA5BEF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2406-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.103 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.103 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Fri Apr 4 08:54:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Apr 2025 10:54:57 +0200 (CEST) Subject: SUSE-CU-2025:2408-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250404085457.38128F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2408-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.105 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.105 Severity : important Type : recommended References : 1234798 1240009 1240343 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-150200.38.1 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:05:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:05:26 +0200 (CEST) Subject: SUSE-IU-2025:844-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250405070526.1BBBCF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:844-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.8 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.8 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 272 Released: Fri Apr 4 15:07:10 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in xmlPatMatch (bsc#1237418). The following package changes have been done: - libxml2-2-2.11.6-5.1 updated - SL-Micro-release-6.0-25.13 updated - container:SL-Micro-base-container-2.1.3-6.6 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:05:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:05:54 +0200 (CEST) Subject: SUSE-IU-2025:845-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250405070554.217F3F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:845-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-6.6 , suse/sl-micro/6.0/base-os-container:latest Image Release : 6.6 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 272 Released: Fri Apr 4 15:07:10 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in xmlPatMatch (bsc#1237418). The following package changes have been done: - libxml2-2-2.11.6-5.1 updated - SL-Micro-release-6.0-25.13 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:06:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:06:23 +0200 (CEST) Subject: SUSE-IU-2025:846-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250405070623.1E07DF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:846-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.6 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.6 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 272 Released: Fri Apr 4 15:07:10 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in xmlPatMatch (bsc#1237418). The following package changes have been done: - libxml2-2-2.11.6-5.1 updated - SL-Micro-release-6.0-25.13 updated - container:SL-Micro-base-container-2.1.3-6.6 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:06:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:06:54 +0200 (CEST) Subject: SUSE-IU-2025:847-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250405070654.D4389F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:847-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.8 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.8 Severity : important Type : security References : 1237363 1237370 1237418 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 272 Released: Fri Apr 4 15:07:10 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in xmlPatMatch (bsc#1237418). The following package changes have been done: - libxml2-2-2.11.6-5.1 updated - SL-Micro-release-6.0-25.13 updated - container:SL-Micro-container-2.1.3-6.8 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:08:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:08:54 +0200 (CEST) Subject: SUSE-CU-2025:2414-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250405070854.34368F783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2414-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.64 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.64 Severity : important Type : recommended References : 1237587 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1144-1 Released: Fri Apr 4 15:45:01 2025 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1237587 This update for libzypp fixes the following issues: - Do not double encode URL strings passed on the commandline (bsc#1237587) URLs passed on the commandline must have their special chars encoded already. We just want to check and encode forgotten unsafe chars like a blank. A '%' however must not be encoded again. The following package changes have been done: - libzypp-16.22.16-75.1 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:12:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:12:47 +0200 (CEST) Subject: SUSE-CU-2025:2415-1: Security update of bci/golang Message-ID: <20250405071247.5F354F783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2415-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.8 , bci/golang:1.23.8-2.34.30 , bci/golang:oldstable , bci/golang:oldstable-2.34.30 Container Release : 34.30 Severity : important Type : security References : 1229122 1240414 1240550 CVE-2025-22871 CVE-2025-31115 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1141-1 Released: Fri Apr 4 13:41:39 2025 Summary: Security update for go1.23 Type: security Severity: important References: 1229122,1240550,CVE-2025-22871 This update for go1.23 fixes the following issues: - Update to go1.23.8 - CVE-2025-22871: Fix an issue with request smuggling through invalid chunked data. (bsc#1240550) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - go1.23-doc-1.23.8-150000.1.27.1 updated - go1.23-1.23.8-150000.1.27.1 updated - go1.23-race-1.23.8-150000.1.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:13:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:13:30 +0200 (CEST) Subject: SUSE-CU-2025:2416-1: Security update of bci/bci-init Message-ID: <20250405071330.C5F1CF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2416-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.24 , bci/bci-init:latest Container Release : 31.24 Severity : important Type : security References : 1234452 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:14:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:14:33 +0200 (CEST) Subject: SUSE-CU-2025:2418-1: Security update of bci/nodejs Message-ID: <20250405071433.012E1F783@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2418-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.52 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.52 , bci/nodejs:latest Container Release : 48.52 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:14:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:14:41 +0200 (CEST) Subject: SUSE-CU-2025:2419-1: Security update of bci/openjdk-devel Message-ID: <20250405071441.2B63DF783@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2419-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-4.19 Container Release : 4.19 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:bci-openjdk-17-d99aee46e36bfef37afa5506d36a2eadcac38c315c92d0c3f1c66d6fc4a4b0e9-0 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:15:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:15:31 +0200 (CEST) Subject: SUSE-CU-2025:2420-1: Security update of bci/openjdk-devel Message-ID: <20250405071531.A4BDBF783@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2420-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.35 , bci/openjdk-devel:latest Container Release : 33.35 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:bci-openjdk-21-ea644702f693658f9859e5f7ed68a8e4cd48bae456da8f0602a48391ef608ddf-0 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:16:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:16:09 +0200 (CEST) Subject: SUSE-CU-2025:2421-1: Security update of suse/pcp Message-ID: <20250405071609.C1131F783@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2421-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.62 , suse/pcp:latest Container Release : 42.62 Severity : important Type : security References : 1234452 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - container:bci-bci-init-15.6-369e26fcb22cd80e9e6ef7ad32cb6e7c88b07f3b93a5c342b7ab776c54789471-0 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:16:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:16:45 +0200 (CEST) Subject: SUSE-CU-2025:2422-1: Security update of bci/php Message-ID: <20250405071645.86CDBF783@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2422-1 Container Tags : bci/php:8 , bci/php:8.2.28 , bci/php:8.2.28-48.46 , bci/php:latest Container Release : 48.46 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:17:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:17:51 +0200 (CEST) Subject: SUSE-CU-2025:2424-1: Security update of bci/rust Message-ID: <20250405071751.8C3A4F783@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2424-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.1 , bci/rust:1.84.1-2.2.13 , bci/rust:oldstable , bci/rust:oldstable-2.2.13 Container Release : 2.13 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-eb5b0bbcfcab5602ca952df5df208a2a66822bc50cd24e63aacb42bcb36f3da8-0 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:18:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:18:31 +0200 (CEST) Subject: SUSE-CU-2025:2425-1: Recommended update of bci/rust Message-ID: <20250405071831.111D3F783@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2425-1 Container Tags : bci/rust:1.85 , bci/rust:1.85.1 , bci/rust:1.85.1-1.2.13 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.13 Container Release : 2.13 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1140-1 Released: Fri Apr 4 13:29:35 2025 Summary: Recommended update for rust1.85 Type: recommended Severity: moderate References: This update for rust1.85 fixes the following issues: Version 1.85.1 (2025-03-18) ========================== - Fix the doctest-merging feature of the 2024 Edition. - Relax some `target_feature` checks when generating docs. - Fix errors in `std::fs::rename` on Windows 10, version 1607. - Downgrade bootstrap `cc` to fix custom targets. - Skip submodule updates when building Rust from a source tarball. The following package changes have been done: - rust1.85-1.85.1-150300.7.6.1 updated - cargo1.85-1.85.1-150300.7.6.1 updated From sle-container-updates at lists.suse.com Sat Apr 5 07:19:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Apr 2025 09:19:58 +0200 (CEST) Subject: SUSE-CU-2025:2426-1: Security update of suse/valkey Message-ID: <20250405071958.7415CF783@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2426-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-38.4 , suse/valkey:latest Container Release : 38.4 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - liblzma5-5.4.1-150600.3.3.1 updated - container:suse-sle15-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated - container:registry.suse.com-bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 updated From sle-container-updates at lists.suse.com Mon Apr 7 13:00:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Apr 2025 15:00:49 +0200 (CEST) Subject: SUSE-CU-2025:2428-1: Security update of bci/golang Message-ID: <20250407130049.BF4F0FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2428-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.2 , bci/golang:1.24.2-1.34.30 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.30 Container Release : 34.30 Severity : important Type : security References : 1236217 1239182 1240550 CVE-2025-22871 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1153-1 Released: Mon Apr 7 10:15:48 2025 Summary: Security update for go1.24 Type: security Severity: important References: 1236217,1239182,1240550,CVE-2025-22871 This update for go1.24 fixes the following issues: - Update to go1.24.2 - CVE-2025-22871: Fix an issue with request smuggling through invalid chunked data. (bsc#1240550) The following package changes have been done: - go1.24-doc-1.24.2-150000.1.17.1 updated - go1.24-1.24.2-150000.1.17.1 updated - go1.24-race-1.24.2-150000.1.17.1 updated From sle-container-updates at lists.suse.com Mon Apr 7 13:00:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Apr 2025 15:00:57 +0200 (CEST) Subject: SUSE-CU-2025:2429-1: Recommended update of bci/openjdk-devel Message-ID: <20250407130057.1CFF4FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2429-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-4.20 Container Release : 4.20 Severity : moderate Type : recommended References : 1231298 CVE-2024-47554 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1150-1 Released: Mon Apr 7 09:47:05 2025 Summary: Recommended update for apache-commons-io Type: recommended Severity: moderate References: 1231298,CVE-2024-47554 This update for apache-commons-io fixes the following issues: apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: * Cleaner code and updated dependencies * Improved security when handling serialized data with the new safe deserialization feature * New features for advanced file and stream operations * Various bugs were fixed to improve reliability with fewer crashes and unexpected errors * For the full list of changes please consult the packaged RELEASE-NOTES.txt - Already fixed in previous version: * CVE-2024-47554: Untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298) The following package changes have been done: - apache-commons-io-2.18.0-150200.3.15.1 updated From sle-container-updates at lists.suse.com Mon Apr 7 13:01:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Apr 2025 15:01:44 +0200 (CEST) Subject: SUSE-CU-2025:2430-1: Recommended update of bci/openjdk-devel Message-ID: <20250407130144.BC50AFD12@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2430-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.36 , bci/openjdk-devel:latest Container Release : 33.36 Severity : moderate Type : recommended References : 1231298 CVE-2024-47554 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1150-1 Released: Mon Apr 7 09:47:05 2025 Summary: Recommended update for apache-commons-io Type: recommended Severity: moderate References: 1231298,CVE-2024-47554 This update for apache-commons-io fixes the following issues: apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: * Cleaner code and updated dependencies * Improved security when handling serialized data with the new safe deserialization feature * New features for advanced file and stream operations * Various bugs were fixed to improve reliability with fewer crashes and unexpected errors * For the full list of changes please consult the packaged RELEASE-NOTES.txt - Already fixed in previous version: * CVE-2024-47554: Untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298) The following package changes have been done: - apache-commons-io-2.18.0-150200.3.15.1 updated From sle-container-updates at lists.suse.com Tue Apr 8 07:13:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Apr 2025 09:13:03 +0200 (CEST) Subject: SUSE-CU-2025:2436-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250408071303.B88DCFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2436-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.109 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.109 Severity : moderate Type : recommended References : 1235751 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1160-1 Released: Mon Apr 7 17:28:43 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 vim was updated to 9.1.1176. Changes: * wrong indent when expanding multiple lines * inconsistent behaviour with exclusive selection and motion commands * filetype: ABNF files are not detected * [security]: overflow with 'nostartofline' and Ex command in tag file * wildmenu highlighting in popup can be improved * using global variable for get_insert()/get_lambda_name() * wrong flags passed down to nextwild() * mark '] wrong after copying text object * command-line auto-completion hard with wildmenu * diff: regression with multi-file diff blocks * [security]: code execution with tar.vim and special crafted tar files * $MYVIMDIR is set too late * completion popup not cleared in cmdline * preinsert requires bot 'menu' and 'menuone' to be set * Ctrl-Y does not work well with 'preinsert' when completing items * $MYVIMDIR may not always be set * :verbose set has wrong file name with :compiler! * command completion wrong for input() * Mode message not cleared after :silent message * Vim9: not able to use autoload class accross scripts * build error on Haiku * Patch v9.1.1151 causes problems * too many strlen() calls in getchar.c * :hi completion may complete to wrong value * Unix Makefile does not support Brazilian lang for the installer * Vim9: finding imported scripts can be further improved * preview-window does not scroll correctly * Vim9: wrong context being used when evaluating class member * multi-line completion has wrong indentation for last line * no way to create raw strings from a blob * illegal memory access when putting a register * Misplaced comment in readfile() * filetype: m17ndb files are not detected * [fifo] is not displayed when editing a fifo * cmdline completion for :hi is too simplistic * ins_str() is inefficient by calling STRLEN() * Match highlighting marks a buffer region as changed * 'suffixesadd' doesn't work with multiple items * filetype: Guile init file not recognized * filetype: xkb files not recognized everywhere * Mark positions wrong after triggering multiline completion * potential out-of-memory issue in search.c * 'listchars' 'precedes' is not drawn on Tabs. * missing out-of-memory test in buf_write() * patch 9.1.1119 caused a regression with imports * preinsert text is not cleaned up correctly * patch 9.1.1121 used a wrong way to handle enter * cannot loop through pum menu with multiline items * No test for 'listchars' 'precedes' with double-width char * popup hi groups not falling back to defaults * too many strlen() calls in findfile.c * Enter does not insert newline with 'noselect' * Vim9: Not able to use an autoloaded class from another autoloaded script * Vim9: super not supported in lambda expressions * [security]: use-after-free in str_to_reg() * enabling termguicolors automatically confuses users * Inconsistencies in get_next_or_prev_match() * Vim9: variable not found in transitive import * cmdexpand.c hard to read * 'smoothscroll' gets stuck with 'listchars' 'eol' * cannot loop through completion menu with fuzzy * Vim9: no support for protected new() method * CI: using Ubuntu 22.04 Github runners * if_perl: still some compile errors with Perl 5.38 The following package changes have been done: - vim-data-common-9.1.1176-150000.5.72.1 updated - vim-9.1.1176-150000.5.72.1 updated - xxd-9.1.1176-150000.5.72.1 updated From sle-container-updates at lists.suse.com Tue Apr 8 07:06:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Apr 2025 09:06:55 +0200 (CEST) Subject: SUSE-IU-2025:849-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250408070655.8F1C0FCF8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:849-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.269 , suse/sle-micro/5.5:latest Image Release : 5.5.269 Severity : moderate Type : recommended References : 1235751 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 The following package changes have been done: - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-small-9.1.1176-150500.20.24.2 updated From sle-container-updates at lists.suse.com Tue Apr 8 07:16:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Apr 2025 09:16:50 +0200 (CEST) Subject: SUSE-CU-2025:2438-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250408071650.5B575FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2438-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.109 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.109 Severity : moderate Type : recommended References : 1235751 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1160-1 Released: Mon Apr 7 17:28:43 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 vim was updated to 9.1.1176. Changes: * wrong indent when expanding multiple lines * inconsistent behaviour with exclusive selection and motion commands * filetype: ABNF files are not detected * [security]: overflow with 'nostartofline' and Ex command in tag file * wildmenu highlighting in popup can be improved * using global variable for get_insert()/get_lambda_name() * wrong flags passed down to nextwild() * mark '] wrong after copying text object * command-line auto-completion hard with wildmenu * diff: regression with multi-file diff blocks * [security]: code execution with tar.vim and special crafted tar files * $MYVIMDIR is set too late * completion popup not cleared in cmdline * preinsert requires bot 'menu' and 'menuone' to be set * Ctrl-Y does not work well with 'preinsert' when completing items * $MYVIMDIR may not always be set * :verbose set has wrong file name with :compiler! * command completion wrong for input() * Mode message not cleared after :silent message * Vim9: not able to use autoload class accross scripts * build error on Haiku * Patch v9.1.1151 causes problems * too many strlen() calls in getchar.c * :hi completion may complete to wrong value * Unix Makefile does not support Brazilian lang for the installer * Vim9: finding imported scripts can be further improved * preview-window does not scroll correctly * Vim9: wrong context being used when evaluating class member * multi-line completion has wrong indentation for last line * no way to create raw strings from a blob * illegal memory access when putting a register * Misplaced comment in readfile() * filetype: m17ndb files are not detected * [fifo] is not displayed when editing a fifo * cmdline completion for :hi is too simplistic * ins_str() is inefficient by calling STRLEN() * Match highlighting marks a buffer region as changed * 'suffixesadd' doesn't work with multiple items * filetype: Guile init file not recognized * filetype: xkb files not recognized everywhere * Mark positions wrong after triggering multiline completion * potential out-of-memory issue in search.c * 'listchars' 'precedes' is not drawn on Tabs. * missing out-of-memory test in buf_write() * patch 9.1.1119 caused a regression with imports * preinsert text is not cleaned up correctly * patch 9.1.1121 used a wrong way to handle enter * cannot loop through pum menu with multiline items * No test for 'listchars' 'precedes' with double-width char * popup hi groups not falling back to defaults * too many strlen() calls in findfile.c * Enter does not insert newline with 'noselect' * Vim9: Not able to use an autoloaded class from another autoloaded script * Vim9: super not supported in lambda expressions * [security]: use-after-free in str_to_reg() * enabling termguicolors automatically confuses users * Inconsistencies in get_next_or_prev_match() * Vim9: variable not found in transitive import * cmdexpand.c hard to read * 'smoothscroll' gets stuck with 'listchars' 'eol' * cannot loop through completion menu with fuzzy * Vim9: no support for protected new() method * CI: using Ubuntu 22.04 Github runners * if_perl: still some compile errors with Perl 5.38 The following package changes have been done: - vim-data-common-9.1.1176-150000.5.72.1 updated - vim-9.1.1176-150000.5.72.1 updated - xxd-9.1.1176-150000.5.72.1 updated From sle-container-updates at lists.suse.com Tue Apr 8 07:17:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Apr 2025 09:17:14 +0200 (CEST) Subject: SUSE-CU-2025:2439-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250408071714.28B6CFCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2439-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.65 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.65 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1158-1 Released: Mon Apr 7 15:25:21 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.1.8-24.64.1 updated From sle-container-updates at lists.suse.com Tue Apr 8 07:22:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Apr 2025 09:22:58 +0200 (CEST) Subject: SUSE-CU-2025:2440-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250408072258.92825FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2440-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.104 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.104 Severity : moderate Type : recommended References : 1235751 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1160-1 Released: Mon Apr 7 17:28:43 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 vim was updated to 9.1.1176. Changes: * wrong indent when expanding multiple lines * inconsistent behaviour with exclusive selection and motion commands * filetype: ABNF files are not detected * [security]: overflow with 'nostartofline' and Ex command in tag file * wildmenu highlighting in popup can be improved * using global variable for get_insert()/get_lambda_name() * wrong flags passed down to nextwild() * mark '] wrong after copying text object * command-line auto-completion hard with wildmenu * diff: regression with multi-file diff blocks * [security]: code execution with tar.vim and special crafted tar files * $MYVIMDIR is set too late * completion popup not cleared in cmdline * preinsert requires bot 'menu' and 'menuone' to be set * Ctrl-Y does not work well with 'preinsert' when completing items * $MYVIMDIR may not always be set * :verbose set has wrong file name with :compiler! * command completion wrong for input() * Mode message not cleared after :silent message * Vim9: not able to use autoload class accross scripts * build error on Haiku * Patch v9.1.1151 causes problems * too many strlen() calls in getchar.c * :hi completion may complete to wrong value * Unix Makefile does not support Brazilian lang for the installer * Vim9: finding imported scripts can be further improved * preview-window does not scroll correctly * Vim9: wrong context being used when evaluating class member * multi-line completion has wrong indentation for last line * no way to create raw strings from a blob * illegal memory access when putting a register * Misplaced comment in readfile() * filetype: m17ndb files are not detected * [fifo] is not displayed when editing a fifo * cmdline completion for :hi is too simplistic * ins_str() is inefficient by calling STRLEN() * Match highlighting marks a buffer region as changed * 'suffixesadd' doesn't work with multiple items * filetype: Guile init file not recognized * filetype: xkb files not recognized everywhere * Mark positions wrong after triggering multiline completion * potential out-of-memory issue in search.c * 'listchars' 'precedes' is not drawn on Tabs. * missing out-of-memory test in buf_write() * patch 9.1.1119 caused a regression with imports * preinsert text is not cleaned up correctly * patch 9.1.1121 used a wrong way to handle enter * cannot loop through pum menu with multiline items * No test for 'listchars' 'precedes' with double-width char * popup hi groups not falling back to defaults * too many strlen() calls in findfile.c * Enter does not insert newline with 'noselect' * Vim9: Not able to use an autoloaded class from another autoloaded script * Vim9: super not supported in lambda expressions * [security]: use-after-free in str_to_reg() * enabling termguicolors automatically confuses users * Inconsistencies in get_next_or_prev_match() * Vim9: variable not found in transitive import * cmdexpand.c hard to read * 'smoothscroll' gets stuck with 'listchars' 'eol' * cannot loop through completion menu with fuzzy * Vim9: no support for protected new() method * CI: using Ubuntu 22.04 Github runners * if_perl: still some compile errors with Perl 5.38 The following package changes have been done: - vim-data-common-9.1.1176-150000.5.72.1 updated - vim-9.1.1176-150000.5.72.1 updated - xxd-9.1.1176-150000.5.72.1 updated From sle-container-updates at lists.suse.com Tue Apr 8 07:27:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Apr 2025 09:27:28 +0200 (CEST) Subject: SUSE-CU-2025:2442-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250408072728.B8AA4FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2442-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.106 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.106 Severity : moderate Type : recommended References : 1235751 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1160-1 Released: Mon Apr 7 17:28:43 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 vim was updated to 9.1.1176. Changes: * wrong indent when expanding multiple lines * inconsistent behaviour with exclusive selection and motion commands * filetype: ABNF files are not detected * [security]: overflow with 'nostartofline' and Ex command in tag file * wildmenu highlighting in popup can be improved * using global variable for get_insert()/get_lambda_name() * wrong flags passed down to nextwild() * mark '] wrong after copying text object * command-line auto-completion hard with wildmenu * diff: regression with multi-file diff blocks * [security]: code execution with tar.vim and special crafted tar files * $MYVIMDIR is set too late * completion popup not cleared in cmdline * preinsert requires bot 'menu' and 'menuone' to be set * Ctrl-Y does not work well with 'preinsert' when completing items * $MYVIMDIR may not always be set * :verbose set has wrong file name with :compiler! * command completion wrong for input() * Mode message not cleared after :silent message * Vim9: not able to use autoload class accross scripts * build error on Haiku * Patch v9.1.1151 causes problems * too many strlen() calls in getchar.c * :hi completion may complete to wrong value * Unix Makefile does not support Brazilian lang for the installer * Vim9: finding imported scripts can be further improved * preview-window does not scroll correctly * Vim9: wrong context being used when evaluating class member * multi-line completion has wrong indentation for last line * no way to create raw strings from a blob * illegal memory access when putting a register * Misplaced comment in readfile() * filetype: m17ndb files are not detected * [fifo] is not displayed when editing a fifo * cmdline completion for :hi is too simplistic * ins_str() is inefficient by calling STRLEN() * Match highlighting marks a buffer region as changed * 'suffixesadd' doesn't work with multiple items * filetype: Guile init file not recognized * filetype: xkb files not recognized everywhere * Mark positions wrong after triggering multiline completion * potential out-of-memory issue in search.c * 'listchars' 'precedes' is not drawn on Tabs. * missing out-of-memory test in buf_write() * patch 9.1.1119 caused a regression with imports * preinsert text is not cleaned up correctly * patch 9.1.1121 used a wrong way to handle enter * cannot loop through pum menu with multiline items * No test for 'listchars' 'precedes' with double-width char * popup hi groups not falling back to defaults * too many strlen() calls in findfile.c * Enter does not insert newline with 'noselect' * Vim9: Not able to use an autoloaded class from another autoloaded script * Vim9: super not supported in lambda expressions * [security]: use-after-free in str_to_reg() * enabling termguicolors automatically confuses users * Inconsistencies in get_next_or_prev_match() * Vim9: variable not found in transitive import * cmdexpand.c hard to read * 'smoothscroll' gets stuck with 'listchars' 'eol' * cannot loop through completion menu with fuzzy * Vim9: no support for protected new() method * CI: using Ubuntu 22.04 Github runners * if_perl: still some compile errors with Perl 5.38 The following package changes have been done: - vim-data-common-9.1.1176-150000.5.72.1 updated - vim-9.1.1176-150000.5.72.1 updated - xxd-9.1.1176-150000.5.72.1 updated From sle-container-updates at lists.suse.com Wed Apr 9 07:06:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 9 Apr 2025 09:06:38 +0200 (CEST) Subject: SUSE-IU-2025:850-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250409070638.F2E51FCF8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:850-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.352 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.352 Severity : important Type : security References : 1065729 1180814 1183682 1190336 1190768 1190786 1193629 1194869 1194904 1195823 1196444 1197158 1197174 1197227 1197246 1197302 1197331 1197472 1197661 1197926 1198019 1198021 1198240 1198577 1198660 1199657 1200045 1200571 1200807 1200809 1200810 1200824 1200825 1200871 1200872 1201193 1201218 1201323 1201381 1201610 1202672 1202711 1202712 1202771 1202774 1202778 1202781 1203699 1203769 1204171 1205205 1205701 1206048 1206049 1206451 1207034 1207186 1207361 1207593 1207640 1207878 1209262 1209547 1209788 1209980 1210050 1210647 1211263 1213167 1218450 1221651 1225428 1225742 1229312 1231375 1231432 1231854 1232299 1232743 1233479 1233557 1233749 1234074 1234894 1234895 1234896 1235528 1235599 1235870 1237029 1237521 1237530 1237718 1237721 1237722 1237723 1237724 1237725 1237726 1237727 1237728 1237729 1237730 1237733 1237734 1237735 1237736 1237737 1237738 1237739 1237740 1237742 1237743 1237744 1237745 1237746 1237748 1237749 1237751 1237752 1237753 1237755 1237759 1237761 1237763 1237766 1237767 1237768 1237774 1237775 1237778 1237779 1237780 1237782 1237783 1237784 1237785 1237786 1237787 1237788 1237789 1237790 1237792 1237794 1237795 1237797 1237798 1237799 1237807 1237808 1237809 1237810 1237812 1237813 1237814 1237815 1237816 1237817 1237818 1237820 1237821 1237823 1237824 1237826 1237827 1237829 1237831 1237835 1237836 1237837 1237839 1237840 1237845 1237846 1237868 1237872 1237892 1237903 1237904 1237916 1237918 1237922 1237925 1237926 1237927 1237928 1237929 1237931 1237932 1237933 1237937 1237939 1237940 1237941 1237942 1237946 1237951 1237952 1237954 1237955 1237957 1237958 1237959 1237960 1237961 1237962 1237963 1237965 1237966 1237967 1237968 1237969 1237970 1237971 1237972 1237973 1237975 1237976 1237978 1237979 1237980 1237982 1237983 1237984 1237986 1237987 1237990 1237992 1237996 1237997 1237998 1237999 1238000 1238003 1238004 1238005 1238006 1238007 1238009 1238010 1238011 1238012 1238013 1238014 1238016 1238017 1238018 1238019 1238021 1238022 1238024 1238025 1238030 1238032 1238036 1238037 1238041 1238046 1238047 1238048 1238069 1238071 1238077 1238079 1238080 1238083 1238084 1238085 1238086 1238089 1238090 1238091 1238092 1238096 1238097 1238099 1238103 1238105 1238106 1238107 1238108 1238110 1238111 1238112 1238113 1238114 1238115 1238116 1238118 1238120 1238122 1238123 1238125 1238126 1238127 1238128 1238131 1238134 1238135 1238138 1238139 1238140 1238142 1238144 1238146 1238147 1238149 1238150 1238153 1238155 1238156 1238157 1238158 1238160 1238162 1238166 1238167 1238168 1238169 1238170 1238171 1238172 1238175 1238176 1238177 1238178 1238179 1238180 1238181 1238183 1238184 1238187 1238221 1238222 1238226 1238228 1238229 1238231 1238233 1238234 1238235 1238236 1238238 1238239 1238240 1238241 1238242 1238243 1238244 1238246 1238247 1238248 1238249 1238252 1238253 1238255 1238256 1238257 1238260 1238261 1238262 1238263 1238264 1238266 1238267 1238268 1238269 1238270 1238271 1238272 1238274 1238275 1238276 1238277 1238278 1238279 1238281 1238282 1238283 1238284 1238285 1238286 1238287 1238288 1238289 1238291 1238292 1238293 1238295 1238298 1238300 1238301 1238302 1238306 1238307 1238308 1238309 1238311 1238313 1238326 1238327 1238328 1238329 1238331 1238333 1238334 1238335 1238336 1238337 1238338 1238339 1238341 1238343 1238344 1238345 1238372 1238373 1238374 1238376 1238377 1238378 1238381 1238382 1238383 1238385 1238386 1238387 1238388 1238389 1238390 1238391 1238392 1238393 1238394 1238395 1238396 1238397 1238398 1238400 1238401 1238410 1238411 1238413 1238415 1238416 1238417 1238418 1238419 1238420 1238422 1238423 1238424 1238428 1238429 1238430 1238431 1238432 1238433 1238434 1238435 1238436 1238437 1238440 1238441 1238442 1238443 1238444 1238445 1238446 1238447 1238453 1238454 1238458 1238459 1238462 1238463 1238465 1238467 1238469 1238533 1238536 1238538 1238539 1238540 1238542 1238543 1238545 1238546 1238551 1238552 1238556 1238557 1238599 1238600 1238601 1238602 1238605 1238612 1238613 1238615 1238616 1238617 1238618 1238619 1238621 1238623 1238625 1238626 1238630 1238631 1238632 1238633 1238635 1238636 1238638 1238639 1238640 1238641 1238642 1238643 1238645 1238646 1238647 1238648 1238649 1238650 1238653 1238654 1238655 1238658 1238661 1238662 1238663 1238664 1238666 1238668 1238705 1238707 1238710 1238712 1238718 1238719 1238721 1238722 1238727 1238729 1238750 1238787 1238789 1238792 1238799 1238803 1238804 1238805 1238806 1238808 1238809 1238810 1238811 1238814 1238815 1238816 1238817 1238818 1238819 1238820 1238821 1238822 1238823 1238825 1238830 1238834 1238835 1238836 1238838 1238843 1238867 1238868 1238869 1238870 1238871 1238878 1238889 1238892 1238893 1238897 1238898 1238899 1238902 1238911 1238916 1238919 1238925 1238930 1238933 1238936 1238937 1238938 1238939 1238941 1238942 1238943 1238944 1238945 1238946 1238948 1238949 1238950 1238951 1238952 1238953 1238954 1238956 1238957 1239001 1239004 1239016 1239035 1239040 1239041 1239051 1239060 1239070 1239071 1239073 1239076 1239095 1239109 1239115 1239126 1239452 1239454 1239968 1239969 1240133 1240205 1240207 1240208 1240210 1240212 1240213 1240218 1240220 1240227 1240229 1240231 1240242 1240245 1240247 1240250 1240254 1240256 1240264 1240266 1240272 1240275 1240276 1240278 1240279 1240280 1240281 1240282 1240283 1240284 1240286 1240288 1240290 1240292 1240293 1240297 1240304 1240308 1240309 1240317 1240318 1240322 CVE-2017-5753 CVE-2021-4453 CVE-2021-4454 CVE-2021-47517 CVE-2021-47631 CVE-2021-47632 CVE-2021-47633 CVE-2021-47635 CVE-2021-47636 CVE-2021-47637 CVE-2021-47638 CVE-2021-47639 CVE-2021-47641 CVE-2021-47642 CVE-2021-47643 CVE-2021-47644 CVE-2021-47645 CVE-2021-47646 CVE-2021-47647 CVE-2021-47648 CVE-2021-47649 CVE-2021-47650 CVE-2021-47651 CVE-2021-47652 CVE-2021-47653 CVE-2021-47654 CVE-2021-47656 CVE-2021-47657 CVE-2021-47659 CVE-2022-0168 CVE-2022-0995 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-2977 CVE-2022-29900 CVE-2022-29901 CVE-2022-3303 CVE-2022-3435 CVE-2022-49044 CVE-2022-49050 CVE-2022-49051 CVE-2022-49053 CVE-2022-49054 CVE-2022-49055 CVE-2022-49056 CVE-2022-49057 CVE-2022-49058 CVE-2022-49059 CVE-2022-49060 CVE-2022-49061 CVE-2022-49062 CVE-2022-49063 CVE-2022-49064 CVE-2022-49065 CVE-2022-49066 CVE-2022-49070 CVE-2022-49071 CVE-2022-49073 CVE-2022-49074 CVE-2022-49075 CVE-2022-49076 CVE-2022-49078 CVE-2022-49082 CVE-2022-49083 CVE-2022-49084 CVE-2022-49085 CVE-2022-49086 CVE-2022-49088 CVE-2022-49089 CVE-2022-49090 CVE-2022-49091 CVE-2022-49092 CVE-2022-49093 CVE-2022-49095 CVE-2022-49096 CVE-2022-49097 CVE-2022-49098 CVE-2022-49099 CVE-2022-49100 CVE-2022-49102 CVE-2022-49103 CVE-2022-49104 CVE-2022-49105 CVE-2022-49106 CVE-2022-49107 CVE-2022-49109 CVE-2022-49111 CVE-2022-49112 CVE-2022-49113 CVE-2022-49114 CVE-2022-49115 CVE-2022-49116 CVE-2022-49118 CVE-2022-49119 CVE-2022-49120 CVE-2022-49121 CVE-2022-49122 CVE-2022-49123 CVE-2022-49125 CVE-2022-49126 CVE-2022-49128 CVE-2022-49129 CVE-2022-49130 CVE-2022-49131 CVE-2022-49132 CVE-2022-49133 CVE-2022-49134 CVE-2022-49135 CVE-2022-49136 CVE-2022-49137 CVE-2022-49138 CVE-2022-49139 CVE-2022-49144 CVE-2022-49145 CVE-2022-49147 CVE-2022-49148 CVE-2022-49151 CVE-2022-49153 CVE-2022-49154 CVE-2022-49155 CVE-2022-49156 CVE-2022-49157 CVE-2022-49158 CVE-2022-49159 CVE-2022-49160 CVE-2022-49162 CVE-2022-49163 CVE-2022-49164 CVE-2022-49165 CVE-2022-49174 CVE-2022-49175 CVE-2022-49176 CVE-2022-49177 CVE-2022-49178 CVE-2022-49179 CVE-2022-49180 CVE-2022-49182 CVE-2022-49183 CVE-2022-49185 CVE-2022-49187 CVE-2022-49188 CVE-2022-49189 CVE-2022-49192 CVE-2022-49193 CVE-2022-49194 CVE-2022-49196 CVE-2022-49199 CVE-2022-49200 CVE-2022-49201 CVE-2022-49202 CVE-2022-49203 CVE-2022-49204 CVE-2022-49205 CVE-2022-49206 CVE-2022-49207 CVE-2022-49208 CVE-2022-49209 CVE-2022-49212 CVE-2022-49213 CVE-2022-49214 CVE-2022-49215 CVE-2022-49216 CVE-2022-49217 CVE-2022-49218 CVE-2022-49219 CVE-2022-49221 CVE-2022-49222 CVE-2022-49224 CVE-2022-49225 CVE-2022-49226 CVE-2022-49227 CVE-2022-49228 CVE-2022-49230 CVE-2022-49232 CVE-2022-49233 CVE-2022-49235 CVE-2022-49236 CVE-2022-49237 CVE-2022-49238 CVE-2022-49239 CVE-2022-49241 CVE-2022-49242 CVE-2022-49243 CVE-2022-49244 CVE-2022-49246 CVE-2022-49247 CVE-2022-49248 CVE-2022-49249 CVE-2022-49250 CVE-2022-49251 CVE-2022-49252 CVE-2022-49253 CVE-2022-49254 CVE-2022-49256 CVE-2022-49257 CVE-2022-49258 CVE-2022-49259 CVE-2022-49260 CVE-2022-49261 CVE-2022-49262 CVE-2022-49263 CVE-2022-49264 CVE-2022-49265 CVE-2022-49266 CVE-2022-49268 CVE-2022-49269 CVE-2022-49270 CVE-2022-49271 CVE-2022-49272 CVE-2022-49273 CVE-2022-49274 CVE-2022-49275 CVE-2022-49276 CVE-2022-49277 CVE-2022-49278 CVE-2022-49279 CVE-2022-49280 CVE-2022-49281 CVE-2022-49283 CVE-2022-49285 CVE-2022-49286 CVE-2022-49287 CVE-2022-49288 CVE-2022-49290 CVE-2022-49291 CVE-2022-49292 CVE-2022-49293 CVE-2022-49294 CVE-2022-49295 CVE-2022-49296 CVE-2022-49297 CVE-2022-49298 CVE-2022-49299 CVE-2022-49300 CVE-2022-49301 CVE-2022-49302 CVE-2022-49304 CVE-2022-49305 CVE-2022-49306 CVE-2022-49307 CVE-2022-49308 CVE-2022-49309 CVE-2022-49310 CVE-2022-49311 CVE-2022-49312 CVE-2022-49313 CVE-2022-49314 CVE-2022-49315 CVE-2022-49316 CVE-2022-49319 CVE-2022-49320 CVE-2022-49321 CVE-2022-49322 CVE-2022-49323 CVE-2022-49325 CVE-2022-49326 CVE-2022-49327 CVE-2022-49328 CVE-2022-49329 CVE-2022-49330 CVE-2022-49331 CVE-2022-49332 CVE-2022-49333 CVE-2022-49335 CVE-2022-49336 CVE-2022-49337 CVE-2022-49338 CVE-2022-49339 CVE-2022-49341 CVE-2022-49342 CVE-2022-49343 CVE-2022-49345 CVE-2022-49346 CVE-2022-49347 CVE-2022-49348 CVE-2022-49349 CVE-2022-49350 CVE-2022-49351 CVE-2022-49352 CVE-2022-49353 CVE-2022-49354 CVE-2022-49356 CVE-2022-49357 CVE-2022-49359 CVE-2022-49362 CVE-2022-49365 CVE-2022-49367 CVE-2022-49368 CVE-2022-49370 CVE-2022-49371 CVE-2022-49373 CVE-2022-49375 CVE-2022-49376 CVE-2022-49377 CVE-2022-49378 CVE-2022-49379 CVE-2022-49381 CVE-2022-49382 CVE-2022-49384 CVE-2022-49385 CVE-2022-49386 CVE-2022-49389 CVE-2022-49390 CVE-2022-49392 CVE-2022-49394 CVE-2022-49396 CVE-2022-49397 CVE-2022-49398 CVE-2022-49399 CVE-2022-49400 CVE-2022-49402 CVE-2022-49404 CVE-2022-49406 CVE-2022-49407 CVE-2022-49409 CVE-2022-49410 CVE-2022-49411 CVE-2022-49412 CVE-2022-49413 CVE-2022-49414 CVE-2022-49416 CVE-2022-49418 CVE-2022-49419 CVE-2022-49421 CVE-2022-49422 CVE-2022-49424 CVE-2022-49426 CVE-2022-49427 CVE-2022-49429 CVE-2022-49430 CVE-2022-49431 CVE-2022-49432 CVE-2022-49433 CVE-2022-49434 CVE-2022-49435 CVE-2022-49436 CVE-2022-49437 CVE-2022-49438 CVE-2022-49440 CVE-2022-49441 CVE-2022-49442 CVE-2022-49443 CVE-2022-49444 CVE-2022-49445 CVE-2022-49446 CVE-2022-49447 CVE-2022-49448 CVE-2022-49449 CVE-2022-49451 CVE-2022-49453 CVE-2022-49455 CVE-2022-49458 CVE-2022-49459 CVE-2022-49460 CVE-2022-49462 CVE-2022-49463 CVE-2022-49465 CVE-2022-49466 CVE-2022-49467 CVE-2022-49468 CVE-2022-49470 CVE-2022-49472 CVE-2022-49473 CVE-2022-49474 CVE-2022-49475 CVE-2022-49476 CVE-2022-49477 CVE-2022-49478 CVE-2022-49479 CVE-2022-49480 CVE-2022-49481 CVE-2022-49482 CVE-2022-49483 CVE-2022-49484 CVE-2022-49485 CVE-2022-49486 CVE-2022-49487 CVE-2022-49488 CVE-2022-49489 CVE-2022-49490 CVE-2022-49491 CVE-2022-49492 CVE-2022-49493 CVE-2022-49494 CVE-2022-49495 CVE-2022-49497 CVE-2022-49498 CVE-2022-49499 CVE-2022-49501 CVE-2022-49502 CVE-2022-49503 CVE-2022-49504 CVE-2022-49505 CVE-2022-49506 CVE-2022-49507 CVE-2022-49508 CVE-2022-49509 CVE-2022-49510 CVE-2022-49511 CVE-2022-49512 CVE-2022-49514 CVE-2022-49515 CVE-2022-49516 CVE-2022-49517 CVE-2022-49518 CVE-2022-49519 CVE-2022-49520 CVE-2022-49521 CVE-2022-49522 CVE-2022-49523 CVE-2022-49524 CVE-2022-49525 CVE-2022-49526 CVE-2022-49527 CVE-2022-49529 CVE-2022-49530 CVE-2022-49532 CVE-2022-49533 CVE-2022-49534 CVE-2022-49535 CVE-2022-49536 CVE-2022-49537 CVE-2022-49538 CVE-2022-49541 CVE-2022-49542 CVE-2022-49543 CVE-2022-49544 CVE-2022-49545 CVE-2022-49546 CVE-2022-49548 CVE-2022-49549 CVE-2022-49551 CVE-2022-49552 CVE-2022-49555 CVE-2022-49556 CVE-2022-49559 CVE-2022-49560 CVE-2022-49562 CVE-2022-49563 CVE-2022-49564 CVE-2022-49565 CVE-2022-49566 CVE-2022-49568 CVE-2022-49569 CVE-2022-49570 CVE-2022-49579 CVE-2022-49581 CVE-2022-49583 CVE-2022-49584 CVE-2022-49591 CVE-2022-49592 CVE-2022-49603 CVE-2022-49605 CVE-2022-49606 CVE-2022-49607 CVE-2022-49609 CVE-2022-49610 CVE-2022-49611 CVE-2022-49613 CVE-2022-49615 CVE-2022-49616 CVE-2022-49617 CVE-2022-49618 CVE-2022-49621 CVE-2022-49623 CVE-2022-49624 CVE-2022-49625 CVE-2022-49626 CVE-2022-49627 CVE-2022-49628 CVE-2022-49631 CVE-2022-49634 CVE-2022-49635 CVE-2022-49638 CVE-2022-49640 CVE-2022-49641 CVE-2022-49642 CVE-2022-49643 CVE-2022-49644 CVE-2022-49645 CVE-2022-49646 CVE-2022-49647 CVE-2022-49648 CVE-2022-49649 CVE-2022-49650 CVE-2022-49652 CVE-2022-49653 CVE-2022-49655 CVE-2022-49656 CVE-2022-49657 CVE-2022-49658 CVE-2022-49661 CVE-2022-49663 CVE-2022-49665 CVE-2022-49667 CVE-2022-49668 CVE-2022-49670 CVE-2022-49671 CVE-2022-49672 CVE-2022-49673 CVE-2022-49674 CVE-2022-49675 CVE-2022-49676 CVE-2022-49677 CVE-2022-49678 CVE-2022-49679 CVE-2022-49680 CVE-2022-49683 CVE-2022-49685 CVE-2022-49686 CVE-2022-49687 CVE-2022-49688 CVE-2022-49693 CVE-2022-49694 CVE-2022-49695 CVE-2022-49697 CVE-2022-49699 CVE-2022-49700 CVE-2022-49701 CVE-2022-49703 CVE-2022-49704 CVE-2022-49705 CVE-2022-49707 CVE-2022-49708 CVE-2022-49710 CVE-2022-49711 CVE-2022-49712 CVE-2022-49713 CVE-2022-49714 CVE-2022-49715 CVE-2022-49716 CVE-2022-49719 CVE-2022-49720 CVE-2022-49721 CVE-2022-49722 CVE-2022-49723 CVE-2022-49724 CVE-2022-49725 CVE-2022-49726 CVE-2022-49729 CVE-2022-49730 CVE-2022-49731 CVE-2022-49732 CVE-2022-49733 CVE-2022-49739 CVE-2022-49746 CVE-2022-49748 CVE-2022-49751 CVE-2022-49753 CVE-2022-49755 CVE-2022-49759 CVE-2023-0179 CVE-2023-1652 CVE-2023-2162 CVE-2023-28410 CVE-2023-3567 CVE-2023-52930 CVE-2023-52933 CVE-2023-52935 CVE-2023-52939 CVE-2023-52941 CVE-2023-52973 CVE-2023-52974 CVE-2023-52975 CVE-2023-52976 CVE-2023-52979 CVE-2023-52983 CVE-2023-52984 CVE-2023-52988 CVE-2023-52989 CVE-2023-52992 CVE-2023-52993 CVE-2023-53000 CVE-2023-53005 CVE-2023-53006 CVE-2023-53007 CVE-2023-53008 CVE-2023-53010 CVE-2023-53015 CVE-2023-53016 CVE-2023-53019 CVE-2023-53023 CVE-2023-53024 CVE-2023-53025 CVE-2023-53026 CVE-2023-53028 CVE-2023-53029 CVE-2023-53030 CVE-2023-53033 CVE-2024-26634 CVE-2024-47678 CVE-2024-50290 CVE-2024-53063 CVE-2024-53124 CVE-2024-53176 CVE-2024-53178 CVE-2024-56651 CVE-2024-57996 CVE-2024-58013 CVE-2024-58014 CVE-2025-21693 CVE-2025-21718 CVE-2025-21772 CVE-2025-21780 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1176-1 Released: Tue Apr 8 17:34:59 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1180814,1183682,1190336,1190768,1190786,1193629,1194869,1194904,1195823,1196444,1197158,1197174,1197227,1197246,1197302,1197331,1197472,1197661,1197926,1198019,1198021,1198240,1198577,1198660,1199657,1200045,1200571,1200807,1200809,1200810,1200824,1200825,1200871,1200872,1201193,1201218,1201323,1201381,1201610,1202672,1202711,1202712,1202771,1202774,1202778,1202781,1203699,1203769,1204171,1205205,1205701,1206048,1206049,1206451,1207034,1207186,1207361,1207593,1207640,1207878,1209262,1209547,1209788,1209980,1210050,1210647,1211263,1213167,1218450,1221651,1225428,1225742,1229312,1231375,1231432,1231854,1232299,1232743,1233479,1233557,1233749,1234074,1234894,1234895,1234896,1235528,1235599,1235870,1237029,1237521,1237530,1237718,1237721,1237722,1237723,1237724,1237725,1237726,1237727,1237728,1237729,1237730,1237733,1237734,1237735,1237736,1237737,1237738,1237739,1237740,1237742,1237743,1237744,1237745,1237746,1237748,1237749,1237751,1237752,1237753,1237755,1237759,1 237761,1237763,1237766,1237767,1237768,1237774,1237775,1237778,1237779,1237780,1237782,1237783,1237784,1237785,1237786,1237787,1237788,1237789,1237790,1237792,1237794,1237795,1237797,1237798,1237799,1237807,1237808,1237809,1237810,1237812,1237813,1237814,1237815,1237816,1237817,1237818,1237820,1237821,1237823,1237824,1237826,1237827,1237829,1237831,1237835,1237836,1237837,1237839,1237840,1237845,1237846,1237868,1237872,1237892,1237903,1237904,1237916,1237918,1237922,1237925,1237926,1237927,1237928,1237929,1237931,1237932,1237933,1237937,1237939,1237940,1237941,1237942,1237946,1237951,1237952,1237954,1237955,1237957,1237958,1237959,1237960,1237961,1237962,1237963,1237965,1237966,1237967,1237968,1237969,1237970,1237971,1237972,1237973,1237975,1237976,1237978,1237979,1237980,1237982,1237983,1237984,1237986,1237987,1237990,1237992,1237996,1237997,1237998,1237999,1238000,1238003,1238004,1238005,1238006,1238007,1238009,1238010,1238011,1238012,1238013,1238014,1238016,1238017,1238018,123801 9,1238021,1238022,1238024,1238025,1238030,1238032,1238036,1238037,1238041,1238046,1238047,1238048,1238069,1238071,1238077,1238079,1238080,1238083,1238084,1238085,1238086,1238089,1238090,1238091,1238092,1238096,1238097,1238099,1238103,1238105,1238106,1238107,1238108,1238110,1238111,1238112,1238113,1238114,1238115,1238116,1238118,1238120,1238122,1238123,1238125,1238126,1238127,1238128,1238131,1238134,1238135,1238138,1238139,1238140,1238142,1238144,1238146,1238147,1238149,1238150,1238153,1238155,1238156,1238157,1238158,1238160,1238162,1238166,1238167,1238168,1238169,1238170,1238171,1238172,1238175,1238176,1238177,1238178,1238179,1238180,1238181,1238183,1238184,1238187,1238221,1238222,1238226,1238228,1238229,1238231,1238233,1238234,1238235,1238236,1238238,1238239,1238240,1238241,1238242,1238243,1238244,1238246,1238247,1238248,1238249,1238252,1238253,1238255,1238256,1238257,1238260,1238261,1238262,1238263,1238264,1238266,1238267,1238268,1238269,1238270,1238271,1238272,1238274,1238275,123 8276,1238277,1238278,1238279,1238281,1238282,1238283,1238284,1238285,1238286,1238287,1238288,1238289,1238291,1238292,1238293,1238295,1238298,1238300,1238301,1238302,1238306,1238307,1238308,1238309,1238311,1238313,1238326,1238327,1238328,1238329,1238331,1238333,1238334,1238335,1238336,1238337,1238338,1238339,1238341,1238343,1238344,1238345,1238372,1238373,1238374,1238376,1238377,1238378,1238381,1238382,1238383,1238385,1238386,1238387,1238388,1238389,1238390,1238391,1238392,1238393,1238394,1238395,1238396,1238397,1238398,1238400,1238401,1238410,1238411,1238413,1238415,1238416,1238417,1238418,1238419,1238420,1238422,1238423,1238424,1238428,1238429,1238430,1238431,1238432,1238433,1238434,1238435,1238436,1238437,1238440,1238441,1238442,1238443,1238444,1238445,1238446,1238447,1238453,1238454,1238458,1238459,1238462,1238463,1238465,1238467,1238469,1238533,1238536,1238538,1238539,1238540,1238542,1238543,1238545,1238546,1238551,1238552,1238556,1238557,1238599,1238600,1238601,1238602,1238605, 1238612,1238613,1238615,1238616,1238617,1238618,1238619,1238621,1238623,1238625,1238626,1238630,1238631,1238632,1238633,1238635,1238636,1238638,1238639,1238640,1238641,1238642,1238643,1238645,1238646,1238647,1238648,1238649,1238650,1238653,1238654,1238655,1238658,1238661,1238662,1238663,1238664,1238666,1238668,1238705,1238707,1238710,1238712,1238718,1238719,1238721,1238722,1238727,1238729,1238750,1238787,1238789,1238792,1238799,1238803,1238804,1238805,1238806,1238808,1238809,1238810,1238811,1238814,1238815,1238816,1238817,1238818,1238819,1238820,1238821,1238822,1238823,1238825,1238830,1238834,1238835,1238836,1238838,1238843,1238867,1238868,1238869,1238870,1238871,1238878,1238889,1238892,1238893,1238897,1238898,1238899,1238902,1238911,1238916,1238919,1238925,1238930,1238933,1238936,1238937,1238938,1238939,1238941,1238942,1238943,1238944,1238945,1238946,1238948,1238949,1238950,1238951,1238952,1238953,1238954,1238956,1238957,1239001,1239004,1239016,1239035,1239040,1239041,1239051,12390 60,1239070,1239071,1239073,1239076,1239095,1239109,1239115,1239126,1239452,1239454,1239968,1239969,1240133,1240205,1240207,1240208,1240210,1240212,1240213,1240218,1240220,1240227,1240229,1240231,1240242,1240245,1240247,1240250,1240254,1240256,1240264,1240266,1240272,1240275,1240276,1240278,1240279,1240280,1240281,1240282,1240283,1240284,1240286,1240288,1240290,1240292,1240293,1240297,1240304,1240308,1240309,1240317,1240318,1240322,CVE-2017-5753,CVE-2021-4453,CVE-2021-4454,CVE-2021-47517,CVE-2021-47631,CVE-2021-47632,CVE-2021-47633,CVE-2021-47635,CVE-2021-47636,CVE-2021-47637,CVE-2021-47638,CVE-2021-47639,CVE-2021-47641,CVE-2021-47642,CVE-2021-47643,CVE-2021-47644,CVE-2021-47645,CVE-2021-47646,CVE-2021-47647,CVE-2021-47648,CVE-2021-47649,CVE-2021-47650,CVE-2021-47651,CVE-2021-47652,CVE-2021-47653,CVE-2021-47654,CVE-2021-47656,CVE-2021-47657,CVE-2021-47659,CVE-2022-0168,CVE-2022-0995,CVE-2022-1016,CVE-2022-1048,CVE-2022-1184,CVE-2022-2977,CVE-2022-29900,CVE-2022-29901,CVE-2022-3303,CV E-2022-3435,CVE-2022-49044,CVE-2022-49050,CVE-2022-49051,CVE-2022-49053,CVE-2022-49054,CVE-2022-49055,CVE-2022-49056,CVE-2022-49057,CVE-2022-49058,CVE-2022-49059,CVE-2022-49060,CVE-2022-49061,CVE-2022-49062,CVE-2022-49063,CVE-2022-49064,CVE-2022-49065,CVE-2022-49066,CVE-2022-49070,CVE-2022-49071,CVE-2022-49073,CVE-2022-49074,CVE-2022-49075,CVE-2022-49076,CVE-2022-49078,CVE-2022-49082,CVE-2022-49083,CVE-2022-49084,CVE-2022-49085,CVE-2022-49086,CVE-2022-49088,CVE-2022-49089,CVE-2022-49090,CVE-2022-49091,CVE-2022-49092,CVE-2022-49093,CVE-2022-49095,CVE-2022-49096,CVE-2022-49097,CVE-2022-49098,CVE-2022-49099,CVE-2022-49100,CVE-2022-49102,CVE-2022-49103,CVE-2022-49104,CVE-2022-49105,CVE-2022-49106,CVE-2022-49107,CVE-2022-49109,CVE-2022-49111,CVE-2022-49112,CVE-2022-49113,CVE-2022-49114,CVE-2022-49115,CVE-2022-49116,CVE-2022-49118,CVE-2022-49119,CVE-2022-49120,CVE-2022-49121,CVE-2022-49122,CVE-2022-49123,CVE-2022-49125,CVE-2022-49126,CVE-2022-49128,CVE-2022-49129,CVE-2022-49130,CVE-2022-4 9131,CVE-2022-49132,CVE-2022-49133,CVE-2022-49134,CVE-2022-49135,CVE-2022-49136,CVE-2022-49137,CVE-2022-49138,CVE-2022-49139,CVE-2022-49144,CVE-2022-49145,CVE-2022-49147,CVE-2022-49148,CVE-2022-49151,CVE-2022-49153,CVE-2022-49154,CVE-2022-49155,CVE-2022-49156,CVE-2022-49157,CVE-2022-49158,CVE-2022-49159,CVE-2022-49160,CVE-2022-49162,CVE-2022-49163,CVE-2022-49164,CVE-2022-49165,CVE-2022-49174,CVE-2022-49175,CVE-2022-49176,CVE-2022-49177,CVE-2022-49178,CVE-2022-49179,CVE-2022-49180,CVE-2022-49182,CVE-2022-49183,CVE-2022-49185,CVE-2022-49187,CVE-2022-49188,CVE-2022-49189,CVE-2022-49192,CVE-2022-49193,CVE-2022-49194,CVE-2022-49196,CVE-2022-49199,CVE-2022-49200,CVE-2022-49201,CVE-2022-49202,CVE-2022-49203,CVE-2022-49204,CVE-2022-49205,CVE-2022-49206,CVE-2022-49207,CVE-2022-49208,CVE-2022-49209,CVE-2022-49212,CVE-2022-49213,CVE-2022-49214,CVE-2022-49215,CVE-2022-49216,CVE-2022-49217,CVE-2022-49218,CVE-2022-49219,CVE-2022-49221,CVE-2022-49222,CVE-2022-49224,CVE-2022-49225,CVE-2022-49226,CV E-2022-49227,CVE-2022-49228,CVE-2022-49230,CVE-2022-49232,CVE-2022-49233,CVE-2022-49235,CVE-2022-49236,CVE-2022-49237,CVE-2022-49238,CVE-2022-49239,CVE-2022-49241,CVE-2022-49242,CVE-2022-49243,CVE-2022-49244,CVE-2022-49246,CVE-2022-49247,CVE-2022-49248,CVE-2022-49249,CVE-2022-49250,CVE-2022-49251,CVE-2022-49252,CVE-2022-49253,CVE-2022-49254,CVE-2022-49256,CVE-2022-49257,CVE-2022-49258,CVE-2022-49259,CVE-2022-49260,CVE-2022-49261,CVE-2022-49262,CVE-2022-49263,CVE-2022-49264,CVE-2022-49265,CVE-2022-49266,CVE-2022-49268,CVE-2022-49269,CVE-2022-49270,CVE-2022-49271,CVE-2022-49272,CVE-2022-49273,CVE-2022-49274,CVE-2022-49275,CVE-2022-49276,CVE-2022-49277,CVE-2022-49278,CVE-2022-49279,CVE-2022-49280,CVE-2022-49281,CVE-2022-49283,CVE-2022-49285,CVE-2022-49286,CVE-2022-49287,CVE-2022-49288,CVE-2022-49290,CVE-2022-49291,CVE-2022-49292,CVE-2022-49293,CVE-2022-49294,CVE-2022-49295,CVE-2022-49296,CVE-2022-49297,CVE-2022-49298,CVE-2022-49299,CVE-2022-49300,CVE-2022-49301,CVE-2022-49302,CVE-2022- 49304,CVE-2022-49305,CVE-2022-49306,CVE-2022-49307,CVE-2022-49308,CVE-2022-49309,CVE-2022-49310,CVE-2022-49311,CVE-2022-49312,CVE-2022-49313,CVE-2022-49314,CVE-2022-49315,CVE-2022-49316,CVE-2022-49319,CVE-2022-49320,CVE-2022-49321,CVE-2022-49322,CVE-2022-49323,CVE-2022-49325,CVE-2022-49326,CVE-2022-49327,CVE-2022-49328,CVE-2022-49329,CVE-2022-49330,CVE-2022-49331,CVE-2022-49332,CVE-2022-49333,CVE-2022-49335,CVE-2022-49336,CVE-2022-49337,CVE-2022-49338,CVE-2022-49339,CVE-2022-49341,CVE-2022-49342,CVE-2022-49343,CVE-2022-49345,CVE-2022-49346,CVE-2022-49347,CVE-2022-49348,CVE-2022-49349,CVE-2022-49350,CVE-2022-49351,CVE-2022-49352,CVE-2022-49353,CVE-2022-49354,CVE-2022-49356,CVE-2022-49357,CVE-2022-49359,CVE-2022-49362,CVE-2022-49365,CVE-2022-49367,CVE-2022-49368,CVE-2022-49370,CVE-2022-49371,CVE-2022-49373,CVE-2022-49375,CVE-2022-49376,CVE-2022-49377,CVE-2022-49378,CVE-2022-49379,CVE-2022-49381,CVE-2022-49382,CVE-2022-49384,CVE-2022-49385,CVE-2022-49386,CVE-2022-49389,CVE-2022-49390,C VE-2022-49392,CVE-2022-49394,CVE-2022-49396,CVE-2022-49397,CVE-2022-49398,CVE-2022-49399,CVE-2022-49400,CVE-2022-49402,CVE-2022-49404,CVE-2022-49406,CVE-2022-49407,CVE-2022-49409,CVE-2022-49410,CVE-2022-49411,CVE-2022-49412,CVE-2022-49413,CVE-2022-49414,CVE-2022-49416,CVE-2022-49418,CVE-2022-49419,CVE-2022-49421,CVE-2022-49422,CVE-2022-49424,CVE-2022-49426,CVE-2022-49427,CVE-2022-49429,CVE-2022-49430,CVE-2022-49431,CVE-2022-49432,CVE-2022-49433,CVE-2022-49434,CVE-2022-49435,CVE-2022-49436,CVE-2022-49437,CVE-2022-49438,CVE-2022-49440,CVE-2022-49441,CVE-2022-49442,CVE-2022-49443,CVE-2022-49444,CVE-2022-49445,CVE-2022-49446,CVE-2022-49447,CVE-2022-49448,CVE-2022-49449,CVE-2022-49451,CVE-2022-49453,CVE-2022-49455,CVE-2022-49458,CVE-2022-49459,CVE-2022-49460,CVE-2022-49462,CVE-2022-49463,CVE-2022-49465,CVE-2022-49466,CVE-2022-49467,CVE-2022-49468,CVE-2022-49470,CVE-2022-49472,CVE-2022-49473,CVE-2022-49474,CVE-2022-49475,CVE-2022-49476,CVE-2022-49477,CVE-2022-49478,CVE-2022-49479,CVE-2022 -49480,CVE-2022-49481,CVE-2022-49482,CVE-2022-49483,CVE-2022-49484,CVE-2022-49485,CVE-2022-49486,CVE-2022-49487,CVE-2022-49488,CVE-2022-49489,CVE-2022-49490,CVE-2022-49491,CVE-2022-49492,CVE-2022-49493,CVE-2022-49494,CVE-2022-49495,CVE-2022-49497,CVE-2022-49498,CVE-2022-49499,CVE-2022-49501,CVE-2022-49502,CVE-2022-49503,CVE-2022-49504,CVE-2022-49505,CVE-2022-49506,CVE-2022-49507,CVE-2022-49508,CVE-2022-49509,CVE-2022-49510,CVE-2022-49511,CVE-2022-49512,CVE-2022-49514,CVE-2022-49515,CVE-2022-49516,CVE-2022-49517,CVE-2022-49518,CVE-2022-49519,CVE-2022-49520,CVE-2022-49521,CVE-2022-49522,CVE-2022-49523,CVE-2022-49524,CVE-2022-49525,CVE-2022-49526,CVE-2022-49527,CVE-2022-49529,CVE-2022-49530,CVE-2022-49532,CVE-2022-49533,CVE-2022-49534,CVE-2022-49535,CVE-2022-49536,CVE-2022-49537,CVE-2022-49538,CVE-2022-49541,CVE-2022-49542,CVE-2022-49543,CVE-2022-49544,CVE-2022-49545,CVE-2022-49546,CVE-2022-49548,CVE-2022-49549,CVE-2022-49551,CVE-2022-49552,CVE-2022-49555,CVE-2022-49556,CVE-2022-49559, CVE-2022-49560,CVE-2022-49562,CVE-2022-49563,CVE-2022-49564,CVE-2022-49565,CVE-2022-49566,CVE-2022-49568,CVE-2022-49569,CVE-2022-49570,CVE-2022-49579,CVE-2022-49581,CVE-2022-49583,CVE-2022-49584,CVE-2022-49591,CVE-2022-49592,CVE-2022-49603,CVE-2022-49605,CVE-2022-49606,CVE-2022-49607,CVE-2022-49609,CVE-2022-49610,CVE-2022-49611,CVE-2022-49613,CVE-2022-49615,CVE-2022-49616,CVE-2022-49617,CVE-2022-49618,CVE-2022-49621,CVE-2022-49623,CVE-2022-49624,CVE-2022-49625,CVE-2022-49626,CVE-2022-49627,CVE-2022-49628,CVE-2022-49631,CVE-2022-49634,CVE-2022-49635,CVE-2022-49638,CVE-2022-49640,CVE-2022-49641,CVE-2022-49642,CVE-2022-49643,CVE-2022-49644,CVE-2022-49645,CVE-2022-49646,CVE-2022-49647,CVE-2022-49648,CVE-2022-49649,CVE-2022-49650,CVE-2022-49652,CVE-2022-49653,CVE-2022-49655,CVE-2022-49656,CVE-2022-49657,CVE-2022-49658,CVE-2022-49661,CVE-2022-49663,CVE-2022-49665,CVE-2022-49667,CVE-2022-49668,CVE-2022-49670,CVE-2022-49671,CVE-2022-49672,CVE-2022-49673,CVE-2022-49674,CVE-2022-49675,CVE-202 2-49676,CVE-2022-49677,CVE-2022-49678,CVE-2022-49679,CVE-2022-49680,CVE-2022-49683,CVE-2022-49685,CVE-2022-49686,CVE-2022-49687,CVE-2022-49688,CVE-2022-49693,CVE-2022-49694,CVE-2022-49695,CVE-2022-49697,CVE-2022-49699,CVE-2022-49700,CVE-2022-49701,CVE-2022-49703,CVE-2022-49704,CVE-2022-49705,CVE-2022-49707,CVE-2022-49708,CVE-2022-49710,CVE-2022-49711,CVE-2022-49712,CVE-2022-49713,CVE-2022-49714,CVE-2022-49715,CVE-2022-49716,CVE-2022-49719,CVE-2022-49720,CVE-2022-49721,CVE-2022-49722,CVE-2022-49723,CVE-2022-49724,CVE-2022-49725,CVE-2022-49726,CVE-2022-49729,CVE-2022-49730,CVE-2022-49731,CVE-2022-49732,CVE-2022-49733,CVE-2022-49739,CVE-2022-49746,CVE-2022-49748,CVE-2022-49751,CVE-2022-49753,CVE-2022-49755,CVE-2022-49759,CVE-2023-0179,CVE-2023-1652,CVE-2023-2162,CVE-2023-28410,CVE-2023-3567,CVE-2023-52930,CVE-2023-52933,CVE-2023-52935,CVE-2023-52939,CVE-2023-52941,CVE-2023-52973,CVE-2023-52974,CVE-2023-52975,CVE-2023-52976,CVE-2023-52979,CVE-2023-52983,CVE-2023-52984,CVE-2023-52988,CVE -2023-52989,CVE-2023-52992,CVE-2023-52993,CVE-2023-53000,CVE-2023-53005,CVE-2023-53006,CVE-2023-53007,CVE-2023-53008,CVE-2023-53010,CVE-2023-53015,CVE-2023-53016,CVE-2023-53019,CVE-2023-53023,CVE-2023-53024,CVE-2023-53025,CVE-2023-53026,CVE-2023-53028,CVE-2023-53029,CVE-2023-53030,CVE-2023-53033,CVE-2024-26634,CVE-2024-47678,CVE-2024-50290,CVE-2024-53063,CVE-2024-53124,CVE-2024-53176,CVE-2024-53178,CVE-2024-56651,CVE-2024-57996,CVE-2024-58013,CVE-2024-58014,CVE-2025-21693,CVE-2025-21718,CVE-2025-21772,CVE-2025-21780 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239095). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016). - Revert 'gfs2: Fix inode height consistency check (git-fixes). - btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - cifs: Add a laundromat thread for cached directories (git-fixes). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (git-fixes). - gfs2: Fix inode height consistency check (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Support holes in device list reply msg (bsc#1240133). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes). - smb3: do not start laundromat thread when dir leases disabled (git-fixes). - smb3: retrying on failed server close (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: disable directory caching when dir_cache_timeout is zero (git-fixes). - smb: client: do not start laundromat thread on nohandlecache (git-fixes). - smb: client: make laundromat a delayed worker (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). The following package changes have been done: - kernel-rt-5.14.21-150500.13.91.1 updated From sle-container-updates at lists.suse.com Wed Apr 9 07:08:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 9 Apr 2025 09:08:27 +0200 (CEST) Subject: SUSE-CU-2025:2445-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250409070827.D0C26FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2445-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.110 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.110 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1166-1 Released: Tue Apr 8 11:37:17 2025 Summary: Recommended update for gdb Type: recommended Severity: moderate References: This update for gdb fixes the following issues: - Implemented support for new IBM Z generation (jsc#PED-10305). The following package changes have been done: - gdb-14.2-150400.15.23.1 updated From sle-container-updates at lists.suse.com Wed Apr 9 07:09:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 9 Apr 2025 09:09:45 +0200 (CEST) Subject: SUSE-CU-2025:2446-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250409070945.E3F2BFCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2446-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.110 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.110 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1166-1 Released: Tue Apr 8 11:37:17 2025 Summary: Recommended update for gdb Type: recommended Severity: moderate References: This update for gdb fixes the following issues: - Implemented support for new IBM Z generation (jsc#PED-10305). The following package changes have been done: - gdb-14.2-150400.15.23.1 updated From sle-container-updates at lists.suse.com Wed Apr 9 07:10:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 9 Apr 2025 09:10:12 +0200 (CEST) Subject: SUSE-IU-2025:851-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250409071012.C8153FCF8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:851-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.10 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.10 Severity : moderate Type : security References : 1236842 CVE-2023-4016 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 279 Released: Tue Apr 8 10:00:26 2025 Summary: Security update for procps Type: security Severity: moderate References: 1236842,CVE-2023-4016 This update for procps fixes the following issues: - Fixed regression introduced with the CVE-2023-4016 fix. The ps command segfaults when pid argument has a leading space (bsc#1236842). ----------------------------------------------------------------- Advisory ID: 283 Released: Tue Apr 8 10:50:47 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: Update to 2025b: * New zone for Ays??n Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved Update to 2024b: * Improve historical data for Mexico, Mongolia, and Portugal. * System V names are now obsolescent. * The main data form now uses %z. * The code now conforms to RFC 8536 for early timestamps. * Support POSIX.1-2024, which removes asctime_r and ctime_r. * Assume POSIX.2-1992 or later for shell scripts. * SUPPORT_C89 now defaults to 1. Update to 2024a: * Kazakhstan unifies on UTC+5. This affects Asia/Almaty and Asia/Qostanay which together represent the eastern portion of the country that will transition from UTC+6 on 2024-03-01 at 00:00 to join the western portion. (Thanks to Zhanbolat Raimbekov.) * Palestine springs forward a week later than previously predicted in 2024 and 2025. (Thanks to Heba Hamad.) Change spring-forward predictions to the second Saturday after Ramadan, not the first; this also affects other predictions starting in 2039. * Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00. (Thanks to ??o??n Tr???n C??ng Danh.) * From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00. (Thanks to Chris Walton.) * In 1911 Miquelon adopted standard time on June 15, not May 15. * The FROM and TO columns of Rule lines can no longer be 'minimum' or an abbreviation of 'minimum', because TZif files do not support DST rules that extend into the indefinite past - although these rules were supported when TZif files had only 32-bit data, this stopped working when 64-bit TZif files were introduced in 1995. This should not be a problem for realistic data, since DST was first used in the 20th century. As a transition aid, FROM columns like 'minimum' are now diagnosed and then treated as if they were the year 1900; this should suffice for TZif files on old systems with only 32-bit time_t, and it is more compatible with bugs in 2023c-and-earlier localtime.c. (Problem reported by Yoshito Umaoka.) * localtime and related functions no longer mishandle some timestamps that occur about 400 years after a switch to a time zone with a DST schedule. In 2023d data this problem was visible for some timestamps in November 2422, November 2822, etc. in America/Ciudad_Juarez. (Problem reported by Gilmore Davidson.) * strftime %s now uses tm_gmtoff if available. (Problem and draft patch reported by Dag-Erling Sm??rgrav.) * The strftime man page documents which struct tm members affect which conversion specs, and that tzset is called. (Problems reported by Robert Elz and Steve Summit.) Update to 2023d: * Ittoqqortoormiit, Greenland changes time zones on 2024-03-31. * Vostok, Antarctica changed time zones on 2023-12-18. * Casey, Antarctica changed time zones five times since 2020. * Code and data fixes for Palestine timestamps starting in 2072. * A new data file zonenow.tab for timestamps starting now. * Fix predictions for DST transitions in Palestine in 2072-2075, correcting a typo introduced in 2023a. * Vostok, Antarctica changed to +05 on 2023-12-18. It had been at +07 (not +06) for years. * Change data for Casey, Antarctica to agree with timeanddate.com, by adding five time zone changes since 2020. Casey is now at +08 instead of +11. * Much of Greenland, represented by America/Nuuk, changed its standard time from -03 to -02 on 2023-03-25, not on 2023-10-28. * localtime.c no longer mishandles TZif files that contain a single transition into a DST regime. Previously, it incorrectly assumed DST was in effect before the transition too. * tzselect no longer creates temporary files. * tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/. * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments. * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension. * zic no longer mishandles data for Palestine after the year 2075. The following package changes have been done: - SL-Micro-release-6.0-25.14 updated - libprocps8-3.3.17-5.1 updated - timezone-2025b-1.1 updated - procps-3.3.17-5.1 updated - container:SL-Micro-base-container-2.1.3-6.7 updated From sle-container-updates at lists.suse.com Wed Apr 9 07:15:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 9 Apr 2025 09:15:05 +0200 (CEST) Subject: SUSE-CU-2025:2451-1: Security update of bci/openjdk Message-ID: <20250409071505.2024BFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2451-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-4.17 Container Release : 4.17 Severity : important Type : security References : 1240416 CVE-2025-31344 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1164-1 Released: Tue Apr 8 09:02:56 2025 Summary: Security update for giflib Type: security Severity: important References: 1240416,CVE-2025-31344 This update for giflib fixes the following issues: - CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB (bsc#1240416) The following package changes have been done: - libgif7-5.2.2-150000.4.16.1 updated From sle-container-updates at lists.suse.com Wed Apr 9 07:15:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 9 Apr 2025 09:15:46 +0200 (CEST) Subject: SUSE-CU-2025:2452-1: Security update of bci/openjdk-devel Message-ID: <20250409071546.95597FCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2452-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.38 , bci/openjdk-devel:latest Container Release : 33.38 Severity : important Type : security References : 1240416 CVE-2025-31344 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1164-1 Released: Tue Apr 8 09:02:56 2025 Summary: Security update for giflib Type: security Severity: important References: 1240416,CVE-2025-31344 This update for giflib fixes the following issues: - CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB (bsc#1240416) The following package changes have been done: - libgif7-5.2.2-150000.4.16.1 updated - container:bci-openjdk-21-3bb1081d724203e42ab8500b3cc504f662bb7dddb8f66d53f48ee000ce673d23-0 updated From sle-container-updates at lists.suse.com Wed Apr 9 07:16:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 9 Apr 2025 09:16:23 +0200 (CEST) Subject: SUSE-CU-2025:2453-1: Security update of bci/openjdk Message-ID: <20250409071623.97B8EFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2453-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.26 , bci/openjdk:latest Container Release : 33.26 Severity : important Type : security References : 1240416 CVE-2025-31344 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1164-1 Released: Tue Apr 8 09:02:56 2025 Summary: Security update for giflib Type: security Severity: important References: 1240416,CVE-2025-31344 This update for giflib fixes the following issues: - CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB (bsc#1240416) The following package changes have been done: - libgif7-5.2.2-150000.4.16.1 updated From sle-container-updates at lists.suse.com Thu Apr 10 07:02:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 09:02:23 +0200 (CEST) Subject: SUSE-IU-2025:932-1: Security update of suse-sles-15-sp6-chost-byos-v20250408-x86_64-gen2 Message-ID: <20250410070223.2D8A2FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250408-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:932-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250408-x86_64-gen2:20250408 Image Release : Severity : important Type : security References : 1027519 1219354 1223330 1227316 1233307 1233796 1234015 1234452 1234798 1235140 1235751 1236643 1236779 1236826 1236886 1236982 1237294 1237367 1237692 1237695 1238043 1238879 1239185 1239322 1239465 1239663 1240009 1240343 1240414 CVE-2024-11168 CVE-2024-23650 CVE-2024-29018 CVE-2024-41110 CVE-2025-1713 CVE-2025-22868 CVE-2025-22869 CVE-2025-27363 CVE-2025-27516 CVE-2025-31115 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250408-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:997-1 Released: Mon Mar 24 18:52:00 2025 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1236826 This update for openssh fixes the following issue: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1004-1 Released: Tue Mar 25 09:42:38 2025 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1238879,CVE-2025-27516 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1034-1 Released: Thu Mar 27 07:50:58 2025 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1235140 This update for python-azure-agent fixes the following issues: - Update to version 2.12.04 (bsc#1235140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1048-1 Released: Fri Mar 28 14:04:16 2025 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower fixes the following issues: - For latest changelog entries, please look up the changelog of a kernel-FLAVOR or kernel-source with the exact same version and release build number. * rpm -q --changelog kernel-source |grep 'turbostat\|intel-speed-select|cpupower' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1062-1 Released: Mon Mar 31 10:45:08 2025 Summary: Security update for docker, docker-stable Type: security Severity: important References: 1237367,1239185,1239322,CVE-2024-23650,CVE-2024-29018,CVE-2024-41110,CVE-2025-22868,CVE-2025-22869 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1071-1 Released: Mon Mar 31 16:42:30 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1236982,1237695 This update for dracut fixes the following issue: - Version update 059+suse.557.gccd6ab94 * fix(iscsi) make sure services are shut down when switching root (bsc#1237695). * fix(iscsi) don't require network setup for qedi. * fix(network-legacy) do not require pgrep when using wicked (bsc#1236982). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1145-1 Released: Mon Apr 7 06:41:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1223330,1239663 This update for hwinfo fixes the following issues: - Avoid reporting of spurious usb storage devices (bsc#1223330) - Do not overdo usb device de-duplication (bsc#1239663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1162-1 Released: Mon Apr 7 18:08:47 2025 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1219354,1233796,1237692,1238043,CVE-2025-1713 This update for xen fixes the following issues: - CVE-2025-1713: Fixed potential deadlock with VT-d and legacy PCI device pass-through (bsc#1238043) Other fixes: - Xen channels and domU console (bsc#1219354) - Fixed attempting to start guest vm's libxl fills disk with errors (bsc#1237692) - Xen call trace and APIC Error found after reboot operation on AMD machines (bsc#1233796). - Upstream bug fixes (bsc#1027519). The following package changes have been done: - apparmor-abstractions-3.1.7-150600.5.3.2 updated - apparmor-parser-3.1.7-150600.5.3.2 updated - ca-certificates-mozilla-2.74-150200.38.1 updated - cpupower-6.4.0-150600.4.3.1 updated - docker-27.5.1_ce-150000.218.1 updated - dracut-059+suse.557.gccd6ab94-150600.3.20.2 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - hwinfo-21.87-150500.3.6.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - libcpupower1-6.4.0-150600.4.3.1 updated - libfreetype6-2.10.4-150000.4.18.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - libsystemd0-254.24-150600.4.28.1 updated - libtextstyle0-0.21.1-150600.3.3.2 updated - libudev1-254.24-150600.4.28.1 updated - openssh-clients-9.6p1-150600.6.18.4 updated - openssh-common-9.6p1-150600.6.18.4 updated - openssh-server-9.6p1-150600.6.18.4 updated - openssh-9.6p1-150600.6.18.4 updated - python-azure-agent-config-server-2.12.0.4-150100.3.47.1 updated - python-azure-agent-2.12.0.4-150100.3.47.1 updated - python3-Jinja2-2.10.1-150000.3.21.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - suse-build-key-12.0-150000.8.58.1 updated - systemd-254.24-150600.4.28.1 updated - udev-254.24-150600.4.28.1 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-9.1.1176-150500.20.24.2 updated - xen-libs-4.18.4_06-150600.3.20.1 updated - xz-5.4.1-150600.3.3.1 updated From sle-container-updates at lists.suse.com Thu Apr 10 07:02:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 09:02:28 +0200 (CEST) Subject: SUSE-IU-2025:933-1: Security update of suse-sles-15-sp6-chost-byos-v20250408-hvm-ssd-x86_64 Message-ID: <20250410070228.C7C0AFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250408-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:933-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250408-hvm-ssd-x86_64:20250408 Image Release : Severity : important Type : security References : 1027519 1219354 1223330 1227316 1233307 1233796 1234015 1234452 1234798 1235751 1236643 1236779 1236826 1236886 1236982 1237294 1237367 1237692 1237695 1238043 1238879 1239185 1239322 1239465 1239663 1240009 1240343 1240414 CVE-2024-11168 CVE-2024-23650 CVE-2024-29018 CVE-2024-41110 CVE-2025-1713 CVE-2025-22868 CVE-2025-22869 CVE-2025-27363 CVE-2025-27516 CVE-2025-31115 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250408-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:997-1 Released: Mon Mar 24 18:52:00 2025 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1236826 This update for openssh fixes the following issue: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1004-1 Released: Tue Mar 25 09:42:38 2025 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1238879,CVE-2025-27516 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1048-1 Released: Fri Mar 28 14:04:16 2025 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower fixes the following issues: - For latest changelog entries, please look up the changelog of a kernel-FLAVOR or kernel-source with the exact same version and release build number. * rpm -q --changelog kernel-source |grep 'turbostat\|intel-speed-select|cpupower' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1062-1 Released: Mon Mar 31 10:45:08 2025 Summary: Security update for docker, docker-stable Type: security Severity: important References: 1237367,1239185,1239322,CVE-2024-23650,CVE-2024-29018,CVE-2024-41110,CVE-2025-22868,CVE-2025-22869 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1071-1 Released: Mon Mar 31 16:42:30 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1236982,1237695 This update for dracut fixes the following issue: - Version update 059+suse.557.gccd6ab94 * fix(iscsi) make sure services are shut down when switching root (bsc#1237695). * fix(iscsi) don't require network setup for qedi. * fix(network-legacy) do not require pgrep when using wicked (bsc#1236982). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1145-1 Released: Mon Apr 7 06:41:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1223330,1239663 This update for hwinfo fixes the following issues: - Avoid reporting of spurious usb storage devices (bsc#1223330) - Do not overdo usb device de-duplication (bsc#1239663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1162-1 Released: Mon Apr 7 18:08:47 2025 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1219354,1233796,1237692,1238043,CVE-2025-1713 This update for xen fixes the following issues: - CVE-2025-1713: Fixed potential deadlock with VT-d and legacy PCI device pass-through (bsc#1238043) Other fixes: - Xen channels and domU console (bsc#1219354) - Fixed attempting to start guest vm's libxl fills disk with errors (bsc#1237692) - Xen call trace and APIC Error found after reboot operation on AMD machines (bsc#1233796). - Upstream bug fixes (bsc#1027519). The following package changes have been done: - apparmor-abstractions-3.1.7-150600.5.3.2 updated - apparmor-parser-3.1.7-150600.5.3.2 updated - ca-certificates-mozilla-2.74-150200.38.1 updated - cpupower-6.4.0-150600.4.3.1 updated - docker-27.5.1_ce-150000.218.1 updated - dracut-059+suse.557.gccd6ab94-150600.3.20.2 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - hwinfo-21.87-150500.3.6.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - libcpupower1-6.4.0-150600.4.3.1 updated - libfreetype6-2.10.4-150000.4.18.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - libsystemd0-254.24-150600.4.28.1 updated - libtextstyle0-0.21.1-150600.3.3.2 updated - libudev1-254.24-150600.4.28.1 updated - openssh-clients-9.6p1-150600.6.18.4 updated - openssh-common-9.6p1-150600.6.18.4 updated - openssh-server-9.6p1-150600.6.18.4 updated - openssh-9.6p1-150600.6.18.4 updated - python3-Jinja2-2.10.1-150000.3.21.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - suse-build-key-12.0-150000.8.58.1 updated - systemd-254.24-150600.4.28.1 updated - udev-254.24-150600.4.28.1 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-9.1.1176-150500.20.24.2 updated - xen-libs-4.18.4_06-150600.3.20.1 updated - xen-tools-domU-4.18.4_06-150600.3.20.1 updated - xz-5.4.1-150600.3.3.1 updated From sle-container-updates at lists.suse.com Thu Apr 10 07:02:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 09:02:40 +0200 (CEST) Subject: SUSE-IU-2025:934-1: Security update of sles-15-sp6-chost-byos-v20250408-arm64 Message-ID: <20250410070240.B3B52FCFE@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250408-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:934-1 Image Tags : sles-15-sp6-chost-byos-v20250408-arm64:20250408 Image Release : Severity : important Type : security References : 1027519 1219354 1223330 1227316 1233307 1233796 1234015 1234452 1234563 1234798 1235751 1236643 1236779 1236826 1236886 1236982 1237294 1237367 1237692 1237695 1238043 1239185 1239197 1239197 1239322 1239465 1239663 1239763 1239866 1240009 1240343 1240414 CVE-2024-11168 CVE-2024-23650 CVE-2024-29018 CVE-2024-41110 CVE-2024-45337 CVE-2025-1713 CVE-2025-22868 CVE-2025-22868 CVE-2025-22868 CVE-2025-22869 CVE-2025-27363 CVE-2025-31115 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20250408-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:997-1 Released: Mon Mar 24 18:52:00 2025 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1236826 This update for openssh fixes the following issue: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1005-1 Released: Tue Mar 25 09:43:18 2025 Summary: Security update for google-guest-agent Type: security Severity: important References: 1239197,CVE-2025-22868 This update for google-guest-agent fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1006-1 Released: Tue Mar 25 09:43:55 2025 Summary: Security update for google-osconfig-agent Type: security Severity: important References: 1239197,CVE-2025-22868 This update for google-osconfig-agent fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1048-1 Released: Fri Mar 28 14:04:16 2025 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: This update for cpupower fixes the following issues: - For latest changelog entries, please look up the changelog of a kernel-FLAVOR or kernel-source with the exact same version and release build number. * rpm -q --changelog kernel-source |grep 'turbostat\|intel-speed-select|cpupower' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1062-1 Released: Mon Mar 31 10:45:08 2025 Summary: Security update for docker, docker-stable Type: security Severity: important References: 1237367,1239185,1239322,CVE-2024-23650,CVE-2024-29018,CVE-2024-41110,CVE-2025-22868,CVE-2025-22869 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1071-1 Released: Mon Mar 31 16:42:30 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1236982,1237695 This update for dracut fixes the following issue: - Version update 059+suse.557.gccd6ab94 * fix(iscsi) make sure services are shut down when switching root (bsc#1237695). * fix(iscsi) don't require network setup for qedi. * fix(network-legacy) do not require pgrep when using wicked (bsc#1236982). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1143-1 Released: Fri Apr 4 15:31:17 2025 Summary: Security update for google-guest-agent Type: security Severity: important References: 1234563,1239763,1239866,CVE-2024-45337 This update for google-guest-agent fixes the following issues: - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: - Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) - from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert 'Revert bundling new binaries in the package (#509)' (#511) - from version 20250326.00 * Re-enable disabled services if the core plugin was enabled (#521) - from version 20250324.00 * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert 'Revert bundling new binaries in the package (#509)' (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250317.00 * Revert 'Revert bundling new binaries in the package (#509)' (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250312.00 * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Update crypto library to fix CVE-2024-45337 (#499) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250305.00 * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250304.01 * Fix typo in windows build script (#501) - from version 20250214.01 * Include core plugin binary for all packages (#500) - from version 20250214.00 * Update crypto library to fix CVE-2024-45337 (#499) - from version 20250212.00 * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) - from version 20250211.00 * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250207.00 * vlan: toggle vlan configuration in debian packaging (#495) * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Include interfaces in lists even if it has an invalid MAC. (#489) * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) - from version 20250204.02 * force concourse to move version forward. - from version 20250204.01 * vlan: toggle vlan configuration in debian packaging (#495) - from version 20250204.00 * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) - from version 20250203.01 * Include interfaces in lists even if it has an invalid MAC. (#489) - from version 20250203.00 * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) - from version 20250122.00 * networkd(vlan): remove the interface in addition to config (#468) * Implement support for vlan dynamic removal, update dhclient to remove only if configured (#465) * Update logging library (#479) * Remove Pat from owners file. (#478) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1145-1 Released: Mon Apr 7 06:41:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1223330,1239663 This update for hwinfo fixes the following issues: - Avoid reporting of spurious usb storage devices (bsc#1223330) - Do not overdo usb device de-duplication (bsc#1239663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1162-1 Released: Mon Apr 7 18:08:47 2025 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1219354,1233796,1237692,1238043,CVE-2025-1713 This update for xen fixes the following issues: - CVE-2025-1713: Fixed potential deadlock with VT-d and legacy PCI device pass-through (bsc#1238043) Other fixes: - Xen channels and domU console (bsc#1219354) - Fixed attempting to start guest vm's libxl fills disk with errors (bsc#1237692) - Xen call trace and APIC Error found after reboot operation on AMD machines (bsc#1233796). - Upstream bug fixes (bsc#1027519). The following package changes have been done: - apparmor-abstractions-3.1.7-150600.5.3.2 updated - apparmor-parser-3.1.7-150600.5.3.2 updated - ca-certificates-mozilla-2.74-150200.38.1 updated - cpupower-6.4.0-150600.4.3.1 updated - docker-27.5.1_ce-150000.218.1 updated - dracut-059+suse.557.gccd6ab94-150600.3.20.2 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - google-guest-agent-20250327.01-150000.1.60.1 updated - google-osconfig-agent-20250115.01-150000.1.47.1 updated - hwinfo-21.87-150500.3.6.1 updated - libapparmor1-3.1.7-150600.5.3.2 updated - libcpupower1-6.4.0-150600.4.3.1 updated - libfreetype6-2.10.4-150000.4.18.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - libsystemd0-254.24-150600.4.28.1 updated - libtextstyle0-0.21.1-150600.3.3.2 updated - libudev1-254.24-150600.4.28.1 updated - openssh-clients-9.6p1-150600.6.18.4 updated - openssh-common-9.6p1-150600.6.18.4 updated - openssh-server-9.6p1-150600.6.18.4 updated - openssh-9.6p1-150600.6.18.4 updated - python3-base-3.6.15-150300.10.84.1 updated - suse-build-key-12.0-150000.8.58.1 updated - systemd-254.24-150600.4.28.1 updated - udev-254.24-150600.4.28.1 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-9.1.1176-150500.20.24.2 updated - xen-libs-4.18.4_06-150600.3.20.1 updated - xz-5.4.1-150600.3.3.1 updated From sle-container-updates at lists.suse.com Thu Apr 10 07:10:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 09:10:27 +0200 (CEST) Subject: SUSE-CU-2025:2462-1: Security update of bci/python Message-ID: <20250410071027.BA005FCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2462-1 Container Tags : bci/python:3.13 , bci/python:3.13.0 , bci/python:3.13.0-5.16 Container Release : 5.16 Severity : important Type : security References : 1240414 CVE-2025-31115 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - libuuid1-2.40.4-150700.2.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.13 updated - libgcrypt20-1.11.0-150700.3.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - openssl-3-3.2.3-150700.3.13 updated - libpython3_13-1_0-3.13.0-150700.2.15 updated - python313-base-3.13.0-150700.2.15 updated - python313-devel-3.13.0-150700.2.15 updated - container:sles15-image-15.7.0-4.2.51 updated From sle-container-updates at lists.suse.com Thu Apr 10 07:12:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 09:12:10 +0200 (CEST) Subject: SUSE-CU-2025:2466-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250410071210.1A6A1FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2466-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.106 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.106 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1186-1 Released: Wed Apr 9 16:27:59 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do - Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150000.3.36.1 updated From sle-container-updates at lists.suse.com Thu Apr 10 07:15:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 09:15:52 +0200 (CEST) Subject: SUSE-CU-2025:2468-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250410071552.A7B48FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2468-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.108 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.108 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1186-1 Released: Wed Apr 9 16:27:59 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do - Version info bumped from 9:3:8 to 9:4:8; see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150000.3.36.1 updated From sle-container-updates at lists.suse.com Thu Apr 10 12:19:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 14:19:50 +0200 (CEST) Subject: SUSE-CU-2025:2470-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250410121950.685CFFCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2470-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.112 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.112 Severity : moderate Type : recommended References : 1183663 1193173 1211547 1213291 1214713 1216049 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218812 1218814 1219241 1219639 1222021 1222650 1222896 1227127 1228265 1230371 1231396 1231423 1231838 1233726 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1191-1 Released: Thu Apr 10 06:57:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). The following package changes have been done: - supportutils-3.2.10-150300.7.35.36.4 updated From sle-container-updates at lists.suse.com Thu Apr 10 12:24:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 14:24:02 +0200 (CEST) Subject: SUSE-CU-2025:2472-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250410122402.D41BAFCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2472-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.112 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.112 Severity : moderate Type : recommended References : 1183663 1193173 1211547 1213291 1214713 1216049 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218812 1218814 1219241 1219639 1222021 1222650 1222896 1227127 1228265 1230371 1231396 1231423 1231838 1233726 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1191-1 Released: Thu Apr 10 06:57:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). The following package changes have been done: - supportutils-3.2.10-150300.7.35.36.4 updated From sle-container-updates at lists.suse.com Thu Apr 10 12:27:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 14:27:24 +0200 (CEST) Subject: SUSE-CU-2025:2473-1: Security update of bci/bci-minimal Message-ID: <20250410122724.1117DFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2473-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.33.1 , bci/bci-minimal:latest Container Release : 33.1 Severity : important Type : security References : 1181994 1188006 1199079 1202868 1206212 1206622 1214248 1220356 1227525 1234798 1240009 1240343 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:433-1 Released: Tue Feb 11 17:40:33 2025 Summary: Recommended update for skelcd Type: recommended Severity: moderate References: This update for skelcd fixes the following issues: - add SUSE logo into BCI skelcd (jsc#PED-12111) - Update EULA with SLE BCI section (jsc#SLE-18082) Else in case beta EULAs have a more recent date than final EULAs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.38.1 added - skelcd-EULA-bci-20250207-150600.3.3.1 added - container:bci-bci-micro-15.6-b2207007a691561223dc9fa762ead90beb8454ab1c639b35629fc7570eaf40ac-0 removed From sle-container-updates at lists.suse.com Thu Apr 10 12:31:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 14:31:56 +0200 (CEST) Subject: SUSE-CU-2025:2478-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250410123156.C2C04FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2478-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.8 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.8 Severity : moderate Type : security References : 1234452 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1193-1 Released: Thu Apr 10 10:01:36 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). The following package changes have been done: - libapparmor1-3.0.4-150400.5.12.2 updated From sle-container-updates at lists.suse.com Thu Apr 10 12:33:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 14:33:34 +0200 (CEST) Subject: SUSE-CU-2025:2479-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250410123334.2B828FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2479-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.107 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.107 Severity : moderate Type : recommended References : 1183663 1193173 1211547 1213291 1214713 1216049 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218812 1218814 1219241 1219639 1222021 1222650 1222896 1227127 1228265 1230371 1231396 1231423 1231838 1233726 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1191-1 Released: Thu Apr 10 06:57:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). The following package changes have been done: - supportutils-3.2.10-150300.7.35.36.4 updated From sle-container-updates at lists.suse.com Thu Apr 10 12:35:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 14:35:17 +0200 (CEST) Subject: SUSE-CU-2025:2480-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250410123517.C9BAEFCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2480-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.109 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.109 Severity : moderate Type : recommended References : 1183663 1193173 1211547 1213291 1214713 1216049 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218812 1218814 1219241 1219639 1222021 1222650 1222896 1227127 1228265 1230371 1231396 1231423 1231838 1233726 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1191-1 Released: Thu Apr 10 06:57:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). The following package changes have been done: - supportutils-3.2.10-150300.7.35.36.4 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:03:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:03:38 +0200 (CEST) Subject: SUSE-CU-2025:2488-1: Security update of containers/open-webui Message-ID: <20250415120338.1498CFD1A@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2488-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.30 Container Release : 9.30 Severity : important Type : security References : 1219494 1230983 1237374 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1256-1 Released: Mon Apr 14 17:41:38 2025 Summary: Recommended update for ffmpeg-4 Type: recommended Severity: moderate References: 1219494,1230983 This update for ffmpeg-4 fixes the following issues: - Fixed build against dav1d, which has been updated - No longer build against libmfx; build against libvp (bsc#1230983, bsc#1219494) - Drop libmfx dependency from our product (jira #PED-10024) The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - libgeos3_12_2-3.12.2-150600.1.13 updated - libthrift-0_17_0-0.17.0-150600.1.16 updated - opencv4-cascades-data-4.11.0-150600.1.8 updated - pkg-config-0.29.2-150600.15.6.3 updated - libprotobuf25_5_0-25.5-150600.2.56 updated - libgeos_c1-3.12.2-150600.1.13 updated - python311-pymongo-4.6.3-150600.1.15 updated - python311-psycopg2-2.9.9-150600.1.20 updated - python311-protobuf-4.25.5-150600.2.56 updated - python311-propcache-0.2.0-150600.1.5 updated - python311-primp-0.6.3-150600.1.19 updated - python311-peewee-3.17.8-150600.1.6 updated - python311-mmh3-4.1.0-150600.1.17 updated - python311-greenlet-3.1.0-150600.1.19 updated - python311-certifi-2024.7.4-150600.1.34 updated - python311-cchardet-2.1.19-150600.1.29 updated - python311-PyYAML-6.0.1-150600.1.14 updated - python311-cffi-1.17.0-150600.1.14 updated - python311-Pillow-10.4.0-150600.1.16 updated - python311-yarl-1.18.3-150600.1.5 updated - python311-SQLAlchemy-2.0.32-150600.1.18 updated - python311-grpcio-1.69.0-150600.1.6 updated - libarrow1700-17.0.0-150600.2.22 updated - libctranslate2-4-4.4.0-150600.1.12 updated - python311-cryptography-43.0.1-150600.1.21 updated - python311-aiohttp-3.11.11-150600.1.8 updated - python311-grpcio-tools-1.68.1-150600.1.8 updated - libparquet1700-17.0.0-150600.2.22 updated - libarrow_acero1700-17.0.0-150600.2.22 updated - python311-ctranslate2-4.4.0-150600.1.14 updated - python311-numpy1-1.26.4-150600.1.34 updated - libavutil56_70-4.4.5-150600.13.22.1 updated - libarrow_flight1700-17.0.0-150600.2.22 updated - libarrow_dataset1700-17.0.0-150600.2.22 updated - python311-torch-2.5.0-150600.2.2 updated - python311-scipy-1.14.1-150600.1.35 updated - python311-pandas-2.2.3-150600.1.35 updated - python311-chroma-hnswlib-0.7.6-150600.2.13 updated - python311-Shapely-2.0.6-150600.1.15 updated - libswscale5_9-4.4.5-150600.13.22.1 updated - libswresample3_9-4.4.5-150600.13.22.1 updated - libpostproc55_9-4.4.5-150600.13.22.1 updated - libavresample4_0-4.4.5-150600.13.22.1 updated - python311-pyarrow-17.0.0-150600.2.37 updated - python311-scikit-learn-1.5.1-150600.1.37 updated - libavcodec58_134-4.4.5-150600.13.22.1 updated - libavformat58_76-4.4.5-150600.13.22.1 updated - libopencv411-4.11.0-150600.1.8 updated - libavfilter7_110-4.4.5-150600.13.22.1 updated - libopencv_objdetect411-4.11.0-150600.1.8 updated - libopencv_imgcodecs411-4.11.0-150600.1.8 updated - libavdevice58_13-4.4.5-150600.13.22.1 updated - libopencv_face411-4.11.0-150600.1.8 updated - libopencv_aruco411-4.11.0-150600.1.8 updated - libopencv_ximgproc411-4.11.0-150600.1.8 updated - ffmpeg-4-4.4.5-150600.13.22.1 updated - libopencv_optflow411-4.11.0-150600.1.8 updated - libopencv_highgui411-4.11.0-150600.1.8 updated - libopencv_gapi411-4.11.0-150600.1.8 updated - libopencv_videoio411-4.11.0-150600.1.8 updated - python311-opencv-4.11.0-150600.1.8 updated - python311-open-webui-0.5.14-150600.1.22 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:05:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:05:27 +0200 (CEST) Subject: SUSE-IU-2025:1060-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250415120527.CD9B5FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1060-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.359 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.359 Severity : important Type : security References : 1235481 1236033 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.274 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:11:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:11:45 +0200 (CEST) Subject: SUSE-CU-2025:2491-1: Security update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20250415121145.9B1A1FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2491-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.5.37 , suse/ltss/sle15.4/bci-base-fips:latest Container Release : 5.37 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - container:sles15-ltss-image-15.4.0-2.33 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:14:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:14:46 +0200 (CEST) Subject: SUSE-CU-2025:2492-1: Security update of suse/389-ds Message-ID: <20250415121446.140E5FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2492-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.24 , suse/389-ds:latest Container Release : 36.24 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:15:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:15:10 +0200 (CEST) Subject: SUSE-CU-2025:2493-1: Security update of bci/gcc Message-ID: <20250415121510.E1413FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2493-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.50 , bci/gcc:latest Container Release : 8.50 Severity : important Type : security References : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:15:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:15:39 +0200 (CEST) Subject: SUSE-CU-2025:2494-1: Security update of suse/git Message-ID: <20250415121539.1856AFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2494-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-37.20 , suse/git:latest Container Release : 37.20 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:15:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:15:53 +0200 (CEST) Subject: SUSE-CU-2025:2495-1: Recommended update of suse/helm Message-ID: <20250415121553.08D5CFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2495-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.2 , suse/helm:3.17.2-37.19 , suse/helm:latest Container Release : 37.19 Severity : important Type : recommended References : 1240343 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - ca-certificates-mozilla-2.74-150200.41.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:16:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:16:21 +0200 (CEST) Subject: SUSE-CU-2025:2496-1: Security update of bci/nodejs Message-ID: <20250415121621.766D5FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2496-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.54 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.54 , bci/nodejs:latest Container Release : 48.54 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:16:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:16:30 +0200 (CEST) Subject: SUSE-CU-2025:2497-1: Security update of bci/nodejs Message-ID: <20250415121630.A72CDFD12@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2497-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.42 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.42 Container Release : 31.42 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:16:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:16:37 +0200 (CEST) Subject: SUSE-CU-2025:2498-1: Security update of bci/openjdk Message-ID: <20250415121637.B98D7FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2498-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-4.19 Container Release : 4.19 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:17:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:17:04 +0200 (CEST) Subject: SUSE-CU-2025:2499-1: Recommended update of suse/postgres Message-ID: <20250415121704.02259FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2499-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-61.17 Container Release : 61.17 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-locale-base-2.38-150600.14.26.1 updated - glibc-locale-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:17:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:17:30 +0200 (CEST) Subject: SUSE-CU-2025:2500-1: Security update of suse/mariadb Message-ID: <20250415121730.02C81FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2500-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.39 , suse/mariadb:latest Container Release : 62.39 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:19:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:19:25 +0200 (CEST) Subject: SUSE-CU-2025:2501-1: Security update of bci/spack Message-ID: <20250415121925.0B491FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2501-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-6.6 , bci/spack:latest Container Release : 6.6 Severity : important Type : security References : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:20:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:20:35 +0200 (CEST) Subject: SUSE-CU-2025:2502-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250415122035.2D074FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2502-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.10 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.10 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:21:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:21:20 +0200 (CEST) Subject: SUSE-CU-2025:2503-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250415122120.70C25FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2503-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.14 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.14 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:22:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:22:41 +0200 (CEST) Subject: SUSE-CU-2025:2505-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250415122241.6029DFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2505-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.15 , suse/manager/4.3/proxy-ssh:4.3.15.9.53.6 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.53.6 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:23:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:23:29 +0200 (CEST) Subject: SUSE-CU-2025:2506-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250415122329.5EBC6FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2506-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.15 , suse/manager/4.3/proxy-tftpd:4.3.15.9.53.8 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.53.8 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:03:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:03:48 +0200 (CEST) Subject: SUSE-CU-2025:2508-1: Recommended update of containers/ollama Message-ID: <20250416070348.99E5AFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2508-1 Container Tags : containers/ollama:0 , containers/ollama:0.6.2 , containers/ollama:0.6.2-8.7 Container Release : 8.7 Severity : moderate Type : recommended References : 1237374 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - pkg-config-0.29.2-150600.15.6.3 updated - ollama-nvidia-0.6.2-150600.1.3 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:07:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:07:11 +0200 (CEST) Subject: SUSE-IU-2025:1064-1: Security update of suse/sle-micro/5.5 Message-ID: <20250416070711.B2A70FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1064-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.274 , suse/sle-micro/5.5:latest Image Release : 5.5.274 Severity : important Type : security References : 1235481 1236033 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.160 updated From sle-container-updates at lists.suse.com Thu Apr 10 07:08:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 09:08:35 +0200 (CEST) Subject: SUSE-CU-2025:2456-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250410070835.48FAEFCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2456-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.25 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.25 Severity : important Type : security References : 1207948 1215199 1215211 1218470 1221651 1222649 1223047 1224489 1224610 1225533 1225742 1225770 1226871 1227858 1228653 1229311 1229361 1230497 1230728 1230769 1230832 1231293 1231432 1232364 1232389 1232421 1232743 1232812 1232848 1232895 1233033 1233060 1233259 1233260 1233479 1233551 1233557 1233749 1234222 1234480 1234828 1234936 1235436 1235455 1235501 1235524 1235589 1235591 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235751 1235761 1235870 1235973 1236099 1236111 1236206 1236333 1236692 1237029 1237164 1237313 1237530 1237558 1237562 1237565 1237571 1237853 1237856 1237873 1237875 1237876 1237877 1237881 1237885 1237890 1237894 1237897 1237900 1237906 1237907 1237911 1237912 1237950 1238212 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238510 1238511 1238512 1238521 1238523 1238526 1238528 1238529 1238531 1238532 1238715 1238716 1238734 1238735 1238736 1238738 1238747 1238754 1238757 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238864 1238865 1238876 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239707 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 CVE-2023-52831 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-41005 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-47408 CVE-2024-47794 CVE-2024-49571 CVE-2024-49924 CVE-2024-49940 CVE-2024-49994 CVE-2024-50056 CVE-2024-50126 CVE-2024-50140 CVE-2024-50152 CVE-2024-50290 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53140 CVE-2024-53163 CVE-2024-53680 CVE-2024-54683 CVE-2024-56638 CVE-2024-56640 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57900 CVE-2024-57947 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21659 CVE-2025-21671 CVE-2025-21693 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21718 CVE-2025-21723 CVE-2025-21726 CVE-2025-21727 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21796 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1180-1 Released: Wed Apr 9 09:02:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207948,1215199,1215211,1218470,1221651,1222649,1223047,1224489,1224610,1225533,1225742,1225770,1226871,1227858,1228653,1229311,1229361,1230497,1230728,1230769,1230832,1231293,1231432,1232364,1232389,1232421,1232743,1232812,1232848,1232895,1233033,1233060,1233259,1233260,1233479,1233551,1233557,1233749,1234222,1234480,1234828,1234936,1235436,1235455,1235501,1235524,1235589,1235591,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235973,1236099,1236111,1236206,1236333,1236692,1237029,1237164,1237313,1237530,1237558,1237562,1237565,1237571,1237853,1237856,1237873,1237875,1237876,1237877,1237881,1237885,1237890,1237894,1237897,1237900,1237906,1237907,1237911,1237912,1237950,1238212,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238510,1238511,1238512,1238521,1238523,1238526,1238528,1238529,1238531,1238532,1238715,1238716,1238734,1238735,1238736,1238738,1238747,1238754,1238757,1238760,1238762,1 238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238864,1238865,1238876,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52831,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-41005 ,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-47408,CVE-2024-47794,CVE-2024-49571,CVE-2024-49924,CVE-2024-49940,CVE-2024-49994,CVE-2024-50056,CVE-2024-50126,CVE-2024-50140,CVE-2024-50152,CVE-2024-50290,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53140,CVE-2024-53163,CVE-2024-53680,CVE-2024-54683,CVE-2024-56638,CVE-2024-56640,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57900,CVE-2024-57947,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-20 24-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21659,CVE-2025-21671,CVE-2025-21693,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21718,CVE-2025-21723,CVE-2025-21726,CVE-2025-21727,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-2178 5,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21796,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - acpi: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - alsa: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - alsa: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - alsa: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - alsa: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - alsa: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Always honor no_shutup_pins (git-fixes). - alsa: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - alsa: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - alsa: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - alsa: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - alsa: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - alsa: hda/realtek: update ALC222 depop optimize (stable-fixes). - alsa: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - alsa: seq: Avoid module auto-load handling at event delivery (stable-fixes). - alsa: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - alsa: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - alsa: usx2y: validate nrpacks module parameter on probe (git-fixes). - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - asoc: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - asoc: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - asoc: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - asoc: cs35l41: check the return value from spi_setup() (git-fixes). - asoc: ops: Consistently treat platform_max as control value (git-fixes). - asoc: rt722-sdca: add missing readable registers (git-fixes). - asoc: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - asoc: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - asoc: tas2764: Fix power control mask (stable-fixes). - asoc: tas2764: Set the SDOUT polarity correctly (stable-fixes). - asoc: tas2770: Fix volume scale (stable-fixes). - asoc: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - documentation: qat: fix auto_reset attribute details (git-fixes). - documentation: qat: fix auto_reset section (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - hid: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - hid: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - hid: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - hid: Enable playstation driver independently of sony driver (git-fixes). - hid: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - hid: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - hid: hid-steam: Fix use-after-free when detaching device (git-fixes). - hid: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - hid: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - hid: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - hid: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - hid: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - hid: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - hid: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ib/mad: Check available slots before posting receive WRs (git-fixes) - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input: ads7846 - fix gpiod allocation (git-fixes). - input: i8042 - add required quirks for missing old boardnames (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - input: iqs7222 - preserve system status register (git-fixes). - input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - input: xpad - add multiple supported devices (stable-fixes). - input: xpad - add support for TECNO Pocket Go (stable-fixes). - input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - input: xpad - rename QH controller to Legion Go S (stable-fixes). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - mdacon: rework dependency list (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). Refresh: - patches.suse/nvme-fc-use-ctrl-state-getter.patch - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - padata: fix sysfs store callback check (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - pci: Avoid reset when disabled via sysfs (git-fixes). - pci: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - pci: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - pci: brcmstb: Fix potential premature regulator disabling (git-fixes). - pci: brcmstb: Set generation limit before PCIe link up (git-fixes). - pci: brcmstb: Use internal register to change link capability (git-fixes). - pci: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - pci: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - pci: Fix reference leak in pci_alloc_child_bus() (git-fixes). - pci: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - pci: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - pci: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - pci/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - pci/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - pci/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - pci/DOE: Support discovery version 2 (bsc#1237853) - pci/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - pm: sleep: Adjust check before setting power.must_resume (git-fixes). - pm: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc: Stop using no_llseek (bsc#1239573). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). Replace our patch with the upstream version. - rdma/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - rdma/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - rdma/core: Do not expose hw_counters outside of init net namespace (git-fixes) - rdma/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - rdma/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - rdma/hns: Fix missing xa_destroy() (git-fixes) - rdma/hns: Fix soft lockup during bt pages loop (git-fixes) - rdma/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - rdma/hns: Fix wrong value of max_sge_rd (git-fixes) - rdma/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - rdma/mlx5: Fix cache entry update on dereg error (git-fixes) - rdma/mlx5: Fix calculation of total invalidated pages (git-fixes) - rdma/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - rdma/mlx5: Fix MR cache initialization error flow (git-fixes) - rdma/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - rdma/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - revert 'wifi: ath11k: support hibernation' (bsc#1207948). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: convert RPC_TASK_* constants to enum (git-fixes). - sunrpc: Handle -ETIMEDOUT return from tlshd (git-fixes). - sunrpc: Prevent looping due to rpc_signal_task() races (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tcp: Update window clamping condition (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - usb: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - usb: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - usb: serial: option: match on interface class for Telit FN990B (stable-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). The following package changes have been done: - kernel-default-6.4.0-150600.23.47.2 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-small-9.1.1176-150500.20.24.2 updated From sle-container-updates at lists.suse.com Thu Apr 10 12:29:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Apr 2025 14:29:47 +0200 (CEST) Subject: SUSE-CU-2025:2474-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250410122947.538EEFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2474-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.27 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.27 Severity : important Type : security References : 1207948 1215199 1215211 1218470 1221651 1222649 1223047 1224489 1224610 1225533 1225742 1225770 1226871 1227858 1228653 1229311 1229361 1230497 1230728 1230769 1230832 1231293 1231432 1232364 1232389 1232421 1232743 1232812 1232848 1232895 1233033 1233060 1233259 1233260 1233479 1233551 1233557 1233749 1234222 1234480 1234828 1234936 1235436 1235455 1235501 1235524 1235589 1235591 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235973 1236099 1236111 1236206 1236333 1236692 1237029 1237164 1237313 1237530 1237558 1237562 1237565 1237571 1237853 1237856 1237873 1237875 1237876 1237877 1237881 1237885 1237890 1237894 1237897 1237900 1237906 1237907 1237911 1237912 1237950 1238212 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238510 1238511 1238512 1238521 1238523 1238526 1238528 1238529 1238531 1238532 1238715 1238716 1238734 1238735 1238736 1238738 1238747 1238754 1238757 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238864 1238865 1238876 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239707 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 CVE-2023-52831 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-41005 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-47408 CVE-2024-47794 CVE-2024-49571 CVE-2024-49924 CVE-2024-49940 CVE-2024-49994 CVE-2024-50056 CVE-2024-50126 CVE-2024-50140 CVE-2024-50152 CVE-2024-50290 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53140 CVE-2024-53163 CVE-2024-53680 CVE-2024-54683 CVE-2024-56638 CVE-2024-56640 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57900 CVE-2024-57947 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21659 CVE-2025-21671 CVE-2025-21693 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21718 CVE-2025-21723 CVE-2025-21726 CVE-2025-21727 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21796 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1180-1 Released: Wed Apr 9 09:02:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207948,1215199,1215211,1218470,1221651,1222649,1223047,1224489,1224610,1225533,1225742,1225770,1226871,1227858,1228653,1229311,1229361,1230497,1230728,1230769,1230832,1231293,1231432,1232364,1232389,1232421,1232743,1232812,1232848,1232895,1233033,1233060,1233259,1233260,1233479,1233551,1233557,1233749,1234222,1234480,1234828,1234936,1235436,1235455,1235501,1235524,1235589,1235591,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235973,1236099,1236111,1236206,1236333,1236692,1237029,1237164,1237313,1237530,1237558,1237562,1237565,1237571,1237853,1237856,1237873,1237875,1237876,1237877,1237881,1237885,1237890,1237894,1237897,1237900,1237906,1237907,1237911,1237912,1237950,1238212,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238510,1238511,1238512,1238521,1238523,1238526,1238528,1238529,1238531,1238532,1238715,1238716,1238734,1238735,1238736,1238738,1238747,1238754,1238757,1238760,1238762,1 238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238864,1238865,1238876,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52831,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-41005 ,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-47408,CVE-2024-47794,CVE-2024-49571,CVE-2024-49924,CVE-2024-49940,CVE-2024-49994,CVE-2024-50056,CVE-2024-50126,CVE-2024-50140,CVE-2024-50152,CVE-2024-50290,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53140,CVE-2024-53163,CVE-2024-53680,CVE-2024-54683,CVE-2024-56638,CVE-2024-56640,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57900,CVE-2024-57947,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-20 24-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21659,CVE-2025-21671,CVE-2025-21693,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21718,CVE-2025-21723,CVE-2025-21726,CVE-2025-21727,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-2178 5,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21796,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - acpi: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - alsa: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - alsa: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - alsa: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - alsa: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - alsa: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Always honor no_shutup_pins (git-fixes). - alsa: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - alsa: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - alsa: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - alsa: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - alsa: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - alsa: hda/realtek: update ALC222 depop optimize (stable-fixes). - alsa: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - alsa: seq: Avoid module auto-load handling at event delivery (stable-fixes). - alsa: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - alsa: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - alsa: usx2y: validate nrpacks module parameter on probe (git-fixes). - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - asoc: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - asoc: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - asoc: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - asoc: cs35l41: check the return value from spi_setup() (git-fixes). - asoc: ops: Consistently treat platform_max as control value (git-fixes). - asoc: rt722-sdca: add missing readable registers (git-fixes). - asoc: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - asoc: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - asoc: tas2764: Fix power control mask (stable-fixes). - asoc: tas2764: Set the SDOUT polarity correctly (stable-fixes). - asoc: tas2770: Fix volume scale (stable-fixes). - asoc: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - documentation: qat: fix auto_reset attribute details (git-fixes). - documentation: qat: fix auto_reset section (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - hid: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - hid: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - hid: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - hid: Enable playstation driver independently of sony driver (git-fixes). - hid: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - hid: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - hid: hid-steam: Fix use-after-free when detaching device (git-fixes). - hid: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - hid: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - hid: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - hid: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - hid: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - hid: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - hid: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ib/mad: Check available slots before posting receive WRs (git-fixes) - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input: ads7846 - fix gpiod allocation (git-fixes). - input: i8042 - add required quirks for missing old boardnames (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - input: iqs7222 - preserve system status register (git-fixes). - input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - input: xpad - add multiple supported devices (stable-fixes). - input: xpad - add support for TECNO Pocket Go (stable-fixes). - input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - input: xpad - rename QH controller to Legion Go S (stable-fixes). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - mdacon: rework dependency list (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). Refresh: - patches.suse/nvme-fc-use-ctrl-state-getter.patch - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - padata: fix sysfs store callback check (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - pci: Avoid reset when disabled via sysfs (git-fixes). - pci: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - pci: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - pci: brcmstb: Fix potential premature regulator disabling (git-fixes). - pci: brcmstb: Set generation limit before PCIe link up (git-fixes). - pci: brcmstb: Use internal register to change link capability (git-fixes). - pci: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - pci: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - pci: Fix reference leak in pci_alloc_child_bus() (git-fixes). - pci: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - pci: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - pci: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - pci/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - pci/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - pci/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - pci/DOE: Support discovery version 2 (bsc#1237853) - pci/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - pm: sleep: Adjust check before setting power.must_resume (git-fixes). - pm: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc: Stop using no_llseek (bsc#1239573). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). Replace our patch with the upstream version. - rdma/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - rdma/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - rdma/core: Do not expose hw_counters outside of init net namespace (git-fixes) - rdma/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - rdma/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - rdma/hns: Fix missing xa_destroy() (git-fixes) - rdma/hns: Fix soft lockup during bt pages loop (git-fixes) - rdma/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - rdma/hns: Fix wrong value of max_sge_rd (git-fixes) - rdma/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - rdma/mlx5: Fix cache entry update on dereg error (git-fixes) - rdma/mlx5: Fix calculation of total invalidated pages (git-fixes) - rdma/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - rdma/mlx5: Fix MR cache initialization error flow (git-fixes) - rdma/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - rdma/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - revert 'wifi: ath11k: support hibernation' (bsc#1207948). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: convert RPC_TASK_* constants to enum (git-fixes). - sunrpc: Handle -ETIMEDOUT return from tlshd (git-fixes). - sunrpc: Prevent looping due to rpc_signal_task() races (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tcp: Update window clamping condition (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - usb: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - usb: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - usb: serial: option: match on interface class for Telit FN990B (stable-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). The following package changes have been done: - kernel-macros-6.4.0-150600.23.47.2 updated - kernel-devel-6.4.0-150600.23.47.2 updated - kernel-default-devel-6.4.0-150600.23.47.2 updated - kernel-syms-6.4.0-150600.23.47.1 updated From sle-container-updates at lists.suse.com Tue Apr 15 12:11:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Apr 2025 14:11:16 +0200 (CEST) Subject: SUSE-IU-2025:1061-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250415121116.5B47AFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1061-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.17 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.17 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224049 1224489 1224610 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1230998 1231088 1231196 1231204 1231293 1231432 1231912 1231920 1231949 1231993 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233679 1233749 1234070 1234222 1234480 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235452 1235455 1235485 1235501 1235524 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235916 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236783 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237875 1237876 1237877 1237879 1237881 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239707 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-45016 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46815 CVE-2024-46818 CVE-2024-46858 CVE-2024-47408 CVE-2024-47684 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50302 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53104 CVE-2024-53123 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56648 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE_SLFO_Kernel_1.0_Build Released: Mon Apr 14 17:26:17 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224049,1224489,1224610,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1230998,1231088,1231196,1231204,1231293,1231432,1231912,1231920,1231949,1231993,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233679,1233749,1234070,1234222,1234480,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235452,1235455,1235485,1235501,1235524,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235916,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1236122,1 236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236783,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237875,1237876,1237877,1237879,1237881,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,1238570,1238715,1238716,123873 4,1238735,1238736,1238738,1238739,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52 831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-45016,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-46815,CVE-2024-46818,CVE-2024-46858,CVE-2024-47408,CVE-2024-47684,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50302,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53104,CVE-2024-53123,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE -2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56648,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882,CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-5 8069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-2025-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CV E-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025- 21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.15 updated - kernel-rt-6.4.0-26.1 updated - container:SL-Micro-container-2.2.0-4.16 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:05:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:05:05 +0200 (CEST) Subject: SUSE-IU-2025:1062-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250416070505.73ED9FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1062-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.160 , suse/sle-micro/base-5.5:latest Image Release : 5.8.160 Severity : important Type : security References : 1065729 1180814 1183682 1190336 1190768 1190786 1193629 1194869 1194904 1195823 1196444 1197158 1197174 1197227 1197246 1197302 1197331 1197472 1197661 1197926 1198019 1198021 1198240 1198577 1198660 1199657 1200045 1200571 1200807 1200809 1200810 1200824 1200825 1200871 1200872 1201193 1201218 1201323 1201381 1201610 1202672 1202711 1202712 1202771 1202774 1202778 1202781 1203699 1203769 1204171 1205205 1205701 1206048 1206049 1206451 1207034 1207186 1207361 1207593 1207640 1207878 1209262 1209547 1209788 1209980 1210050 1210647 1211263 1213167 1218450 1221651 1225428 1225742 1229312 1231375 1231432 1231854 1232299 1232743 1233479 1233557 1233749 1234074 1234894 1234895 1234896 1235481 1235528 1235599 1235870 1236033 1237029 1237521 1237530 1237718 1237721 1237722 1237723 1237724 1237725 1237726 1237727 1237728 1237729 1237730 1237733 1237734 1237735 1237736 1237737 1237738 1237739 1237740 1237742 1237743 1237744 1237745 1237746 1237748 1237749 1237751 1237752 1237753 1237755 1237759 1237761 1237763 1237766 1237767 1237768 1237774 1237775 1237778 1237779 1237780 1237782 1237783 1237784 1237785 1237786 1237787 1237788 1237789 1237790 1237792 1237794 1237795 1237797 1237798 1237799 1237807 1237808 1237809 1237810 1237812 1237813 1237814 1237815 1237816 1237817 1237818 1237820 1237821 1237823 1237824 1237826 1237827 1237829 1237831 1237835 1237836 1237837 1237839 1237840 1237845 1237846 1237868 1237872 1237892 1237903 1237904 1237916 1237918 1237922 1237925 1237926 1237927 1237928 1237929 1237931 1237932 1237933 1237937 1237940 1237941 1237942 1237946 1237951 1237952 1237954 1237955 1237957 1237958 1237959 1237960 1237961 1237962 1237963 1237965 1237966 1237967 1237968 1237969 1237970 1237971 1237972 1237973 1237975 1237976 1237978 1237979 1237980 1237982 1237983 1237984 1237986 1237987 1237990 1237992 1237996 1237997 1237998 1237999 1238000 1238003 1238004 1238005 1238006 1238007 1238009 1238010 1238011 1238012 1238013 1238014 1238016 1238017 1238018 1238019 1238021 1238022 1238024 1238025 1238030 1238032 1238036 1238037 1238041 1238046 1238047 1238048 1238069 1238071 1238077 1238079 1238080 1238083 1238084 1238085 1238086 1238089 1238090 1238091 1238092 1238096 1238097 1238099 1238103 1238105 1238106 1238107 1238108 1238110 1238111 1238112 1238113 1238114 1238115 1238116 1238118 1238120 1238122 1238123 1238125 1238126 1238127 1238128 1238131 1238134 1238135 1238138 1238139 1238140 1238142 1238144 1238146 1238147 1238149 1238150 1238153 1238155 1238156 1238157 1238158 1238160 1238162 1238166 1238167 1238168 1238169 1238170 1238171 1238172 1238175 1238176 1238177 1238178 1238179 1238180 1238181 1238183 1238184 1238187 1238221 1238222 1238226 1238228 1238229 1238231 1238233 1238234 1238235 1238236 1238238 1238239 1238240 1238241 1238242 1238243 1238244 1238246 1238247 1238248 1238249 1238252 1238253 1238255 1238256 1238257 1238260 1238261 1238262 1238263 1238264 1238266 1238267 1238268 1238269 1238270 1238271 1238272 1238274 1238275 1238276 1238277 1238278 1238279 1238281 1238282 1238283 1238284 1238285 1238286 1238287 1238288 1238289 1238291 1238292 1238293 1238295 1238298 1238300 1238301 1238302 1238306 1238307 1238308 1238309 1238311 1238313 1238326 1238327 1238328 1238329 1238331 1238333 1238334 1238335 1238336 1238337 1238338 1238339 1238341 1238343 1238344 1238345 1238372 1238373 1238374 1238376 1238377 1238378 1238381 1238382 1238383 1238385 1238386 1238387 1238388 1238389 1238390 1238391 1238392 1238393 1238394 1238395 1238396 1238397 1238398 1238400 1238401 1238410 1238411 1238413 1238415 1238416 1238417 1238418 1238419 1238420 1238422 1238423 1238424 1238428 1238429 1238430 1238431 1238432 1238433 1238434 1238435 1238436 1238437 1238440 1238441 1238442 1238443 1238444 1238445 1238447 1238453 1238454 1238458 1238459 1238462 1238463 1238465 1238467 1238469 1238533 1238536 1238538 1238539 1238540 1238542 1238543 1238546 1238551 1238552 1238556 1238557 1238599 1238600 1238601 1238602 1238605 1238612 1238613 1238615 1238616 1238617 1238618 1238619 1238621 1238623 1238625 1238626 1238630 1238631 1238632 1238633 1238635 1238636 1238638 1238639 1238640 1238641 1238642 1238643 1238645 1238646 1238647 1238648 1238649 1238650 1238653 1238654 1238655 1238658 1238661 1238662 1238663 1238664 1238666 1238668 1238705 1238707 1238710 1238712 1238718 1238719 1238721 1238722 1238727 1238729 1238750 1238787 1238789 1238792 1238799 1238803 1238804 1238805 1238806 1238808 1238809 1238810 1238811 1238814 1238815 1238816 1238817 1238818 1238819 1238820 1238821 1238822 1238823 1238825 1238830 1238834 1238835 1238836 1238838 1238843 1238867 1238868 1238869 1238870 1238871 1238878 1238889 1238892 1238893 1238897 1238898 1238899 1238902 1238911 1238916 1238919 1238925 1238930 1238933 1238936 1238937 1238938 1238939 1238941 1238942 1238943 1238944 1238945 1238946 1238948 1238949 1238950 1238951 1238952 1238953 1238954 1238956 1238957 1239001 1239004 1239016 1239035 1239040 1239041 1239051 1239060 1239070 1239071 1239073 1239076 1239095 1239109 1239115 1239126 1239452 1239454 1239618 1239968 1239969 1240133 1240205 1240207 1240208 1240210 1240212 1240213 1240218 1240220 1240227 1240229 1240231 1240242 1240245 1240247 1240250 1240254 1240256 1240264 1240266 1240272 1240275 1240276 1240278 1240279 1240280 1240281 1240282 1240283 1240284 1240286 1240288 1240290 1240292 1240293 1240297 1240304 1240308 1240309 1240317 1240318 1240322 1240343 CVE-2017-5753 CVE-2021-4453 CVE-2021-4454 CVE-2021-47517 CVE-2021-47631 CVE-2021-47632 CVE-2021-47633 CVE-2021-47635 CVE-2021-47636 CVE-2021-47637 CVE-2021-47638 CVE-2021-47639 CVE-2021-47641 CVE-2021-47642 CVE-2021-47643 CVE-2021-47644 CVE-2021-47645 CVE-2021-47646 CVE-2021-47647 CVE-2021-47648 CVE-2021-47649 CVE-2021-47650 CVE-2021-47651 CVE-2021-47652 CVE-2021-47653 CVE-2021-47654 CVE-2021-47656 CVE-2021-47657 CVE-2021-47659 CVE-2022-0168 CVE-2022-0995 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-2977 CVE-2022-29900 CVE-2022-29901 CVE-2022-3303 CVE-2022-3435 CVE-2022-49044 CVE-2022-49050 CVE-2022-49051 CVE-2022-49053 CVE-2022-49054 CVE-2022-49055 CVE-2022-49056 CVE-2022-49057 CVE-2022-49058 CVE-2022-49059 CVE-2022-49060 CVE-2022-49061 CVE-2022-49062 CVE-2022-49063 CVE-2022-49064 CVE-2022-49065 CVE-2022-49066 CVE-2022-49070 CVE-2022-49071 CVE-2022-49073 CVE-2022-49074 CVE-2022-49075 CVE-2022-49076 CVE-2022-49078 CVE-2022-49082 CVE-2022-49083 CVE-2022-49084 CVE-2022-49085 CVE-2022-49086 CVE-2022-49088 CVE-2022-49089 CVE-2022-49090 CVE-2022-49091 CVE-2022-49092 CVE-2022-49093 CVE-2022-49095 CVE-2022-49096 CVE-2022-49097 CVE-2022-49098 CVE-2022-49099 CVE-2022-49100 CVE-2022-49102 CVE-2022-49103 CVE-2022-49104 CVE-2022-49105 CVE-2022-49106 CVE-2022-49107 CVE-2022-49109 CVE-2022-49111 CVE-2022-49112 CVE-2022-49113 CVE-2022-49114 CVE-2022-49115 CVE-2022-49116 CVE-2022-49118 CVE-2022-49119 CVE-2022-49120 CVE-2022-49121 CVE-2022-49122 CVE-2022-49123 CVE-2022-49125 CVE-2022-49126 CVE-2022-49128 CVE-2022-49129 CVE-2022-49130 CVE-2022-49131 CVE-2022-49132 CVE-2022-49133 CVE-2022-49134 CVE-2022-49135 CVE-2022-49136 CVE-2022-49137 CVE-2022-49138 CVE-2022-49139 CVE-2022-49144 CVE-2022-49145 CVE-2022-49147 CVE-2022-49148 CVE-2022-49151 CVE-2022-49153 CVE-2022-49154 CVE-2022-49155 CVE-2022-49156 CVE-2022-49157 CVE-2022-49158 CVE-2022-49159 CVE-2022-49160 CVE-2022-49162 CVE-2022-49163 CVE-2022-49164 CVE-2022-49165 CVE-2022-49174 CVE-2022-49175 CVE-2022-49176 CVE-2022-49177 CVE-2022-49178 CVE-2022-49179 CVE-2022-49180 CVE-2022-49182 CVE-2022-49183 CVE-2022-49185 CVE-2022-49187 CVE-2022-49188 CVE-2022-49189 CVE-2022-49192 CVE-2022-49193 CVE-2022-49194 CVE-2022-49196 CVE-2022-49199 CVE-2022-49200 CVE-2022-49201 CVE-2022-49202 CVE-2022-49203 CVE-2022-49204 CVE-2022-49205 CVE-2022-49206 CVE-2022-49207 CVE-2022-49208 CVE-2022-49209 CVE-2022-49212 CVE-2022-49213 CVE-2022-49214 CVE-2022-49215 CVE-2022-49216 CVE-2022-49217 CVE-2022-49218 CVE-2022-49219 CVE-2022-49221 CVE-2022-49222 CVE-2022-49224 CVE-2022-49225 CVE-2022-49226 CVE-2022-49227 CVE-2022-49228 CVE-2022-49230 CVE-2022-49232 CVE-2022-49233 CVE-2022-49235 CVE-2022-49236 CVE-2022-49237 CVE-2022-49238 CVE-2022-49239 CVE-2022-49241 CVE-2022-49242 CVE-2022-49243 CVE-2022-49244 CVE-2022-49246 CVE-2022-49247 CVE-2022-49248 CVE-2022-49249 CVE-2022-49250 CVE-2022-49251 CVE-2022-49252 CVE-2022-49253 CVE-2022-49254 CVE-2022-49256 CVE-2022-49257 CVE-2022-49258 CVE-2022-49259 CVE-2022-49260 CVE-2022-49261 CVE-2022-49262 CVE-2022-49263 CVE-2022-49264 CVE-2022-49265 CVE-2022-49266 CVE-2022-49268 CVE-2022-49269 CVE-2022-49270 CVE-2022-49271 CVE-2022-49272 CVE-2022-49273 CVE-2022-49274 CVE-2022-49275 CVE-2022-49276 CVE-2022-49277 CVE-2022-49278 CVE-2022-49279 CVE-2022-49280 CVE-2022-49281 CVE-2022-49283 CVE-2022-49285 CVE-2022-49286 CVE-2022-49287 CVE-2022-49288 CVE-2022-49290 CVE-2022-49291 CVE-2022-49292 CVE-2022-49293 CVE-2022-49294 CVE-2022-49295 CVE-2022-49296 CVE-2022-49297 CVE-2022-49298 CVE-2022-49299 CVE-2022-49300 CVE-2022-49301 CVE-2022-49302 CVE-2022-49304 CVE-2022-49305 CVE-2022-49306 CVE-2022-49307 CVE-2022-49308 CVE-2022-49309 CVE-2022-49310 CVE-2022-49311 CVE-2022-49312 CVE-2022-49313 CVE-2022-49314 CVE-2022-49315 CVE-2022-49316 CVE-2022-49319 CVE-2022-49320 CVE-2022-49321 CVE-2022-49322 CVE-2022-49323 CVE-2022-49325 CVE-2022-49326 CVE-2022-49327 CVE-2022-49328 CVE-2022-49329 CVE-2022-49330 CVE-2022-49331 CVE-2022-49332 CVE-2022-49333 CVE-2022-49335 CVE-2022-49336 CVE-2022-49337 CVE-2022-49338 CVE-2022-49339 CVE-2022-49341 CVE-2022-49342 CVE-2022-49343 CVE-2022-49345 CVE-2022-49346 CVE-2022-49347 CVE-2022-49348 CVE-2022-49349 CVE-2022-49350 CVE-2022-49351 CVE-2022-49352 CVE-2022-49353 CVE-2022-49354 CVE-2022-49356 CVE-2022-49357 CVE-2022-49359 CVE-2022-49362 CVE-2022-49365 CVE-2022-49367 CVE-2022-49368 CVE-2022-49370 CVE-2022-49371 CVE-2022-49373 CVE-2022-49375 CVE-2022-49376 CVE-2022-49377 CVE-2022-49378 CVE-2022-49379 CVE-2022-49381 CVE-2022-49382 CVE-2022-49384 CVE-2022-49385 CVE-2022-49386 CVE-2022-49389 CVE-2022-49390 CVE-2022-49392 CVE-2022-49394 CVE-2022-49396 CVE-2022-49397 CVE-2022-49398 CVE-2022-49399 CVE-2022-49400 CVE-2022-49402 CVE-2022-49404 CVE-2022-49406 CVE-2022-49407 CVE-2022-49409 CVE-2022-49410 CVE-2022-49411 CVE-2022-49412 CVE-2022-49413 CVE-2022-49414 CVE-2022-49416 CVE-2022-49418 CVE-2022-49419 CVE-2022-49421 CVE-2022-49422 CVE-2022-49424 CVE-2022-49426 CVE-2022-49427 CVE-2022-49429 CVE-2022-49430 CVE-2022-49431 CVE-2022-49432 CVE-2022-49433 CVE-2022-49434 CVE-2022-49435 CVE-2022-49436 CVE-2022-49437 CVE-2022-49438 CVE-2022-49440 CVE-2022-49441 CVE-2022-49442 CVE-2022-49443 CVE-2022-49444 CVE-2022-49445 CVE-2022-49446 CVE-2022-49447 CVE-2022-49448 CVE-2022-49449 CVE-2022-49451 CVE-2022-49453 CVE-2022-49455 CVE-2022-49458 CVE-2022-49459 CVE-2022-49460 CVE-2022-49462 CVE-2022-49463 CVE-2022-49465 CVE-2022-49466 CVE-2022-49467 CVE-2022-49468 CVE-2022-49470 CVE-2022-49472 CVE-2022-49473 CVE-2022-49474 CVE-2022-49475 CVE-2022-49476 CVE-2022-49477 CVE-2022-49478 CVE-2022-49479 CVE-2022-49480 CVE-2022-49481 CVE-2022-49482 CVE-2022-49483 CVE-2022-49484 CVE-2022-49485 CVE-2022-49486 CVE-2022-49487 CVE-2022-49488 CVE-2022-49489 CVE-2022-49490 CVE-2022-49491 CVE-2022-49492 CVE-2022-49493 CVE-2022-49494 CVE-2022-49495 CVE-2022-49497 CVE-2022-49498 CVE-2022-49499 CVE-2022-49501 CVE-2022-49502 CVE-2022-49503 CVE-2022-49504 CVE-2022-49505 CVE-2022-49506 CVE-2022-49507 CVE-2022-49508 CVE-2022-49509 CVE-2022-49510 CVE-2022-49511 CVE-2022-49512 CVE-2022-49514 CVE-2022-49515 CVE-2022-49516 CVE-2022-49517 CVE-2022-49518 CVE-2022-49519 CVE-2022-49520 CVE-2022-49521 CVE-2022-49522 CVE-2022-49523 CVE-2022-49524 CVE-2022-49525 CVE-2022-49526 CVE-2022-49527 CVE-2022-49529 CVE-2022-49530 CVE-2022-49532 CVE-2022-49533 CVE-2022-49534 CVE-2022-49535 CVE-2022-49536 CVE-2022-49537 CVE-2022-49538 CVE-2022-49541 CVE-2022-49542 CVE-2022-49543 CVE-2022-49544 CVE-2022-49545 CVE-2022-49546 CVE-2022-49548 CVE-2022-49549 CVE-2022-49551 CVE-2022-49552 CVE-2022-49555 CVE-2022-49556 CVE-2022-49559 CVE-2022-49560 CVE-2022-49562 CVE-2022-49563 CVE-2022-49564 CVE-2022-49565 CVE-2022-49566 CVE-2022-49568 CVE-2022-49569 CVE-2022-49570 CVE-2022-49579 CVE-2022-49581 CVE-2022-49583 CVE-2022-49584 CVE-2022-49591 CVE-2022-49592 CVE-2022-49603 CVE-2022-49605 CVE-2022-49606 CVE-2022-49607 CVE-2022-49609 CVE-2022-49610 CVE-2022-49611 CVE-2022-49613 CVE-2022-49615 CVE-2022-49616 CVE-2022-49617 CVE-2022-49618 CVE-2022-49621 CVE-2022-49623 CVE-2022-49624 CVE-2022-49625 CVE-2022-49626 CVE-2022-49627 CVE-2022-49628 CVE-2022-49631 CVE-2022-49634 CVE-2022-49635 CVE-2022-49638 CVE-2022-49640 CVE-2022-49641 CVE-2022-49642 CVE-2022-49643 CVE-2022-49644 CVE-2022-49645 CVE-2022-49646 CVE-2022-49647 CVE-2022-49648 CVE-2022-49649 CVE-2022-49650 CVE-2022-49652 CVE-2022-49653 CVE-2022-49655 CVE-2022-49656 CVE-2022-49657 CVE-2022-49658 CVE-2022-49661 CVE-2022-49663 CVE-2022-49665 CVE-2022-49667 CVE-2022-49668 CVE-2022-49670 CVE-2022-49671 CVE-2022-49672 CVE-2022-49673 CVE-2022-49674 CVE-2022-49675 CVE-2022-49676 CVE-2022-49677 CVE-2022-49678 CVE-2022-49679 CVE-2022-49680 CVE-2022-49683 CVE-2022-49685 CVE-2022-49686 CVE-2022-49687 CVE-2022-49688 CVE-2022-49693 CVE-2022-49694 CVE-2022-49695 CVE-2022-49697 CVE-2022-49699 CVE-2022-49700 CVE-2022-49701 CVE-2022-49703 CVE-2022-49704 CVE-2022-49705 CVE-2022-49707 CVE-2022-49708 CVE-2022-49710 CVE-2022-49711 CVE-2022-49712 CVE-2022-49713 CVE-2022-49714 CVE-2022-49715 CVE-2022-49716 CVE-2022-49719 CVE-2022-49720 CVE-2022-49721 CVE-2022-49722 CVE-2022-49723 CVE-2022-49724 CVE-2022-49725 CVE-2022-49726 CVE-2022-49729 CVE-2022-49730 CVE-2022-49731 CVE-2022-49732 CVE-2022-49733 CVE-2022-49739 CVE-2022-49746 CVE-2022-49748 CVE-2022-49751 CVE-2022-49753 CVE-2022-49755 CVE-2022-49759 CVE-2023-0179 CVE-2023-1652 CVE-2023-2162 CVE-2023-28410 CVE-2023-3567 CVE-2023-52930 CVE-2023-52933 CVE-2023-52935 CVE-2023-52939 CVE-2023-52941 CVE-2023-52973 CVE-2023-52974 CVE-2023-52975 CVE-2023-52976 CVE-2023-52979 CVE-2023-52983 CVE-2023-52984 CVE-2023-52988 CVE-2023-52989 CVE-2023-52992 CVE-2023-52993 CVE-2023-53000 CVE-2023-53005 CVE-2023-53006 CVE-2023-53007 CVE-2023-53008 CVE-2023-53010 CVE-2023-53015 CVE-2023-53016 CVE-2023-53019 CVE-2023-53023 CVE-2023-53024 CVE-2023-53025 CVE-2023-53026 CVE-2023-53028 CVE-2023-53029 CVE-2023-53030 CVE-2023-53033 CVE-2024-26634 CVE-2024-47678 CVE-2024-50290 CVE-2024-53063 CVE-2024-53124 CVE-2024-53176 CVE-2024-53178 CVE-2024-56651 CVE-2024-57996 CVE-2024-58013 CVE-2024-58014 CVE-2024-8176 CVE-2025-21693 CVE-2025-21718 CVE-2025-21772 CVE-2025-21780 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1241-1 Released: Mon Apr 14 12:37:06 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1180814,1183682,1190336,1190768,1190786,1193629,1194869,1194904,1195823,1196444,1197158,1197174,1197227,1197246,1197302,1197331,1197472,1197661,1197926,1198019,1198021,1198240,1198577,1198660,1199657,1200045,1200571,1200807,1200809,1200810,1200824,1200825,1200871,1200872,1201193,1201218,1201323,1201381,1201610,1202672,1202711,1202712,1202771,1202774,1202778,1202781,1203699,1203769,1204171,1205205,1205701,1206048,1206049,1206451,1207034,1207186,1207361,1207593,1207640,1207878,1209262,1209547,1209788,1209980,1210050,1210647,1211263,1213167,1218450,1221651,1225428,1225742,1229312,1231375,1231432,1231854,1232299,1232743,1233479,1233557,1233749,1234074,1234894,1234895,1234896,1235528,1235599,1235870,1237029,1237521,1237530,1237718,1237721,1237722,1237723,1237724,1237725,1237726,1237727,1237728,1237729,1237730,1237733,1237734,1237735,1237736,1237737,1237738,1237739,1237740,1237742,1237743,1237744,1237745,1237746,1237748,1237749,1237751,1237752,1237753,1237755,1237759,1 237761,1237763,1237766,1237767,1237768,1237774,1237775,1237778,1237779,1237780,1237782,1237783,1237784,1237785,1237786,1237787,1237788,1237789,1237790,1237792,1237794,1237795,1237797,1237798,1237799,1237807,1237808,1237809,1237810,1237812,1237813,1237814,1237815,1237816,1237817,1237818,1237820,1237821,1237823,1237824,1237826,1237827,1237829,1237831,1237835,1237836,1237837,1237839,1237840,1237845,1237846,1237868,1237872,1237892,1237903,1237904,1237916,1237918,1237922,1237925,1237926,1237927,1237928,1237929,1237931,1237932,1237933,1237937,1237940,1237941,1237942,1237946,1237951,1237952,1237954,1237955,1237957,1237958,1237959,1237960,1237961,1237962,1237963,1237965,1237966,1237967,1237968,1237969,1237970,1237971,1237972,1237973,1237975,1237976,1237978,1237979,1237980,1237982,1237983,1237984,1237986,1237987,1237990,1237992,1237996,1237997,1237998,1237999,1238000,1238003,1238004,1238005,1238006,1238007,1238009,1238010,1238011,1238012,1238013,1238014,1238016,1238017,1238018,1238019,123802 1,1238022,1238024,1238025,1238030,1238032,1238036,1238037,1238041,1238046,1238047,1238048,1238069,1238071,1238077,1238079,1238080,1238083,1238084,1238085,1238086,1238089,1238090,1238091,1238092,1238096,1238097,1238099,1238103,1238105,1238106,1238107,1238108,1238110,1238111,1238112,1238113,1238114,1238115,1238116,1238118,1238120,1238122,1238123,1238125,1238126,1238127,1238128,1238131,1238134,1238135,1238138,1238139,1238140,1238142,1238144,1238146,1238147,1238149,1238150,1238153,1238155,1238156,1238157,1238158,1238160,1238162,1238166,1238167,1238168,1238169,1238170,1238171,1238172,1238175,1238176,1238177,1238178,1238179,1238180,1238181,1238183,1238184,1238187,1238221,1238222,1238226,1238228,1238229,1238231,1238233,1238234,1238235,1238236,1238238,1238239,1238240,1238241,1238242,1238243,1238244,1238246,1238247,1238248,1238249,1238252,1238253,1238255,1238256,1238257,1238260,1238261,1238262,1238263,1238264,1238266,1238267,1238268,1238269,1238270,1238271,1238272,1238274,1238275,1238276,123 8277,1238278,1238279,1238281,1238282,1238283,1238284,1238285,1238286,1238287,1238288,1238289,1238291,1238292,1238293,1238295,1238298,1238300,1238301,1238302,1238306,1238307,1238308,1238309,1238311,1238313,1238326,1238327,1238328,1238329,1238331,1238333,1238334,1238335,1238336,1238337,1238338,1238339,1238341,1238343,1238344,1238345,1238372,1238373,1238374,1238376,1238377,1238378,1238381,1238382,1238383,1238385,1238386,1238387,1238388,1238389,1238390,1238391,1238392,1238393,1238394,1238395,1238396,1238397,1238398,1238400,1238401,1238410,1238411,1238413,1238415,1238416,1238417,1238418,1238419,1238420,1238422,1238423,1238424,1238428,1238429,1238430,1238431,1238432,1238433,1238434,1238435,1238436,1238437,1238440,1238441,1238442,1238443,1238444,1238445,1238447,1238453,1238454,1238458,1238459,1238462,1238463,1238465,1238467,1238469,1238533,1238536,1238538,1238539,1238540,1238542,1238543,1238546,1238551,1238552,1238556,1238557,1238599,1238600,1238601,1238602,1238605,1238612,1238613,1238615, 1238616,1238617,1238618,1238619,1238621,1238623,1238625,1238626,1238630,1238631,1238632,1238633,1238635,1238636,1238638,1238639,1238640,1238641,1238642,1238643,1238645,1238646,1238647,1238648,1238649,1238650,1238653,1238654,1238655,1238658,1238661,1238662,1238663,1238664,1238666,1238668,1238705,1238707,1238710,1238712,1238718,1238719,1238721,1238722,1238727,1238729,1238750,1238787,1238789,1238792,1238799,1238803,1238804,1238805,1238806,1238808,1238809,1238810,1238811,1238814,1238815,1238816,1238817,1238818,1238819,1238820,1238821,1238822,1238823,1238825,1238830,1238834,1238835,1238836,1238838,1238843,1238867,1238868,1238869,1238870,1238871,1238878,1238889,1238892,1238893,1238897,1238898,1238899,1238902,1238911,1238916,1238919,1238925,1238930,1238933,1238936,1238937,1238938,1238939,1238941,1238942,1238943,1238944,1238945,1238946,1238948,1238949,1238950,1238951,1238952,1238953,1238954,1238956,1238957,1239001,1239004,1239016,1239035,1239040,1239041,1239051,1239060,1239070,1239071,12390 73,1239076,1239095,1239109,1239115,1239126,1239452,1239454,1239968,1239969,1240133,1240205,1240207,1240208,1240210,1240212,1240213,1240218,1240220,1240227,1240229,1240231,1240242,1240245,1240247,1240250,1240254,1240256,1240264,1240266,1240272,1240275,1240276,1240278,1240279,1240280,1240281,1240282,1240283,1240284,1240286,1240288,1240290,1240292,1240293,1240297,1240304,1240308,1240309,1240317,1240318,1240322,CVE-2017-5753,CVE-2021-4453,CVE-2021-4454,CVE-2021-47517,CVE-2021-47631,CVE-2021-47632,CVE-2021-47633,CVE-2021-47635,CVE-2021-47636,CVE-2021-47637,CVE-2021-47638,CVE-2021-47639,CVE-2021-47641,CVE-2021-47642,CVE-2021-47643,CVE-2021-47644,CVE-2021-47645,CVE-2021-47646,CVE-2021-47647,CVE-2021-47648,CVE-2021-47649,CVE-2021-47650,CVE-2021-47651,CVE-2021-47652,CVE-2021-47653,CVE-2021-47654,CVE-2021-47656,CVE-2021-47657,CVE-2021-47659,CVE-2022-0168,CVE-2022-0995,CVE-2022-1016,CVE-2022-1048,CVE-2022-1184,CVE-2022-2977,CVE-2022-29900,CVE-2022-29901,CVE-2022-3303,CVE-2022-3435,CVE-2022-490 44,CVE-2022-49050,CVE-2022-49051,CVE-2022-49053,CVE-2022-49054,CVE-2022-49055,CVE-2022-49056,CVE-2022-49057,CVE-2022-49058,CVE-2022-49059,CVE-2022-49060,CVE-2022-49061,CVE-2022-49062,CVE-2022-49063,CVE-2022-49064,CVE-2022-49065,CVE-2022-49066,CVE-2022-49070,CVE-2022-49071,CVE-2022-49073,CVE-2022-49074,CVE-2022-49075,CVE-2022-49076,CVE-2022-49078,CVE-2022-49082,CVE-2022-49083,CVE-2022-49084,CVE-2022-49085,CVE-2022-49086,CVE-2022-49088,CVE-2022-49089,CVE-2022-49090,CVE-2022-49091,CVE-2022-49092,CVE-2022-49093,CVE-2022-49095,CVE-2022-49096,CVE-2022-49097,CVE-2022-49098,CVE-2022-49099,CVE-2022-49100,CVE-2022-49102,CVE-2022-49103,CVE-2022-49104,CVE-2022-49105,CVE-2022-49106,CVE-2022-49107,CVE-2022-49109,CVE-2022-49111,CVE-2022-49112,CVE-2022-49113,CVE-2022-49114,CVE-2022-49115,CVE-2022-49116,CVE-2022-49118,CVE-2022-49119,CVE-2022-49120,CVE-2022-49121,CVE-2022-49122,CVE-2022-49123,CVE-2022-49125,CVE-2022-49126,CVE-2022-49128,CVE-2022-49129,CVE-2022-49130,CVE-2022-49131,CVE-2022-49132,CVE- 2022-49133,CVE-2022-49134,CVE-2022-49135,CVE-2022-49136,CVE-2022-49137,CVE-2022-49138,CVE-2022-49139,CVE-2022-49144,CVE-2022-49145,CVE-2022-49147,CVE-2022-49148,CVE-2022-49151,CVE-2022-49153,CVE-2022-49154,CVE-2022-49155,CVE-2022-49156,CVE-2022-49157,CVE-2022-49158,CVE-2022-49159,CVE-2022-49160,CVE-2022-49162,CVE-2022-49163,CVE-2022-49164,CVE-2022-49165,CVE-2022-49174,CVE-2022-49175,CVE-2022-49176,CVE-2022-49177,CVE-2022-49178,CVE-2022-49179,CVE-2022-49180,CVE-2022-49182,CVE-2022-49183,CVE-2022-49185,CVE-2022-49187,CVE-2022-49188,CVE-2022-49189,CVE-2022-49192,CVE-2022-49193,CVE-2022-49194,CVE-2022-49196,CVE-2022-49199,CVE-2022-49200,CVE-2022-49201,CVE-2022-49202,CVE-2022-49203,CVE-2022-49204,CVE-2022-49205,CVE-2022-49206,CVE-2022-49207,CVE-2022-49208,CVE-2022-49209,CVE-2022-49212,CVE-2022-49213,CVE-2022-49214,CVE-2022-49215,CVE-2022-49216,CVE-2022-49217,CVE-2022-49218,CVE-2022-49219,CVE-2022-49221,CVE-2022-49222,CVE-2022-49224,CVE-2022-49225,CVE-2022-49226,CVE-2022-49227,CVE-2022-49 228,CVE-2022-49230,CVE-2022-49232,CVE-2022-49233,CVE-2022-49235,CVE-2022-49236,CVE-2022-49237,CVE-2022-49238,CVE-2022-49239,CVE-2022-49241,CVE-2022-49242,CVE-2022-49243,CVE-2022-49244,CVE-2022-49246,CVE-2022-49247,CVE-2022-49248,CVE-2022-49249,CVE-2022-49250,CVE-2022-49251,CVE-2022-49252,CVE-2022-49253,CVE-2022-49254,CVE-2022-49256,CVE-2022-49257,CVE-2022-49258,CVE-2022-49259,CVE-2022-49260,CVE-2022-49261,CVE-2022-49262,CVE-2022-49263,CVE-2022-49264,CVE-2022-49265,CVE-2022-49266,CVE-2022-49268,CVE-2022-49269,CVE-2022-49270,CVE-2022-49271,CVE-2022-49272,CVE-2022-49273,CVE-2022-49274,CVE-2022-49275,CVE-2022-49276,CVE-2022-49277,CVE-2022-49278,CVE-2022-49279,CVE-2022-49280,CVE-2022-49281,CVE-2022-49283,CVE-2022-49285,CVE-2022-49286,CVE-2022-49287,CVE-2022-49288,CVE-2022-49290,CVE-2022-49291,CVE-2022-49292,CVE-2022-49293,CVE-2022-49294,CVE-2022-49295,CVE-2022-49296,CVE-2022-49297,CVE-2022-49298,CVE-2022-49299,CVE-2022-49300,CVE-2022-49301,CVE-2022-49302,CVE-2022-49304,CVE-2022-49305,CVE -2022-49306,CVE-2022-49307,CVE-2022-49308,CVE-2022-49309,CVE-2022-49310,CVE-2022-49311,CVE-2022-49312,CVE-2022-49313,CVE-2022-49314,CVE-2022-49315,CVE-2022-49316,CVE-2022-49319,CVE-2022-49320,CVE-2022-49321,CVE-2022-49322,CVE-2022-49323,CVE-2022-49325,CVE-2022-49326,CVE-2022-49327,CVE-2022-49328,CVE-2022-49329,CVE-2022-49330,CVE-2022-49331,CVE-2022-49332,CVE-2022-49333,CVE-2022-49335,CVE-2022-49336,CVE-2022-49337,CVE-2022-49338,CVE-2022-49339,CVE-2022-49341,CVE-2022-49342,CVE-2022-49343,CVE-2022-49345,CVE-2022-49346,CVE-2022-49347,CVE-2022-49348,CVE-2022-49349,CVE-2022-49350,CVE-2022-49351,CVE-2022-49352,CVE-2022-49353,CVE-2022-49354,CVE-2022-49356,CVE-2022-49357,CVE-2022-49359,CVE-2022-49362,CVE-2022-49365,CVE-2022-49367,CVE-2022-49368,CVE-2022-49370,CVE-2022-49371,CVE-2022-49373,CVE-2022-49375,CVE-2022-49376,CVE-2022-49377,CVE-2022-49378,CVE-2022-49379,CVE-2022-49381,CVE-2022-49382,CVE-2022-49384,CVE-2022-49385,CVE-2022-49386,CVE-2022-49389,CVE-2022-49390,CVE-2022-49392,CVE-2022-4 9394,CVE-2022-49396,CVE-2022-49397,CVE-2022-49398,CVE-2022-49399,CVE-2022-49400,CVE-2022-49402,CVE-2022-49404,CVE-2022-49406,CVE-2022-49407,CVE-2022-49409,CVE-2022-49410,CVE-2022-49411,CVE-2022-49412,CVE-2022-49413,CVE-2022-49414,CVE-2022-49416,CVE-2022-49418,CVE-2022-49419,CVE-2022-49421,CVE-2022-49422,CVE-2022-49424,CVE-2022-49426,CVE-2022-49427,CVE-2022-49429,CVE-2022-49430,CVE-2022-49431,CVE-2022-49432,CVE-2022-49433,CVE-2022-49434,CVE-2022-49435,CVE-2022-49436,CVE-2022-49437,CVE-2022-49438,CVE-2022-49440,CVE-2022-49441,CVE-2022-49442,CVE-2022-49443,CVE-2022-49444,CVE-2022-49445,CVE-2022-49446,CVE-2022-49447,CVE-2022-49448,CVE-2022-49449,CVE-2022-49451,CVE-2022-49453,CVE-2022-49455,CVE-2022-49458,CVE-2022-49459,CVE-2022-49460,CVE-2022-49462,CVE-2022-49463,CVE-2022-49465,CVE-2022-49466,CVE-2022-49467,CVE-2022-49468,CVE-2022-49470,CVE-2022-49472,CVE-2022-49473,CVE-2022-49474,CVE-2022-49475,CVE-2022-49476,CVE-2022-49477,CVE-2022-49478,CVE-2022-49479,CVE-2022-49480,CVE-2022-49481,CV E-2022-49482,CVE-2022-49483,CVE-2022-49484,CVE-2022-49485,CVE-2022-49486,CVE-2022-49487,CVE-2022-49488,CVE-2022-49489,CVE-2022-49490,CVE-2022-49491,CVE-2022-49492,CVE-2022-49493,CVE-2022-49494,CVE-2022-49495,CVE-2022-49497,CVE-2022-49498,CVE-2022-49499,CVE-2022-49501,CVE-2022-49502,CVE-2022-49503,CVE-2022-49504,CVE-2022-49505,CVE-2022-49506,CVE-2022-49507,CVE-2022-49508,CVE-2022-49509,CVE-2022-49510,CVE-2022-49511,CVE-2022-49512,CVE-2022-49514,CVE-2022-49515,CVE-2022-49516,CVE-2022-49517,CVE-2022-49518,CVE-2022-49519,CVE-2022-49520,CVE-2022-49521,CVE-2022-49522,CVE-2022-49523,CVE-2022-49524,CVE-2022-49525,CVE-2022-49526,CVE-2022-49527,CVE-2022-49529,CVE-2022-49530,CVE-2022-49532,CVE-2022-49533,CVE-2022-49534,CVE-2022-49535,CVE-2022-49536,CVE-2022-49537,CVE-2022-49538,CVE-2022-49541,CVE-2022-49542,CVE-2022-49543,CVE-2022-49544,CVE-2022-49545,CVE-2022-49546,CVE-2022-49548,CVE-2022-49549,CVE-2022-49551,CVE-2022-49552,CVE-2022-49555,CVE-2022-49556,CVE-2022-49559,CVE-2022-49560,CVE-2022- 49562,CVE-2022-49563,CVE-2022-49564,CVE-2022-49565,CVE-2022-49566,CVE-2022-49568,CVE-2022-49569,CVE-2022-49570,CVE-2022-49579,CVE-2022-49581,CVE-2022-49583,CVE-2022-49584,CVE-2022-49591,CVE-2022-49592,CVE-2022-49603,CVE-2022-49605,CVE-2022-49606,CVE-2022-49607,CVE-2022-49609,CVE-2022-49610,CVE-2022-49611,CVE-2022-49613,CVE-2022-49615,CVE-2022-49616,CVE-2022-49617,CVE-2022-49618,CVE-2022-49621,CVE-2022-49623,CVE-2022-49624,CVE-2022-49625,CVE-2022-49626,CVE-2022-49627,CVE-2022-49628,CVE-2022-49631,CVE-2022-49634,CVE-2022-49635,CVE-2022-49638,CVE-2022-49640,CVE-2022-49641,CVE-2022-49642,CVE-2022-49643,CVE-2022-49644,CVE-2022-49645,CVE-2022-49646,CVE-2022-49647,CVE-2022-49648,CVE-2022-49649,CVE-2022-49650,CVE-2022-49652,CVE-2022-49653,CVE-2022-49655,CVE-2022-49656,CVE-2022-49657,CVE-2022-49658,CVE-2022-49661,CVE-2022-49663,CVE-2022-49665,CVE-2022-49667,CVE-2022-49668,CVE-2022-49670,CVE-2022-49671,CVE-2022-49672,CVE-2022-49673,CVE-2022-49674,CVE-2022-49675,CVE-2022-49676,CVE-2022-49677,C VE-2022-49678,CVE-2022-49679,CVE-2022-49680,CVE-2022-49683,CVE-2022-49685,CVE-2022-49686,CVE-2022-49687,CVE-2022-49688,CVE-2022-49693,CVE-2022-49694,CVE-2022-49695,CVE-2022-49697,CVE-2022-49699,CVE-2022-49700,CVE-2022-49701,CVE-2022-49703,CVE-2022-49704,CVE-2022-49705,CVE-2022-49707,CVE-2022-49708,CVE-2022-49710,CVE-2022-49711,CVE-2022-49712,CVE-2022-49713,CVE-2022-49714,CVE-2022-49715,CVE-2022-49716,CVE-2022-49719,CVE-2022-49720,CVE-2022-49721,CVE-2022-49722,CVE-2022-49723,CVE-2022-49724,CVE-2022-49725,CVE-2022-49726,CVE-2022-49729,CVE-2022-49730,CVE-2022-49731,CVE-2022-49732,CVE-2022-49733,CVE-2022-49739,CVE-2022-49746,CVE-2022-49748,CVE-2022-49751,CVE-2022-49753,CVE-2022-49755,CVE-2022-49759,CVE-2023-0179,CVE-2023-1652,CVE-2023-2162,CVE-2023-28410,CVE-2023-3567,CVE-2023-52930,CVE-2023-52933,CVE-2023-52935,CVE-2023-52939,CVE-2023-52941,CVE-2023-52973,CVE-2023-52974,CVE-2023-52975,CVE-2023-52976,CVE-2023-52979,CVE-2023-52983,CVE-2023-52984,CVE-2023-52988,CVE-2023-52989,CVE-2023-529 92,CVE-2023-52993,CVE-2023-53000,CVE-2023-53005,CVE-2023-53006,CVE-2023-53007,CVE-2023-53008,CVE-2023-53010,CVE-2023-53015,CVE-2023-53016,CVE-2023-53019,CVE-2023-53023,CVE-2023-53024,CVE-2023-53025,CVE-2023-53026,CVE-2023-53028,CVE-2023-53029,CVE-2023-53030,CVE-2023-53033,CVE-2024-26634,CVE-2024-47678,CVE-2024-50290,CVE-2024-53063,CVE-2024-53124,CVE-2024-53176,CVE-2024-53178,CVE-2024-56651,CVE-2024-57996,CVE-2024-58013,CVE-2024-58014,CVE-2025-21693,CVE-2025-21718,CVE-2025-21772,CVE-2025-21780 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239095). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - cifs: Add a laundromat thread for cached directories (git-fixes). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (git-fixes). - gfs2: Fix inode height consistency check (git-fixes). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Support holes in device list reply msg (bsc#1240133). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: disable directory caching when dir_cache_timeout is zero (git-fixes). - smb: client: do not start laundromat thread on nohandlecache (git-fixes). - smb: client: make laundromat a delayed worker (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes). - smb3: do not start laundromat thread when dir leases disabled (git-fixes). - smb3: retrying on failed server close (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - kernel-default-5.14.21-150500.55.100.1 updated - ca-certificates-mozilla-2.74-150200.41.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:05:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:05:51 +0200 (CEST) Subject: SUSE-IU-2025:1063-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250416070551.CD5D6FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1063-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.304 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.304 Severity : important Type : security References : 1065729 1180814 1183682 1190336 1190768 1190786 1193629 1194869 1194904 1195823 1196444 1197158 1197174 1197227 1197246 1197302 1197331 1197472 1197661 1197926 1198019 1198021 1198240 1198577 1198660 1199657 1200045 1200571 1200807 1200809 1200810 1200824 1200825 1200871 1200872 1201193 1201218 1201323 1201381 1201610 1202672 1202711 1202712 1202771 1202774 1202778 1202781 1203699 1203769 1204171 1205205 1205701 1206048 1206049 1206451 1207034 1207186 1207361 1207593 1207640 1207878 1209262 1209547 1209788 1209980 1210050 1210647 1211263 1213167 1218450 1221651 1225428 1225742 1229312 1231375 1231432 1231854 1232299 1232743 1233479 1233557 1233749 1234074 1234894 1234895 1234896 1235481 1235528 1235599 1235870 1236033 1237029 1237521 1237530 1237718 1237721 1237722 1237723 1237724 1237725 1237726 1237727 1237728 1237729 1237730 1237733 1237734 1237735 1237736 1237737 1237738 1237739 1237740 1237742 1237743 1237744 1237745 1237746 1237748 1237749 1237751 1237752 1237753 1237755 1237759 1237761 1237763 1237766 1237767 1237768 1237774 1237775 1237778 1237779 1237780 1237782 1237783 1237784 1237785 1237786 1237787 1237788 1237789 1237790 1237792 1237794 1237795 1237797 1237798 1237799 1237807 1237808 1237809 1237810 1237812 1237813 1237814 1237815 1237816 1237817 1237818 1237820 1237821 1237823 1237824 1237826 1237827 1237829 1237831 1237835 1237836 1237837 1237839 1237840 1237845 1237846 1237868 1237872 1237892 1237903 1237904 1237916 1237918 1237922 1237925 1237926 1237927 1237928 1237929 1237931 1237932 1237933 1237937 1237940 1237941 1237942 1237946 1237951 1237952 1237954 1237955 1237957 1237958 1237959 1237960 1237961 1237962 1237963 1237965 1237966 1237967 1237968 1237969 1237970 1237971 1237972 1237973 1237975 1237976 1237978 1237979 1237980 1237982 1237983 1237984 1237986 1237987 1237990 1237992 1237996 1237997 1237998 1237999 1238000 1238003 1238004 1238005 1238006 1238007 1238009 1238010 1238011 1238012 1238013 1238014 1238016 1238017 1238018 1238019 1238021 1238022 1238024 1238025 1238030 1238032 1238036 1238037 1238041 1238046 1238047 1238048 1238069 1238071 1238077 1238079 1238080 1238083 1238084 1238085 1238086 1238089 1238090 1238091 1238092 1238096 1238097 1238099 1238103 1238105 1238106 1238107 1238108 1238110 1238111 1238112 1238113 1238114 1238115 1238116 1238118 1238120 1238122 1238123 1238125 1238126 1238127 1238128 1238131 1238134 1238135 1238138 1238139 1238140 1238142 1238144 1238146 1238147 1238149 1238150 1238153 1238155 1238156 1238157 1238158 1238160 1238162 1238166 1238167 1238168 1238169 1238170 1238171 1238172 1238175 1238176 1238177 1238178 1238179 1238180 1238181 1238183 1238184 1238187 1238221 1238222 1238226 1238228 1238229 1238231 1238233 1238234 1238235 1238236 1238238 1238239 1238240 1238241 1238242 1238243 1238244 1238246 1238247 1238248 1238249 1238252 1238253 1238255 1238256 1238257 1238260 1238261 1238262 1238263 1238264 1238266 1238267 1238268 1238269 1238270 1238271 1238272 1238274 1238275 1238276 1238277 1238278 1238279 1238281 1238282 1238283 1238284 1238285 1238286 1238287 1238288 1238289 1238291 1238292 1238293 1238295 1238298 1238300 1238301 1238302 1238306 1238307 1238308 1238309 1238311 1238313 1238326 1238327 1238328 1238329 1238331 1238333 1238334 1238335 1238336 1238337 1238338 1238339 1238341 1238343 1238344 1238345 1238372 1238373 1238374 1238376 1238377 1238378 1238381 1238382 1238383 1238385 1238386 1238387 1238388 1238389 1238390 1238391 1238392 1238393 1238394 1238395 1238396 1238397 1238398 1238400 1238401 1238410 1238411 1238413 1238415 1238416 1238417 1238418 1238419 1238420 1238422 1238423 1238424 1238428 1238429 1238430 1238431 1238432 1238433 1238434 1238435 1238436 1238437 1238440 1238441 1238442 1238443 1238444 1238445 1238447 1238453 1238454 1238458 1238459 1238462 1238463 1238465 1238467 1238469 1238533 1238536 1238538 1238539 1238540 1238542 1238543 1238546 1238551 1238552 1238556 1238557 1238599 1238600 1238601 1238602 1238605 1238612 1238613 1238615 1238616 1238617 1238618 1238619 1238621 1238623 1238625 1238626 1238630 1238631 1238632 1238633 1238635 1238636 1238638 1238639 1238640 1238641 1238642 1238643 1238645 1238646 1238647 1238648 1238649 1238650 1238653 1238654 1238655 1238658 1238661 1238662 1238663 1238664 1238666 1238668 1238705 1238707 1238710 1238712 1238718 1238719 1238721 1238722 1238727 1238729 1238750 1238787 1238789 1238792 1238799 1238803 1238804 1238805 1238806 1238808 1238809 1238810 1238811 1238814 1238815 1238816 1238817 1238818 1238819 1238820 1238821 1238822 1238823 1238825 1238830 1238834 1238835 1238836 1238838 1238843 1238867 1238868 1238869 1238870 1238871 1238878 1238889 1238892 1238893 1238897 1238898 1238899 1238902 1238911 1238916 1238919 1238925 1238930 1238933 1238936 1238937 1238938 1238939 1238941 1238942 1238943 1238944 1238945 1238946 1238948 1238949 1238950 1238951 1238952 1238953 1238954 1238956 1238957 1239001 1239004 1239016 1239035 1239040 1239041 1239051 1239060 1239070 1239071 1239073 1239076 1239095 1239109 1239115 1239126 1239452 1239454 1239618 1239968 1239969 1240133 1240205 1240207 1240208 1240210 1240212 1240213 1240218 1240220 1240227 1240229 1240231 1240242 1240245 1240247 1240250 1240254 1240256 1240264 1240266 1240272 1240275 1240276 1240278 1240279 1240280 1240281 1240282 1240283 1240284 1240286 1240288 1240290 1240292 1240293 1240297 1240304 1240308 1240309 1240317 1240318 1240322 CVE-2017-5753 CVE-2021-4453 CVE-2021-4454 CVE-2021-47517 CVE-2021-47631 CVE-2021-47632 CVE-2021-47633 CVE-2021-47635 CVE-2021-47636 CVE-2021-47637 CVE-2021-47638 CVE-2021-47639 CVE-2021-47641 CVE-2021-47642 CVE-2021-47643 CVE-2021-47644 CVE-2021-47645 CVE-2021-47646 CVE-2021-47647 CVE-2021-47648 CVE-2021-47649 CVE-2021-47650 CVE-2021-47651 CVE-2021-47652 CVE-2021-47653 CVE-2021-47654 CVE-2021-47656 CVE-2021-47657 CVE-2021-47659 CVE-2022-0168 CVE-2022-0995 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-2977 CVE-2022-29900 CVE-2022-29901 CVE-2022-3303 CVE-2022-3435 CVE-2022-49044 CVE-2022-49050 CVE-2022-49051 CVE-2022-49053 CVE-2022-49054 CVE-2022-49055 CVE-2022-49056 CVE-2022-49057 CVE-2022-49058 CVE-2022-49059 CVE-2022-49060 CVE-2022-49061 CVE-2022-49062 CVE-2022-49063 CVE-2022-49064 CVE-2022-49065 CVE-2022-49066 CVE-2022-49070 CVE-2022-49071 CVE-2022-49073 CVE-2022-49074 CVE-2022-49075 CVE-2022-49076 CVE-2022-49078 CVE-2022-49082 CVE-2022-49083 CVE-2022-49084 CVE-2022-49085 CVE-2022-49086 CVE-2022-49088 CVE-2022-49089 CVE-2022-49090 CVE-2022-49091 CVE-2022-49092 CVE-2022-49093 CVE-2022-49095 CVE-2022-49096 CVE-2022-49097 CVE-2022-49098 CVE-2022-49099 CVE-2022-49100 CVE-2022-49102 CVE-2022-49103 CVE-2022-49104 CVE-2022-49105 CVE-2022-49106 CVE-2022-49107 CVE-2022-49109 CVE-2022-49111 CVE-2022-49112 CVE-2022-49113 CVE-2022-49114 CVE-2022-49115 CVE-2022-49116 CVE-2022-49118 CVE-2022-49119 CVE-2022-49120 CVE-2022-49121 CVE-2022-49122 CVE-2022-49123 CVE-2022-49125 CVE-2022-49126 CVE-2022-49128 CVE-2022-49129 CVE-2022-49130 CVE-2022-49131 CVE-2022-49132 CVE-2022-49133 CVE-2022-49134 CVE-2022-49135 CVE-2022-49136 CVE-2022-49137 CVE-2022-49138 CVE-2022-49139 CVE-2022-49144 CVE-2022-49145 CVE-2022-49147 CVE-2022-49148 CVE-2022-49151 CVE-2022-49153 CVE-2022-49154 CVE-2022-49155 CVE-2022-49156 CVE-2022-49157 CVE-2022-49158 CVE-2022-49159 CVE-2022-49160 CVE-2022-49162 CVE-2022-49163 CVE-2022-49164 CVE-2022-49165 CVE-2022-49174 CVE-2022-49175 CVE-2022-49176 CVE-2022-49177 CVE-2022-49178 CVE-2022-49179 CVE-2022-49180 CVE-2022-49182 CVE-2022-49183 CVE-2022-49185 CVE-2022-49187 CVE-2022-49188 CVE-2022-49189 CVE-2022-49192 CVE-2022-49193 CVE-2022-49194 CVE-2022-49196 CVE-2022-49199 CVE-2022-49200 CVE-2022-49201 CVE-2022-49202 CVE-2022-49203 CVE-2022-49204 CVE-2022-49205 CVE-2022-49206 CVE-2022-49207 CVE-2022-49208 CVE-2022-49209 CVE-2022-49212 CVE-2022-49213 CVE-2022-49214 CVE-2022-49215 CVE-2022-49216 CVE-2022-49217 CVE-2022-49218 CVE-2022-49219 CVE-2022-49221 CVE-2022-49222 CVE-2022-49224 CVE-2022-49225 CVE-2022-49226 CVE-2022-49227 CVE-2022-49228 CVE-2022-49230 CVE-2022-49232 CVE-2022-49233 CVE-2022-49235 CVE-2022-49236 CVE-2022-49237 CVE-2022-49238 CVE-2022-49239 CVE-2022-49241 CVE-2022-49242 CVE-2022-49243 CVE-2022-49244 CVE-2022-49246 CVE-2022-49247 CVE-2022-49248 CVE-2022-49249 CVE-2022-49250 CVE-2022-49251 CVE-2022-49252 CVE-2022-49253 CVE-2022-49254 CVE-2022-49256 CVE-2022-49257 CVE-2022-49258 CVE-2022-49259 CVE-2022-49260 CVE-2022-49261 CVE-2022-49262 CVE-2022-49263 CVE-2022-49264 CVE-2022-49265 CVE-2022-49266 CVE-2022-49268 CVE-2022-49269 CVE-2022-49270 CVE-2022-49271 CVE-2022-49272 CVE-2022-49273 CVE-2022-49274 CVE-2022-49275 CVE-2022-49276 CVE-2022-49277 CVE-2022-49278 CVE-2022-49279 CVE-2022-49280 CVE-2022-49281 CVE-2022-49283 CVE-2022-49285 CVE-2022-49286 CVE-2022-49287 CVE-2022-49288 CVE-2022-49290 CVE-2022-49291 CVE-2022-49292 CVE-2022-49293 CVE-2022-49294 CVE-2022-49295 CVE-2022-49296 CVE-2022-49297 CVE-2022-49298 CVE-2022-49299 CVE-2022-49300 CVE-2022-49301 CVE-2022-49302 CVE-2022-49304 CVE-2022-49305 CVE-2022-49306 CVE-2022-49307 CVE-2022-49308 CVE-2022-49309 CVE-2022-49310 CVE-2022-49311 CVE-2022-49312 CVE-2022-49313 CVE-2022-49314 CVE-2022-49315 CVE-2022-49316 CVE-2022-49319 CVE-2022-49320 CVE-2022-49321 CVE-2022-49322 CVE-2022-49323 CVE-2022-49325 CVE-2022-49326 CVE-2022-49327 CVE-2022-49328 CVE-2022-49329 CVE-2022-49330 CVE-2022-49331 CVE-2022-49332 CVE-2022-49333 CVE-2022-49335 CVE-2022-49336 CVE-2022-49337 CVE-2022-49338 CVE-2022-49339 CVE-2022-49341 CVE-2022-49342 CVE-2022-49343 CVE-2022-49345 CVE-2022-49346 CVE-2022-49347 CVE-2022-49348 CVE-2022-49349 CVE-2022-49350 CVE-2022-49351 CVE-2022-49352 CVE-2022-49353 CVE-2022-49354 CVE-2022-49356 CVE-2022-49357 CVE-2022-49359 CVE-2022-49362 CVE-2022-49365 CVE-2022-49367 CVE-2022-49368 CVE-2022-49370 CVE-2022-49371 CVE-2022-49373 CVE-2022-49375 CVE-2022-49376 CVE-2022-49377 CVE-2022-49378 CVE-2022-49379 CVE-2022-49381 CVE-2022-49382 CVE-2022-49384 CVE-2022-49385 CVE-2022-49386 CVE-2022-49389 CVE-2022-49390 CVE-2022-49392 CVE-2022-49394 CVE-2022-49396 CVE-2022-49397 CVE-2022-49398 CVE-2022-49399 CVE-2022-49400 CVE-2022-49402 CVE-2022-49404 CVE-2022-49406 CVE-2022-49407 CVE-2022-49409 CVE-2022-49410 CVE-2022-49411 CVE-2022-49412 CVE-2022-49413 CVE-2022-49414 CVE-2022-49416 CVE-2022-49418 CVE-2022-49419 CVE-2022-49421 CVE-2022-49422 CVE-2022-49424 CVE-2022-49426 CVE-2022-49427 CVE-2022-49429 CVE-2022-49430 CVE-2022-49431 CVE-2022-49432 CVE-2022-49433 CVE-2022-49434 CVE-2022-49435 CVE-2022-49436 CVE-2022-49437 CVE-2022-49438 CVE-2022-49440 CVE-2022-49441 CVE-2022-49442 CVE-2022-49443 CVE-2022-49444 CVE-2022-49445 CVE-2022-49446 CVE-2022-49447 CVE-2022-49448 CVE-2022-49449 CVE-2022-49451 CVE-2022-49453 CVE-2022-49455 CVE-2022-49458 CVE-2022-49459 CVE-2022-49460 CVE-2022-49462 CVE-2022-49463 CVE-2022-49465 CVE-2022-49466 CVE-2022-49467 CVE-2022-49468 CVE-2022-49470 CVE-2022-49472 CVE-2022-49473 CVE-2022-49474 CVE-2022-49475 CVE-2022-49476 CVE-2022-49477 CVE-2022-49478 CVE-2022-49479 CVE-2022-49480 CVE-2022-49481 CVE-2022-49482 CVE-2022-49483 CVE-2022-49484 CVE-2022-49485 CVE-2022-49486 CVE-2022-49487 CVE-2022-49488 CVE-2022-49489 CVE-2022-49490 CVE-2022-49491 CVE-2022-49492 CVE-2022-49493 CVE-2022-49494 CVE-2022-49495 CVE-2022-49497 CVE-2022-49498 CVE-2022-49499 CVE-2022-49501 CVE-2022-49502 CVE-2022-49503 CVE-2022-49504 CVE-2022-49505 CVE-2022-49506 CVE-2022-49507 CVE-2022-49508 CVE-2022-49509 CVE-2022-49510 CVE-2022-49511 CVE-2022-49512 CVE-2022-49514 CVE-2022-49515 CVE-2022-49516 CVE-2022-49517 CVE-2022-49518 CVE-2022-49519 CVE-2022-49520 CVE-2022-49521 CVE-2022-49522 CVE-2022-49523 CVE-2022-49524 CVE-2022-49525 CVE-2022-49526 CVE-2022-49527 CVE-2022-49529 CVE-2022-49530 CVE-2022-49532 CVE-2022-49533 CVE-2022-49534 CVE-2022-49535 CVE-2022-49536 CVE-2022-49537 CVE-2022-49538 CVE-2022-49541 CVE-2022-49542 CVE-2022-49543 CVE-2022-49544 CVE-2022-49545 CVE-2022-49546 CVE-2022-49548 CVE-2022-49549 CVE-2022-49551 CVE-2022-49552 CVE-2022-49555 CVE-2022-49556 CVE-2022-49559 CVE-2022-49560 CVE-2022-49562 CVE-2022-49563 CVE-2022-49564 CVE-2022-49565 CVE-2022-49566 CVE-2022-49568 CVE-2022-49569 CVE-2022-49570 CVE-2022-49579 CVE-2022-49581 CVE-2022-49583 CVE-2022-49584 CVE-2022-49591 CVE-2022-49592 CVE-2022-49603 CVE-2022-49605 CVE-2022-49606 CVE-2022-49607 CVE-2022-49609 CVE-2022-49610 CVE-2022-49611 CVE-2022-49613 CVE-2022-49615 CVE-2022-49616 CVE-2022-49617 CVE-2022-49618 CVE-2022-49621 CVE-2022-49623 CVE-2022-49624 CVE-2022-49625 CVE-2022-49626 CVE-2022-49627 CVE-2022-49628 CVE-2022-49631 CVE-2022-49634 CVE-2022-49635 CVE-2022-49638 CVE-2022-49640 CVE-2022-49641 CVE-2022-49642 CVE-2022-49643 CVE-2022-49644 CVE-2022-49645 CVE-2022-49646 CVE-2022-49647 CVE-2022-49648 CVE-2022-49649 CVE-2022-49650 CVE-2022-49652 CVE-2022-49653 CVE-2022-49655 CVE-2022-49656 CVE-2022-49657 CVE-2022-49658 CVE-2022-49661 CVE-2022-49663 CVE-2022-49665 CVE-2022-49667 CVE-2022-49668 CVE-2022-49670 CVE-2022-49671 CVE-2022-49672 CVE-2022-49673 CVE-2022-49674 CVE-2022-49675 CVE-2022-49676 CVE-2022-49677 CVE-2022-49678 CVE-2022-49679 CVE-2022-49680 CVE-2022-49683 CVE-2022-49685 CVE-2022-49686 CVE-2022-49687 CVE-2022-49688 CVE-2022-49693 CVE-2022-49694 CVE-2022-49695 CVE-2022-49697 CVE-2022-49699 CVE-2022-49700 CVE-2022-49701 CVE-2022-49703 CVE-2022-49704 CVE-2022-49705 CVE-2022-49707 CVE-2022-49708 CVE-2022-49710 CVE-2022-49711 CVE-2022-49712 CVE-2022-49713 CVE-2022-49714 CVE-2022-49715 CVE-2022-49716 CVE-2022-49719 CVE-2022-49720 CVE-2022-49721 CVE-2022-49722 CVE-2022-49723 CVE-2022-49724 CVE-2022-49725 CVE-2022-49726 CVE-2022-49729 CVE-2022-49730 CVE-2022-49731 CVE-2022-49732 CVE-2022-49733 CVE-2022-49739 CVE-2022-49746 CVE-2022-49748 CVE-2022-49751 CVE-2022-49753 CVE-2022-49755 CVE-2022-49759 CVE-2023-0179 CVE-2023-1652 CVE-2023-2162 CVE-2023-28410 CVE-2023-3567 CVE-2023-52930 CVE-2023-52933 CVE-2023-52935 CVE-2023-52939 CVE-2023-52941 CVE-2023-52973 CVE-2023-52974 CVE-2023-52975 CVE-2023-52976 CVE-2023-52979 CVE-2023-52983 CVE-2023-52984 CVE-2023-52988 CVE-2023-52989 CVE-2023-52992 CVE-2023-52993 CVE-2023-53000 CVE-2023-53005 CVE-2023-53006 CVE-2023-53007 CVE-2023-53008 CVE-2023-53010 CVE-2023-53015 CVE-2023-53016 CVE-2023-53019 CVE-2023-53023 CVE-2023-53024 CVE-2023-53025 CVE-2023-53026 CVE-2023-53028 CVE-2023-53029 CVE-2023-53030 CVE-2023-53033 CVE-2024-26634 CVE-2024-47678 CVE-2024-50290 CVE-2024-53063 CVE-2024-53124 CVE-2024-53176 CVE-2024-53178 CVE-2024-56651 CVE-2024-57996 CVE-2024-58013 CVE-2024-58014 CVE-2024-8176 CVE-2025-21693 CVE-2025-21718 CVE-2025-21772 CVE-2025-21780 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1241-1 Released: Mon Apr 14 12:37:06 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1180814,1183682,1190336,1190768,1190786,1193629,1194869,1194904,1195823,1196444,1197158,1197174,1197227,1197246,1197302,1197331,1197472,1197661,1197926,1198019,1198021,1198240,1198577,1198660,1199657,1200045,1200571,1200807,1200809,1200810,1200824,1200825,1200871,1200872,1201193,1201218,1201323,1201381,1201610,1202672,1202711,1202712,1202771,1202774,1202778,1202781,1203699,1203769,1204171,1205205,1205701,1206048,1206049,1206451,1207034,1207186,1207361,1207593,1207640,1207878,1209262,1209547,1209788,1209980,1210050,1210647,1211263,1213167,1218450,1221651,1225428,1225742,1229312,1231375,1231432,1231854,1232299,1232743,1233479,1233557,1233749,1234074,1234894,1234895,1234896,1235528,1235599,1235870,1237029,1237521,1237530,1237718,1237721,1237722,1237723,1237724,1237725,1237726,1237727,1237728,1237729,1237730,1237733,1237734,1237735,1237736,1237737,1237738,1237739,1237740,1237742,1237743,1237744,1237745,1237746,1237748,1237749,1237751,1237752,1237753,1237755,1237759,1 237761,1237763,1237766,1237767,1237768,1237774,1237775,1237778,1237779,1237780,1237782,1237783,1237784,1237785,1237786,1237787,1237788,1237789,1237790,1237792,1237794,1237795,1237797,1237798,1237799,1237807,1237808,1237809,1237810,1237812,1237813,1237814,1237815,1237816,1237817,1237818,1237820,1237821,1237823,1237824,1237826,1237827,1237829,1237831,1237835,1237836,1237837,1237839,1237840,1237845,1237846,1237868,1237872,1237892,1237903,1237904,1237916,1237918,1237922,1237925,1237926,1237927,1237928,1237929,1237931,1237932,1237933,1237937,1237940,1237941,1237942,1237946,1237951,1237952,1237954,1237955,1237957,1237958,1237959,1237960,1237961,1237962,1237963,1237965,1237966,1237967,1237968,1237969,1237970,1237971,1237972,1237973,1237975,1237976,1237978,1237979,1237980,1237982,1237983,1237984,1237986,1237987,1237990,1237992,1237996,1237997,1237998,1237999,1238000,1238003,1238004,1238005,1238006,1238007,1238009,1238010,1238011,1238012,1238013,1238014,1238016,1238017,1238018,1238019,123802 1,1238022,1238024,1238025,1238030,1238032,1238036,1238037,1238041,1238046,1238047,1238048,1238069,1238071,1238077,1238079,1238080,1238083,1238084,1238085,1238086,1238089,1238090,1238091,1238092,1238096,1238097,1238099,1238103,1238105,1238106,1238107,1238108,1238110,1238111,1238112,1238113,1238114,1238115,1238116,1238118,1238120,1238122,1238123,1238125,1238126,1238127,1238128,1238131,1238134,1238135,1238138,1238139,1238140,1238142,1238144,1238146,1238147,1238149,1238150,1238153,1238155,1238156,1238157,1238158,1238160,1238162,1238166,1238167,1238168,1238169,1238170,1238171,1238172,1238175,1238176,1238177,1238178,1238179,1238180,1238181,1238183,1238184,1238187,1238221,1238222,1238226,1238228,1238229,1238231,1238233,1238234,1238235,1238236,1238238,1238239,1238240,1238241,1238242,1238243,1238244,1238246,1238247,1238248,1238249,1238252,1238253,1238255,1238256,1238257,1238260,1238261,1238262,1238263,1238264,1238266,1238267,1238268,1238269,1238270,1238271,1238272,1238274,1238275,1238276,123 8277,1238278,1238279,1238281,1238282,1238283,1238284,1238285,1238286,1238287,1238288,1238289,1238291,1238292,1238293,1238295,1238298,1238300,1238301,1238302,1238306,1238307,1238308,1238309,1238311,1238313,1238326,1238327,1238328,1238329,1238331,1238333,1238334,1238335,1238336,1238337,1238338,1238339,1238341,1238343,1238344,1238345,1238372,1238373,1238374,1238376,1238377,1238378,1238381,1238382,1238383,1238385,1238386,1238387,1238388,1238389,1238390,1238391,1238392,1238393,1238394,1238395,1238396,1238397,1238398,1238400,1238401,1238410,1238411,1238413,1238415,1238416,1238417,1238418,1238419,1238420,1238422,1238423,1238424,1238428,1238429,1238430,1238431,1238432,1238433,1238434,1238435,1238436,1238437,1238440,1238441,1238442,1238443,1238444,1238445,1238447,1238453,1238454,1238458,1238459,1238462,1238463,1238465,1238467,1238469,1238533,1238536,1238538,1238539,1238540,1238542,1238543,1238546,1238551,1238552,1238556,1238557,1238599,1238600,1238601,1238602,1238605,1238612,1238613,1238615, 1238616,1238617,1238618,1238619,1238621,1238623,1238625,1238626,1238630,1238631,1238632,1238633,1238635,1238636,1238638,1238639,1238640,1238641,1238642,1238643,1238645,1238646,1238647,1238648,1238649,1238650,1238653,1238654,1238655,1238658,1238661,1238662,1238663,1238664,1238666,1238668,1238705,1238707,1238710,1238712,1238718,1238719,1238721,1238722,1238727,1238729,1238750,1238787,1238789,1238792,1238799,1238803,1238804,1238805,1238806,1238808,1238809,1238810,1238811,1238814,1238815,1238816,1238817,1238818,1238819,1238820,1238821,1238822,1238823,1238825,1238830,1238834,1238835,1238836,1238838,1238843,1238867,1238868,1238869,1238870,1238871,1238878,1238889,1238892,1238893,1238897,1238898,1238899,1238902,1238911,1238916,1238919,1238925,1238930,1238933,1238936,1238937,1238938,1238939,1238941,1238942,1238943,1238944,1238945,1238946,1238948,1238949,1238950,1238951,1238952,1238953,1238954,1238956,1238957,1239001,1239004,1239016,1239035,1239040,1239041,1239051,1239060,1239070,1239071,12390 73,1239076,1239095,1239109,1239115,1239126,1239452,1239454,1239968,1239969,1240133,1240205,1240207,1240208,1240210,1240212,1240213,1240218,1240220,1240227,1240229,1240231,1240242,1240245,1240247,1240250,1240254,1240256,1240264,1240266,1240272,1240275,1240276,1240278,1240279,1240280,1240281,1240282,1240283,1240284,1240286,1240288,1240290,1240292,1240293,1240297,1240304,1240308,1240309,1240317,1240318,1240322,CVE-2017-5753,CVE-2021-4453,CVE-2021-4454,CVE-2021-47517,CVE-2021-47631,CVE-2021-47632,CVE-2021-47633,CVE-2021-47635,CVE-2021-47636,CVE-2021-47637,CVE-2021-47638,CVE-2021-47639,CVE-2021-47641,CVE-2021-47642,CVE-2021-47643,CVE-2021-47644,CVE-2021-47645,CVE-2021-47646,CVE-2021-47647,CVE-2021-47648,CVE-2021-47649,CVE-2021-47650,CVE-2021-47651,CVE-2021-47652,CVE-2021-47653,CVE-2021-47654,CVE-2021-47656,CVE-2021-47657,CVE-2021-47659,CVE-2022-0168,CVE-2022-0995,CVE-2022-1016,CVE-2022-1048,CVE-2022-1184,CVE-2022-2977,CVE-2022-29900,CVE-2022-29901,CVE-2022-3303,CVE-2022-3435,CVE-2022-490 44,CVE-2022-49050,CVE-2022-49051,CVE-2022-49053,CVE-2022-49054,CVE-2022-49055,CVE-2022-49056,CVE-2022-49057,CVE-2022-49058,CVE-2022-49059,CVE-2022-49060,CVE-2022-49061,CVE-2022-49062,CVE-2022-49063,CVE-2022-49064,CVE-2022-49065,CVE-2022-49066,CVE-2022-49070,CVE-2022-49071,CVE-2022-49073,CVE-2022-49074,CVE-2022-49075,CVE-2022-49076,CVE-2022-49078,CVE-2022-49082,CVE-2022-49083,CVE-2022-49084,CVE-2022-49085,CVE-2022-49086,CVE-2022-49088,CVE-2022-49089,CVE-2022-49090,CVE-2022-49091,CVE-2022-49092,CVE-2022-49093,CVE-2022-49095,CVE-2022-49096,CVE-2022-49097,CVE-2022-49098,CVE-2022-49099,CVE-2022-49100,CVE-2022-49102,CVE-2022-49103,CVE-2022-49104,CVE-2022-49105,CVE-2022-49106,CVE-2022-49107,CVE-2022-49109,CVE-2022-49111,CVE-2022-49112,CVE-2022-49113,CVE-2022-49114,CVE-2022-49115,CVE-2022-49116,CVE-2022-49118,CVE-2022-49119,CVE-2022-49120,CVE-2022-49121,CVE-2022-49122,CVE-2022-49123,CVE-2022-49125,CVE-2022-49126,CVE-2022-49128,CVE-2022-49129,CVE-2022-49130,CVE-2022-49131,CVE-2022-49132,CVE- 2022-49133,CVE-2022-49134,CVE-2022-49135,CVE-2022-49136,CVE-2022-49137,CVE-2022-49138,CVE-2022-49139,CVE-2022-49144,CVE-2022-49145,CVE-2022-49147,CVE-2022-49148,CVE-2022-49151,CVE-2022-49153,CVE-2022-49154,CVE-2022-49155,CVE-2022-49156,CVE-2022-49157,CVE-2022-49158,CVE-2022-49159,CVE-2022-49160,CVE-2022-49162,CVE-2022-49163,CVE-2022-49164,CVE-2022-49165,CVE-2022-49174,CVE-2022-49175,CVE-2022-49176,CVE-2022-49177,CVE-2022-49178,CVE-2022-49179,CVE-2022-49180,CVE-2022-49182,CVE-2022-49183,CVE-2022-49185,CVE-2022-49187,CVE-2022-49188,CVE-2022-49189,CVE-2022-49192,CVE-2022-49193,CVE-2022-49194,CVE-2022-49196,CVE-2022-49199,CVE-2022-49200,CVE-2022-49201,CVE-2022-49202,CVE-2022-49203,CVE-2022-49204,CVE-2022-49205,CVE-2022-49206,CVE-2022-49207,CVE-2022-49208,CVE-2022-49209,CVE-2022-49212,CVE-2022-49213,CVE-2022-49214,CVE-2022-49215,CVE-2022-49216,CVE-2022-49217,CVE-2022-49218,CVE-2022-49219,CVE-2022-49221,CVE-2022-49222,CVE-2022-49224,CVE-2022-49225,CVE-2022-49226,CVE-2022-49227,CVE-2022-49 228,CVE-2022-49230,CVE-2022-49232,CVE-2022-49233,CVE-2022-49235,CVE-2022-49236,CVE-2022-49237,CVE-2022-49238,CVE-2022-49239,CVE-2022-49241,CVE-2022-49242,CVE-2022-49243,CVE-2022-49244,CVE-2022-49246,CVE-2022-49247,CVE-2022-49248,CVE-2022-49249,CVE-2022-49250,CVE-2022-49251,CVE-2022-49252,CVE-2022-49253,CVE-2022-49254,CVE-2022-49256,CVE-2022-49257,CVE-2022-49258,CVE-2022-49259,CVE-2022-49260,CVE-2022-49261,CVE-2022-49262,CVE-2022-49263,CVE-2022-49264,CVE-2022-49265,CVE-2022-49266,CVE-2022-49268,CVE-2022-49269,CVE-2022-49270,CVE-2022-49271,CVE-2022-49272,CVE-2022-49273,CVE-2022-49274,CVE-2022-49275,CVE-2022-49276,CVE-2022-49277,CVE-2022-49278,CVE-2022-49279,CVE-2022-49280,CVE-2022-49281,CVE-2022-49283,CVE-2022-49285,CVE-2022-49286,CVE-2022-49287,CVE-2022-49288,CVE-2022-49290,CVE-2022-49291,CVE-2022-49292,CVE-2022-49293,CVE-2022-49294,CVE-2022-49295,CVE-2022-49296,CVE-2022-49297,CVE-2022-49298,CVE-2022-49299,CVE-2022-49300,CVE-2022-49301,CVE-2022-49302,CVE-2022-49304,CVE-2022-49305,CVE -2022-49306,CVE-2022-49307,CVE-2022-49308,CVE-2022-49309,CVE-2022-49310,CVE-2022-49311,CVE-2022-49312,CVE-2022-49313,CVE-2022-49314,CVE-2022-49315,CVE-2022-49316,CVE-2022-49319,CVE-2022-49320,CVE-2022-49321,CVE-2022-49322,CVE-2022-49323,CVE-2022-49325,CVE-2022-49326,CVE-2022-49327,CVE-2022-49328,CVE-2022-49329,CVE-2022-49330,CVE-2022-49331,CVE-2022-49332,CVE-2022-49333,CVE-2022-49335,CVE-2022-49336,CVE-2022-49337,CVE-2022-49338,CVE-2022-49339,CVE-2022-49341,CVE-2022-49342,CVE-2022-49343,CVE-2022-49345,CVE-2022-49346,CVE-2022-49347,CVE-2022-49348,CVE-2022-49349,CVE-2022-49350,CVE-2022-49351,CVE-2022-49352,CVE-2022-49353,CVE-2022-49354,CVE-2022-49356,CVE-2022-49357,CVE-2022-49359,CVE-2022-49362,CVE-2022-49365,CVE-2022-49367,CVE-2022-49368,CVE-2022-49370,CVE-2022-49371,CVE-2022-49373,CVE-2022-49375,CVE-2022-49376,CVE-2022-49377,CVE-2022-49378,CVE-2022-49379,CVE-2022-49381,CVE-2022-49382,CVE-2022-49384,CVE-2022-49385,CVE-2022-49386,CVE-2022-49389,CVE-2022-49390,CVE-2022-49392,CVE-2022-4 9394,CVE-2022-49396,CVE-2022-49397,CVE-2022-49398,CVE-2022-49399,CVE-2022-49400,CVE-2022-49402,CVE-2022-49404,CVE-2022-49406,CVE-2022-49407,CVE-2022-49409,CVE-2022-49410,CVE-2022-49411,CVE-2022-49412,CVE-2022-49413,CVE-2022-49414,CVE-2022-49416,CVE-2022-49418,CVE-2022-49419,CVE-2022-49421,CVE-2022-49422,CVE-2022-49424,CVE-2022-49426,CVE-2022-49427,CVE-2022-49429,CVE-2022-49430,CVE-2022-49431,CVE-2022-49432,CVE-2022-49433,CVE-2022-49434,CVE-2022-49435,CVE-2022-49436,CVE-2022-49437,CVE-2022-49438,CVE-2022-49440,CVE-2022-49441,CVE-2022-49442,CVE-2022-49443,CVE-2022-49444,CVE-2022-49445,CVE-2022-49446,CVE-2022-49447,CVE-2022-49448,CVE-2022-49449,CVE-2022-49451,CVE-2022-49453,CVE-2022-49455,CVE-2022-49458,CVE-2022-49459,CVE-2022-49460,CVE-2022-49462,CVE-2022-49463,CVE-2022-49465,CVE-2022-49466,CVE-2022-49467,CVE-2022-49468,CVE-2022-49470,CVE-2022-49472,CVE-2022-49473,CVE-2022-49474,CVE-2022-49475,CVE-2022-49476,CVE-2022-49477,CVE-2022-49478,CVE-2022-49479,CVE-2022-49480,CVE-2022-49481,CV E-2022-49482,CVE-2022-49483,CVE-2022-49484,CVE-2022-49485,CVE-2022-49486,CVE-2022-49487,CVE-2022-49488,CVE-2022-49489,CVE-2022-49490,CVE-2022-49491,CVE-2022-49492,CVE-2022-49493,CVE-2022-49494,CVE-2022-49495,CVE-2022-49497,CVE-2022-49498,CVE-2022-49499,CVE-2022-49501,CVE-2022-49502,CVE-2022-49503,CVE-2022-49504,CVE-2022-49505,CVE-2022-49506,CVE-2022-49507,CVE-2022-49508,CVE-2022-49509,CVE-2022-49510,CVE-2022-49511,CVE-2022-49512,CVE-2022-49514,CVE-2022-49515,CVE-2022-49516,CVE-2022-49517,CVE-2022-49518,CVE-2022-49519,CVE-2022-49520,CVE-2022-49521,CVE-2022-49522,CVE-2022-49523,CVE-2022-49524,CVE-2022-49525,CVE-2022-49526,CVE-2022-49527,CVE-2022-49529,CVE-2022-49530,CVE-2022-49532,CVE-2022-49533,CVE-2022-49534,CVE-2022-49535,CVE-2022-49536,CVE-2022-49537,CVE-2022-49538,CVE-2022-49541,CVE-2022-49542,CVE-2022-49543,CVE-2022-49544,CVE-2022-49545,CVE-2022-49546,CVE-2022-49548,CVE-2022-49549,CVE-2022-49551,CVE-2022-49552,CVE-2022-49555,CVE-2022-49556,CVE-2022-49559,CVE-2022-49560,CVE-2022- 49562,CVE-2022-49563,CVE-2022-49564,CVE-2022-49565,CVE-2022-49566,CVE-2022-49568,CVE-2022-49569,CVE-2022-49570,CVE-2022-49579,CVE-2022-49581,CVE-2022-49583,CVE-2022-49584,CVE-2022-49591,CVE-2022-49592,CVE-2022-49603,CVE-2022-49605,CVE-2022-49606,CVE-2022-49607,CVE-2022-49609,CVE-2022-49610,CVE-2022-49611,CVE-2022-49613,CVE-2022-49615,CVE-2022-49616,CVE-2022-49617,CVE-2022-49618,CVE-2022-49621,CVE-2022-49623,CVE-2022-49624,CVE-2022-49625,CVE-2022-49626,CVE-2022-49627,CVE-2022-49628,CVE-2022-49631,CVE-2022-49634,CVE-2022-49635,CVE-2022-49638,CVE-2022-49640,CVE-2022-49641,CVE-2022-49642,CVE-2022-49643,CVE-2022-49644,CVE-2022-49645,CVE-2022-49646,CVE-2022-49647,CVE-2022-49648,CVE-2022-49649,CVE-2022-49650,CVE-2022-49652,CVE-2022-49653,CVE-2022-49655,CVE-2022-49656,CVE-2022-49657,CVE-2022-49658,CVE-2022-49661,CVE-2022-49663,CVE-2022-49665,CVE-2022-49667,CVE-2022-49668,CVE-2022-49670,CVE-2022-49671,CVE-2022-49672,CVE-2022-49673,CVE-2022-49674,CVE-2022-49675,CVE-2022-49676,CVE-2022-49677,C VE-2022-49678,CVE-2022-49679,CVE-2022-49680,CVE-2022-49683,CVE-2022-49685,CVE-2022-49686,CVE-2022-49687,CVE-2022-49688,CVE-2022-49693,CVE-2022-49694,CVE-2022-49695,CVE-2022-49697,CVE-2022-49699,CVE-2022-49700,CVE-2022-49701,CVE-2022-49703,CVE-2022-49704,CVE-2022-49705,CVE-2022-49707,CVE-2022-49708,CVE-2022-49710,CVE-2022-49711,CVE-2022-49712,CVE-2022-49713,CVE-2022-49714,CVE-2022-49715,CVE-2022-49716,CVE-2022-49719,CVE-2022-49720,CVE-2022-49721,CVE-2022-49722,CVE-2022-49723,CVE-2022-49724,CVE-2022-49725,CVE-2022-49726,CVE-2022-49729,CVE-2022-49730,CVE-2022-49731,CVE-2022-49732,CVE-2022-49733,CVE-2022-49739,CVE-2022-49746,CVE-2022-49748,CVE-2022-49751,CVE-2022-49753,CVE-2022-49755,CVE-2022-49759,CVE-2023-0179,CVE-2023-1652,CVE-2023-2162,CVE-2023-28410,CVE-2023-3567,CVE-2023-52930,CVE-2023-52933,CVE-2023-52935,CVE-2023-52939,CVE-2023-52941,CVE-2023-52973,CVE-2023-52974,CVE-2023-52975,CVE-2023-52976,CVE-2023-52979,CVE-2023-52983,CVE-2023-52984,CVE-2023-52988,CVE-2023-52989,CVE-2023-529 92,CVE-2023-52993,CVE-2023-53000,CVE-2023-53005,CVE-2023-53006,CVE-2023-53007,CVE-2023-53008,CVE-2023-53010,CVE-2023-53015,CVE-2023-53016,CVE-2023-53019,CVE-2023-53023,CVE-2023-53024,CVE-2023-53025,CVE-2023-53026,CVE-2023-53028,CVE-2023-53029,CVE-2023-53030,CVE-2023-53033,CVE-2024-26634,CVE-2024-47678,CVE-2024-50290,CVE-2024-53063,CVE-2024-53124,CVE-2024-53176,CVE-2024-53178,CVE-2024-56651,CVE-2024-57996,CVE-2024-58013,CVE-2024-58014,CVE-2025-21693,CVE-2025-21718,CVE-2025-21772,CVE-2025-21780 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239095). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - cifs: Add a laundromat thread for cached directories (git-fixes). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (git-fixes). - gfs2: Fix inode height consistency check (git-fixes). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Support holes in device list reply msg (bsc#1240133). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: disable directory caching when dir_cache_timeout is zero (git-fixes). - smb: client: do not start laundromat thread on nohandlecache (git-fixes). - smb: client: make laundromat a delayed worker (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes). - smb3: do not start laundromat thread when dir leases disabled (git-fixes). - smb3: retrying on failed server close (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - kernel-default-base-5.14.21-150500.55.100.1.150500.6.47.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.160 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:10:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:10:57 +0200 (CEST) Subject: SUSE-CU-2025:2511-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250416071057.41B97FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2511-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.115 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.115 Severity : important Type : security References : 1235481 1236033 1239618 1240343 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:12:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:12:44 +0200 (CEST) Subject: SUSE-CU-2025:2512-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250416071244.D3B23FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2512-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.115 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.115 Severity : important Type : security References : 1235481 1236033 1239618 1240343 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:13:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:13:23 +0200 (CEST) Subject: SUSE-IU-2025:1065-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250416071323.F3425FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1065-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.12 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.12 Severity : important Type : security References : 1238700 1239335 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 284 Released: Fri Apr 11 12:57:37 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to version 1.6.8: * Deactivated e2e workflow * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) The following package changes have been done: - elemental-register-1.6.8-1.1 updated - elemental-support-1.6.8-1.1 updated - container:SL-Micro-base-container-2.1.3-6.9 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:19:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:19:37 +0200 (CEST) Subject: SUSE-CU-2025:2527-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250416071937.C9A86FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2527-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.68 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.68 , suse/ltss/sle15.3/sle15:latest Container Release : 2.68 Severity : important Type : recommended References : 1235481 1236033 1240343 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:20:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:20:25 +0200 (CEST) Subject: SUSE-CU-2025:2528-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250416072025.A5EB0FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2528-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.33 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.33 , suse/ltss/sle15.4/sle15:latest Container Release : 2.33 Severity : important Type : recommended References : 1235481 1236033 1240343 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:23:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:23:05 +0200 (CEST) Subject: SUSE-CU-2025:2529-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250416072305.52F84FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2529-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.23 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.23 , suse/ltss/sle15.5/sle15:latest Container Release : 4.23 Severity : important Type : recommended References : 1235481 1236033 1240343 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:23:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:23:34 +0200 (CEST) Subject: SUSE-CU-2025:2530-1: Security update of suse/registry Message-ID: <20250416072334.CB327FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2530-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-34.9 , suse/registry:latest Container Release : 34.9 Severity : important Type : security References : 1239618 1240343 CVE-2024-8176 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - ca-certificates-mozilla-2.74-150200.41.1 updated - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:24:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:24:03 +0200 (CEST) Subject: SUSE-CU-2025:2531-1: Security update of bci/golang Message-ID: <20250416072403.A0A61FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2531-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.8 , bci/golang:1.23.8-2.34.33 , bci/golang:oldstable , bci/golang:oldstable-2.34.33 Container Release : 34.33 Severity : important Type : security References : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:24:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:24:32 +0200 (CEST) Subject: SUSE-CU-2025:2532-1: Security update of bci/golang Message-ID: <20250416072432.56195FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2532-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.52 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.52 Container Release : 55.52 Severity : important Type : security References : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:25:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:25:04 +0200 (CEST) Subject: SUSE-CU-2025:2533-1: Security update of bci/golang Message-ID: <20250416072504.39B0FFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2533-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.2 , bci/golang:1.24.2-1.34.33 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.33 Container Release : 34.33 Severity : important Type : security References : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:25:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:25:36 +0200 (CEST) Subject: SUSE-CU-2025:2534-1: Security update of bci/golang Message-ID: <20250416072536.52D1CFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2534-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.51 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.51 Container Release : 55.51 Severity : important Type : security References : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:26:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:26:12 +0200 (CEST) Subject: SUSE-CU-2025:2535-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250416072612.BB4DAFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2535-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.30 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.30 Severity : important Type : security References : 1234128 1234713 1235481 1236033 1237374 1239618 1239883 1240343 CVE-2024-8176 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1235-1 Released: Mon Apr 14 11:00:13 2025 Summary: Recommended update for kernel-firmware Type: recommended Severity: moderate References: This update for kernel-firmware fixes the following issues: - Add QAT 420xx (CPM2.2) firmware, retrieved from commit 4308879ea4fa (jsc#PED-12499): - Update to version 20250205 (git commit 429bdd620eb1): * amdgpu: DMCUB update for DCN401 * ath12k: WCN7850 hw2.0: update board-2.bin * ath12k: QCN9274 hw2.0: update to WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 * ath12k: QCN9274 hw2.0: update board-2.bin * ath11k: WCN6750 hw1.0: update board-2.bin * ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1 * ath11k: QCA6698AQ hw2.1: add to WLAN.HSP.1.1-04479-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1 * ath11k: QCA6698AQ hw2.1: add board-2.bin * ath11k: QCA6390 hw2.0: update board-2.bin * ath11k: QCA2066 hw2.1: update to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6 * ath11k: QCA2066 hw2.1: update board-2.bin * ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.7.0.1-02409-QCAHKSWPL_SILICONZ-1 * copy-firmware: Fix 'No such file or directory' error. * ath11k: add device-specific firmware for QCM6490 boards * qca: add more WCN3950 1.3 NVM files * qca: add firmware for WCN3950 chips * qca: move QCA6390 firmware to separate section * qca: restore licence information for WCN399x firmware * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates forvarious AMDGPU ASICs * qca: Update Bluetooth WCN6750 1.1.0-00476 firmware to 1.1.3-00069 * qcom:x1e80100: Support for Lenovo T14s G6 Qualcomm platform * qcom:x1e80100: Support for Lenovo T14s G6 Qualcomm platform - Update aliases from 6.13 - Update to version 20250129 (git commit 211fbc287a0b): * linux-firmware: Update FW files for MRVL SD8997 chips * i915: Update Xe2LPD DMC to v2.27 * qca: Update Bluetooth WCN6856 firmware 2.1.0-00642 to 2.1.0-00650 * rtl_bt: Update RTL8852B BT USB FW to 0x049B_5037 * amdgpu: Update ISP FW for isp v4.1.1 * trivial: contrib: wrap the process in try/except to catch server issues * trivial: contrib: use python-magic to detect encoding of emails * QCA: Add Bluetooth firmware for QCA6698 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - glibc-locale-base-2.38-150600.14.26.1 updated - glibc-2.38-150600.14.26.1 updated - kernel-firmware-bnx2-20250205-150600.3.15.1 updated - kernel-firmware-chelsio-20250205-150600.3.15.1 updated - kernel-firmware-i915-20250205-150600.3.15.1 updated - kernel-firmware-intel-20250205-150600.3.15.1 updated - kernel-firmware-liquidio-20250205-150600.3.15.1 updated - kernel-firmware-marvell-20250205-150600.3.15.1 updated - kernel-firmware-mediatek-20250205-150600.3.15.1 updated - kernel-firmware-mellanox-20250205-150600.3.15.1 updated - kernel-firmware-network-20250205-150600.3.15.1 updated - kernel-firmware-platform-20250205-150600.3.15.1 updated - kernel-firmware-qlogic-20250205-150600.3.15.1 updated - kernel-firmware-realtek-20250205-150600.3.15.1 updated - kernel-firmware-usb-network-20250205-150600.3.15.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:40:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:40:00 +0200 (CEST) Subject: SUSE-CU-2025:2536-1: Security update of containers/milvus Message-ID: <20250416194000.D7553FD12@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2536-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.88 Container Release : 7.88 Severity : important Type : security References : 1240515 CVE-2025-30204 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1285-1 Released: Tue Apr 15 18:24:39 2025 Summary: Security update for etcd Type: security Severity: important References: 1240515,CVE-2025-30204 This update for etcd fixes the following issues: - Update to version 3.5.21: - CVE-2025-30204: Fixed a bug that could allow excessive memory allocation during header parsing in jwt-go. (bsc#1240515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150600.91.6.2 updated - etcd-3.5.21-150000.7.12.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:40:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:40:01 +0200 (CEST) Subject: SUSE-CU-2025:2537-1: Recommended update of containers/milvus Message-ID: <20250416194001.753E6FD12@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2537-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.89 Container Release : 7.89 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:41:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:41:16 +0200 (CEST) Subject: SUSE-CU-2025:2538-1: Recommended update of containers/ollama Message-ID: <20250416194116.ED694FD12@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2538-1 Container Tags : containers/ollama:0 , containers/ollama:0.6.2 , containers/ollama:0.6.2-8.8 Container Release : 8.8 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:45:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:45:42 +0200 (CEST) Subject: SUSE-IU-2025:1079-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250416194542.A1725FD12@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1079-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.275 , suse/sle-micro/5.5:latest Image Release : 5.5.275 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:52:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:52:21 +0200 (CEST) Subject: SUSE-CU-2025:2543-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250416195221.84D00FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2543-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.117 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.117 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:56:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:56:31 +0200 (CEST) Subject: SUSE-CU-2025:2545-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250416195631.18722FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2545-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.117 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.117 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:56:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:56:55 +0200 (CEST) Subject: SUSE-CU-2025:2546-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250416195655.9993FFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2546-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.71 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.71 Severity : important Type : security References : 1188018 1191399 1196637 1200170 1205957 1228809 1231211 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1290-1 Released: Wed Apr 16 09:38:34 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1188018,1191399,1196637,1200170,1205957,1228809,1231211 This update for systemd fixes the following issues: - basic/hashmap: add cleanup of memory pools - core: add valgrind helper for daemon-reexec - sd-bus: fix a memory leak in message_new_reply() - sd-bus: unify three code-paths which free struct bus_container - bus-message: use structured initialization to avoid use of unitialized memory - Add patches (bsc#1231211) - Don't try to restart the udev socket units anymore (bsc#1228809) There's currently no way to restart a socket activable service and its socket units 'atomically' and safely. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1295-1 Released: Wed Apr 16 09:53:51 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-21.43.1 updated - libsystemd0-228-157.66.1 updated - libudev1-228-157.66.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:58:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:58:06 +0200 (CEST) Subject: SUSE-CU-2025:2548-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250416195806.52E09FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2548-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.70 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.70 , suse/ltss/sle15.3/sle15:latest Container Release : 2.70 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 19:59:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 21:59:17 +0200 (CEST) Subject: SUSE-CU-2025:2550-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250416195917.A9E88FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2550-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.34 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.34 , suse/ltss/sle15.4/sle15:latest Container Release : 2.34 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:02:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:02:22 +0200 (CEST) Subject: SUSE-CU-2025:2551-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250416200222.A7993FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2551-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.24 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.24 , suse/ltss/sle15.5/sle15:latest Container Release : 4.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:03:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:03:06 +0200 (CEST) Subject: SUSE-CU-2025:2552-1: Recommended update of suse/389-ds Message-ID: <20250416200306.2BE4CFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2552-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.25 , suse/389-ds:latest Container Release : 36.25 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150600.91.6.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:03:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:03:45 +0200 (CEST) Subject: SUSE-CU-2025:2553-1: Security update of bci/bci-base-fips Message-ID: <20250416200345.24023FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2553-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.20.24 , bci/bci-base-fips:latest Container Release : 20.24 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:04:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:04:02 +0200 (CEST) Subject: SUSE-CU-2025:2554-1: Recommended update of bci/bci-busybox Message-ID: <20250416200402.68A05FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2554-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.30.5 , bci/bci-busybox:latest Container Release : 30.5 Severity : important Type : recommended References : 1234128 1234713 1239883 1240343 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.41.2 updated - glibc-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:04:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:04:12 +0200 (CEST) Subject: SUSE-CU-2025:2555-1: Recommended update of suse/cosign Message-ID: <20250416200412.23881FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2555-1 Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.48 , suse/cosign:latest Container Release : 8.48 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:04:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:04:51 +0200 (CEST) Subject: SUSE-CU-2025:2556-1: Recommended update of suse/registry Message-ID: <20250416200451.6B20CFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2556-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-34.11 , suse/registry:latest Container Release : 34.11 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:05:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:05:20 +0200 (CEST) Subject: SUSE-CU-2025:2557-1: Recommended update of suse/helm Message-ID: <20250416200520.92F65FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2557-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.2 , suse/helm:3.17.2-37.21 , suse/helm:latest Container Release : 37.21 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:06:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:06:04 +0200 (CEST) Subject: SUSE-CU-2025:2535-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250416200604.162A4FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2535-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.30 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.30 Severity : important Type : security References : 1234128 1234713 1235481 1236033 1237374 1239618 1239883 1240343 CVE-2024-8176 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1235-1 Released: Mon Apr 14 11:00:13 2025 Summary: Recommended update for kernel-firmware Type: recommended Severity: moderate References: This update for kernel-firmware fixes the following issues: - Add QAT 420xx (CPM2.2) firmware, retrieved from commit 4308879ea4fa (jsc#PED-12499): - Update to version 20250205 (git commit 429bdd620eb1): * amdgpu: DMCUB update for DCN401 * ath12k: WCN7850 hw2.0: update board-2.bin * ath12k: QCN9274 hw2.0: update to WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 * ath12k: QCN9274 hw2.0: update board-2.bin * ath11k: WCN6750 hw1.0: update board-2.bin * ath11k: QCN9074 hw1.0: update to WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1 * ath11k: QCA6698AQ hw2.1: add to WLAN.HSP.1.1-04479-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1 * ath11k: QCA6698AQ hw2.1: add board-2.bin * ath11k: QCA6390 hw2.0: update board-2.bin * ath11k: QCA2066 hw2.1: update to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6 * ath11k: QCA2066 hw2.1: update board-2.bin * ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.9.0.1-02146-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.7.0.1-02409-QCAHKSWPL_SILICONZ-1 * copy-firmware: Fix 'No such file or directory' error. * ath11k: add device-specific firmware for QCM6490 boards * qca: add more WCN3950 1.3 NVM files * qca: add firmware for WCN3950 chips * qca: move QCA6390 firmware to separate section * qca: restore licence information for WCN399x firmware * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates forvarious AMDGPU ASICs * qca: Update Bluetooth WCN6750 1.1.0-00476 firmware to 1.1.3-00069 * qcom:x1e80100: Support for Lenovo T14s G6 Qualcomm platform * qcom:x1e80100: Support for Lenovo T14s G6 Qualcomm platform - Update aliases from 6.13 - Update to version 20250129 (git commit 211fbc287a0b): * linux-firmware: Update FW files for MRVL SD8997 chips * i915: Update Xe2LPD DMC to v2.27 * qca: Update Bluetooth WCN6856 firmware 2.1.0-00642 to 2.1.0-00650 * rtl_bt: Update RTL8852B BT USB FW to 0x049B_5037 * amdgpu: Update ISP FW for isp v4.1.1 * trivial: contrib: wrap the process in try/except to catch server issues * trivial: contrib: use python-magic to detect encoding of emails * QCA: Add Bluetooth firmware for QCA6698 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - glibc-locale-base-2.38-150600.14.26.1 updated - glibc-2.38-150600.14.26.1 updated - kernel-firmware-bnx2-20250205-150600.3.15.1 updated - kernel-firmware-chelsio-20250205-150600.3.15.1 updated - kernel-firmware-i915-20250205-150600.3.15.1 updated - kernel-firmware-intel-20250205-150600.3.15.1 updated - kernel-firmware-liquidio-20250205-150600.3.15.1 updated - kernel-firmware-marvell-20250205-150600.3.15.1 updated - kernel-firmware-mediatek-20250205-150600.3.15.1 updated - kernel-firmware-mellanox-20250205-150600.3.15.1 updated - kernel-firmware-network-20250205-150600.3.15.1 updated - kernel-firmware-platform-20250205-150600.3.15.1 updated - kernel-firmware-qlogic-20250205-150600.3.15.1 updated - kernel-firmware-realtek-20250205-150600.3.15.1 updated - kernel-firmware-usb-network-20250205-150600.3.15.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:06:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:06:39 +0200 (CEST) Subject: SUSE-CU-2025:2558-1: Security update of bci/bci-init Message-ID: <20250416200639.8FE96FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2558-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.28 , bci/bci-init:latest Container Release : 31.28 Severity : important Type : security References : 1237374 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:07:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:07:43 +0200 (CEST) Subject: SUSE-CU-2025:2559-1: Security update of bci/kiwi Message-ID: <20250416200743.EEB07FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2559-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.37 , bci/kiwi:latest Container Release : 22.37 Severity : important Type : security References : 1234128 1234713 1236709 1237374 1237603 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1266-1 Released: Tue Apr 15 10:57:46 2025 Summary: Recommended update for qemu Type: recommended Severity: moderate References: 1236709,1237603 This update for qemu fixes the following issues: - Fixed failiures with ldconfig on aarch64 architectures (bsc#1236709) - Fixed build issues with qemu-linux-user (bsc#1237603) The following package changes have been done: - glibc-locale-base-2.38-150600.14.26.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated - qemu-pr-helper-8.2.9-150600.3.31.1 updated - qemu-img-8.2.9-150600.3.31.1 updated - qemu-tools-8.2.9-150600.3.31.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:07:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:07:45 +0200 (CEST) Subject: SUSE-CU-2025:2560-1: Recommended update of bci/kiwi Message-ID: <20250416200745.43C4CFD12@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2560-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.38 , bci/kiwi:latest Container Release : 22.38 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150600.91.6.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:07:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:07:48 +0200 (CEST) Subject: SUSE-CU-2025:2561-1: Recommended update of suse/kubectl Message-ID: <20250416200748.9B7DCFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2561-1 Container Tags : suse/kubectl:1.29 , suse/kubectl:1.29.14 , suse/kubectl:1.29.14-2.36.6 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.36.6 Container Release : 36.6 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:14:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:14:59 +0200 (CEST) Subject: SUSE-CU-2025:2561-1: Recommended update of suse/kubectl Message-ID: <20250416201459.E58DCFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2561-1 Container Tags : suse/kubectl:1.29 , suse/kubectl:1.29.14 , suse/kubectl:1.29.14-2.36.6 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.36.6 Container Release : 36.6 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:15:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:15:01 +0200 (CEST) Subject: SUSE-CU-2025:2562-1: Recommended update of suse/kubectl Message-ID: <20250416201501.AAA41FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2562-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.6 , suse/kubectl:1.31.6-1.36.7 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.36.7 Container Release : 36.7 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:15:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:15:15 +0200 (CEST) Subject: SUSE-CU-2025:2563-1: Recommended update of bci/bci-micro Message-ID: <20250416201515.233C9FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2563-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.30.5 , bci/bci-micro:latest Container Release : 30.5 Severity : important Type : recommended References : 1234128 1234713 1239883 1240343 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.41.2 updated - glibc-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:15:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:15:34 +0200 (CEST) Subject: SUSE-CU-2025:2564-1: Recommended update of bci/bci-minimal Message-ID: <20250416201534.A3493FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2564-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.33.3 , bci/bci-minimal:latest Container Release : 33.3 Severity : important Type : recommended References : 1234128 1234713 1239883 1240343 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.41.2 updated - glibc-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:16:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:16:01 +0200 (CEST) Subject: SUSE-CU-2025:2565-1: Security update of suse/nginx Message-ID: <20250416201601.C7D85FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2565-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.52 , suse/nginx:latest Container Release : 51.52 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:16:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:16:10 +0200 (CEST) Subject: SUSE-CU-2025:2566-1: Security update of bci/openjdk-devel Message-ID: <20250416201610.85860FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2566-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-4.27 Container Release : 4.27 Severity : important Type : security References : 1239618 1240416 CVE-2024-8176 CVE-2025-31344 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1164-1 Released: Tue Apr 8 09:02:56 2025 Summary: Security update for giflib Type: security Severity: important References: 1240416,CVE-2025-31344 This update for giflib fixes the following issues: - CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB (bsc#1240416) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - libgif7-5.2.2-150000.4.16.1 updated - container:bci-openjdk-17-4a157861d1e1e3f4d93dd6fc9878a913dda12c5f050580a27f0068a6377c4c78-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:16:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:16:46 +0200 (CEST) Subject: SUSE-CU-2025:2567-1: Security update of suse/pcp Message-ID: <20250416201646.C0FE0FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2567-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.68 , suse/pcp:latest Container Release : 42.68 Severity : important Type : security References : 1237374 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - container:bci-bci-init-15.6-b6e7377aa8eaa927bf05918b90ffa7cd853c2a179c325e8f69c18666dbc56495-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:17:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:17:18 +0200 (CEST) Subject: SUSE-CU-2025:2568-1: Security update of bci/php-apache Message-ID: <20250416201718.3CF55FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2568-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.28 , bci/php-apache:8.2.28-48.55 , bci/php-apache:latest Container Release : 48.55 Severity : important Type : security References : 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:17:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:17:50 +0200 (CEST) Subject: SUSE-CU-2025:2569-1: Recommended update of suse/postgres Message-ID: <20250416201750.A8457FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2569-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-61.18 Container Release : 61.18 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150600.91.6.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:18:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:18:05 +0200 (CEST) Subject: SUSE-CU-2025:2571-1: Recommended update of suse/postgres Message-ID: <20250416201805.91F18FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2571-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-42.17 , suse/postgres:latest Container Release : 42.17 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-locale-base-2.38-150600.14.26.1 updated - glibc-locale-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:18:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:18:06 +0200 (CEST) Subject: SUSE-CU-2025:2572-1: Recommended update of suse/postgres Message-ID: <20250416201806.4D8E1FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2572-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-42.18 , suse/postgres:latest Container Release : 42.18 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150600.91.6.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:18:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:18:59 +0200 (CEST) Subject: SUSE-CU-2025:2574-1: Security update of bci/python Message-ID: <20250416201859.CC50CFD12@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2574-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-62.16 Container Release : 62.16 Severity : important Type : security References : 1237374 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:19:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:19:42 +0200 (CEST) Subject: SUSE-CU-2025:2575-1: Security update of bci/python Message-ID: <20250416201942.0D133FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2575-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-63.16 , bci/python:latest Container Release : 63.16 Severity : important Type : security References : 1237374 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:20:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:20:18 +0200 (CEST) Subject: SUSE-CU-2025:2576-1: Security update of bci/python Message-ID: <20250416202018.A995DFD12@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2576-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.54 Container Release : 60.54 Severity : important Type : security References : 1237374 1239618 CVE-2024-8176 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:20:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:20:44 +0200 (CEST) Subject: SUSE-CU-2025:2577-1: Recommended update of suse/mariadb-client Message-ID: <20250416202044.7D16CFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2577-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-56.33 , suse/mariadb-client:latest Container Release : 56.33 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:21:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:21:12 +0200 (CEST) Subject: SUSE-CU-2025:2578-1: Recommended update of suse/mariadb Message-ID: <20250416202112.AFC28FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2578-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.40 , suse/mariadb:latest Container Release : 62.40 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150600.91.6.2 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:21:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:21:13 +0200 (CEST) Subject: SUSE-CU-2025:2579-1: Recommended update of suse/mariadb Message-ID: <20250416202113.6E0E6FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2579-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.42 , suse/mariadb:latest Container Release : 62.42 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:21:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:21:37 +0200 (CEST) Subject: SUSE-CU-2025:2580-1: Security update of suse/rmt-server Message-ID: <20250416202137.2DA89FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2580-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-61.3 , suse/rmt-server:latest Container Release : 61.3 Severity : important Type : security References : 1185842 CVE-2020-36327 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1294-1 Released: Wed Apr 16 09:52:35 2025 Summary: Security update for rubygem-bundler Type: security Severity: important References: 1185842,CVE-2020-36327 This update for rubygem-bundler fixes the following issues: - CVE-2020-36327: Fixed bundler choosing a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) Other fixes: - Updated to version 2.2.34 The following package changes have been done: - ruby2.5-rubygem-bundler-2.2.34-150000.3.11.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:22:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:22:14 +0200 (CEST) Subject: SUSE-CU-2025:2581-1: Security update of bci/ruby Message-ID: <20250416202214.A436AFD12@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2581-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.56 , bci/ruby:latest Container Release : 31.56 Severity : important Type : security References : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:22:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:22:15 +0200 (CEST) Subject: SUSE-CU-2025:2582-1: Security update of bci/ruby Message-ID: <20250416202215.8F696FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2582-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.57 , bci/ruby:latest Container Release : 31.57 Severity : important Type : security References : 1185842 CVE-2020-36327 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1294-1 Released: Wed Apr 16 09:52:35 2025 Summary: Security update for rubygem-bundler Type: security Severity: important References: 1185842,CVE-2020-36327 This update for rubygem-bundler fixes the following issues: - CVE-2020-36327: Fixed bundler choosing a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) Other fixes: - Updated to version 2.2.34 The following package changes have been done: - timezone-2025b-150600.91.6.2 updated - ruby2.5-rubygem-bundler-2.2.34-150000.3.11.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:22:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:22:48 +0200 (CEST) Subject: SUSE-CU-2025:2583-1: Recommended update of bci/rust Message-ID: <20250416202248.44976FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2583-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.1 , bci/rust:1.84.1-2.2.15 , bci/rust:oldstable , bci/rust:oldstable-2.2.15 Container Release : 2.15 Severity : important Type : recommended References : 1234128 1234713 1237374 1239883 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:30:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:30:01 +0200 (CEST) Subject: SUSE-CU-2025:2583-1: Recommended update of bci/rust Message-ID: <20250416203001.69366FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2583-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.1 , bci/rust:1.84.1-2.2.15 , bci/rust:oldstable , bci/rust:oldstable-2.2.15 Container Release : 2.15 Severity : important Type : recommended References : 1234128 1234713 1237374 1239883 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:30:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:30:44 +0200 (CEST) Subject: SUSE-CU-2025:2584-1: Recommended update of bci/rust Message-ID: <20250416203044.4B3BCFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2584-1 Container Tags : bci/rust:1.85 , bci/rust:1.85.1 , bci/rust:1.85.1-1.2.15 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.15 Container Release : 2.15 Severity : important Type : recommended References : 1234128 1234713 1237374 1239883 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - pkg-config-0.29.2-150600.15.6.3 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:24 +0200 (CEST) Subject: SUSE-CU-2025:2585-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250416203324.72800FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2585-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.30 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.30 Severity : important Type : security References : 1234128 1234713 1237374 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - glibc-locale-base-2.38-150600.14.26.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - glibc-locale-2.38-150600.14.26.1 updated - glibc-devel-2.38-150600.14.26.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:31 +0200 (CEST) Subject: SUSE-CU-2025:2586-1: Recommended update of suse/stunnel Message-ID: <20250416203331.17996FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2586-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-38.18 , suse/stunnel:latest Container Release : 38.18 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:32 +0200 (CEST) Subject: SUSE-CU-2025:2587-1: Recommended update of suse/valkey Message-ID: <20250416203332.D1B67FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2587-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-38.7 , suse/valkey:latest Container Release : 38.7 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:47 +0200 (CEST) Subject: SUSE-CU-2025:2589-1: Recommended update of suse/sles/15.7/cdi-apiserver Message-ID: <20250416203347.5AA67FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2589-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.49 , suse/sles/15.7/cdi-apiserver:1.58.0.27.124 Container Release : 27.124 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - containerized-data-importer-api-1.58.0-150700.7.49 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:49 +0200 (CEST) Subject: SUSE-CU-2025:2590-1: Recommended update of suse/sles/15.7/cdi-cloner Message-ID: <20250416203349.5737DFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2590-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.49 , suse/sles/15.7/cdi-cloner:1.58.0.28.124 Container Release : 28.124 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libuuid1-2.40.4-150700.2.1 updated - libsmartcols1-2.40.4-150700.2.1 updated - libblkid1-2.40.4-150700.2.1 updated - libopenssl3-3.2.3-150700.3.13 updated - libmount1-2.40.4-150700.2.1 updated - libfdisk1-2.40.4-150700.2.1 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - util-linux-2.40.4-150700.2.1 updated - containerized-data-importer-cloner-1.58.0-150700.7.49 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:51 +0200 (CEST) Subject: SUSE-CU-2025:2591-1: Recommended update of suse/sles/15.7/cdi-controller Message-ID: <20250416203351.DB7D6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2591-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.49 , suse/sles/15.7/cdi-controller:1.58.0.27.124 Container Release : 27.124 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - containerized-data-importer-controller-1.58.0-150700.7.49 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:53 +0200 (CEST) Subject: SUSE-CU-2025:2592-1: Recommended update of suse/sles/15.7/cdi-importer Message-ID: <20250416203353.F1543FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2592-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.49 , suse/sles/15.7/cdi-importer:1.58.0.29.94 Container Release : 29.94 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libuuid1-2.40.4-150700.2.1 updated - libsmartcols1-2.40.4-150700.2.1 updated - libgcrypt20-1.11.0-150700.3.2 updated - libblkid1-2.40.4-150700.2.1 updated - libopenssl3-3.2.3-150700.3.13 updated - libmount1-2.40.4-150700.2.1 updated - libfdisk1-2.40.4-150700.2.1 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - util-linux-2.40.4-150700.2.1 updated - libnettle8-3.10.1-150700.2.12 updated - libhogweed6-3.10.1-150700.2.12 updated - containerized-data-importer-importer-1.58.0-150700.7.49 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:55 +0200 (CEST) Subject: SUSE-CU-2025:2593-1: Recommended update of suse/sles/15.7/cdi-operator Message-ID: <20250416203355.DD3B6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2593-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.49 , suse/sles/15.7/cdi-operator:1.58.0.27.124 Container Release : 27.124 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - containerized-data-importer-operator-1.58.0-150700.7.49 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:33:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:33:57 +0200 (CEST) Subject: SUSE-CU-2025:2594-1: Recommended update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20250416203357.CF655FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2594-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.49 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.124 Container Release : 27.124 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.49 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:34:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:34:00 +0200 (CEST) Subject: SUSE-CU-2025:2595-1: Recommended update of suse/sles/15.7/cdi-uploadserver Message-ID: <20250416203400.22C9EFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2595-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.49 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.137 Container Release : 28.137 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libuuid1-2.40.4-150700.2.1 updated - libsmartcols1-2.40.4-150700.2.1 updated - libgcrypt20-1.11.0-150700.3.2 updated - libblkid1-2.40.4-150700.2.1 updated - libopenssl3-3.2.3-150700.3.13 updated - libmount1-2.40.4-150700.2.1 updated - libfdisk1-2.40.4-150700.2.1 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - util-linux-2.40.4-150700.2.1 updated - libnettle8-3.10.1-150700.2.12 updated - libhogweed6-3.10.1-150700.2.12 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.49 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:34:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:34:09 +0200 (CEST) Subject: SUSE-CU-2025:2596-1: Recommended update of bci/python Message-ID: <20250416203409.E99F4FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2596-1 Container Tags : bci/python:3.13 , bci/python:3.13.0 , bci/python:3.13.0-5.20 Container Release : 5.20 Severity : moderate Type : recommended References : 1237374 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - patterns-base-fips-20200124-150700.36.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - container:sles15-image-15.7.0-4.2.54 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:34:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:34:20 +0200 (CEST) Subject: SUSE-CU-2025:2598-1: Recommended update of bci/ruby Message-ID: <20250416203420.88294FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2598-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-4.25 Container Release : 4.25 Severity : moderate Type : recommended References : 1237374 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libuuid1-2.40.4-150700.2.1 updated - libsmartcols1-2.40.4-150700.2.1 updated - libblkid1-2.40.4-150700.2.1 updated - libopenssl3-3.2.3-150700.3.13 updated - libgcrypt20-1.11.0-150700.3.2 updated - libmount1-2.40.4-150700.2.1 updated - libfdisk1-2.40.4-150700.2.1 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - util-linux-2.40.4-150700.2.1 updated - libruby2_5-2_5-2.5.9-150700.22.11 updated - libruby3_4-3_4-3.4.1-150700.1.7 updated - pkg-config-0.29.2-150600.15.6.3 updated - ruby2.5-stdlib-2.5.9-150700.22.11 updated - ruby2.5-rubygem-gem2rpm-0.10.1-150700.20.11 updated - ruby-common-3.2.1-150700.2.1 updated - ruby2.5-2.5.9-150700.22.11 updated - ruby3.4-3.4.1-150700.1.7 updated - ruby3.4-devel-3.4.1-150700.1.7 updated - container:sles15-image-15.7.0-4.2.54 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:34:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:34:21 +0200 (CEST) Subject: SUSE-CU-2025:2599-1: Recommended update of bci/ruby Message-ID: <20250416203421.5A7D0FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2599-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-4.26 Container Release : 4.26 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150600.91.6.2 updated - container:sles15-image-15.7.0-4.2.55 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:34:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:34:36 +0200 (CEST) Subject: SUSE-CU-2025:2600-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250416203436.F0FF0FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2600-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.77 Container Release : 4.77 Severity : moderate Type : recommended References : 1237374 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - patterns-base-fips-20200124-150700.36.1 updated - sles-release-15.7-150700.24.9 updated - pkg-config-0.29.2-150600.15.6.3 updated - container:sles15-image-15.7.0-4.2.55 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:34:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:34:59 +0200 (CEST) Subject: SUSE-CU-2025:2602-1: Recommended update of bci/spack Message-ID: <20250416203459.269F1FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2602-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-7.9 Container Release : 7.9 Severity : moderate Type : recommended References : 1237374 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - patterns-base-fips-20200124-150700.36.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - container:sles15-image-15.7.0-4.2.54 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:35:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:35:02 +0200 (CEST) Subject: SUSE-CU-2025:2605-1: Recommended update of suse/sles/15.7/virt-api Message-ID: <20250416203502.C02FEFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2605-1 Container Tags : suse/sles/15.7/virt-api:1.4.0 , suse/sles/15.7/virt-api:1.4.0-150700.1.9 , suse/sles/15.7/virt-api:1.4.0.27.123 Container Release : 27.123 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - kubevirt-virt-api-1.4.0-150700.1.9 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:35:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:35:05 +0200 (CEST) Subject: SUSE-CU-2025:2606-1: Recommended update of suse/sles/15.7/virt-controller Message-ID: <20250416203505.71544FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2606-1 Container Tags : suse/sles/15.7/virt-controller:1.4.0 , suse/sles/15.7/virt-controller:1.4.0-150700.1.9 , suse/sles/15.7/virt-controller:1.4.0.27.123 Container Release : 27.123 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - kubevirt-virt-controller-1.4.0-150700.1.9 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:35:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:35:08 +0200 (CEST) Subject: SUSE-CU-2025:2607-1: Recommended update of suse/sles/15.7/virt-exportproxy Message-ID: <20250416203508.B158AFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2607-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.4.0 , suse/sles/15.7/virt-exportproxy:1.4.0-150700.1.9 , suse/sles/15.7/virt-exportproxy:1.4.0.11.123 Container Release : 11.123 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - kubevirt-virt-exportproxy-1.4.0-150700.1.9 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 20:35:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 22:35:11 +0200 (CEST) Subject: SUSE-CU-2025:2608-1: Recommended update of suse/sles/15.7/virt-exportserver Message-ID: <20250416203511.BE79DFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2608-1 Container Tags : suse/sles/15.7/virt-exportserver:1.4.0 , suse/sles/15.7/virt-exportserver:1.4.0-150700.1.9 , suse/sles/15.7/virt-exportserver:1.4.0.12.123 Container Release : 12.123 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - kubevirt-virt-exportserver-1.4.0-150700.1.9 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:08:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:08:04 +0200 (CEST) Subject: SUSE-CU-2025:2608-1: Recommended update of suse/sles/15.7/virt-exportserver Message-ID: <20250417070804.D460EFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2608-1 Container Tags : suse/sles/15.7/virt-exportserver:1.4.0 , suse/sles/15.7/virt-exportserver:1.4.0-150700.1.9 , suse/sles/15.7/virt-exportserver:1.4.0.12.123 Container Release : 12.123 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - kubevirt-virt-exportserver-1.4.0-150700.1.9 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:08:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:08:07 +0200 (CEST) Subject: SUSE-CU-2025:2609-1: Recommended update of suse/sles/15.7/virt-handler Message-ID: <20250417070807.2C77CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2609-1 Container Tags : suse/sles/15.7/virt-handler:1.4.0 , suse/sles/15.7/virt-handler:1.4.0-150700.1.9 , suse/sles/15.7/virt-handler:1.4.0.29.140 Container Release : 29.140 Severity : important Type : recommended References : 1227637 1234015 1236165 1236643 1236886 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libuuid1-2.40.4-150700.2.1 updated - libsmartcols1-2.40.4-150700.2.1 updated - libudev1-254.24-150600.4.28.1 updated - libgcrypt20-1.11.0-150700.3.2 updated - libblkid1-2.40.4-150700.2.1 updated - libopenssl3-3.2.3-150700.3.13 updated - libmount1-2.40.4-150700.2.1 updated - libfdisk1-2.40.4-150700.2.1 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - sles-release-15.7-150700.24.9 updated - util-linux-2.40.4-150700.2.1 updated - kubevirt-container-disk-1.4.0-150700.1.9 updated - kubevirt-virt-handler-1.4.0-150700.1.9 updated - libnettle8-3.10.1-150700.2.12 updated - libsystemd0-254.24-150600.4.28.1 updated - libhogweed6-3.10.1-150700.2.12 updated - systemd-254.24-150600.4.28.1 updated - util-linux-systemd-2.40.4-150700.2.1 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:08:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:08:09 +0200 (CEST) Subject: SUSE-CU-2025:2610-1: Recommended update of suse/sles/15.7/virt-launcher Message-ID: <20250417070809.7FE09FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2610-1 Container Tags : suse/sles/15.7/virt-launcher:1.4.0 , suse/sles/15.7/virt-launcher:1.4.0-150700.1.9 , suse/sles/15.7/virt-launcher:1.4.0.34.120 Container Release : 34.120 Severity : important Type : recommended References : 1227316 1227637 1234015 1236165 1236643 1236886 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libuuid1-2.40.4-150700.2.1 updated - libsmartcols1-2.40.4-150700.2.1 updated - libudev1-254.24-150600.4.28.1 updated - libgcrypt20-1.11.0-150700.3.2 updated - libblkid1-2.40.4-150700.2.1 updated - libopenssl3-3.2.3-150700.3.13 updated - libmount1-2.40.4-150700.2.1 updated - libfdisk1-2.40.4-150700.2.1 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - sles-release-15.7-150700.24.9 updated - util-linux-2.40.4-150700.2.1 updated - kubevirt-container-disk-1.4.0-150700.1.9 updated - libnettle8-3.10.1-150700.2.12 updated - libtextstyle0-0.21.1-150600.3.3.2 updated - libsystemd0-254.24-150600.4.28.1 updated - libhogweed6-3.10.1-150700.2.12 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - xen-libs-4.20.0_08-150700.2.7 updated - systemd-254.24-150600.4.28.1 updated - udev-254.24-150600.4.28.1 updated - systemd-container-254.24-150600.4.28.1 updated - kubevirt-virt-launcher-1.4.0-150700.1.9 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:08:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:08:11 +0200 (CEST) Subject: SUSE-CU-2025:2611-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20250417070811.E8DCAFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2611-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.4.0 , suse/sles/15.7/libguestfs-tools:1.4.0-150700.1.9 , suse/sles/15.7/libguestfs-tools:1.4.0.28.160 Container Release : 28.160 Severity : important Type : security References : 1227637 1233307 1234015 1236165 1236643 1236886 CVE-2024-11168 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libuuid1-2.40.4-150700.2.1 updated - libsmartcols1-2.40.4-150700.2.1 updated - libudev1-254.24-150600.4.28.1 updated - libgcrypt20-1.11.0-150700.3.2 updated - libblkid1-2.40.4-150700.2.1 updated - libopenssl3-3.2.3-150700.3.13 updated - libmount1-2.40.4-150700.2.1 updated - libfdisk1-2.40.4-150700.2.1 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - sles-release-15.7-150700.24.9 updated - util-linux-2.40.4-150700.2.1 updated - libguestfs-winsupport-1.55.6-150700.1.3 updated - libnettle8-3.10.1-150700.2.12 updated - libopenssl1_1-1.1.1w-150700.9.29 updated - mdadm-4.4-150700.2.1 updated - osinfo-db-20250124-150700.3.1 updated - libsystemd0-254.24-150600.4.28.1 updated - libhogweed6-3.10.1-150700.2.12 updated - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - xen-libs-4.20.0_08-150700.2.7 updated - systemd-254.24-150600.4.28.1 updated - util-linux-systemd-2.40.4-150700.2.1 updated - udev-254.24-150600.4.28.1 updated - dracut-059+suse.562.g5ab4efaa-150700.1.2 updated - dracut-fips-059+suse.562.g5ab4efaa-150700.1.2 updated - libguestfs0-1.55.6-150700.1.3 updated - libguestfs-devel-1.55.6-150700.1.3 updated - libguestfs-appliance-1.55.6-150700.1.3 updated - libguestfs-1.55.6-150700.1.3 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:08:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:08:13 +0200 (CEST) Subject: SUSE-CU-2025:2612-1: Recommended update of suse/sles/15.7/virt-operator Message-ID: <20250417070813.E88D0FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2612-1 Container Tags : suse/sles/15.7/virt-operator:1.4.0 , suse/sles/15.7/virt-operator:1.4.0-150700.1.9 , suse/sles/15.7/virt-operator:1.4.0.27.123 Container Release : 27.123 Severity : moderate Type : recommended References : 1227637 1236165 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libopenssl3-3.2.3-150700.3.13 updated - libopenssl-3-fips-provider-3.2.3-150700.3.13 updated - patterns-base-fips-20200124-150700.36.1 updated - kubevirt-virt-operator-1.4.0-150700.1.9 updated - container:sles15-image-15.7.0-3.52 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:13:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:13:58 +0200 (CEST) Subject: SUSE-IU-2025:1066-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250416071358.4AC30FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1066-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-6.9 , suse/sl-micro/6.0/base-os-container:latest Image Release : 6.9 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224013 1224049 1224489 1224610 1224757 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1228659 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231910 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234074 1234157 1234222 1234480 1234698 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235550 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237874 1237875 1237876 1237877 1237879 1237881 1237882 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238052 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238565 1238570 1238700 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238746 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238970 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238990 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239066 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239335 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239475 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239684 1239707 1239906 1239925 1239986 1239994 1240167 1240168 1240169 1240171 1240172 1240173 1240175 1240176 1240177 1240179 1240182 1240183 1240184 1240185 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-27415 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50038 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53124 CVE-2024-53139 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58018 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21729 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21755 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21806 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21836 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21863 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21873 CVE-2025-21875 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21883 CVE-2025-21884 CVE-2025-21885 CVE-2025-21886 CVE-2025-21887 CVE-2025-21888 CVE-2025-21889 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-22869 CVE-2025-22870 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 284 Released: Fri Apr 11 12:57:37 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to version 1.6.8: * Deactivated e2e workflow * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) ----------------------------------------------------------------- Advisory ID: kernel-14 Released: Tue Apr 15 15:49:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224013,1224049,1224489,1224610,1224757,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1228659,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231910,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234074,1234157,1234222,1234480,1234698,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235550,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1 236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237874,1237875,1237876,1237877,1237879,1237881,1237882,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238052,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,123856 5,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238746,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238970,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238990,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239066,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239475,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239684,1239707,1239906,1239925,1239986,1239994,1240167,1240168,1240169,1240171,124 0172,1240173,1240175,1240176,1240177,1240179,1240182,1240183,1240184,1240185,1240186,1240188,1240189,1240191,1240192,1240333,1240334,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-27415,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024 -46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50038,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53124,CVE-2024-53139,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882, CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58018,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58071,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-202 5-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21729,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21755,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779 ,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21806,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21836,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21863,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21873,CVE-2025-21875,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21881,CVE-2025-21883,CVE-2025-21884,CVE-2025-21885,CVE-2025-21886,CVE-2025-21887,CVE-2025-21888,CVE-2025-21889,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892,CVE-2025-21894,CVE-20 25-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - kernel-default-6.4.0-26.1 updated - elemental-register-1.6.8-1.1 updated - elemental-support-1.6.8-1.1 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:14:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:14:33 +0200 (CEST) Subject: SUSE-IU-2025:1067-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250416071433.3C113FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1067-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.9 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.9 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224013 1224049 1224489 1224610 1224757 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1228659 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231910 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234074 1234157 1234222 1234480 1234698 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235550 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237874 1237875 1237876 1237877 1237879 1237881 1237882 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238052 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238565 1238570 1238700 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238746 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238970 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238990 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239066 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239335 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239475 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239684 1239707 1239906 1239925 1239986 1239994 1240167 1240168 1240169 1240171 1240172 1240173 1240175 1240176 1240177 1240179 1240182 1240183 1240184 1240185 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-27415 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50038 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53124 CVE-2024-53139 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58018 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21729 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21755 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21806 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21836 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21863 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21873 CVE-2025-21875 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21883 CVE-2025-21884 CVE-2025-21885 CVE-2025-21886 CVE-2025-21887 CVE-2025-21888 CVE-2025-21889 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-22869 CVE-2025-22870 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 284 Released: Fri Apr 11 12:57:37 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to version 1.6.8: * Deactivated e2e workflow * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) ----------------------------------------------------------------- Advisory ID: kernel-14 Released: Tue Apr 15 15:49:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224013,1224049,1224489,1224610,1224757,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1228659,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231910,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234074,1234157,1234222,1234480,1234698,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235550,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1 236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237874,1237875,1237876,1237877,1237879,1237881,1237882,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238052,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,123856 5,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238746,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238970,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238990,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239066,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239475,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239684,1239707,1239906,1239925,1239986,1239994,1240167,1240168,1240169,1240171,124 0172,1240173,1240175,1240176,1240177,1240179,1240182,1240183,1240184,1240185,1240186,1240188,1240189,1240191,1240192,1240333,1240334,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-27415,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024 -46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50038,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53124,CVE-2024-53139,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882, CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58018,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58071,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-202 5-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21729,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21755,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779 ,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21806,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21836,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21863,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21873,CVE-2025-21875,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21881,CVE-2025-21883,CVE-2025-21884,CVE-2025-21885,CVE-2025-21886,CVE-2025-21887,CVE-2025-21888,CVE-2025-21889,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892,CVE-2025-21894,CVE-20 25-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-26.1.21.5 updated - elemental-register-1.6.8-1.1 updated - elemental-support-1.6.8-1.1 updated - container:SL-Micro-base-container-2.1.3-6.9 updated - cpio-2.15-1.3 removed - dracut-059+suse.591.ge2ab3f62-1.1 removed - elfutils-0.189-4.143 removed - file-5.44-4.151 removed - libasm1-0.189-4.143 removed - libdw1-0.189-4.143 removed - perl-Bootloader-1.8.2-1.1 removed - perl-base-5.38.2-1.52 removed - pigz-2.8-1.8 removed - util-linux-systemd-2.39.3-3.1 removed - zstd-1.5.5-8.142 removed From sle-container-updates at lists.suse.com Wed Apr 16 07:15:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:15:04 +0200 (CEST) Subject: SUSE-IU-2025:1068-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250416071504.03557FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1068-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.12 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.12 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224049 1224489 1224610 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234222 1234480 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237875 1237876 1237877 1237879 1237881 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238570 1238700 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239335 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239707 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 284 Released: Fri Apr 11 12:57:37 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to version 1.6.8: * Deactivated e2e workflow * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) ----------------------------------------------------------------- Advisory ID: kernel-8 Released: Tue Apr 15 13:31:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224049,1224489,1224610,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234222,1234480,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1 236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237875,1237876,1237877,1237879,1237881,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238747,1238751,1238753,123875 4,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927, CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-202 4-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882,CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636 ,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-2025-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-20 25-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-2189 1,CVE-2025-21892 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - elemental-register-1.6.8-1.1 updated - elemental-support-1.6.8-1.1 updated - kernel-rt-6.4.0-26.1 updated - container:SL-Micro-container-2.1.3-6.11 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:17:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:17:09 +0200 (CEST) Subject: SUSE-IU-2025:1072-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250416071709.745A9FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1072-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.17 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.17 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224013 1224049 1224489 1224610 1224757 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1228659 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231910 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234074 1234157 1234222 1234480 1234698 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235550 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237874 1237875 1237876 1237877 1237879 1237881 1237882 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238052 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238565 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238746 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238970 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238990 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239066 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239475 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239684 1239707 1239906 1239925 1239986 1239994 1240167 1240168 1240169 1240171 1240172 1240173 1240175 1240176 1240177 1240179 1240182 1240183 1240184 1240185 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-27415 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50038 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53124 CVE-2024-53139 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58018 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21729 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21755 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21806 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21836 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21863 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21873 CVE-2025-21875 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21883 CVE-2025-21884 CVE-2025-21885 CVE-2025-21886 CVE-2025-21887 CVE-2025-21888 CVE-2025-21889 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-14 Released: Tue Apr 15 15:49:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224013,1224049,1224489,1224610,1224757,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1228659,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231910,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234074,1234157,1234222,1234480,1234698,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235550,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1 236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237874,1237875,1237876,1237877,1237879,1237881,1237882,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238052,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,123856 5,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238746,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238970,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238990,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239066,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239475,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239684,1239707,1239906,1239925,1239986,1239994,1240167,1240168,1240169,1240171,124 0172,1240173,1240175,1240176,1240177,1240179,1240182,1240183,1240184,1240185,1240186,1240188,1240189,1240191,1240192,1240333,1240334,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-27415,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024 -46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50038,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53124,CVE-2024-53139,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882, CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58018,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58071,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-202 5-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21729,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21755,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779 ,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21806,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21836,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21863,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21873,CVE-2025-21875,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21881,CVE-2025-21883,CVE-2025-21884,CVE-2025-21885,CVE-2025-21886,CVE-2025-21887,CVE-2025-21888,CVE-2025-21889,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892,CVE-2025-21894,CVE-20 25-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.17 updated - kernel-default-6.4.0-26.1 updated - container:suse-toolbox-image-1.0.0-4.19 updated From sle-container-updates at lists.suse.com Wed Apr 16 07:17:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Apr 2025 09:17:24 +0200 (CEST) Subject: SUSE-IU-2025:1074-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250416071724.961AFFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1074-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.15 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.15 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224013 1224049 1224489 1224610 1224757 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1228659 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231910 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234074 1234157 1234222 1234480 1234698 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235550 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237874 1237875 1237876 1237877 1237879 1237881 1237882 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238052 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238565 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238746 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238970 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238990 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239066 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239475 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239684 1239707 1239906 1239925 1239986 1239994 1240167 1240168 1240169 1240171 1240172 1240173 1240175 1240176 1240177 1240179 1240182 1240183 1240184 1240185 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-27415 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50038 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53124 CVE-2024-53139 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58018 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21729 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21755 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21806 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21836 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21863 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21873 CVE-2025-21875 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21883 CVE-2025-21884 CVE-2025-21885 CVE-2025-21886 CVE-2025-21887 CVE-2025-21888 CVE-2025-21889 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-14 Released: Tue Apr 15 15:49:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224013,1224049,1224489,1224610,1224757,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1228659,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231910,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234074,1234157,1234222,1234480,1234698,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235550,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1 236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237874,1237875,1237876,1237877,1237879,1237881,1237882,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238052,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,123856 5,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238746,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238970,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238990,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239066,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239475,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239684,1239707,1239906,1239925,1239986,1239994,1240167,1240168,1240169,1240171,124 0172,1240173,1240175,1240176,1240177,1240179,1240182,1240183,1240184,1240185,1240186,1240188,1240189,1240191,1240192,1240333,1240334,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-27415,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024 -46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50038,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53124,CVE-2024-53139,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882, CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58018,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58071,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-202 5-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21729,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21755,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779 ,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21806,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21836,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21863,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21873,CVE-2025-21875,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21881,CVE-2025-21883,CVE-2025-21884,CVE-2025-21885,CVE-2025-21886,CVE-2025-21887,CVE-2025-21888,CVE-2025-21889,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892,CVE-2025-21894,CVE-20 25-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.17 updated - kernel-default-base-6.4.0-26.1.21.5 updated - container:SL-Micro-base-container-2.2.0-4.17 updated - cpio-2.15-slfo.1.1_2.4 removed - dracut-059+suse.607.g2d95edb5-slfo.1.1_1.4 removed - elfutils-0.189-slfo.1.1_1.5 removed - file-5.44-slfo.1.1_1.4 removed - libasm1-0.189-slfo.1.1_1.5 removed - libdw1-0.189-slfo.1.1_1.5 removed - perl-Bootloader-1.13.0-slfo.1.1_1.2 removed - pigz-2.8-slfo.1.1_1.2 removed - util-linux-systemd-2.40.1-slfo.1.1_1.2 removed - zstd-1.5.5-slfo.1.1_1.4 removed From sle-container-updates at lists.suse.com Thu Apr 17 07:02:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:02:32 +0200 (CEST) Subject: SUSE-IU-2025:1080-1: Security update of suse-sles-15-sp6-chost-byos-v20250415-x86_64-gen2 Message-ID: <20250417070232.3D1BAFD12@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250415-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1080-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250415-x86_64-gen2:20250415 Image Release : Severity : important Type : security References : 1183663 1193173 1207948 1211547 1213291 1214713 1215199 1215211 1216049 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218470 1218812 1218814 1219241 1219639 1221651 1222021 1222649 1222650 1222896 1223047 1224489 1224610 1225533 1225742 1225770 1226871 1227127 1227858 1228265 1228653 1229311 1229361 1230371 1230497 1230728 1230769 1230832 1231293 1231396 1231423 1231432 1231838 1232364 1232389 1232421 1232743 1232812 1232848 1232895 1233033 1233060 1233259 1233260 1233479 1233551 1233557 1233726 1233749 1234128 1234222 1234480 1234713 1234828 1234936 1235436 1235455 1235481 1235501 1235524 1235589 1235591 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235973 1236033 1236099 1236111 1236206 1236333 1236692 1237029 1237164 1237313 1237374 1237530 1237558 1237562 1237565 1237571 1237853 1237856 1237873 1237875 1237876 1237877 1237881 1237885 1237890 1237894 1237897 1237900 1237906 1237907 1237911 1237912 1237950 1238212 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238510 1238511 1238512 1238521 1238523 1238526 1238528 1238529 1238531 1238532 1238715 1238716 1238734 1238735 1238736 1238738 1238747 1238754 1238757 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238864 1238865 1238876 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239618 1239644 1239707 1239883 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240343 CVE-2023-52831 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-41005 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-47408 CVE-2024-47794 CVE-2024-49571 CVE-2024-49924 CVE-2024-49940 CVE-2024-49994 CVE-2024-50056 CVE-2024-50126 CVE-2024-50140 CVE-2024-50152 CVE-2024-50290 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53140 CVE-2024-53163 CVE-2024-53680 CVE-2024-54683 CVE-2024-56638 CVE-2024-56640 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57900 CVE-2024-57947 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2024-8176 CVE-2025-21631 CVE-2025-21635 CVE-2025-21659 CVE-2025-21671 CVE-2025-21693 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21718 CVE-2025-21723 CVE-2025-21726 CVE-2025-21727 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21796 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250415-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1180-1 Released: Wed Apr 9 09:02:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207948,1215199,1215211,1218470,1221651,1222649,1223047,1224489,1224610,1225533,1225742,1225770,1226871,1227858,1228653,1229311,1229361,1230497,1230728,1230769,1230832,1231293,1231432,1232364,1232389,1232421,1232743,1232812,1232848,1232895,1233033,1233060,1233259,1233260,1233479,1233551,1233557,1233749,1234222,1234480,1234828,1234936,1235436,1235455,1235501,1235524,1235589,1235591,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235973,1236099,1236111,1236206,1236333,1236692,1237029,1237164,1237313,1237530,1237558,1237562,1237565,1237571,1237853,1237856,1237873,1237875,1237876,1237877,1237881,1237885,1237890,1237894,1237897,1237900,1237906,1237907,1237911,1237912,1237950,1238212,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238510,1238511,1238512,1238521,1238523,1238526,1238528,1238529,1238531,1238532,1238715,1238716,1238734,1238735,1238736,1238738,1238747,1238754,1238757,1238760,1238762,1 238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238864,1238865,1238876,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52831,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-41005 ,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-47408,CVE-2024-47794,CVE-2024-49571,CVE-2024-49924,CVE-2024-49940,CVE-2024-49994,CVE-2024-50056,CVE-2024-50126,CVE-2024-50140,CVE-2024-50152,CVE-2024-50290,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53140,CVE-2024-53163,CVE-2024-53680,CVE-2024-54683,CVE-2024-56638,CVE-2024-56640,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57900,CVE-2024-57947,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-20 24-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21659,CVE-2025-21671,CVE-2025-21693,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21718,CVE-2025-21723,CVE-2025-21726,CVE-2025-21727,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-2178 5,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21796,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - acpi: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - alsa: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - alsa: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - alsa: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - alsa: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - alsa: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Always honor no_shutup_pins (git-fixes). - alsa: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - alsa: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - alsa: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - alsa: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - alsa: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - alsa: hda/realtek: update ALC222 depop optimize (stable-fixes). - alsa: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - alsa: seq: Avoid module auto-load handling at event delivery (stable-fixes). - alsa: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - alsa: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - alsa: usx2y: validate nrpacks module parameter on probe (git-fixes). - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - asoc: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - asoc: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - asoc: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - asoc: cs35l41: check the return value from spi_setup() (git-fixes). - asoc: ops: Consistently treat platform_max as control value (git-fixes). - asoc: rt722-sdca: add missing readable registers (git-fixes). - asoc: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - asoc: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - asoc: tas2764: Fix power control mask (stable-fixes). - asoc: tas2764: Set the SDOUT polarity correctly (stable-fixes). - asoc: tas2770: Fix volume scale (stable-fixes). - asoc: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - documentation: qat: fix auto_reset attribute details (git-fixes). - documentation: qat: fix auto_reset section (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - hid: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - hid: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - hid: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - hid: Enable playstation driver independently of sony driver (git-fixes). - hid: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - hid: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - hid: hid-steam: Fix use-after-free when detaching device (git-fixes). - hid: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - hid: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - hid: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - hid: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - hid: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - hid: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - hid: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ib/mad: Check available slots before posting receive WRs (git-fixes) - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input: ads7846 - fix gpiod allocation (git-fixes). - input: i8042 - add required quirks for missing old boardnames (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - input: iqs7222 - preserve system status register (git-fixes). - input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - input: xpad - add multiple supported devices (stable-fixes). - input: xpad - add support for TECNO Pocket Go (stable-fixes). - input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - input: xpad - rename QH controller to Legion Go S (stable-fixes). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - mdacon: rework dependency list (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). Refresh: - patches.suse/nvme-fc-use-ctrl-state-getter.patch - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - padata: fix sysfs store callback check (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - pci: Avoid reset when disabled via sysfs (git-fixes). - pci: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - pci: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - pci: brcmstb: Fix potential premature regulator disabling (git-fixes). - pci: brcmstb: Set generation limit before PCIe link up (git-fixes). - pci: brcmstb: Use internal register to change link capability (git-fixes). - pci: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - pci: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - pci: Fix reference leak in pci_alloc_child_bus() (git-fixes). - pci: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - pci: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - pci: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - pci/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - pci/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - pci/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - pci/DOE: Support discovery version 2 (bsc#1237853) - pci/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - pm: sleep: Adjust check before setting power.must_resume (git-fixes). - pm: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc: Stop using no_llseek (bsc#1239573). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). Replace our patch with the upstream version. - rdma/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - rdma/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - rdma/core: Do not expose hw_counters outside of init net namespace (git-fixes) - rdma/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - rdma/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - rdma/hns: Fix missing xa_destroy() (git-fixes) - rdma/hns: Fix soft lockup during bt pages loop (git-fixes) - rdma/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - rdma/hns: Fix wrong value of max_sge_rd (git-fixes) - rdma/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - rdma/mlx5: Fix cache entry update on dereg error (git-fixes) - rdma/mlx5: Fix calculation of total invalidated pages (git-fixes) - rdma/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - rdma/mlx5: Fix MR cache initialization error flow (git-fixes) - rdma/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - rdma/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - revert 'wifi: ath11k: support hibernation' (bsc#1207948). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: convert RPC_TASK_* constants to enum (git-fixes). - sunrpc: Handle -ETIMEDOUT return from tlshd (git-fixes). - sunrpc: Prevent looping due to rpc_signal_task() races (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tcp: Update window clamping condition (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - usb: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - usb: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - usb: serial: option: match on interface class for Telit FN990B (stable-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1190-1 Released: Thu Apr 10 06:56:57 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - glibc-locale-base-2.38-150600.14.26.1 updated - glibc-locale-2.38-150600.14.26.1 updated - glibc-2.38-150600.14.26.1 updated - kernel-default-6.4.0-150600.23.47.2 updated - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - supportutils-3.2.10-150600.3.6.5 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:02:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:02:39 +0200 (CEST) Subject: SUSE-IU-2025:1081-1: Security update of suse-sles-15-sp6-chost-byos-v20250415-hvm-ssd-x86_64 Message-ID: <20250417070239.3BBF4FD12@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250415-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1081-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250415-hvm-ssd-x86_64:20250415 Image Release : Severity : important Type : security References : 1183663 1193173 1207948 1211547 1213291 1214713 1215199 1215211 1216049 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218470 1218812 1218814 1219241 1219639 1221651 1222021 1222649 1222650 1222896 1223047 1224489 1224610 1225533 1225742 1225770 1226871 1227127 1227858 1228265 1228653 1229311 1229361 1230371 1230497 1230728 1230769 1230832 1231293 1231396 1231423 1231432 1231838 1232364 1232389 1232421 1232743 1232812 1232848 1232895 1233033 1233060 1233259 1233260 1233479 1233551 1233557 1233726 1233749 1234128 1234222 1234480 1234713 1234828 1234936 1235436 1235455 1235481 1235501 1235524 1235589 1235591 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235973 1236033 1236099 1236111 1236206 1236333 1236692 1237029 1237164 1237313 1237374 1237530 1237558 1237562 1237565 1237571 1237853 1237856 1237873 1237875 1237876 1237877 1237881 1237885 1237890 1237894 1237897 1237900 1237906 1237907 1237911 1237912 1237950 1238212 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238510 1238511 1238512 1238521 1238523 1238526 1238528 1238529 1238531 1238532 1238715 1238716 1238734 1238735 1238736 1238738 1238747 1238754 1238757 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238864 1238865 1238876 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239618 1239644 1239707 1239883 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240343 CVE-2023-52831 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-41005 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-47408 CVE-2024-47794 CVE-2024-49571 CVE-2024-49924 CVE-2024-49940 CVE-2024-49994 CVE-2024-50056 CVE-2024-50126 CVE-2024-50140 CVE-2024-50152 CVE-2024-50290 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53140 CVE-2024-53163 CVE-2024-53680 CVE-2024-54683 CVE-2024-56638 CVE-2024-56640 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57900 CVE-2024-57947 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2024-8176 CVE-2025-21631 CVE-2025-21635 CVE-2025-21659 CVE-2025-21671 CVE-2025-21693 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21718 CVE-2025-21723 CVE-2025-21726 CVE-2025-21727 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21796 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250415-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1180-1 Released: Wed Apr 9 09:02:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207948,1215199,1215211,1218470,1221651,1222649,1223047,1224489,1224610,1225533,1225742,1225770,1226871,1227858,1228653,1229311,1229361,1230497,1230728,1230769,1230832,1231293,1231432,1232364,1232389,1232421,1232743,1232812,1232848,1232895,1233033,1233060,1233259,1233260,1233479,1233551,1233557,1233749,1234222,1234480,1234828,1234936,1235436,1235455,1235501,1235524,1235589,1235591,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235973,1236099,1236111,1236206,1236333,1236692,1237029,1237164,1237313,1237530,1237558,1237562,1237565,1237571,1237853,1237856,1237873,1237875,1237876,1237877,1237881,1237885,1237890,1237894,1237897,1237900,1237906,1237907,1237911,1237912,1237950,1238212,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238510,1238511,1238512,1238521,1238523,1238526,1238528,1238529,1238531,1238532,1238715,1238716,1238734,1238735,1238736,1238738,1238747,1238754,1238757,1238760,1238762,1 238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238864,1238865,1238876,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52831,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-41005 ,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-47408,CVE-2024-47794,CVE-2024-49571,CVE-2024-49924,CVE-2024-49940,CVE-2024-49994,CVE-2024-50056,CVE-2024-50126,CVE-2024-50140,CVE-2024-50152,CVE-2024-50290,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53140,CVE-2024-53163,CVE-2024-53680,CVE-2024-54683,CVE-2024-56638,CVE-2024-56640,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57900,CVE-2024-57947,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-20 24-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21659,CVE-2025-21671,CVE-2025-21693,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21718,CVE-2025-21723,CVE-2025-21726,CVE-2025-21727,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-2178 5,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21796,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - acpi: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - alsa: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - alsa: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - alsa: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - alsa: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - alsa: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Always honor no_shutup_pins (git-fixes). - alsa: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - alsa: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - alsa: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - alsa: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - alsa: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - alsa: hda/realtek: update ALC222 depop optimize (stable-fixes). - alsa: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - alsa: seq: Avoid module auto-load handling at event delivery (stable-fixes). - alsa: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - alsa: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - alsa: usx2y: validate nrpacks module parameter on probe (git-fixes). - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - asoc: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - asoc: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - asoc: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - asoc: cs35l41: check the return value from spi_setup() (git-fixes). - asoc: ops: Consistently treat platform_max as control value (git-fixes). - asoc: rt722-sdca: add missing readable registers (git-fixes). - asoc: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - asoc: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - asoc: tas2764: Fix power control mask (stable-fixes). - asoc: tas2764: Set the SDOUT polarity correctly (stable-fixes). - asoc: tas2770: Fix volume scale (stable-fixes). - asoc: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - documentation: qat: fix auto_reset attribute details (git-fixes). - documentation: qat: fix auto_reset section (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - hid: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - hid: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - hid: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - hid: Enable playstation driver independently of sony driver (git-fixes). - hid: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - hid: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - hid: hid-steam: Fix use-after-free when detaching device (git-fixes). - hid: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - hid: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - hid: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - hid: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - hid: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - hid: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - hid: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ib/mad: Check available slots before posting receive WRs (git-fixes) - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input: ads7846 - fix gpiod allocation (git-fixes). - input: i8042 - add required quirks for missing old boardnames (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - input: iqs7222 - preserve system status register (git-fixes). - input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - input: xpad - add multiple supported devices (stable-fixes). - input: xpad - add support for TECNO Pocket Go (stable-fixes). - input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - input: xpad - rename QH controller to Legion Go S (stable-fixes). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - mdacon: rework dependency list (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). Refresh: - patches.suse/nvme-fc-use-ctrl-state-getter.patch - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - padata: fix sysfs store callback check (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - pci: Avoid reset when disabled via sysfs (git-fixes). - pci: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - pci: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - pci: brcmstb: Fix potential premature regulator disabling (git-fixes). - pci: brcmstb: Set generation limit before PCIe link up (git-fixes). - pci: brcmstb: Use internal register to change link capability (git-fixes). - pci: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - pci: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - pci: Fix reference leak in pci_alloc_child_bus() (git-fixes). - pci: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - pci: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - pci: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - pci/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - pci/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - pci/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - pci/DOE: Support discovery version 2 (bsc#1237853) - pci/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - pm: sleep: Adjust check before setting power.must_resume (git-fixes). - pm: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc: Stop using no_llseek (bsc#1239573). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). Replace our patch with the upstream version. - rdma/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - rdma/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - rdma/core: Do not expose hw_counters outside of init net namespace (git-fixes) - rdma/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - rdma/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - rdma/hns: Fix missing xa_destroy() (git-fixes) - rdma/hns: Fix soft lockup during bt pages loop (git-fixes) - rdma/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - rdma/hns: Fix wrong value of max_sge_rd (git-fixes) - rdma/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - rdma/mlx5: Fix cache entry update on dereg error (git-fixes) - rdma/mlx5: Fix calculation of total invalidated pages (git-fixes) - rdma/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - rdma/mlx5: Fix MR cache initialization error flow (git-fixes) - rdma/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - rdma/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - revert 'wifi: ath11k: support hibernation' (bsc#1207948). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: convert RPC_TASK_* constants to enum (git-fixes). - sunrpc: Handle -ETIMEDOUT return from tlshd (git-fixes). - sunrpc: Prevent looping due to rpc_signal_task() races (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tcp: Update window clamping condition (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - usb: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - usb: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - usb: serial: option: match on interface class for Telit FN990B (stable-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1190-1 Released: Thu Apr 10 06:56:57 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - glibc-locale-base-2.38-150600.14.26.1 updated - glibc-locale-2.38-150600.14.26.1 updated - glibc-2.38-150600.14.26.1 updated - kernel-default-6.4.0-150600.23.47.2 updated - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - supportutils-3.2.10-150600.3.6.5 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:02:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:02:52 +0200 (CEST) Subject: SUSE-IU-2025:1082-1: Security update of sles-15-sp6-chost-byos-v20250415-arm64 Message-ID: <20250417070252.405CAFD12@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250415-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1082-1 Image Tags : sles-15-sp6-chost-byos-v20250415-arm64:20250415 Image Release : Severity : important Type : security References : 1183663 1193173 1207948 1211547 1213291 1214713 1215199 1215211 1216049 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218470 1218812 1218814 1219241 1219639 1221651 1222021 1222649 1222650 1222896 1223047 1224489 1224610 1225533 1225742 1225770 1226871 1227127 1227858 1228265 1228653 1229311 1229361 1230371 1230497 1230728 1230769 1230832 1231293 1231396 1231423 1231432 1231838 1232364 1232389 1232421 1232743 1232812 1232848 1232895 1233033 1233060 1233259 1233260 1233479 1233551 1233557 1233726 1233749 1234128 1234222 1234480 1234713 1234828 1234936 1235436 1235455 1235481 1235501 1235524 1235589 1235591 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235973 1236033 1236099 1236111 1236206 1236333 1236692 1237029 1237164 1237313 1237374 1237530 1237558 1237562 1237565 1237571 1237853 1237856 1237873 1237875 1237876 1237877 1237881 1237885 1237890 1237894 1237897 1237900 1237906 1237907 1237911 1237912 1237950 1238212 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238510 1238511 1238512 1238521 1238523 1238526 1238528 1238529 1238531 1238532 1238715 1238716 1238734 1238735 1238736 1238738 1238747 1238754 1238757 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238864 1238865 1238876 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239618 1239644 1239707 1239883 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240343 CVE-2023-52831 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-41005 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-47408 CVE-2024-47794 CVE-2024-49571 CVE-2024-49924 CVE-2024-49940 CVE-2024-49994 CVE-2024-50056 CVE-2024-50126 CVE-2024-50140 CVE-2024-50152 CVE-2024-50290 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53140 CVE-2024-53163 CVE-2024-53680 CVE-2024-54683 CVE-2024-56638 CVE-2024-56640 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57900 CVE-2024-57947 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2024-8176 CVE-2025-21631 CVE-2025-21635 CVE-2025-21659 CVE-2025-21671 CVE-2025-21693 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21718 CVE-2025-21723 CVE-2025-21726 CVE-2025-21727 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21796 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20250415-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1180-1 Released: Wed Apr 9 09:02:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207948,1215199,1215211,1218470,1221651,1222649,1223047,1224489,1224610,1225533,1225742,1225770,1226871,1227858,1228653,1229311,1229361,1230497,1230728,1230769,1230832,1231293,1231432,1232364,1232389,1232421,1232743,1232812,1232848,1232895,1233033,1233060,1233259,1233260,1233479,1233551,1233557,1233749,1234222,1234480,1234828,1234936,1235436,1235455,1235501,1235524,1235589,1235591,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235973,1236099,1236111,1236206,1236333,1236692,1237029,1237164,1237313,1237530,1237558,1237562,1237565,1237571,1237853,1237856,1237873,1237875,1237876,1237877,1237881,1237885,1237890,1237894,1237897,1237900,1237906,1237907,1237911,1237912,1237950,1238212,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238510,1238511,1238512,1238521,1238523,1238526,1238528,1238529,1238531,1238532,1238715,1238716,1238734,1238735,1238736,1238738,1238747,1238754,1238757,1238760,1238762,1 238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238864,1238865,1238876,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52831,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-41005 ,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-47408,CVE-2024-47794,CVE-2024-49571,CVE-2024-49924,CVE-2024-49940,CVE-2024-49994,CVE-2024-50056,CVE-2024-50126,CVE-2024-50140,CVE-2024-50152,CVE-2024-50290,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53140,CVE-2024-53163,CVE-2024-53680,CVE-2024-54683,CVE-2024-56638,CVE-2024-56640,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57900,CVE-2024-57947,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-20 24-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21659,CVE-2025-21671,CVE-2025-21693,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21718,CVE-2025-21723,CVE-2025-21726,CVE-2025-21727,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-2178 5,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21796,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - acpi: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - alsa: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - alsa: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - alsa: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - alsa: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - alsa: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Always honor no_shutup_pins (git-fixes). - alsa: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - alsa: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - alsa: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - alsa: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - alsa: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - alsa: hda/realtek: update ALC222 depop optimize (stable-fixes). - alsa: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - alsa: seq: Avoid module auto-load handling at event delivery (stable-fixes). - alsa: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - alsa: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - alsa: usx2y: validate nrpacks module parameter on probe (git-fixes). - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - asoc: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - asoc: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - asoc: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - asoc: cs35l41: check the return value from spi_setup() (git-fixes). - asoc: ops: Consistently treat platform_max as control value (git-fixes). - asoc: rt722-sdca: add missing readable registers (git-fixes). - asoc: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - asoc: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - asoc: tas2764: Fix power control mask (stable-fixes). - asoc: tas2764: Set the SDOUT polarity correctly (stable-fixes). - asoc: tas2770: Fix volume scale (stable-fixes). - asoc: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - documentation: qat: fix auto_reset attribute details (git-fixes). - documentation: qat: fix auto_reset section (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - hid: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - hid: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - hid: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - hid: Enable playstation driver independently of sony driver (git-fixes). - hid: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - hid: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - hid: hid-steam: Fix use-after-free when detaching device (git-fixes). - hid: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - hid: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - hid: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - hid: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - hid: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - hid: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - hid: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ib/mad: Check available slots before posting receive WRs (git-fixes) - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input: ads7846 - fix gpiod allocation (git-fixes). - input: i8042 - add required quirks for missing old boardnames (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - input: iqs7222 - preserve system status register (git-fixes). - input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - input: xpad - add multiple supported devices (stable-fixes). - input: xpad - add support for TECNO Pocket Go (stable-fixes). - input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - input: xpad - rename QH controller to Legion Go S (stable-fixes). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - mdacon: rework dependency list (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). Refresh: - patches.suse/nvme-fc-use-ctrl-state-getter.patch - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - padata: fix sysfs store callback check (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - pci: Avoid reset when disabled via sysfs (git-fixes). - pci: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - pci: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - pci: brcmstb: Fix potential premature regulator disabling (git-fixes). - pci: brcmstb: Set generation limit before PCIe link up (git-fixes). - pci: brcmstb: Use internal register to change link capability (git-fixes). - pci: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - pci: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - pci: Fix reference leak in pci_alloc_child_bus() (git-fixes). - pci: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - pci: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - pci: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - pci/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - pci/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - pci/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - pci/DOE: Support discovery version 2 (bsc#1237853) - pci/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - pm: sleep: Adjust check before setting power.must_resume (git-fixes). - pm: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc: Stop using no_llseek (bsc#1239573). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). Replace our patch with the upstream version. - rdma/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - rdma/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - rdma/core: Do not expose hw_counters outside of init net namespace (git-fixes) - rdma/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - rdma/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - rdma/hns: Fix missing xa_destroy() (git-fixes) - rdma/hns: Fix soft lockup during bt pages loop (git-fixes) - rdma/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - rdma/hns: Fix wrong value of max_sge_rd (git-fixes) - rdma/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - rdma/mlx5: Fix cache entry update on dereg error (git-fixes) - rdma/mlx5: Fix calculation of total invalidated pages (git-fixes) - rdma/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - rdma/mlx5: Fix MR cache initialization error flow (git-fixes) - rdma/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - rdma/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - revert 'wifi: ath11k: support hibernation' (bsc#1207948). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: convert RPC_TASK_* constants to enum (git-fixes). - sunrpc: Handle -ETIMEDOUT return from tlshd (git-fixes). - sunrpc: Prevent looping due to rpc_signal_task() races (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tcp: Update window clamping condition (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - usb: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - usb: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - usb: serial: option: match on interface class for Telit FN990B (stable-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1190-1 Released: Thu Apr 10 06:56:57 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - glibc-locale-base-2.38-150600.14.26.1 updated - glibc-locale-2.38-150600.14.26.1 updated - glibc-2.38-150600.14.26.1 updated - kernel-default-6.4.0-150600.23.47.2 updated - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - supportutils-3.2.10-150600.3.6.5 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:10:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:10:05 +0200 (CEST) Subject: SUSE-CU-2025:2618-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250417071005.74818FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2618-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.11 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.11 Severity : moderate Type : recommended References : 1235481 1236033 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - container:sles15-ltss-image-15.4.0-2.33 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:10:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:10:54 +0200 (CEST) Subject: SUSE-CU-2025:2620-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250417071054.6D06FFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2620-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.15 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.15 Severity : important Type : recommended References : 1235481 1236033 1240343 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - container:sles15-ltss-image-15.4.0-2.33 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:10:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:10:55 +0200 (CEST) Subject: SUSE-CU-2025:2621-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250417071055.37971FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2621-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.17 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.17 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated - container:sles15-ltss-image-15.4.0-2.34 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:13:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:13:20 +0200 (CEST) Subject: SUSE-CU-2025:2626-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250417071320.85491FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2626-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.15 , suse/manager/4.3/proxy-tftpd:4.3.15.9.53.9 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.53.9 Severity : important Type : recommended References : 1240343 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - ca-certificates-mozilla-2.74-150200.41.1 updated - container:sles15-ltss-image-15.4.0-2.33 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:13:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:13:26 +0200 (CEST) Subject: SUSE-CU-2025:2628-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20250417071326.95C84FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2628-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.4 , suse/manager/5.0/x86_64/proxy-httpd:5.0.4.7.14.1 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 7.14.1 Severity : important Type : security References : 1221505 1225287 1226273 1227118 1227859 1231983 1233307 1233500 1234015 1234033 1234202 1234226 1234442 1234452 1235527 1235696 1235825 1235853 1235970 1236011 1236118 1236136 1236166 1236234 1236268 1236323 1236601 1236625 1236643 1236678 1236707 1236771 1236886 1237060 1237363 1237370 1237374 1237374 1237403 1237418 1237535 1237685 1237694 1238924 1239618 1239826 1240414 1240960 CVE-2024-11168 CVE-2024-13176 CVE-2024-56171 CVE-2024-8176 CVE-2025-23392 CVE-2025-24928 CVE-2025-27113 CVE-2025-31115 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:878-1 Released: Mon Mar 17 10:22:57 2025 Summary: Recommended update for python3-dmidecode Type: recommended Severity: moderate References: 1237685 This update for python3-dmidecode fixes the following issue: - Fix invalid log level error. (bsc#1237685) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-1297 Released: Wed Apr 16 09:57:14 2025 Summary: Security update for Multi-Linux Manager 5.0: Server, Proxy and Retail Server Type: security Severity: moderate References: 1221505,1225287,1226273,1227118,1227859,1231983,1233500,1234033,1234202,1234226,1234442,1235527,1235696,1235825,1235853,1235970,1236011,1236118,1236166,1236234,1236268,1236323,1236601,1236625,1236678,1236707,1237060,1237403,1237535,1237694,1238924,1239826,1240960,CVE-2025-23392 Security update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server: This is a codestream only update The following package changes have been done: - libapparmor1-3.1.7-150600.5.3.2 updated - libexpat1-2.7.1-150400.3.28.1 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - pkg-config-0.29.2-150600.15.6.3 updated - release-notes-susemanager-proxy-5.0.4-150600.11.23.2 updated - xz-5.4.1-150600.3.3.1 updated - libsystemd0-254.24-150600.4.28.1 updated - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - python3-uyuni-common-libs-5.0.6-150600.2.6.5 updated - systemd-254.24-150600.4.28.1 updated - python3-libxml2-2.10.3-150500.5.23.1 updated - python3-dmidecode-3.12.3-150400.24.1 updated - spacewalk-backend-5.0.12-150600.4.12.10 updated - python3-spacewalk-client-tools-5.0.9-150600.4.9.11 updated - spacewalk-client-tools-5.0.9-150600.4.9.11 updated - susemanager-tftpsync-recv-5.0.2-150600.3.3.5 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:13:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:13:31 +0200 (CEST) Subject: SUSE-CU-2025:2629-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20250417071331.65665FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2629-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.4 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.4.7.14.1 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 7.14.1 Severity : important Type : security References : 1233307 1236136 1236771 1239618 CVE-2024-11168 CVE-2024-13176 CVE-2024-8176 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:13:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:13:40 +0200 (CEST) Subject: SUSE-CU-2025:2631-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20250417071340.2EC9EFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2631-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.4 , suse/manager/5.0/x86_64/proxy-ssh:5.0.4.7.14.1 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 7.14.1 Severity : important Type : security References : 1233307 1234015 1236136 1236643 1236771 1236826 1236886 1237040 1237041 1239618 CVE-2024-11168 CVE-2024-13176 CVE-2024-8176 CVE-2025-26465 CVE-2025-26466 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:585-1 Released: Tue Feb 18 17:42:14 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,1237041,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:997-1 Released: Mon Mar 24 18:52:00 2025 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1236826 This update for openssh fixes the following issue: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - openssh-common-9.6p1-150600.6.18.4 updated - libsystemd0-254.24-150600.4.28.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - openssh-fips-9.6p1-150600.6.18.4 updated - openssh-clients-9.6p1-150600.6.18.4 updated - openssh-server-9.6p1-150600.6.18.4 updated - openssh-9.6p1-150600.6.18.4 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:13:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:13:44 +0200 (CEST) Subject: SUSE-CU-2025:2632-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20250417071344.C0026FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2632-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.4 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.4.7.14.1 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 7.14.1 Severity : important Type : security References : 1233307 1236136 1236771 1239618 CVE-2024-11168 CVE-2024-13176 CVE-2024-8176 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-150400.3.28.1 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:13:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:13:48 +0200 (CEST) Subject: SUSE-CU-2025:2633-1: Security update of suse/manager/5.0/x86_64/server-attestation Message-ID: <20250417071348.D9F5DFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2633-1 Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.4 , suse/manager/5.0/x86_64/server-attestation:5.0.4.6.14.1 , suse/manager/5.0/x86_64/server-attestation:latest Container Release : 6.14.1 Severity : important Type : security References : 1222834 1227637 1234128 1234713 1236165 1236282 1236858 1239465 1239883 1240414 CVE-2025-0395 CVE-2025-27363 CVE-2025-31115 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - libfreetype6-2.10.4-150000.4.18.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - glibc-2.38-150600.14.26.1 updated - libfreebl3-3.101.2-150400.3.54.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:13:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:13:53 +0200 (CEST) Subject: SUSE-CU-2025:2634-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api Message-ID: <20250417071353.DF218FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2634-1 Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.4 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.4.6.14.1 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container Release : 6.14.1 Severity : important Type : security References : 1224044 1231463 1233282 1234015 1234452 1236643 1236886 1237374 1237374 1239618 1240414 CVE-2024-34397 CVE-2024-52533 CVE-2024-8176 CVE-2025-31115 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.8.1 added - libapparmor1-3.1.7-150600.5.3.2 updated - libexpat1-2.7.1-150400.3.28.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - xz-5.4.1-150600.3.3.1 updated - libsystemd0-254.24-150600.4.28.1 updated - systemd-254.24-150600.4.28.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:14:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:14:06 +0200 (CEST) Subject: SUSE-CU-2025:2636-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16 Message-ID: <20250417071406.02138FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2636-1 Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.4 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.4.7.14.1 , suse/manager/5.0/x86_64/server-migration-14-16:latest Container Release : 7.14.1 Severity : important Type : security References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 1227637 1229228 1233307 1233752 1234015 1234128 1234313 1234713 1234765 1235873 1236136 1236136 1236165 1236282 1236460 1236619 1236643 1236771 1236858 1236886 1236960 1237093 1237093 1237093 1237363 1237370 1237418 1238591 1239625 1239637 1239883 1240414 CVE-2022-49043 CVE-2023-40403 CVE-2024-11168 CVE-2024-13176 CVE-2024-13176 CVE-2024-55549 CVE-2024-56171 CVE-2025-0395 CVE-2025-1094 CVE-2025-1094 CVE-2025-1094 CVE-2025-24528 CVE-2025-24855 CVE-2025-24928 CVE-2025-27113 CVE-2025-31115 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:616-1 Released: Fri Feb 21 11:42:35 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:631-1 Released: Fri Feb 21 15:09:01 2025 Summary: Security update for postgresql14 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql14 fixes the following issues: Upgrade to 14.17: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:635-1 Released: Fri Feb 21 15:13:08 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1125-1 Released: Thu Apr 3 13:49:28 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - glibc-2.38-150600.14.23.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libxml2-2-2.10.3-150500.5.23.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libgcrypt20-1.10.3-150600.3.3.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - permissions-20240826-150600.10.18.2 updated - timezone-2025a-150600.91.3.1 updated - libsystemd0-254.24-150600.4.28.1 updated - glibc-locale-base-2.38-150600.14.26.1 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libpq5-17.4-150600.13.10.1 updated - libxslt1-1.1.34-150400.3.6.1 updated - glibc-locale-2.38-150600.14.26.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - postgresql14-14.17-150600.16.14.1 updated - postgresql16-16.8-150600.16.15.1 updated - postgresql14-server-14.17-150600.16.14.1 updated - postgresql16-server-16.8-150600.16.15.1 updated - postgresql16-contrib-16.8-150600.16.15.1 updated - postgresql14-contrib-14.17-150600.16.14.1 updated - container:suse-manager-5.0-init-5.0.4-5.0.4-7.12.15 added - container:suse-manager-5.0-init-5.0.3-5.0.3-7.9.5 removed From sle-container-updates at lists.suse.com Thu Apr 17 07:15:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:15:29 +0200 (CEST) Subject: SUSE-CU-2025:2637-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250417071529.BA172FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2637-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.109 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.109 Severity : important Type : recommended References : 1235481 1236033 1240343 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 08:02:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 10:02:24 +0200 (CEST) Subject: SUSE-CU-2025:2638-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250417080224.565A9FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2638-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.31 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.31 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150600.91.6.2 updated From sle-container-updates at lists.suse.com Thu Apr 17 08:05:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 10:05:04 +0200 (CEST) Subject: SUSE-CU-2025:2637-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250417080504.19ED8FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2637-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.109 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.109 Severity : important Type : recommended References : 1235481 1236033 1240343 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 08:05:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 10:05:04 +0200 (CEST) Subject: SUSE-CU-2025:2639-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250417080504.E9938FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2639-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.111 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.111 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated From sle-container-updates at lists.suse.com Thu Apr 17 08:09:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 10:09:32 +0200 (CEST) Subject: SUSE-CU-2025:2641-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250417080932.E1171FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2641-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.111 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.111 Severity : important Type : recommended References : 1235481 1236033 1240343 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 08:09:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 10:09:33 +0200 (CEST) Subject: SUSE-CU-2025:2642-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250417080933.AB5A6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2642-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.113 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.113 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - timezone-2025b-150000.75.34.2 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:09:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:09:10 +0200 (CEST) Subject: SUSE-CU-2025:2643-1: Security update of containers/milvus Message-ID: <20250417150910.DD295FD1A@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2643-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.91 Container Release : 7.91 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:10:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:10:24 +0200 (CEST) Subject: SUSE-CU-2025:2644-1: Security update of containers/ollama Message-ID: <20250417151024.589D1FD1A@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2644-1 Container Tags : containers/ollama:0 , containers/ollama:0.6.2 , containers/ollama:0.6.2-8.10 Container Release : 8.10 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:11:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:11:51 +0200 (CEST) Subject: SUSE-CU-2025:2645-1: Recommended update of containers/open-webui Message-ID: <20250417151151.C7BBFFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2645-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.33 Container Release : 9.33 Severity : important Type : recommended References : 1234128 1234713 1239883 1240343 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:13:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:13:31 +0200 (CEST) Subject: SUSE-IU-2025:1091-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250417151331.B2554FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1091-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.161 , suse/sle-micro/base-5.5:latest Image Release : 5.8.161 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:14:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:14:11 +0200 (CEST) Subject: SUSE-IU-2025:1092-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250417151411.B4640FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1092-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.306 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.306 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.161 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:15:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:15:23 +0200 (CEST) Subject: SUSE-IU-2025:1093-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250417151523.EA03BFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1093-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.363 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.363 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.277 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:16:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:16:29 +0200 (CEST) Subject: SUSE-IU-2025:1094-1: Security update of suse/sle-micro/5.5 Message-ID: <20250417151629.1B47AFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1094-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.277 , suse/sle-micro/5.5:latest Image Release : 5.5.277 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.161 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:22:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:22:20 +0200 (CEST) Subject: SUSE-CU-2025:2649-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250417152220.3AC94FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2649-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.118 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.118 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:26:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:26:33 +0200 (CEST) Subject: SUSE-CU-2025:2651-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250417152633.AA99FFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2651-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.118 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.118 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:27:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:27:59 +0200 (CEST) Subject: SUSE-CU-2025:2652-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250417152759.81949FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2652-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.20 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.20 Severity : important Type : security References : 1183663 1193173 1211547 1213291 1214713 1216049 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218812 1218814 1219241 1219639 1222021 1222650 1222896 1227127 1228265 1230371 1231396 1231423 1231838 1233307 1233726 1234798 1235481 1235751 1236033 1236779 1237294 1239618 1240009 1240343 1240343 CVE-2024-11168 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1166-1 Released: Tue Apr 8 11:37:17 2025 Summary: Recommended update for gdb Type: recommended Severity: moderate References: This update for gdb fixes the following issues: - Implemented support for new IBM Z generation (jsc#PED-10305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1191-1 Released: Thu Apr 10 06:57:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - gdb-14.2-150400.15.23.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - supportutils-3.2.10-150300.7.35.36.4 updated - suse-build-key-12.0-150000.8.58.1 updated - timezone-2025b-150000.75.34.2 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-9.1.1176-150500.20.24.2 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:28:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:28:00 +0200 (CEST) Subject: SUSE-CU-2025:2653-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250417152800.7B20FFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2653-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.21 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.21 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:31:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:31:30 +0200 (CEST) Subject: SUSE-CU-2025:2656-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250417153130.599DAFD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2656-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.71 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.71 , suse/ltss/sle15.3/sle15:latest Container Release : 2.71 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:32:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:32:43 +0200 (CEST) Subject: SUSE-CU-2025:2658-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250417153243.6BABCFD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2658-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.35 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.35 , suse/ltss/sle15.4/sle15:latest Container Release : 2.35 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:35:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:35:25 +0200 (CEST) Subject: SUSE-CU-2025:2659-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250417153525.6AB23FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2659-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.25 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.25 , suse/ltss/sle15.5/sle15:latest Container Release : 4.25 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:36:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:36:05 +0200 (CEST) Subject: SUSE-CU-2025:2660-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250417153605.9A2F0FD1A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2660-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.14 , bci/dotnet-aspnet:8.0.14-48.11 Container Release : 48.11 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:36:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:36:25 +0200 (CEST) Subject: SUSE-CU-2025:2661-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250417153625.7B682FD1A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2661-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.3 , bci/dotnet-aspnet:9.0.3-6.11 , bci/dotnet-aspnet:latest Container Release : 6.11 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:36:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:36:53 +0200 (CEST) Subject: SUSE-CU-2025:2662-1: Security update of suse/registry Message-ID: <20250417153653.D9BBCFD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2662-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-34.12 , suse/registry:latest Container Release : 34.12 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:37:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:37:29 +0200 (CEST) Subject: SUSE-CU-2025:2663-1: Recommended update of bci/dotnet-sdk Message-ID: <20250417153729.7E574FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2663-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.14 , bci/dotnet-sdk:8.0.14-52.11 Container Release : 52.11 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:37:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:37:44 +0200 (CEST) Subject: SUSE-CU-2025:2664-1: Recommended update of bci/dotnet-sdk Message-ID: <20250417153744.896D8FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2664-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.3 , bci/dotnet-sdk:9.0.3-8.8 , bci/dotnet-sdk:latest Container Release : 8.8 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 07:14:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 09:14:00 +0200 (CEST) Subject: SUSE-CU-2025:2635-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20250417071400.B9004FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2635-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.4 , suse/manager/5.0/x86_64/server:5.0.4.7.19.1 , suse/manager/5.0/x86_64/server:latest Container Release : 7.19.1 Severity : important Type : security References : 1183663 1189788 1193173 1205042 1211547 1213291 1214290 1214713 1214808 1215212 1215484 1216049 1216091 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216827 1217287 1218201 1218282 1218324 1218812 1218814 1219241 1219639 1220893 1220895 1220896 1220905 1221505 1222021 1222650 1222834 1222896 1225287 1225936 1225939 1225941 1225942 1226273 1227118 1227127 1227316 1227637 1227859 1228265 1228434 1229163 1229164 1229685 1229822 1230078 1230371 1230642 1230944 1231298 1231396 1231423 1231589 1231605 1231838 1231983 1233307 1233500 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1233726 1233880 1234015 1234022 1234033 1234128 1234202 1234226 1234442 1234452 1234713 1234798 1234881 1234958 1235079 1235481 1235516 1235527 1235695 1235696 1235751 1235825 1235853 1235970 1236011 1236033 1236118 1236136 1236151 1236165 1236166 1236234 1236268 1236282 1236316 1236317 1236323 1236384 1236481 1236601 1236625 1236643 1236664 1236678 1236707 1236771 1236803 1236820 1236826 1236842 1236858 1236886 1236939 1236974 1236983 1237002 1237006 1237008 1237009 1237010 1237011 1237012 1237013 1237014 1237037 1237038 1237040 1237041 1237044 1237060 1237093 1237093 1237137 1237363 1237370 1237374 1237374 1237403 1237418 1237431 1237535 1237606 1237685 1237694 1237844 1237865 1238591 1238610 1238879 1238924 1239302 1239465 1239618 1239625 1239637 1239676 1239826 1239883 1240009 1240343 1240343 1240414 1240416 1240960 37681 CVE-2020-25657 CVE-2023-4016 CVE-2023-40403 CVE-2024-11168 CVE-2024-12243 CVE-2024-13176 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-47554 CVE-2024-49504 CVE-2024-55549 CVE-2024-56171 CVE-2024-56337 CVE-2024-56737 CVE-2024-8176 CVE-2025-0395 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-1094 CVE-2025-1094 CVE-2025-1118 CVE-2025-1125 CVE-2025-1215 CVE-2025-1632 CVE-2025-22134 CVE-2025-23392 CVE-2025-24014 CVE-2025-24813 CVE-2025-24855 CVE-2025-24928 CVE-2025-24970 CVE-2025-25193 CVE-2025-25724 CVE-2025-26465 CVE-2025-26466 CVE-2025-26597 CVE-2025-27113 CVE-2025-27363 CVE-2025-27516 CVE-2025-31115 CVE-2025-31344 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:585-1 Released: Tue Feb 18 17:42:14 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,1237041,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:586-1 Released: Wed Feb 19 08:28:47 2025 Summary: Security update for grub2 Type: security Severity: important References: 1229163,1229164,1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-49504,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2024-49504: Fixed an issue that can bypass TPM-bound disk encryption on SL(E)M encrypted Images. (bsc#1229164) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:590-1 Released: Wed Feb 19 11:33:58 2025 Summary: Security update for netty, netty-tcnative Type: security Severity: important References: 1237037,1237038,CVE-2025-24970,CVE-2025-25193 This update for netty, netty-tcnative fixes the following issues: - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037) - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038) Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final. Other fixes: - Fix recycling in CodecOutputList. - StreamBufferingEncoder: do not send header frame with priority by default. - Notify event loop termination future of unexpected exceptions. - Fix AccessControlException in GlobalEventExecutor. - AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency. - Support BouncyCastle FIPS for reading PEM files. - Dns: correctly encode DnsPtrRecord. - Provide Brotli settings without com.aayushatharva.brotli4j dependency. - Make DefaultResourceLeak more resilient against OOM. - OpenSslSession: add support to defensively check for peer certs. - SslHandler: ensure buffers are never leaked when wrap(...) produces SSLException. - Correcly handle comments appended to nameserver declarations. - PcapWriteHandler: apply fixes so that the handler can append to an existing PCAP file when writing the global header. - PcapWriteHandler: allow output of PCAP files larger than 2GB. - Fix bugs in BoundedInputStream. - Fix HTTP header validation bug. - AdaptivePoolingAllocator: fix possible race condition in method offerToQueue(...). - AdaptivePoolingAllocator: make sure the sentinel object Magazine.MAGAZINE_FREED not be replaced. - Only try to use Zstd and Brotli if the native libs can be loaded. - Bump BlockHound version to 1.0.10.RELEASE. - Add details to TooLongFrameException message. - AdaptivePoolingAllocator: correctly reuse chunks. - AdaptivePoolingAllocator: don't fail when we run on a host with 1 core. - AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid OOM issue. - Fix several memory management (leaks and missing checks) issues. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:616-1 Released: Fri Feb 21 11:42:35 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:635-1 Released: Fri Feb 21 15:13:08 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:739-1 Released: Fri Feb 28 11:09:44 2025 Summary: Security update for libX11 Type: security Severity: moderate References: 1237431,CVE-2025-26597 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:745-1 Released: Fri Feb 28 15:54:49 2025 Summary: Recommended update for apache-commons-cli Type: recommended Severity: moderate References: This update for apache-commons-cli fixes the following issues: - Update to 1.9.0: * New features: + Add OptionGroup.isSelected(). + You can now extend HelpFormatter.Builder. + Add 'since' attribute to Option to track when an Option was introduced * Fixed bugs: + Fix Javadoc pathing + Updated properties documentation #285. + Deprecation not always reported #284. + Replace internal StringBuffer with StringBuilder. * Updates: + Bump org.apache.commons:commons-parent from 70 to 72 - Update to 1.8.0: * Fix Javadoc pathing - Updated apache-commons-cli-build.xml to new version. - Update to 1.7: * New features: - Add and use a Converter interface and implementations without using BeanUtils - Add Maven property project.build.outputTimestamp for build reproducibility. - Add '-' as an option char and implemented extensive tests - Make adding OptionGroups and Options to existing Options easier - Added Supplier; defaults for getParsedOptionValue - Make Option.getKey() public - Add builder factory CommandLine#builder(). * Fixes: - Inconsistent behavior in key/value pairs (Java property style). Util.stripLeadingAndTrailingQuotes(String). - Awkward behavior of Option.builder() for multiple optional args. - Properties from multiple arguments with value separator. - Fix for expected textual date values. - Option.Builder.option('') should throw IllegalArgumentException instead of ArrayIndexOutOfBoundsException. - Avoid NullPointerException in CommandLine.getOptionValues(Option|String). * Updates: - Bump commons-parent from 64 to 69 - Update the tests to JUnit 5 - Bump tests commons-io:commons-io from 2.16.0 to 2.16.1 - Includes changes from version 1.6: * Fixes: - [StepSecurity] ci: Harden GitHub Actions - Inconsistent date format in changes report. - Fix NPE in CommandLine.resolveOption(String). - CommandLine.addOption(Option) should not allow a null Option. - CommandLine.addArgs(String) should not allow a null String. - Site docs: 'Usage Scenarios' refers to deprecated methods. - NullPointerException thrown by CommandLineParser.parse(). - StringIndexOutOfBoundsException thrown by CommandLineParser.parse(). * Updates: - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 417-423] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 446-450] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Fix SpotBugs Error: Medium: Method intentionally throws RuntimeException. [org.apache.commons.cli.Option] At Option.java:[lines 474-478] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION - Use EMPTY_STRING_ARRAY constant. - Fix site links that are broken - Add github/codeql-action. - Use %patch -P N instead of deprecated %patchN. - Build with java source/target levels 8 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:749-1 Released: Fri Feb 28 17:23:17 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1215212,1233880,1236803 This update for samba fixes the following issues: - Fix crossing automounter mount points (bsc#1215212, bsc#1236803). - Update shipped /etc/samba/smb.conf to point to smb.conf man page (bsc#1233880). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:764-1 Released: Mon Mar 3 09:43:37 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:777-1 Released: Tue Mar 4 15:58:09 2025 Summary: Recommended update for apache-commons-daemon Type: recommended Severity: moderate References: This update for apache-commons-daemon fixes the following issues: - Upgrade to 1.4.0 * Fixes: + [StepSecurity] ci: Harden GitHub Actions + Procrun: Enable Control Flow Guard for Windows binaries. + Procrun: Better label for command used to start service shown in Prunmgr.exe. + jsvc: Fix warnings when running support/buildconf.sh + jsvc: Fix compilation issue with newer compilers. Fixes + Procrun: Refactor UAC support so that elevation is only requested for actions that require administrator privileges. * New Features: + Procrun: Add support for hybrid CRT builds. + jsvc: Add support for LoongArch64 support. * Update dependencies: + The minimum support Java version has been upgraded from Java 7 to Java 8. - Use %patch -P N instead of deprecated %patchN. - Disable LTO to avoid undefined symbols on some platforms ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:778-1 Released: Wed Mar 5 07:14:12 2025 Summary: Recommended update for net-snmp Type: recommended Severity: important References: This update for net-snmp fixes the following issues: - Implementation of net-snmp on SUSE Linux Enterprise Micro 5.5 (no source changes) (jsc#SMO-541,jsc#SMO-542) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:782-1 Released: Wed Mar 5 11:11:58 2025 Summary: Recommended update for zypp-plugin Type: recommended Severity: moderate References: This update for zypp-plugin fixes the following issues: - Build package for multiple Python flavors on the SLE15 family ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:794-1 Released: Thu Mar 6 07:59:29 2025 Summary: Recommended update for pkg-config Type: recommended Severity: important References: 1237374 This update for pkg-config fixes the following issues: - Build with system GLib instead of bundled GLib (bsc#1237374). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:796-1 Released: Thu Mar 6 13:28:09 2025 Summary: Recommended update for python3-M2Crypto Type: recommended Severity: moderate References: 1205042,1231589,1236664,CVE-2020-25657 This update for python3-M2Crypto fixes the following issues: - Fix spelling of BSD-2-Clause license. - Update to 0.44.0: - The real license is BSD 2-Clause, not MIT. - Remove python-M2Crypto.keyring, because PyPI broke GPG support - Build for modern python stack on SLE/Leap - require setuptools - Make tests running again. - Remove unnecessary fdupes call - Add python-typing as a dependency - SLE12 requires swig3 for a successful build, too ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:815-1 Released: Mon Mar 10 11:12:25 2025 Summary: Optional update for python-cheroot, python-tempora Type: optional Severity: low References: 37681 This update for python-cheroot, python-tempora fixes the following issue: - Use update-alternatives for cheroot and tempora binaries (bsc#1223694) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:820-1 Released: Mon Mar 10 15:17:28 2025 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1222834 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:832-1 Released: Tue Mar 11 09:56:30 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:837-1 Released: Tue Mar 11 13:10:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:848-1 Released: Wed Mar 12 14:23:16 2025 Summary: Recommended update for apache-commons-logging Type: recommended Severity: moderate References: This update for apache-commons-logging fixes the following issues: - Upgrade to 1.3.4 * Bug fix: + Fix factory loading from context class loader - Upgrade to 1.3.3 * Bug Fixes: + Update Log4j 2 OSGi imports + Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. + Fix NullPointerException in SimpleLog#write(Object) on null input. + Fix NullPointerException in SimpleLog#write(StringBuffer) on null input. - Includes changes from 1.3.2 * Fixed Bugs: + Add OSGi metadata to enable Service Loader Mediator + Apache commons logging shows 1.4 as latest release instead of 1.3.1. + Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable. - Includes changes from 1.3.1 * New features: + Add Maven property project.build.outputTimestamp for build reproducibility. * Fixed Bugs: + Remove references to very old JDK and Commons Logging versions + Update from Logj 1 to the Log4j 2 API compatibility layer + Allow Servlet 4 in OSGi environment + Fix generics warnings + Fix Import-Package entry for org.slf4j - Includes changes from 1.3.0 * New Features: + Add support for Log4j API and SLF4J + Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement. + Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger` + Deprecate and disable `AvalonLogger` and `LogKitLogger` + Add Automatic-Module-Name Manifest Header for Java 9 compatibility * Fixed Bugs: + BufferedReader is not closed properly + Remove redundant initializer + Use a weak reference for the cached class loader + Add more entries to .gitignore file + Minor Improvements + [StepSecurity] ci: Harden GitHub Actions + Replace custom code with `ServiceLoader` call + Fix possible NPEs in LogFactoryImpl + Fix failing tests + Deprecate LogConfigurationException.cause in favor of getCause() + Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING. + Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD. + Set java.logging as optional module + Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT. + Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement. - Reinstate ant build (removed upstream) * add build.xml * add build.properties - Add upstream dev's public key to apache-commons-logging.keyring - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:878-1 Released: Mon Mar 17 10:22:57 2025 Summary: Recommended update for python3-dmidecode Type: recommended Severity: moderate References: 1237685 This update for python3-dmidecode fixes the following issue: - Fix invalid log level error. (bsc#1237685) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:880-1 Released: Mon Mar 17 10:55:06 2025 Summary: Recommended update for python-apache-libcloud Type: recommended Severity: important References: 1214808 This update for python-apache-libcloud fixes the following issues: - Fix issue building python311-apache-libcloud - Build package for multiple Python flavors on the SLE15 family ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:933-1 Released: Wed Mar 19 11:07:35 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237844,1237865 This update for grub2 fixes the following issues: - Fix 'zfs.mo not found' message when booting on legacy BIOS (bsc#1237865) - Upstream XFS fixes - Fix 'attempt to read of write outside of partition' error message (bsc#1237844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:985-1 Released: Fri Mar 21 18:45:14 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1237606,1238610,CVE-2025-1632,CVE-2025-25724 This update for libarchive fixes the following issues: - CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606) - CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:997-1 Released: Mon Mar 24 18:52:00 2025 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1236826 This update for openssh fixes the following issue: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1004-1 Released: Tue Mar 25 09:42:38 2025 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1238879,CVE-2025-27516 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1046-1 Released: Thu Mar 27 18:51:27 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issue: - Fix crash while handling po files with malformed header and process them properly (bsc#1227316). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1098-1 Released: Wed Apr 2 10:06:16 2025 Summary: Recommended update for libvirt Type: recommended Severity: moderate References: 1235079 This update for libvirt fixes the following issues: - security: apparmor: Fix probing of apparmor availability on the VM host when using modular daemons (bsc#1235079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1125-1 Released: Thu Apr 3 13:49:28 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1126-1 Released: Thu Apr 3 13:51:03 2025 Summary: Security update for tomcat Type: security Severity: important References: 1239302,1239676,CVE-2024-56337,CVE-2025-24813 This update for tomcat fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT (bsc#1239302) - Update to Tomcat 9.0.102 * Fixes: + launch with java 17 (bsc#1239676) * Catalina + Fix: Weak etags in the If-Range header should not match as strong etags are required. (remm) + Fix: When looking up class loader resources by resource name, the resource name should not start with '/'. If the resource name does start with '/', Tomcat is lenient and looks it up as if the '/' was not present. When the web application class loader was configured with external repositories and names starting with '/' were used for lookups, it was possible that cached 'not found' results could effectively hide lookup results using the correct resource name. (markt) + Fix: Enable the JNDIRealm to validate credentials provided to HttpServletRequest.login(String username, String password) when the realm is configured to use GSSAPI authentication. (markt) + Fix: Fix a bug in the JRE compatibility detection that incorrectly identified Java 19 and Java 20 as supporting Java 21 features. (markt) + Fix: Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. (markt) + Fix: Avoid scenarios where temporary files used for partial PUT would not be deleted. (remm) + Fix: 69602: Fix regression in releases from 12-2024 that were too strict and rejected weak etags in the If-Range header. (remm) + Fix: 69576: Avoid possible failure initializing JreCompat due to uncaught exception introduced for the check for CVE-2024-56337. (remm) * Cluster + Add: 69598: Add detection of service account token changes to the KubernetesMembershipProvider implementation and reload the token if it changes. Based on a patch by Miroslav Jezbera. (markt) * Coyote + Fix: 69575: Avoid using compression if a response is already compressed using compress, deflate or zstd. (remm) + Update: Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip. (remm) + Fix: Fix a race condition in the handling of HTTP/2 stream reset that could cause unexpected 500 responses. (markt) * Other + Add: Add makensis as an option for building the Installer for Windows on non-Windows platforms. (rjung/markt) + Update: Update Byte Buddy to 1.17.1. (markt) + Update: Update Checkstyle to 10.21.3. (markt) + Update: Update SpotBugs to 4.9.1. (markt) + Update: Update JSign to 7.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Add org.apache.juli.JsonFormatter to format log as one line JSON documents. (remm) - Update to Tomcat 9.0.99 * Catalina + Update: Add tableName configuration on the DataSourcePropertyStore that may be used by the WebDAV Servlet. (remm) + Update: Improve HTTP If headers processing according to RFC 9110. Based on pull request #796 by Chenjp. (remm/markt) + Update: Allow readOnly attribute configuration on the Resources element and allow configure the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. (remm) + Fix: 69285: Optimise the creation of the parameter map for included requests. Based on sample code and test cases provided by John Engebretson. (markt) + Fix: 69527: Avoid rare cases where a cached resource could be set with 0 content length, or could be evicted immediately. (remm) + Fix: Fix possible edge cases (such as HTTP/1.0) with trying to detect requests without body for WebDAV LOCK and PROPFIND. (remm) + Fix: 69528: Add multi-release JAR support for the bloom archiveIndexStrategy of the Resources. (remm) + Fix: Improve checks for WEB-INF and META-INF in the WebDAV servlet. Based on a patch submitted by Chenjp. (remm) + Add: Add a check to ensure that, if one or more web applications are potentially vulnerable to CVE-2024-56337, the JVM has been configured to protect against the vulnerability and to configure the JVM correctly if not. Where one or more web applications are potentially vulnerable to CVE-2024-56337 and the JVM cannot be correctly configured or it cannot be confirmed that the JVM has been correctly configured, prevent the impacted web applications from starting. (markt) + Fix: Remove unused session to client map from CrawlerSessionManagerValve. Submitted by Brian Matzon. (remm) + Fix: When using the WebDAV servlet with serveSubpathOnly set to true, ensure that the destination for any requested WebDAV operation is also restricted to the sub-path. (markt) + Fix: Generate an appropriate Allow HTTP header when the Default servlet returns a 405 (method not allowed) response in response to a DELETE request because the target resource cannot be deleted. Pull request #802 provided by Chenjp. (markt) + Code: Refactor creation of RequestDispatcher instances so that the processing of the provided path is consistent with normal request processing. (markt) + Add: Add encodedReverseSolidusHandling and encodedSolidusHandling attributes to Context to provide control over the handling of the path used to created a RequestDispatcher. (markt) + Fix: Handle a potential NullPointerException after an IOException occurs on a non-container thread during asynchronous processing. (markt) + Fix: Enhance lifecycle of temporary files used by partial PUT. (remm) * Coyote + Fix: Don't log warnings for registered HTTP/2 settings that Tomcat does not support. These settings are now silently ignored. (markt) + Fix: Avoid a rare NullPointerException when recycling the Http11InputBuffer. (markt) + Fix: Lower the log level to debug for logging an invalid socket channel when processing poller events for the NIO Connector as this may occur in normal usage. (markt) + Code: Clean-up references to the HTTP/2 stream once request processing has completed to aid GC and reduce the size of the HTTP/2 recycled request and response cache. (markt) + Add: Add a new Connector configuration attribute, encodedReverseSolidusHandling, to control how %5c sequences in URLs are handled. The default behaviour is unchanged (decode) keeping in mind that the allowBackslash attribute determines how the decoded URI is processed. (markt) + Fix: 69545: Improve CRLF skipping for the available method of the ChunkedInputFilter. (remm) + Fix: Improve the performance of repeated calls to getHeader(). Pull request #813 provided by Adwait Kumar Singh. (markt) + Fix: 69559: Ensure that the Java 24 warning regarding the use of sun.misc.Unsafe::invokeCleaner is only reported by the JRE when the code will be used. (markt) * Jasper + Fix: 69508: Correct a regression in the fix for 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. (markt) + Fix: 69521: Update the EL Parser to allow the full range of valid characters in an EL identifier as defined by the Java Language Specification. (markt) + Fix: 69532: Optimise the creation of ExpressionFactory instances. Patch provided by John Engebretson. (markt) * Web applications + Add: Documentation. Expand the description of the security implications of setting mapperContextRootRedirectEnabled and/or mapperDirectoryRedirectEnabled to true. (markt) + Fix: Documentation. Better document the default for the truststoreProvider attribute of a SSLHostConfig element. (markt) * Other + Update: Update to Commons Daemon 1.4.1. (markt) + Update: Update the internal fork of Commons Pool to 2.12.1. (markt) + Update: Update Byte Buddy to 1.16.1. (markt) + Update: Update UnboundID to 7.0.2. (markt) + Update: Update Checkstyle to 10.21.2. (markt) + Update: Update SpotBugs to 4.9.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Chinese translations by leeyazhou. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1150-1 Released: Mon Apr 7 09:47:05 2025 Summary: Recommended update for apache-commons-io Type: recommended Severity: moderate References: 1231298,CVE-2024-47554 This update for apache-commons-io fixes the following issues: apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: * Cleaner code and updated dependencies * Improved security when handling serialized data with the new safe deserialization feature * New features for advanced file and stream operations * Various bugs were fixed to improve reliability with fewer crashes and unexpected errors * For the full list of changes please consult the packaged RELEASE-NOTES.txt - Already fixed in previous version: * CVE-2024-47554: Untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1164-1 Released: Tue Apr 8 09:02:56 2025 Summary: Security update for giflib Type: security Severity: important References: 1240416,CVE-2025-31344 This update for giflib fixes the following issues: - CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB (bsc#1240416) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1189-1 Released: Thu Apr 10 05:38:46 2025 Summary: Recommended update for fence-agents Type: recommended Severity: moderate References: This update for fence-agents fixes the following issues: - Improved fence_sbd support (jsc#PED-12243) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1190-1 Released: Thu Apr 10 06:56:57 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-1297 Released: Wed Apr 16 09:57:14 2025 Summary: Security update for Multi-Linux Manager 5.0: Server, Proxy and Retail Server Type: security Severity: moderate References: 1221505,1225287,1226273,1227118,1227859,1231983,1233500,1234033,1234202,1234226,1234442,1235527,1235696,1235825,1235853,1235970,1236011,1236118,1236166,1236234,1236268,1236323,1236601,1236625,1236678,1236707,1237060,1237403,1237535,1237694,1238924,1239826,1240960,CVE-2025-23392 Security update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server: This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1318-1 Released: Wed Apr 16 10:10:17 2025 Summary: Recommended update for salt Type: recommended Severity: moderate References: 1215484,1220905,1230642,1230944,1231605,1234022,1234881 This update for salt fixes the following issues: - Adapted to removal of hex attribute in pygit2 v1.15.0 (bsc#1230642) - Added DEB822 apt repository format support - Detect openEuler as RedHat family OS - Enhanced batch async and fixed some detected issues - Enhanced smart JSON parsing when garbage is present (bsc#1231605) - Ensure the correct crypt module is loaded - Fixed aptpkg 'NoneType object has no attribute split' error - Fixed crash due wrong client reference on `SaltMakoTemplateLookup` - Fixed error to stat '/root/.gitconfig' on gitfs (bsc#1230944, bsc#1234881, bsc#1220905) - Fixed issue of using update-alternatives with alts - Fixed issues running on Python 3.12 and 3.13 - Fixed tests failures after 'repo.saltproject.io' deprecation - Fixed virt_query outputter and added support for block devices - Fixed virtual grains for VMs running on Nutanix AHV (bsc#1234022) - Implemented multiple inventory for ansible.targets - Made _auth calls visible with master stats - Made Salt-SSH work with all SSH passwords (bsc#1215484) - Made x509 module compatible with M2Crypto 0.44.0 - Moved logrotate config to /usr/etc/logrotate.d where possible - Removed deprecated code from x509.certificate_managed test mode - Repaired mount.fstab_present always returning pending changes - Set virtual grain in Podman systemd container - Enhancements of Salt packaging: * Use update-alternatives for all salt scripts * Use flexible dependencies for the subpackages * Made salt-minion to require flavored zypp-plugin * Made zyppnotify to use update-alternatives * Dropped unused yumnotify plugin * Added dependency to python3-dnf-plugins-core for RHEL based ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1319-1 Released: Wed Apr 16 10:13:10 2025 Summary: Recommended update for golang-github-prometheus-node_exporter, system-user-prometheus Type: recommended Severity: moderate References: 1235516 This update for golang-github-prometheus-node_exporter and system-user-prometheus fixes the following issues: golang-github-prometheus-node_exporter was updated from version 1.7.0 to version 1.9.0 (jsc#PED-12485): - Packaging improvements: * Use `systemd-sysusers` to configure the user in a dedicated 'system-user-prometheus' subpackage (bsc#1235516) * Remove `systemd` and `shadow` hard requirements - Version 1.9.0: * [CHANGE] meminfo: Convert linux implementation to use procfs lib * [CHANGE] Update logging to use Go log/slog * [FEATURE] filesystem: Add node_filesystem_mount_info metric * [FEATURE] btrfs: Add metrics for commit statistics * [FEATURE] interrupts: Add collector include/exclude filtering * [FEATURE] interrupts: Add 'exclude zeros' filtering * [FEATURE] slabinfo: Add filters for slab name. * [FEATURE] pressure: add IRQ PSI metrics * [FEATURE] hwmon: Add include and exclude filter for sensors * [FEATURE] filesystem: Add NetBSD support * [FEATURE] netdev: Add ifAlias label * [FEATURE] hwmon: Add Support for GPU Clock Frequencies * [FEATURE] Add exclude[] URL parameter * [FEATURE] Add AIX support * [FEATURE] filesystem: Add fs-types/mount-points include flags * [FEATURE] netstat: Add collector for tcp packet counters for FreeBSD. * [ENHANCEMENT] ethtool: Add logging for filtering flags * [ENHANCEMENT] netstat: Add TCPRcvQDrop to default metrics * [ENHANCEMENT] diskstats: Add block device rotational * [ENHANCEMENT] cpu: Support CPU online status * [ENHANCEMENT] arp: optimize interface name resolution * [ENHANCEMENT] textfile: Allow specifiying multiple directoryglobs * [ENHANCEMENT] filesystem: Add reporting of purgeable space on MacOS * [ENHANCEMENT] ethtool: Skip full scan of NetClass directories * [BUGFIX] zfs: Prevent procfs integer underflow * [BUGFIX] pressure: Fix collection on systems that do not expose a full CPU stat * [BUGFIX] cpu: Fix FreeBSD 32-bit host support and plug memory leak * [BUGFIX] hwmon: Add safety check to hwmon read * [BUGFIX] zfs: Allow space in dataset name - Version 1.8.2: * [BUGFIX] Fix CPU pressure metric collection - Version 1.8.1: * [BUGFIX] Fix CPU seconds on Solaris * [BUGFIX] Sign Darwin/MacOS binaries * [BUGFIX] Fix pressure collector nil reference - Version 1.8.0: * [CHANGE] exec_bsd: Fix labels for vm.stats.sys.v_syscall sysctl * [CHANGE] diskstats: Ignore zram devices on linux systems * [CHANGE] textfile: Avoid inconsistent help-texts * [CHANGE] os: Removed caching of modtime/filename of os-release file * [FEATURE] xfrm: Add new collector * [FEATURE] watchdog: Add new collector * [ENHANCEMENT] cpu_vulnerabilities: Add mitigation information label * [ENHANCEMENT] nfsd: Handle new wdeleg_getattr attribute * [ENHANCEMENT] netstat: Add TCPOFOQueue to default netstat metrics * [ENHANCEMENT] filesystem: surface device errors * [ENHANCEMENT] os: Add support end parsing * [ENHANCEMENT] zfs: Log mib when sysctl read fails on FreeBSD * [ENHANCEMENT] fibre_channel: update procfs to take into account optional attributes * [BUGFIX] cpu: Fix debug log in cpu collector * [BUGFIX] hwmon: Fix hwmon nil ptr * [BUGFIX] hwmon: Fix hwmon error capture * [BUGFIX] zfs: Revert 'Add ZFS freebsd per dataset stats * [BUGFIX] ethtool: Sanitize ethtool metric name keys * [BUGFIX] fix: data race of NetClassCollector metrics initialization system-user-prometheus: - Implemented `system-user-prometheus` as new requirement for `golang-github-prometheus-node_exporter` The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.9.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - liblzma5-5.4.1-150600.3.3.1 updated - libxml2-2-2.10.3-150500.5.23.1 updated - libudev1-254.24-150600.4.28.1 updated - libgcrypt20-1.10.3-150600.3.3.1 updated - libzypp-17.36.3-150600.3.50.1 updated - zypper-1.14.85-150600.10.28.1 updated - glibc-locale-base-2.38-150600.14.26.1 updated - pkg-config-0.29.2-150600.15.6.3 updated - libapparmor1-3.1.7-150600.5.3.2 updated - libsystemd0-254.24-150600.4.28.1 updated - systemd-254.24-150600.4.28.1 updated - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - libX11-data-1.8.7-150600.3.3.1 updated - libarchive13-3.7.2-150600.3.12.1 updated - libfreebl3-3.101.2-150400.3.54.1 updated - libgif7-5.2.2-150000.4.16.1 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - libpq5-17.4-150600.13.10.1 updated - libprocps8-3.3.17-150000.7.42.1 updated - libtextstyle0-0.21.1-150600.3.3.2 updated - libxml2-tools-2.10.3-150500.5.23.1 updated - libxslt1-1.1.34-150400.3.6.1 updated - openssh-common-9.6p1-150600.6.18.4 updated - release-notes-susemanager-5.0.4-150600.11.29.1 updated - susemanager-schema-utility-5.0.14-150600.3.12.11 updated - system-user-prometheus-1.0.0-150000.14.2 updated - uyuni-config-modules-5.0.13-150600.3.12.5 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - xz-5.4.1-150600.3.3.1 updated - glibc-locale-2.38-150600.14.26.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - python3-curses-3.6.15-150300.10.84.1 updated - libfreetype6-2.10.4-150000.4.18.1 updated - postgresql16-16.8-150600.16.15.1 updated - procps-3.3.17-150000.7.42.1 updated - gettext-runtime-0.21.1-150600.3.3.2 updated - libxslt-tools-1.1.34-150400.3.6.1 updated - glibc-devel-2.38-150600.14.26.1 updated - mozilla-nss-certs-3.101.2-150400.3.54.1 updated - openssh-fips-9.6p1-150600.6.18.4 updated - susemanager-docs_en-5.0.4-150600.11.12.5 updated - spacewalk-java-lib-5.0.24-150600.3.25.1 updated - golang-github-prometheus-node_exporter-1.9.0-150100.3.32.3 updated - libX11-6-1.8.7-150600.3.3.1 updated - vim-9.1.1176-150500.20.24.2 updated - perl-Term-ReadKey-2.37-150000.3.2.1 updated - openssh-server-9.6p1-150600.6.18.4 updated - openssh-clients-9.6p1-150600.6.18.4 updated - libgnutls30-3.8.3-150600.4.6.2 updated - python3-zypp-plugin-0.6.5-150600.18.5.1 updated - python3-uyuni-common-libs-5.0.6-150600.2.6.5 updated - python3-M2Crypto-0.44.0-150600.19.3.1 updated - postgresql16-server-16.8-150600.16.15.1 updated - gettext-tools-0.21.1-150600.3.3.2 updated - supportutils-3.2.10-150600.3.6.5 updated - mozilla-nss-3.101.2-150400.3.54.1 updated - libsoftokn3-3.101.2-150400.3.54.1 updated - susemanager-docs_en-pdf-5.0.4-150600.11.12.5 updated - susemanager-schema-5.0.14-150600.3.12.11 updated - susemanager-sync-data-5.0.11-150600.3.16.3 updated - openssh-9.6p1-150600.6.18.4 updated - grub2-2.12-150600.8.21.2 updated - grub2-i386-pc-2.12-150600.8.21.2 updated - libvirt-libs-10.0.0-150600.8.9.1 updated - python3-tempora-1.8-150200.3.6.1 updated - python3-libxml2-2.10.3-150500.5.23.1 updated - postgresql16-contrib-16.8-150600.16.15.1 updated - samba-client-libs-4.19.8+git.404.38b26805d4-150600.3.12.2 updated - grub2-x86_64-efi-2.12-150600.8.21.2 updated - grub2-powerpc-ieee1275-2.12-150600.8.21.2 updated - grub2-arm64-efi-2.12-150600.8.21.2 updated - spacecmd-5.0.12-150600.4.12.5 updated - python3-Jinja2-2.10.1-150000.3.21.1 updated - python3-dmidecode-3.12.3-150400.24.1 updated - spacewalk-backend-sql-postgresql-5.0.12-150600.4.12.10 updated - tomcat-servlet-4_0-api-9.0.102-150200.78.1 updated - tomcat-el-3_0-api-9.0.102-150200.78.1 updated - apache-commons-io-2.18.0-150200.3.15.1 updated - apache-commons-daemon-1.4.0-150200.11.17.1 updated - apache-commons-cli-1.9.0-150200.3.9.1 updated - spacewalk-base-minimal-5.0.18-150600.3.18.1 updated - spacewalk-config-5.0.6-150600.3.9.5 updated - tomcat-jsp-2_3-api-9.0.102-150200.78.1 updated - netty-4.1.118-150200.4.29.2 updated - apache-commons-logging-1.3.4-150200.11.9.1 updated - spacewalk-base-minimal-config-5.0.18-150600.3.18.1 updated - tomcat-lib-9.0.102-150200.78.1 updated - spacewalk-backend-5.0.12-150600.4.12.10 updated - python3-spacewalk-client-tools-5.0.9-150600.4.9.11 updated - spacewalk-client-tools-5.0.9-150600.4.9.11 updated - spacewalk-base-5.0.18-150600.3.18.1 updated - subscription-matcher-0.39-150600.3.3.5 updated - salt-3006.0-150500.4.50.3 updated - python3-salt-3006.0-150500.4.50.3 updated - python3-apache-libcloud-3.3.1-150300.3.6.1 updated - fence-agents-4.13.1+git.1704296072.32469f29-150600.3.17.3 updated - spacewalk-backend-sql-5.0.12-150600.4.12.10 updated - python3-spacewalk-certs-tools-5.0.9-150600.3.9.5 updated - spacewalk-certs-tools-5.0.9-150600.3.9.5 updated - spacewalk-admin-5.0.10-150600.3.8.5 updated - tomcat-9.0.102-150200.78.1 updated - salt-master-3006.0-150500.4.50.3 updated - spacewalk-backend-server-5.0.12-150600.4.12.10 updated - susemanager-sls-5.0.13-150600.3.12.5 updated - spacewalk-java-postgresql-5.0.24-150600.3.25.1 updated - spacewalk-java-config-5.0.24-150600.3.25.1 updated - salt-api-3006.0-150500.4.50.3 updated - spacewalk-backend-xmlrpc-5.0.12-150600.4.12.10 updated - spacewalk-backend-xml-export-libs-5.0.12-150600.4.12.10 updated - spacewalk-backend-package-push-server-5.0.12-150600.4.12.10 updated - spacewalk-backend-iss-5.0.12-150600.4.12.10 updated - spacewalk-backend-app-5.0.12-150600.4.12.10 updated - spacewalk-html-5.0.18-150600.3.18.1 updated - spacewalk-taskomatic-5.0.24-150600.3.25.1 updated - spacewalk-java-5.0.24-150600.3.25.1 updated - spacewalk-backend-iss-export-5.0.12-150600.4.12.10 updated - patterns-suma_retail-5.0-150600.6.6.5 updated - susemanager-tools-5.0.12-150600.3.12.5 updated - spacewalk-backend-tools-5.0.12-150600.4.12.10 updated - susemanager-5.0.12-150600.3.12.5 updated - patterns-suma_server-5.0-150600.6.6.5 updated - container:suse-manager-5.0-init-5.0.4-5.0.4-7.12.15 added - container:suse-manager-5.0-init-5.0.3-5.0.3-7.9.5 removed - java-11-openjdk-11.0.26.0-150000.3.122.1 removed - java-11-openjdk-headless-11.0.26.0-150000.3.122.1 removed - libgraphite2-3-1.3.14-150600.1.5 removed - libharfbuzz0-8.3.0-150600.1.3 removed From sle-container-updates at lists.suse.com Thu Apr 17 15:29:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:29:04 +0200 (CEST) Subject: SUSE-IU-2025:1096-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250417152904.ED397FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1096-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-6.11 , suse/sl-micro/6.0/base-os-container:latest Image Release : 6.11 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224013 1224049 1224489 1224610 1224757 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1228659 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231910 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234074 1234157 1234222 1234480 1234698 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235550 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237874 1237875 1237876 1237877 1237879 1237881 1237882 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238052 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238565 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238746 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238970 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238990 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239066 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239475 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239684 1239707 1239906 1239925 1239986 1239994 1240167 1240168 1240169 1240171 1240172 1240173 1240175 1240176 1240177 1240179 1240182 1240183 1240184 1240185 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-27415 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50038 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53124 CVE-2024-53139 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58018 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21729 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21755 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21806 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21836 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21863 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21873 CVE-2025-21875 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21883 CVE-2025-21884 CVE-2025-21885 CVE-2025-21886 CVE-2025-21887 CVE-2025-21888 CVE-2025-21889 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-14 Released: Thu Apr 17 16:37:10 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224013,1224049,1224489,1224610,1224757,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1228659,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231910,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234074,1234157,1234222,1234480,1234698,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235550,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1 236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237874,1237875,1237876,1237877,1237879,1237881,1237882,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238052,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,123856 5,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238746,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238970,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238990,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239066,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239475,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239684,1239707,1239906,1239925,1239986,1239994,1240167,1240168,1240169,1240171,124 0172,1240173,1240175,1240176,1240177,1240179,1240182,1240183,1240184,1240185,1240186,1240188,1240189,1240191,1240192,1240333,1240334,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-27415,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024 -46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50038,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53124,CVE-2024-53139,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882, CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58018,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58071,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-202 5-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21729,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21755,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779 ,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21806,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21836,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21863,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21873,CVE-2025-21875,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21881,CVE-2025-21883,CVE-2025-21884,CVE-2025-21885,CVE-2025-21886,CVE-2025-21887,CVE-2025-21888,CVE-2025-21889,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892,CVE-2025-21894,CVE-20 25-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - kernel-default-6.4.0-28.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:30:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:30:05 +0200 (CEST) Subject: SUSE-IU-2025:1099-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250417153005.36799FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1099-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.15 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.15 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224049 1224489 1224610 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234222 1234480 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237875 1237876 1237877 1237879 1237881 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239707 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-8 Released: Thu Apr 17 12:48:21 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224049,1224489,1224610,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234222,1234480,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1 236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237875,1237876,1237877,1237879,1237881,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238747,1238751,1238753,123875 4,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927, CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-202 4-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882,CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636 ,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-2025-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-20 25-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-2189 1,CVE-2025-21892 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - kernel-rt-6.4.0-28.1 updated - container:SL-Micro-container-2.1.3-6.14 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:52:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:52:23 +0200 (CEST) Subject: SUSE-CU-2025:2664-1: Recommended update of bci/dotnet-sdk Message-ID: <20250417155223.24042FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2664-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.3 , bci/dotnet-sdk:9.0.3-8.8 , bci/dotnet-sdk:latest Container Release : 8.8 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:53:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:53:02 +0200 (CEST) Subject: SUSE-CU-2025:2665-1: Recommended update of bci/dotnet-runtime Message-ID: <20250417155302.40016FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2665-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.14 , bci/dotnet-runtime:8.0.14-48.11 Container Release : 48.11 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:53:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:53:15 +0200 (CEST) Subject: SUSE-CU-2025:2666-1: Recommended update of bci/dotnet-runtime Message-ID: <20250417155315.9E221FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2666-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.3 , bci/dotnet-runtime:9.0.3-6.11 , bci/dotnet-runtime:latest Container Release : 6.11 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:53:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:53:42 +0200 (CEST) Subject: SUSE-CU-2025:2667-1: Recommended update of suse/git Message-ID: <20250417155342.C87F2FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2667-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-37.22 , suse/git:latest Container Release : 37.22 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:suse-sle15-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:54:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:54:16 +0200 (CEST) Subject: SUSE-CU-2025:2668-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250417155416.42D7CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2668-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.32 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.32 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:54:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:54:47 +0200 (CEST) Subject: SUSE-CU-2025:2669-1: Security update of suse/postgres Message-ID: <20250417155447.59866FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2669-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-61.22 Container Release : 61.22 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:55:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:55:01 +0200 (CEST) Subject: SUSE-CU-2025:2670-1: Security update of suse/postgres Message-ID: <20250417155501.DDA2CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2670-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-42.22 , suse/postgres:latest Container Release : 42.22 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:55:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:55:20 +0200 (CEST) Subject: SUSE-CU-2025:2671-1: Recommended update of suse/rmt-server Message-ID: <20250417155520.D18B0FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2671-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-61.5 , suse/rmt-server:latest Container Release : 61.5 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-5ddef86034d29efc1262967bc5639504e8b012b214a33d4dac655b3e69ff16a5-0 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:57:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:57:01 +0200 (CEST) Subject: SUSE-CU-2025:2672-1: Recommended update of suse/sle15 Message-ID: <20250417155701.17EE3FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2672-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.28 , suse/sle15:15.6 , suse/sle15:15.6.47.20.28 Container Release : 47.20.28 Severity : important Type : recommended References : 1234128 1234713 1235481 1236033 1239883 1240343 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:57:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:57:01 +0200 (CEST) Subject: SUSE-CU-2025:2673-1: Security update of suse/sle15 Message-ID: <20250417155701.D7E04FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2673-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.29 , suse/sle15:15.6 , suse/sle15:15.6.47.20.29 Container Release : 47.20.29 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:57:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:57:41 +0200 (CEST) Subject: SUSE-CU-2025:2675-1: Security update of suse/valkey Message-ID: <20250417155741.9ACD4FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2675-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-38.9 , suse/valkey:latest Container Release : 38.9 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:57:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:57:49 +0200 (CEST) Subject: SUSE-CU-2025:2676-1: Security update of bci/bci-busybox Message-ID: <20250417155749.B0EF3FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2676-1 Container Tags : bci/bci-busybox:15.7 , bci/bci-busybox:15.7-3.49 Container Release : 3.49 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1233699 1234128 1234665 1234713 1236282 1239883 1240343 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - busybox-1.35.0-150700.16.2 updated - ca-certificates-mozilla-prebuilt-2.74-150200.41.2 updated - glibc-2.38-150600.14.26.1 updated - skelcd-EULA-bci-20250207-150700.2.1 updated - sles-release-15.7-150700.24.10 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:57:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:57:58 +0200 (CEST) Subject: SUSE-CU-2025:2677-1: Security update of bci/bci-micro Message-ID: <20250417155758.D228BFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2677-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-3.49 Container Release : 3.49 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1233699 1234128 1234665 1234713 1236282 1239883 1240343 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.41.2 updated - glibc-2.38-150600.14.26.1 updated - skelcd-EULA-bci-20250207-150700.2.1 updated - sles-release-15.7-150700.24.10 updated From sle-container-updates at lists.suse.com Thu Apr 17 15:58:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:58:09 +0200 (CEST) Subject: SUSE-CU-2025:2678-1: Security update of bci/bci-minimal Message-ID: <20250417155809.22909FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2678-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-4.2 Container Release : 4.2 Severity : important Type : security References : 1181994 1188006 1199079 1202868 1206212 1206622 1214248 1220356 1221482 1227525 1228042 1230638 1231051 1233699 1234128 1234665 1234713 1234798 1236282 1239883 1240009 1240343 1240343 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.74-150200.41.2 added - glibc-2.38-150600.14.26.1 updated - libgcrypt20-1.11.0-150700.3.3 updated - libgpg-error0-1.50-150700.1.6 updated - skelcd-EULA-bci-20250207-150700.2.1 added - sles-release-15.7-150700.24.10 updated - container:micro-image-15.7.0-3.46 removed From sle-container-updates at lists.suse.com Thu Apr 17 15:59:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 17:59:37 +0200 (CEST) Subject: SUSE-CU-2025:2679-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250417155937.C2505FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2679-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.112 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.112 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Thu Apr 17 16:04:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Apr 2025 18:04:12 +0200 (CEST) Subject: SUSE-CU-2025:2681-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250417160412.16E20FD1A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2681-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.114 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.114 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:04:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:04:13 +0200 (CEST) Subject: SUSE-CU-2025:2682-1: Security update of containers/open-webui Message-ID: <20250418070413.12D7FFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2682-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.34 Container Release : 9.34 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:17:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:17:44 +0200 (CEST) Subject: SUSE-CU-2025:2702-1: Security update of bci/bci-init Message-ID: <20250418071744.A6E3AFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2702-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.31 , bci/bci-init:latest Container Release : 31.31 Severity : important Type : security References : 1232234 1234128 1234713 1235481 1236033 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:18:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:18:21 +0200 (CEST) Subject: SUSE-CU-2025:2703-1: Security update of suse/pcp Message-ID: <20250418071821.886F2FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2703-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.72 , suse/pcp:latest Container Release : 42.72 Severity : important Type : security References : 1232234 1234128 1234713 1235481 1236033 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - container:bci-bci-init-15.6-cddfc1adb286dc82a9bd6befc5378b3a781942d5b564a46840bc73c89ec96bf1-0 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:18:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:18:44 +0200 (CEST) Subject: SUSE-CU-2025:2704-1: Security update of suse/mariadb-client Message-ID: <20250418071844.3F7A6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2704-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-56.36 , suse/mariadb-client:latest Container Release : 56.36 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:19:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:19:11 +0200 (CEST) Subject: SUSE-CU-2025:2705-1: Security update of suse/mariadb Message-ID: <20250418071911.89AC0FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2705-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.45 , suse/mariadb:latest Container Release : 62.45 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:19:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:19:36 +0200 (CEST) Subject: SUSE-CU-2025:2706-1: Security update of suse/rmt-server Message-ID: <20250418071936.D679DFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2706-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-61.6 , suse/rmt-server:latest Container Release : 61.6 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:21:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:21:35 +0200 (CEST) Subject: SUSE-CU-2025:2707-1: Security update of bci/spack Message-ID: <20250418072135.BC14FFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2707-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-6.9 , bci/spack:latest Container Release : 6.9 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:21:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:21:51 +0200 (CEST) Subject: SUSE-CU-2025:2709-1: Security update of bci/bci-init Message-ID: <20250418072151.207E8FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2709-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-3.82 Container Release : 3.82 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1232234 1233699 1234128 1234665 1234713 1235481 1236033 1236282 1237374 1239883 CVE-2024-10041 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - findutils-4.10.0-150700.2.4 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - libgcrypt20-1.11.0-150700.3.3 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - patterns-base-fips-20200124-150700.36.1 updated - grep-3.11-150700.1.6 updated - sles-release-15.7-150700.24.10 updated - permissions-20240826-150700.14.2 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - pkg-config-0.29.2-150600.15.6.3 updated - container:sles15-image-15.7.0-4.2.57 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:22:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:22:00 +0200 (CEST) Subject: SUSE-CU-2025:2710-1: Security update of bci/spack Message-ID: <20250418072200.3294EFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2710-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-7.11 Container Release : 7.11 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1232234 1233699 1234128 1234665 1234713 1236282 1239883 CVE-2024-10041 CVE-2025-0395 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - libgpg-error0-1.50-150700.1.6 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - libgcrypt20-1.11.0-150700.3.3 updated - libmount1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - permissions-20240826-150700.14.2 updated - pam-1.3.0-150000.6.76.1 updated - openssl-3-3.2.3-150700.3.14 updated - libnettle8-3.10.1-150700.2.13 updated - libopenssl1_1-1.1.1w-150700.9.31 updated - libhogweed6-3.10.1-150700.2.13 updated - glibc-devel-2.38-150600.14.26.1 updated - libopenssl-3-devel-3.2.3-150700.3.14 updated - container:sles15-image-15.7.0-4.2.57 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:22:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:22:02 +0200 (CEST) Subject: SUSE-CU-2025:2711-1: Security update of suse/valkey Message-ID: <20250418072202.F379AFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2711-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-3.28 Container Release : 3.28 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1232234 1233699 1234128 1234665 1234713 1236282 1239883 CVE-2024-10041 CVE-2025-0395 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - libgpg-error0-1.50-150700.1.6 updated - libgcrypt20-1.11.0-150700.3.3 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - permissions-20240826-150700.14.2 updated - pam-1.3.0-150000.6.76.1 updated - valkey-8.0.2-150700.1.5 updated - container:sles15-image-15.7.0-3.49 updated - container:micro-image-15.7.0-3.49 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:23:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:23:26 +0200 (CEST) Subject: SUSE-CU-2025:2712-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250418072326.E9242FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2712-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.14 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.14 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:sles15-ltss-image-15.4.0-2.35 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:24:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:24:17 +0200 (CEST) Subject: SUSE-CU-2025:2713-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250418072417.0E242FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2713-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.19 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.19 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:sles15-ltss-image-15.4.0-2.35 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:25:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:25:13 +0200 (CEST) Subject: SUSE-CU-2025:2714-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250418072513.79C4EFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2714-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.15 , suse/manager/4.3/proxy-squid:4.3.15.9.62.10 , suse/manager/4.3/proxy-squid:latest Container Release : 9.62.10 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:sles15-ltss-image-15.4.0-2.35 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:26:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:26:05 +0200 (CEST) Subject: SUSE-CU-2025:2715-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250418072605.1E942FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2715-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.15 , suse/manager/4.3/proxy-ssh:4.3.15.9.53.10 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.53.10 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated - container:sles15-ltss-image-15.4.0-2.35 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:05:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:05:55 +0200 (CEST) Subject: SUSE-IU-2025:1135-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250418070555.44C09FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1135-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.12 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.12 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224013 1224049 1224489 1224610 1224757 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1228659 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231910 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234074 1234157 1234222 1234480 1234698 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235550 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237874 1237875 1237876 1237877 1237879 1237881 1237882 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238052 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238565 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238746 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238970 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238990 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239066 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239475 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239684 1239707 1239906 1239925 1239986 1239994 1240167 1240168 1240169 1240171 1240172 1240173 1240175 1240176 1240177 1240179 1240182 1240183 1240184 1240185 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-27415 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50038 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53124 CVE-2024-53139 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58018 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21729 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21755 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21806 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21836 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21863 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21873 CVE-2025-21875 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21883 CVE-2025-21884 CVE-2025-21885 CVE-2025-21886 CVE-2025-21887 CVE-2025-21888 CVE-2025-21889 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-14 Released: Thu Apr 17 16:37:10 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224013,1224049,1224489,1224610,1224757,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1228659,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231910,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234074,1234157,1234222,1234480,1234698,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235550,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1 236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237874,1237875,1237876,1237877,1237879,1237881,1237882,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238052,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,123856 5,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238746,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238970,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238990,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239066,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239475,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239684,1239707,1239906,1239925,1239986,1239994,1240167,1240168,1240169,1240171,124 0172,1240173,1240175,1240176,1240177,1240179,1240182,1240183,1240184,1240185,1240186,1240188,1240189,1240191,1240192,1240333,1240334,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-27415,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024 -46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50038,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53124,CVE-2024-53139,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882, CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58018,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58071,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-202 5-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21729,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21755,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779 ,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21806,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21836,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21863,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21873,CVE-2025-21875,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21881,CVE-2025-21883,CVE-2025-21884,CVE-2025-21885,CVE-2025-21886,CVE-2025-21887,CVE-2025-21888,CVE-2025-21889,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892,CVE-2025-21894,CVE-20 25-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-28.1.21.6 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:08:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:08:51 +0200 (CEST) Subject: SUSE-IU-2025:1138-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250418070851.27167FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1138-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.21 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.21 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224013 1224049 1224489 1224610 1224757 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1228659 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231910 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234074 1234157 1234222 1234480 1234698 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235550 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237874 1237875 1237876 1237877 1237879 1237881 1237882 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238052 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238565 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238746 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238970 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238990 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239066 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239475 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239684 1239707 1239906 1239925 1239986 1239994 1240167 1240168 1240169 1240171 1240172 1240173 1240175 1240176 1240177 1240179 1240182 1240183 1240184 1240185 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-27415 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50038 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53124 CVE-2024-53139 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58018 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21729 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21755 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21806 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21836 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21863 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21873 CVE-2025-21875 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21883 CVE-2025-21884 CVE-2025-21885 CVE-2025-21886 CVE-2025-21887 CVE-2025-21888 CVE-2025-21889 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-14 Released: Thu Apr 17 16:37:10 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224013,1224049,1224489,1224610,1224757,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1228659,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231910,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234074,1234157,1234222,1234480,1234698,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235550,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1 236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237874,1237875,1237876,1237877,1237879,1237881,1237882,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238052,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,123856 5,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238746,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238970,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238990,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239066,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239475,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239684,1239707,1239906,1239925,1239986,1239994,1240167,1240168,1240169,1240171,124 0172,1240173,1240175,1240176,1240177,1240179,1240182,1240183,1240184,1240185,1240186,1240188,1240189,1240191,1240192,1240333,1240334,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-27415,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024 -46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50038,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53124,CVE-2024-53139,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882, CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58018,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58071,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-202 5-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21729,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21755,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779 ,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21806,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21836,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21863,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21873,CVE-2025-21875,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21881,CVE-2025-21883,CVE-2025-21884,CVE-2025-21885,CVE-2025-21886,CVE-2025-21887,CVE-2025-21888,CVE-2025-21889,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892,CVE-2025-21894,CVE-20 25-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - libtasn1-6-4.19.0-slfo.1.1_2.1 updated - libxml2-2-2.11.6-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.20 updated - kernel-default-6.4.0-28.1 updated - container:suse-toolbox-image-1.0.0-4.22 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:09:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:09:14 +0200 (CEST) Subject: SUSE-IU-2025:1140-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250418070914.DE40AFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1140-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.20 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.20 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224013 1224049 1224489 1224610 1224757 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1228659 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231910 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234074 1234157 1234222 1234480 1234698 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235550 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237874 1237875 1237876 1237877 1237879 1237881 1237882 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238052 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238565 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238746 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238970 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238990 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239066 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239475 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239684 1239707 1239906 1239925 1239986 1239994 1240167 1240168 1240169 1240171 1240172 1240173 1240175 1240176 1240177 1240179 1240182 1240183 1240184 1240185 1240186 1240188 1240189 1240191 1240192 1240333 1240334 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-27415 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50038 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53124 CVE-2024-53139 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58018 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58071 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21729 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21755 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21806 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21836 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21863 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21873 CVE-2025-21875 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21881 CVE-2025-21883 CVE-2025-21884 CVE-2025-21885 CVE-2025-21886 CVE-2025-21887 CVE-2025-21888 CVE-2025-21889 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-14 Released: Thu Apr 17 16:37:10 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224013,1224049,1224489,1224610,1224757,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1228659,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231910,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234074,1234157,1234222,1234480,1234698,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235550,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1 236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237874,1237875,1237876,1237877,1237879,1237881,1237882,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238052,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,123856 5,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238746,1238747,1238751,1238753,1238754,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238970,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238990,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239066,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239475,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239684,1239707,1239906,1239925,1239986,1239994,1240167,1240168,1240169,1240171,124 0172,1240173,1240175,1240176,1240177,1240179,1240182,1240183,1240184,1240185,1240186,1240188,1240189,1240191,1240192,1240333,1240334,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927,CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-27415,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024 -46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50038,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53124,CVE-2024-53139,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-2024-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882, CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58018,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58071,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-202 5-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21729,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21755,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-2025-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779 ,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21806,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21836,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21863,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21873,CVE-2025-21875,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21881,CVE-2025-21883,CVE-2025-21884,CVE-2025-21885,CVE-2025-21886,CVE-2025-21887,CVE-2025-21888,CVE-2025-21889,CVE-2025-21890,CVE-2025-21891,CVE-2025-21892,CVE-2025-21894,CVE-20 25-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-35910: kABI fix for tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: Bluetooth: L2CAP: Fix build errors in some archs (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tools: move alignment-related macros to new <linux/align.h> (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.20 updated - kernel-default-base-6.4.0-28.1.21.6 updated - container:SL-Micro-base-container-2.2.0-4.21 updated From sle-container-updates at lists.suse.com Fri Apr 18 07:09:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Apr 2025 09:09:36 +0200 (CEST) Subject: SUSE-IU-2025:1142-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250418070936.ED426FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1142-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.21 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.21 Severity : important Type : security References : 1012628 1207948 1215199 1215211 1218470 1219367 1221651 1222649 1222672 1222803 1223047 1224049 1224489 1224610 1225533 1225606 1225742 1225770 1225981 1226871 1227858 1227937 1228521 1228653 1229311 1229361 1230235 1230438 1230439 1230497 1230728 1230769 1230832 1231088 1231293 1231432 1231912 1231920 1231949 1232159 1232198 1232201 1232299 1232364 1232389 1232421 1232508 1232520 1232743 1232812 1232848 1232895 1232919 1233028 1233033 1233060 1233109 1233221 1233248 1233259 1233260 1233479 1233483 1233522 1233551 1233557 1233749 1234070 1234222 1234480 1234828 1234853 1234857 1234891 1234894 1234895 1234896 1234936 1234963 1235054 1235061 1235073 1235244 1235435 1235436 1235441 1235455 1235485 1235501 1235524 1235589 1235591 1235592 1235599 1235609 1235621 1235637 1235698 1235711 1235712 1235715 1235729 1235733 1235761 1235870 1235874 1235914 1235932 1235933 1235973 1236099 1236111 1236113 1236114 1236115 1236122 1236123 1236133 1236138 1236199 1236200 1236203 1236205 1236206 1236333 1236573 1236575 1236576 1236591 1236661 1236677 1236680 1236681 1236682 1236683 1236684 1236685 1236689 1236692 1236694 1236698 1236700 1236702 1236752 1236757 1236758 1236759 1236760 1236761 1236821 1236822 1236896 1236897 1236952 1236967 1236994 1237007 1237017 1237025 1237028 1237029 1237045 1237126 1237132 1237139 1237155 1237158 1237159 1237164 1237232 1237234 1237313 1237325 1237356 1237415 1237452 1237504 1237521 1237530 1237558 1237562 1237563 1237565 1237571 1237848 1237849 1237853 1237856 1237873 1237875 1237876 1237877 1237879 1237881 1237885 1237889 1237890 1237891 1237894 1237897 1237900 1237901 1237906 1237907 1237911 1237912 1237950 1238212 1238214 1238303 1238347 1238368 1238474 1238475 1238479 1238494 1238496 1238497 1238500 1238501 1238502 1238503 1238506 1238507 1238509 1238510 1238511 1238512 1238521 1238523 1238525 1238526 1238528 1238529 1238531 1238532 1238570 1238715 1238716 1238734 1238735 1238736 1238738 1238739 1238747 1238751 1238753 1238754 1238757 1238759 1238760 1238762 1238763 1238767 1238768 1238771 1238772 1238773 1238775 1238780 1238781 1238785 1238860 1238863 1238864 1238865 1238876 1238877 1238903 1238904 1238905 1238909 1238911 1238917 1238958 1238959 1238963 1238964 1238969 1238971 1238973 1238975 1238978 1238979 1238981 1238984 1238986 1238993 1238994 1238997 1239015 1239016 1239027 1239029 1239030 1239033 1239034 1239036 1239037 1239038 1239039 1239045 1239065 1239068 1239073 1239076 1239080 1239085 1239087 1239095 1239104 1239105 1239109 1239112 1239114 1239115 1239117 1239167 1239174 1239346 1239349 1239435 1239467 1239468 1239471 1239473 1239474 1239477 1239478 1239479 1239481 1239482 1239483 1239484 1239486 1239508 1239512 1239518 1239573 1239594 1239595 1239600 1239605 1239615 1239644 1239707 1239986 1239994 1240169 1240172 1240173 1240175 1240177 1240179 1240182 1240183 1240186 1240188 1240189 1240191 1240192 1240333 1240334 CVE-2023-52831 CVE-2023-52924 CVE-2023-52925 CVE-2023-52926 CVE-2023-52927 CVE-2024-26634 CVE-2024-26708 CVE-2024-26810 CVE-2024-26873 CVE-2024-35826 CVE-2024-35910 CVE-2024-38606 CVE-2024-40980 CVE-2024-41005 CVE-2024-41055 CVE-2024-41077 CVE-2024-41149 CVE-2024-42307 CVE-2024-43820 CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-46736 CVE-2024-46782 CVE-2024-46796 CVE-2024-46858 CVE-2024-47408 CVE-2024-47701 CVE-2024-47794 CVE-2024-49571 CVE-2024-49884 CVE-2024-49924 CVE-2024-49940 CVE-2024-49950 CVE-2024-49994 CVE-2024-50029 CVE-2024-50036 CVE-2024-50056 CVE-2024-50073 CVE-2024-50085 CVE-2024-50115 CVE-2024-50126 CVE-2024-50140 CVE-2024-50142 CVE-2024-50152 CVE-2024-50185 CVE-2024-50251 CVE-2024-50258 CVE-2024-50290 CVE-2024-50294 CVE-2024-50304 CVE-2024-52559 CVE-2024-53057 CVE-2024-53063 CVE-2024-53123 CVE-2024-53140 CVE-2024-53147 CVE-2024-53163 CVE-2024-53173 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53226 CVE-2024-53239 CVE-2024-53680 CVE-2024-54683 CVE-2024-56539 CVE-2024-56548 CVE-2024-56579 CVE-2024-56592 CVE-2024-56605 CVE-2024-56633 CVE-2024-56638 CVE-2024-56640 CVE-2024-56647 CVE-2024-56658 CVE-2024-56702 CVE-2024-56703 CVE-2024-56718 CVE-2024-56719 CVE-2024-56720 CVE-2024-56751 CVE-2024-56758 CVE-2024-56770 CVE-2024-57807 CVE-2024-57834 CVE-2024-57882 CVE-2024-57889 CVE-2024-57900 CVE-2024-57947 CVE-2024-57948 CVE-2024-57973 CVE-2024-57974 CVE-2024-57978 CVE-2024-57979 CVE-2024-57980 CVE-2024-57981 CVE-2024-57986 CVE-2024-57990 CVE-2024-57993 CVE-2024-57994 CVE-2024-57996 CVE-2024-57997 CVE-2024-57999 CVE-2024-58002 CVE-2024-58005 CVE-2024-58006 CVE-2024-58007 CVE-2024-58009 CVE-2024-58011 CVE-2024-58012 CVE-2024-58013 CVE-2024-58014 CVE-2024-58017 CVE-2024-58019 CVE-2024-58020 CVE-2024-58034 CVE-2024-58051 CVE-2024-58052 CVE-2024-58054 CVE-2024-58055 CVE-2024-58056 CVE-2024-58057 CVE-2024-58058 CVE-2024-58061 CVE-2024-58063 CVE-2024-58069 CVE-2024-58072 CVE-2024-58076 CVE-2024-58078 CVE-2024-58079 CVE-2024-58080 CVE-2024-58083 CVE-2024-58085 CVE-2024-58086 CVE-2025-21631 CVE-2025-21635 CVE-2025-21636 CVE-2025-21637 CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21647 CVE-2025-21659 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668 CVE-2025-21669 CVE-2025-21670 CVE-2025-21671 CVE-2025-21673 CVE-2025-21675 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21701 CVE-2025-21703 CVE-2025-21704 CVE-2025-21705 CVE-2025-21706 CVE-2025-21708 CVE-2025-21711 CVE-2025-21714 CVE-2025-21715 CVE-2025-21716 CVE-2025-21718 CVE-2025-21719 CVE-2025-21723 CVE-2025-21724 CVE-2025-21725 CVE-2025-21726 CVE-2025-21727 CVE-2025-21728 CVE-2025-21731 CVE-2025-21732 CVE-2025-21733 CVE-2025-21734 CVE-2025-21735 CVE-2025-21736 CVE-2025-21738 CVE-2025-21739 CVE-2025-21741 CVE-2025-21742 CVE-2025-21743 CVE-2025-21744 CVE-2025-21745 CVE-2025-21749 CVE-2025-21750 CVE-2025-21753 CVE-2025-21754 CVE-2025-21756 CVE-2025-21759 CVE-2025-21760 CVE-2025-21761 CVE-2025-21762 CVE-2025-21763 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-21767 CVE-2025-21772 CVE-2025-21773 CVE-2025-21775 CVE-2025-21776 CVE-2025-21779 CVE-2025-21780 CVE-2025-21781 CVE-2025-21782 CVE-2025-21784 CVE-2025-21785 CVE-2025-21790 CVE-2025-21791 CVE-2025-21793 CVE-2025-21794 CVE-2025-21795 CVE-2025-21796 CVE-2025-21799 CVE-2025-21802 CVE-2025-21804 CVE-2025-21810 CVE-2025-21815 CVE-2025-21819 CVE-2025-21820 CVE-2025-21821 CVE-2025-21823 CVE-2025-21825 CVE-2025-21828 CVE-2025-21829 CVE-2025-21830 CVE-2025-21831 CVE-2025-21832 CVE-2025-21835 CVE-2025-21838 CVE-2025-21844 CVE-2025-21846 CVE-2025-21847 CVE-2025-21848 CVE-2025-21850 CVE-2025-21855 CVE-2025-21856 CVE-2025-21857 CVE-2025-21858 CVE-2025-21859 CVE-2025-21861 CVE-2025-21862 CVE-2025-21864 CVE-2025-21865 CVE-2025-21866 CVE-2025-21869 CVE-2025-21870 CVE-2025-21871 CVE-2025-21876 CVE-2025-21877 CVE-2025-21878 CVE-2025-21883 CVE-2025-21885 CVE-2025-21886 CVE-2025-21888 CVE-2025-21890 CVE-2025-21891 CVE-2025-21892 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-8 Released: Thu Apr 17 12:48:21 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1207948,1215199,1215211,1218470,1219367,1221651,1222649,1222672,1222803,1223047,1224049,1224489,1224610,1225533,1225606,1225742,1225770,1225981,1226871,1227858,1227937,1228521,1228653,1229311,1229361,1230235,1230438,1230439,1230497,1230728,1230769,1230832,1231088,1231293,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232364,1232389,1232421,1232508,1232520,1232743,1232812,1232848,1232895,1232919,1233028,1233033,1233060,1233109,1233221,1233248,1233259,1233260,1233479,1233483,1233522,1233551,1233557,1233749,1234070,1234222,1234480,1234828,1234853,1234857,1234891,1234894,1234895,1234896,1234936,1234963,1235054,1235061,1235073,1235244,1235435,1235436,1235441,1235455,1235485,1235501,1235524,1235589,1235591,1235592,1235599,1235609,1235621,1235637,1235698,1235711,1235712,1235715,1235729,1235733,1235761,1235870,1235874,1235914,1235932,1235933,1235973,1236099,1236111,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1 236206,1236333,1236573,1236575,1236576,1236591,1236661,1236677,1236680,1236681,1236682,1236683,1236684,1236685,1236689,1236692,1236694,1236698,1236700,1236702,1236752,1236757,1236758,1236759,1236760,1236761,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237029,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237164,1237232,1237234,1237313,1237325,1237356,1237415,1237452,1237504,1237521,1237530,1237558,1237562,1237563,1237565,1237571,1237848,1237849,1237853,1237856,1237873,1237875,1237876,1237877,1237879,1237881,1237885,1237889,1237890,1237891,1237894,1237897,1237900,1237901,1237906,1237907,1237911,1237912,1237950,1238212,1238214,1238303,1238347,1238368,1238474,1238475,1238479,1238494,1238496,1238497,1238500,1238501,1238502,1238503,1238506,1238507,1238509,1238510,1238511,1238512,1238521,1238523,1238525,1238526,1238528,1238529,1238531,1238532,1238570,1238715,1238716,1238734,1238735,1238736,1238738,1238739,1238747,1238751,1238753,123875 4,1238757,1238759,1238760,1238762,1238763,1238767,1238768,1238771,1238772,1238773,1238775,1238780,1238781,1238785,1238860,1238863,1238864,1238865,1238876,1238877,1238903,1238904,1238905,1238909,1238911,1238917,1238958,1238959,1238963,1238964,1238969,1238971,1238973,1238975,1238978,1238979,1238981,1238984,1238986,1238993,1238994,1238997,1239015,1239016,1239027,1239029,1239030,1239033,1239034,1239036,1239037,1239038,1239039,1239045,1239065,1239068,1239073,1239076,1239080,1239085,1239087,1239095,1239104,1239105,1239109,1239112,1239114,1239115,1239117,1239167,1239174,1239346,1239349,1239435,1239467,1239468,1239471,1239473,1239474,1239477,1239478,1239479,1239481,1239482,1239483,1239484,1239486,1239508,1239512,1239518,1239573,1239594,1239595,1239600,1239605,1239615,1239644,1239707,1239986,1239994,1240169,1240172,1240173,1240175,1240177,1240179,1240182,1240183,1240186,1240188,1240189,1240191,1240192,1240333,1240334,CVE-2023-52831,CVE-2023-52924,CVE-2023-52925,CVE-2023-52926,CVE-2023-52927, CVE-2024-26634,CVE-2024-26708,CVE-2024-26810,CVE-2024-26873,CVE-2024-35826,CVE-2024-35910,CVE-2024-38606,CVE-2024-40980,CVE-2024-41005,CVE-2024-41055,CVE-2024-41077,CVE-2024-41149,CVE-2024-42307,CVE-2024-43820,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-46736,CVE-2024-46782,CVE-2024-46796,CVE-2024-46858,CVE-2024-47408,CVE-2024-47701,CVE-2024-47794,CVE-2024-49571,CVE-2024-49884,CVE-2024-49924,CVE-2024-49940,CVE-2024-49950,CVE-2024-49994,CVE-2024-50029,CVE-2024-50036,CVE-2024-50056,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50126,CVE-2024-50140,CVE-2024-50142,CVE-2024-50152,CVE-2024-50185,CVE-2024-50251,CVE-2024-50258,CVE-2024-50290,CVE-2024-50294,CVE-2024-50304,CVE-2024-52559,CVE-2024-53057,CVE-2024-53063,CVE-2024-53123,CVE-2024-53140,CVE-2024-53147,CVE-2024-53163,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-53680,CVE-2024-54683,CVE-2024-56539,CVE-2024-56548,CVE-2024-56579,CVE-2024-56592,CVE-2024-56605,CVE-202 4-56633,CVE-2024-56638,CVE-2024-56640,CVE-2024-56647,CVE-2024-56658,CVE-2024-56702,CVE-2024-56703,CVE-2024-56718,CVE-2024-56719,CVE-2024-56720,CVE-2024-56751,CVE-2024-56758,CVE-2024-56770,CVE-2024-57807,CVE-2024-57834,CVE-2024-57882,CVE-2024-57889,CVE-2024-57900,CVE-2024-57947,CVE-2024-57948,CVE-2024-57973,CVE-2024-57974,CVE-2024-57978,CVE-2024-57979,CVE-2024-57980,CVE-2024-57981,CVE-2024-57986,CVE-2024-57990,CVE-2024-57993,CVE-2024-57994,CVE-2024-57996,CVE-2024-57997,CVE-2024-57999,CVE-2024-58002,CVE-2024-58005,CVE-2024-58006,CVE-2024-58007,CVE-2024-58009,CVE-2024-58011,CVE-2024-58012,CVE-2024-58013,CVE-2024-58014,CVE-2024-58017,CVE-2024-58019,CVE-2024-58020,CVE-2024-58034,CVE-2024-58051,CVE-2024-58052,CVE-2024-58054,CVE-2024-58055,CVE-2024-58056,CVE-2024-58057,CVE-2024-58058,CVE-2024-58061,CVE-2024-58063,CVE-2024-58069,CVE-2024-58072,CVE-2024-58076,CVE-2024-58078,CVE-2024-58079,CVE-2024-58080,CVE-2024-58083,CVE-2024-58085,CVE-2024-58086,CVE-2025-21631,CVE-2025-21635,CVE-2025-21636 ,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21659,CVE-2025-21665,CVE-2025-21666,CVE-2025-21667,CVE-2025-21668,CVE-2025-21669,CVE-2025-21670,CVE-2025-21671,CVE-2025-21673,CVE-2025-21675,CVE-2025-21678,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21693,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21701,CVE-2025-21703,CVE-2025-21704,CVE-2025-21705,CVE-2025-21706,CVE-2025-21708,CVE-2025-21711,CVE-2025-21714,CVE-2025-21715,CVE-2025-21716,CVE-2025-21718,CVE-2025-21719,CVE-2025-21723,CVE-2025-21724,CVE-2025-21725,CVE-2025-21726,CVE-2025-21727,CVE-2025-21728,CVE-2025-21731,CVE-2025-21732,CVE-2025-21733,CVE-2025-21734,CVE-2025-21735,CVE-2025-21736,CVE-2025-21738,CVE-2025-21739,CVE-2025-21741,CVE-2025-21742,CVE-2025-21743,CVE-2025-21744,CVE-2025-21745,CVE-2025-21749,CVE-2025-21750,CVE-2025-21753,CVE-2025-21754,CVE-2025-21756,CVE-2025-21759,CVE-2025-21760,CVE-20 25-21761,CVE-2025-21762,CVE-2025-21763,CVE-2025-21764,CVE-2025-21765,CVE-2025-21766,CVE-2025-21767,CVE-2025-21772,CVE-2025-21773,CVE-2025-21775,CVE-2025-21776,CVE-2025-21779,CVE-2025-21780,CVE-2025-21781,CVE-2025-21782,CVE-2025-21784,CVE-2025-21785,CVE-2025-21790,CVE-2025-21791,CVE-2025-21793,CVE-2025-21794,CVE-2025-21795,CVE-2025-21796,CVE-2025-21799,CVE-2025-21802,CVE-2025-21804,CVE-2025-21810,CVE-2025-21815,CVE-2025-21819,CVE-2025-21820,CVE-2025-21821,CVE-2025-21823,CVE-2025-21825,CVE-2025-21828,CVE-2025-21829,CVE-2025-21830,CVE-2025-21831,CVE-2025-21832,CVE-2025-21835,CVE-2025-21838,CVE-2025-21844,CVE-2025-21846,CVE-2025-21847,CVE-2025-21848,CVE-2025-21850,CVE-2025-21855,CVE-2025-21856,CVE-2025-21857,CVE-2025-21858,CVE-2025-21859,CVE-2025-21861,CVE-2025-21862,CVE-2025-21864,CVE-2025-21865,CVE-2025-21866,CVE-2025-21869,CVE-2025-21870,CVE-2025-21871,CVE-2025-21876,CVE-2025-21877,CVE-2025-21878,CVE-2025-21883,CVE-2025-21885,CVE-2025-21886,CVE-2025-21888,CVE-2025-21890,CVE-2025-2189 1,CVE-2025-21892 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes). - ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - ALSA: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - ALSA: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - ALSA: seq: Avoid module auto-load handling at event delivery (stable-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - ALSA: usx2y: validate nrpacks module parameter on probe (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - ASoC: cs35l41: check the return value from spi_setup() (git-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: ops: Consistently treat platform_max as control value (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: rt722-sdca: add missing readable registers (git-fixes). - ASoC: tas2764: Fix power control mask (stable-fixes). - ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes). - ASoC: tas2770: Fix volume scale (stable-fixes). - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - Bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - Bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - Documentation: qat: fix auto_reset attribute details (git-fixes). - Documentation: qat: fix auto_reset section (git-fixes). - Drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - Fix memory-hotplug regression (bsc#1237504) - Grab mm lock before grabbing pt lock (git-fixes). - HID: Enable playstation driver independently of sony driver (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - HID: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - HID: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - HID: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - HID: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Fix use-after-free when detaching device (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - HID: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - HID: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - HID: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - HID: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - IB/mad: Check available slots before posting receive WRs (git-fixes) - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: ads7846 - fix gpiod allocation (git-fixes). - Input: allocate keycode for phone linking (stable-fixes). - Input: i8042 - add required quirks for missing old boardnames (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - Input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - Input: iqs7222 - preserve system status register (git-fixes). - Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - Input: xpad - add multiple supported devices (stable-fixes). - Input: xpad - add support for TECNO Pocket Go (stable-fixes). - Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - Input: xpad - rename QH controller to Legion Go S (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - Move upstreamed ACPI patch into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - PCI/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - PCI/DOE: Support discovery version 2 (bsc#1237853) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - PCI: Avoid reset when disabled via sysfs (git-fixes). - PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes). - PCI: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - PCI: brcmstb: Fix potential premature regulator disabling (git-fixes). - PCI: brcmstb: Set generation limit before PCIe link up (git-fixes). - PCI: brcmstb: Use internal register to change link capability (git-fixes). - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - PCI: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - PM: sleep: Adjust check before setting power.must_resume (git-fixes). - PM: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/core: Do not expose hw_counters outside of init net namespace (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/hns: Fix missing xa_destroy() (git-fixes) - RDMA/hns: Fix soft lockup during bt pages loop (git-fixes) - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - RDMA/hns: Fix wrong value of max_sge_rd (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix MR cache initialization error flow (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix cache entry update on dereg error (git-fixes) - RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes). - SUNRPC: Prevent looping due to rpc_signal_task() races (git-fixes). - SUNRPC: convert RPC_TASK_* constants to enum (git-fixes). - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - USB: serial: option: match on interface class for Telit FN990B (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094) - Use gcc-13 for build on SLE16 (jsc#PED-10028). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - config: Set gcc version (jsc#PED-12251). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - mdacon: rework dependency list (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: add dev_net_rcu() helper (bsc#1239994). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-fc: use ctrl state getter (git-fixes). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - padata: fix sysfs store callback check (git-fixes). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - powerpc: Stop using no_llseek (bsc#1239573). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/topology: Improve topology detection (bsc#1236591). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.20 updated - kernel-rt-6.4.0-28.1 updated - container:SL-Micro-container-2.2.0-4.21 updated From sle-container-updates at lists.suse.com Sat Apr 19 07:08:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Apr 2025 09:08:12 +0200 (CEST) Subject: SUSE-CU-2025:2717-1: Security update of suse/389-ds Message-ID: <20250419070812.CAC88FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2717-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.28 , suse/389-ds:latest Container Release : 36.28 Severity : important Type : security References : 1232234 1234128 1234713 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Sat Apr 19 07:08:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Apr 2025 09:08:45 +0200 (CEST) Subject: SUSE-CU-2025:2718-1: Recommended update of bci/bci-base-fips Message-ID: <20250419070845.4CF48FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2718-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.20.26 , bci/bci-base-fips:latest Container Release : 20.26 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Sat Apr 19 07:09:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Apr 2025 09:09:21 +0200 (CEST) Subject: SUSE-CU-2025:2720-1: Security update of suse/nginx Message-ID: <20250419070921.353B9FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2720-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.55 , suse/nginx:latest Container Release : 51.55 Severity : important Type : security References : 1232234 1234128 1234713 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Sat Apr 19 07:11:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Apr 2025 09:11:56 +0200 (CEST) Subject: SUSE-CU-2025:2721-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250419071156.50D0DFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2721-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.33 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.33 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Sat Apr 19 07:12:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Apr 2025 09:12:04 +0200 (CEST) Subject: SUSE-CU-2025:2722-1: Security update of suse/stunnel Message-ID: <20250419071204.40DAEFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2722-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-38.21 , suse/stunnel:latest Container Release : 38.21 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - pam-1.3.0-150000.6.76.1 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:06:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:06:06 +0200 (CEST) Subject: SUSE-IU-2025:1177-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250423070606.4EE64FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1177-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.162 , suse/sle-micro/base-5.5:latest Image Release : 5.8.162 Severity : moderate Type : recommended References : 1234383 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1354-1 Released: Tue Apr 22 05:14:53 2025 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1234383 This update for iproute2 fixes the following issues: - Avoid false cgroup warnings (bsc#1234383) The following package changes have been done: - iproute2-5.14-150400.3.3.1 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:15:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:15:28 +0200 (CEST) Subject: SUSE-IU-2025:1182-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250423071528.26E31FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1182-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.15 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.15 Severity : important Type : recommended References : 1221812 1228079 1228343 1230978 1231166 1232283 1232728 1233530 1236709 1237603 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 287 Released: Tue Apr 22 05:50:31 2025 Summary: Recommended update for qemu Type: recommended Severity: important References: 1221812,1228079,1228343,1230978,1231166,1232283,1232728,1233530,1236709,1237603 This update for qemu fixes the following issues: - linux-user: Do not define struct sched_attr if libc headers do (bsc#1237603) - elfload: Fix alignment when unmapping excess reservation (bsc#1236709) - linux-user: Honor elf alignment when placing images (bsc#1236709) - tests/acpi: q35: Update host address width in DMAR (bsc#1228343) - intel_iommu: Set default aw_bits to 48 starting from QEMU 9.2 (bsc#1228343) - tests/acpi: q35: allow DMAR acpi table changes (bsc#1228343) - Update version to 8.2.9 * Full changelog here: https://lore.kernel.org/qemu-devel/568115c5-8908-4931-aae0-a57bf542f68a at tls.msk.ru/ * Some backports: gdbstub/user-target: fix gdbserver int format (%d -> %x) target/s390x: Fix MVC not always invalidating translation blocks physmem: fix qemu_ram_alloc_from_fd size calculation hw/usb/canokey: Fix buffer overflow for OUT packet target/arm: arm_reset_sve_state() should set FPSR, not FPCR hw/cxl: Fix msix_notify: Assertion `vector < dev->msix_entries_nr` tests: acpi: update expected blobs pci: acpi: Windows 'PCI Label Id' bug workaround tests: acpi: whitelist expected blobs pci/msix: Fix msix pba read vector poll end calculation pci: ensure valid link status bits for downstream ports hw/usb/hcd-xhci-pci: Use modulo to select MSI vector as per spec backends/cryptodev-vhost-user: Fix local_error leaks tests/qtest/boot-serial-test: Correct HPPA machine name target/i386/cpu: Fix notes for CPU models docs: Correct release of TCG trace-events removal target/loongarch: Use actual operand size with vbsrl check s390x/s390-virtio-ccw: don't crash on weird RAM sizes vhost-user: fix shared object return values meson.build: Disallow libnfs v6 to fix the broken macOS build hw/intc/arm_gicv3_its: Zero initialize local DTEntry etc structs roms: re-add edk2-basetools target edk2: commit version info edk2: get version + date from git submodule x86/loader: only patch linux kernels - nbd/server: avoid per-NBDRequest nbd_client_get/put() (bsc#1232283) - [openSUSE][RPM] The qemu translation is not being installed (bsc#1231166) - target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest (bsc#1228079) - [openSUSE] block: Move qcow2 invalidation query-block op_blocker - scsi: megasas: Internal cdbs have 16-byte length (bsc#1233530) - Update version to 8.2.8 * Full changelog here: https://lore.kernel.org/qemu-devel/1b7d3242-abe9-408a-bd77-85162e0d0de4 at tls.msk.ru/ * Some backports: usb-hub: Fix handling port power control messages hw/audio/hda: fix memory leak on audio setup (bsc#1232728) hw/misc/mos6522: Fix bad class definition of the MOS6522 device contrib/plugins: add compat for g_memdup2 target/i386: fix hang when using slow path for ptw_setl tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc() linux-user/arm: Select vdso for be8 and be32 modes linux-user/arm: Reduce vdso alignment to 4k linux-user: Tolerate CONFIG_LSM_MMAP_MIN_ADDR accel/tcg: Fix user-only probe_access_internal plugin check target/arm: Drop user-only special case in sve_stN_r linux-user: Fix setreuid and setregid to use direct syscalls target/i386: Fix legacy page table walk 9pfs: fix crash on 'Treaddir' request hw/nvme: fix handling of over-committed queues migration: Ensure vmstate_save() sets errp target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed) target/ppc: Fix mtDPDES targeting SMT siblings target/ppc: Set ctx->opcode for decode_insn32() target/riscv: Fix vcompress with rvv_ta_all_1s target/riscv/kvm: clarify how 'riscv-aia' default works target/riscv/kvm: set 'aia_mode' to default in error path hw/intc/riscv_aplic: Check and update pending when write sourcecfg hw/intc/riscv_aplic: Fix in_clrip[x] read emulation target/riscv: Set vtype.vill on CPU reset The following package changes have been done: - libxml2-2-2.11.6-7.1 updated - SL-Micro-release-6.0-25.17 updated - qemu-guest-agent-8.2.9-1.1 updated - elemental-register-1.6.8-2.1 updated - elemental-support-1.6.8-2.1 updated - container:SL-Micro-base-container-2.1.3-6.14 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:17:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:17:35 +0200 (CEST) Subject: SUSE-IU-2025:1184-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250423071735.D0472FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1184-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.23 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.23 Severity : important Type : security References : 1221677 1224112 1228105 1231208 1236270 1236507 1237641 1239330 CVE-2023-45288 CVE-2024-11218 CVE-2024-1753 CVE-2024-3727 CVE-2024-6345 CVE-2024-9407 CVE-2025-22869 CVE-2025-27144 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 76 Released: Tue Apr 22 15:50:03 2025 Summary: Security update for podman Type: security Severity: important References: 1221677,1224112,1228105,1231208,1236270,1236507,1237641,1239330,CVE-2023-45288,CVE-2024-11218,CVE-2024-1753,CVE-2024-3727,CVE-2024-6345,CVE-2024-9407,CVE-2025-22869,CVE-2025-27144 This update for podman fixes the following issues: - CVE-2023-45288: Fixed closing connection when receiving too many headers (bsc#1236507). - CVE-2024-11218: Fixed container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (bsc#1236270). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330). - CVE-2025-27144: Fixed Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237641). - CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208). - CVE-2024-3727: Fixed digest type (bsc#1224112). - CVE-2024-1753: Fixed full container escape at build time (bsc#1221677). Other fixes: - Updated to version 5.2.5: * RPM: remove dup Provides * Packit: constrain koji and bodhi jobs to fedora package to avoid dupes * Validate the bind-propagation option to `--mount` * Updated Buildah to v1.37.4 * vendor: updated c/common to v0.60.4 * pkg/specgen: allow pasta when running inside userns * libpod: convert owner IDs only with :idmap * allow exposed sctp ports * libpod: setupNetNS() correctly mount netns * vendor: updated c/common to v0.60.3 * [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets * [skip-ci] Packit: Enable sidetags for bodhi updates * Updated gvisor-tap-vsock to 0.7.5 * CI: podman-machine: do not use cache registry * [CI:DOCS] Add v5.2.2 lib updates to RELEASE_NOTES.md * Update RELEASE_NOTES for v5.2.2 * [v5.2] Bump Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2 * [v5.2] golangci-lint: make darwin linting happy * [v5.2] golangci-lint: make windows linting happy * [v5.2] test/e2e: remove kernel version check * [v5.2] golangci-lint: remove most skip dirs * [v5.2] set !remote build tags where needed * [v5.2] update golangci-lint to 1.60.1 * Packit: update targets for propose-downstream * Create volume path before state initialization * Update Cirrus DEST_BRANCH * Bump to v5.2.2-dev * Bump to v5.2.1 * Update release notes for v5.2.1 * [v5.2] Add zstd:chunked test fix * [v5.2] Bump Buildah to v1.37.1, c/common v0.60.1, c/image v5.32.1 * libpod: reset state error on init * libpod: do not save expected stop errors in ctr state * libpod: fix broken saveContainerError() * Bump to v5.2.1-dev * Bump to v5.2.0 * Never skip checkout step in release workflow * Bump to v5.2.0-dev * Bump to v5.2.0-rc3 * Update release notes for v5.2.0-rc3 * Tweak versions in register_images.go * fix network cleanup flake in play kube * WIP: Fixes for vendoring Buildah * Add --compat-volumes option to build and farm build * Bump Buildah, c/storage, c/image, c/common * libpod: bind ports before network setup * pkg/api: do not leak config pointers into specgen * build: Update gvisor-tap-vsock to 0.7.4 * test/system: fix borken pasta interface name checks * test/system: fix bridge host.containers.internal test * CI: system tests: instrument to allow failure analysis * Use uploaded .zip for Windows action * RPM: podman-iptables.conf only on Fedora * Bump to v5.2.0-dev * Bump to v5.2.0-rc2 * Update release notes for v5.2.0-rc2 * test/e2e: fix ncat tests * libpod: add hidden env to set sqlite timeout * Add support for StopSignal in quadlet .container files * podman pod stats: fix race when ctr process exits * Update module github.com/vbauerster/mpb/v8 to v8.7.4 * libpod: correctly capture healthcheck output * Bump bundled krunkit to 0.1.2 * podman stats: fix race when ctr process exists * nc -p considered harmful * podman pod stats: fix pod rm race * podman ps: fix racy pod name query * system connection remove: use Args function to validate * pkg/machine/compression: skip decompress bar for empty file * nc -p considered harmful * podman system df: fix fix ErrNoSuchCtr/Volume race * podman auto-update: fix ErrNoSuchCtr race * Fix name for builder in farm connection * 700-play.bats: use unique pod/container/image/volume names * safename: consistent within same test, and, dashes * 700-kube.bats: refactor $PODMAN_TMPDIR/test.yaml * 700-play.bats: eliminate $testYaml * 700-play.bats: refactor clumsy yamlfile creation * 700-play.bats: move _write_test_yaml up near top * chore(deps): update dependency setuptools to v71 * Expand drop-in search paths * top-level (pod.d) * truncated (unit-.container.d) * Remove references and checks for --gpus * Do not crash on invalid filters * fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.2.0 * Bump to v5.2.0-dev * Bump to v5.2.0-rc1 * Keep the volume-driver flag deprecated * Vendor in latest containers(common, storage,image, buildah) * System tests: safe container/image/volume/etc names * Implement disable default mounts via command line * test: drop unmount for overlay * test: gracefully terminate server * libpod: shutdown Stop waits for handlers completion * libpod: cleanup store at shutdown * Add NetworkAlias= support to quadlet * cmd: call shutdown handler stop function * fix race conditions in start/attach logic * swagger: exlude new docker network types * vendor: bump c/storage * update to docker 27 * contrib: use a distinct --pull-option= for each flag * Update warning message when using external compose provider * Update module github.com/cyphar/filepath-securejoin to v0.3.0 * Ignore result of EvalSymlinks on ENOENT * test/upgrade: fix tests when netavark uses nftables * test/system: fix network reload test with nftables * test/e2e: rework some --expose tests * test: remove publish tests from e2e * CI: test nftables driver on fedora * CI: use local registry, part 3 of 3: for developers * CI: use local registry, part 2 of 3: fix tests * CI: use local registry, part 1 of 3: setup * CI: test composefs on rawhide * chore(deps): update module google.golang.org/grpc to v1.64.1 [security] * chore(deps): update dependency setuptools to ~=70.3.0 * Improve container filenname ambiguity. * containers/attach: Note bug around goroutine leak * Drop minikube CI test * add libkrun test docs * fix(deps): update module tags.cncf.io/container-device-interface to v0.8.0 * cirrus: check for header files in source code check * pkg/machine/e2e: run debug command only for macos * create runtime's worker queue before queuing any job * test/system: fix pasta host.containers.internal test * Visual Studio BuildTools as a MinGW alternative * SetupRootless(): only reexec when needed * pkg/rootless: simplify reexec for container code * cirrus: add missing test/tools to danger files * fix(deps): update module golang.org/x/tools to v0.23.0 * Windows Installer: switch to wix5 * fix(deps): update module golang.org/x/net to v0.27.0 * pkg/machine/e2e: print tests timings at the end * pkg/machine/e2e: run debug commands after init * pkg/machine/e2e: improve timeout handling * libpod: first delete container then cidfile * fix(deps): update module golang.org/x/term to v0.22.0 * System test fixes * cirrus.yml: automatic skips based on source * fix(deps): update module github.com/containers/ocicrypt to v1.2.0 * podman events: fix error race * chore(deps): update dependency setuptools to ~=70.2.0 * fix(deps): update module github.com/gorilla/schema to v1.4.1 [security] * Update CI VM images * pkg/machine/e2e: fix broken cleanup * pkg/machine/e2e: use tmp file for connections * test/system: fix podman --image-volume to allow tmpfs storage * CI: mount tmpfs for container storage * docs: --network remove missing leading sentence * specgen: parse devices even with privileged set * vendor: update c/storage * Remove the unused machine volume-driver * feat(quadlet): log option handling * Error when machine memory exceeds system memory * machine: Always use --log-file with gvproxy * CI: Build-Each-Commit test: run only on PRs * Small fixes for testing libkrun * Podman machine resets all providers * Clearly indicate names w/ URLencoded duplicates * [skip-ci] Packit: split rhel and centos-stream jobs * apple virtiofs: fix racy mount setup * cirrus: fix broken macos artifacts URL * libpod/container_top_linux.c: fix missing header * refactor(build): improve err when file specified by -f does not exist * Minor: Remove unhelpful comment * Update module github.com/openshift/imagebuilder to v1.2.11 * Minor: Rename the OSX Cross task * [skip-ci] Remove conditionals from changelog * podman top: join the container userns * Run linting in parallel with building * Fix missing Makefile target dependency * build API: accept platform comma separated * [skip-ci] RPM: create podman-machine subpackage * ExitWithError() - more upgrades from Exit() * test/e2e: remove podman system service tests * cirrus: reduce int tests timeout * cirrus: remove redundant skip logic * pkg/machine/apple: machine stop timeout * CI: logformatter: link to correct PR base * Update module github.com/crc-org/crc/v2 to v2.38.0 * ExitWithError(): continued * test/system: Add test steps for journald log check in quadlet * restore: fix missing network setup * podman run use pod userns even with --pod-id-file * macos-installer: bundle krunkit * remote API: fix pod top error reporting * libpod API: return proper error status code for pod start * fix #22233 * added check for `registry.IsRemote()`. and correct error message. * fix #20686 * pkg/machine/e2e: Remove unnecessary copy of machine image. * libpod: intermediate mount if UID not mapped into the userns * libpod: avoid chowning the rundir to root in the userns * libpod: do not chmod bind mounts * libpod: unlock the thread if possible * CI Cleanup: Remove cgroups v1 support * ExitWithError() - more upgrades from Exit() * remote: fix incorrect CONTAINER_CONNECTION parsing * container: pass KillSignal and StopTimeout to the systemd scope * libpod: fix comment * e2e: test container restore in pod by name * docs: Adds all PushImage supported paramters to openapi docs. * systests: kube: bump up a timeout * cirrus.yml: add CI:ALL mode to force all tests * cirrus.yml: implement skips based on source changes * CI VMs: bump * restore: fix container restore into pod * sqlite_state: Fix RewriteVolumeConfig * chore(deps): update dependency setuptools to ~=70.1.0 * Quadlet - use specifier for unescaped values for templated container name * cirrus: check for system test leaks in nightly * test/system: check for leaks in teardown suite * test/system: speed up basic_{setup,teardown}() * test/system: fix up many tests that do not cleanup * test/system: fix podman --authfile=nonexistent-path * Update module github.com/containernetworking/plugins to v1.5.1 * Update module github.com/checkpoint-restore/checkpointctl to v1.2.1 * Update module github.com/spf13/cobra to v1.8.1 * Update module github.com/gorilla/schema to v1.4.0 * pkg/machine/wsl: force terminate wsl instance * pkg/machine/wsl: wrap command errors * [CI:DOCS] Quadlet - add note about relative path resolution * CI: do not install python packages at runtime * Release workflow: Include candidate descriptor * Minor: Fix indentation in GHA release workflow * GHA: Send release notification mail * GHA: Validate release version number * Remove references to --pull=true and --pull=false * ExitWithError, continued * podman: add new hidden flag --pull-option * [CI:DOCS] Fix typos in podman-build * infra: mark storageSet when imagestore is changed * [CI:DOCS] Add jnovy as reviewer and approver * fix(deps): update module google.golang.org/protobuf to v1.34.2 * refactor(machine,wsl): improve operations of Windows API * --squash --layers=false should be allowed * fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.2.0 * update golangci-lint to v1.59.1 * Rename master to main in CONTRIBUTING.md * podman 5, pasta and inter-container networking * libpod: do not resuse networking on start * machine/linux: Switch to virtiofs by default * machine/linux: Support virtiofs mounts (retain 9p default) * machine/linux: Use memory-backend-memfd by default * ExitWithError() - continued * Enable libkrun provider to open a debug console * Add new targets on Windows makefile (winmake.ps1) * fix(deps): update module github.com/docker/docker to v26.1.4+incompatible * fix(deps): update module github.com/crc-org/crc/v2 to v2.37.1 * fix(deps): update module golang.org/x/tools to v0.22.0 * fix(deps): update module golang.org/x/net to v0.26.0 * libpod: fix 'podman kube generate' on FreeBSD * fix(deps): update module golang.org/x/sys to v0.21.0 * libpod: do not leak systemd hc startup unit timer * vendor latest c/common * pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED correctly * run bats -T, to profile timing hogs * test/system: speed up podman ps --external * test/system: speed up podman network connect/disconnect * test/system: speed up podman network reload * test/system: speed up quadlet - pod simple * test/system: speed up podman parallel build should not race * test/system: speed up podman cp dir from host to container * test/system: speed up podman build - workdir, cmd, env, label * test/system: speed up podman --log-level recognizes log levels * test/system: remove obsolete debug in net connect/disconnect test * test/system: speed up quadlet - basic * test/system: speed up user namespace preserved root ownership * System tests: add `podman system check` tests * Add `podman system check` for checking storage consistency * fix(deps): update module github.com/crc-org/crc/v2 to v2.37.0 * fix(libpod): add newline character to the end of container's hostname file * fix(deps): update module github.com/openshift/imagebuilder to v1.2.10 * fix(deps): update github.com/containers/image/v5 digest to aa93504 * Fix 5.1 release note re: runlabel * test/e2e: use local skopeo not image * fix(deps): update golang.org/x/exp digest to fd00a4e * [CI:DOCS] Add contrib/podmanimage/stable path back in repo * chore(deps): update dependency requests to ~=2.32.3 * fix(deps): update github.com/containers/image/v5 digest to 2343e81 * libpod: do not move podman with --cgroups=disabled * Update release notes on Main to v5.1.0 * test: look at the file base name * tests: simplify expected output * Sigh, new VMs again * Fail earlier when no containers exist in stats * Add Hyper-V option in windows installer * libpod: cleanup default cache on system reset * vendor: update c/image * test/system: speed up kube generate tmpfs on /tmp * test/system: speed up podman kube play tests * test/system: speed up podman shell completion test * test/system: simplify test signal handling in containers * test/system: speed up podman container rm ... * test/system: speed up podman ps - basic tests * test/system: speed up read-only from containers.conf * test/system: speed up podman logs - multi ... * test/system: speed up podman run --name * Debian: switch to crun * test/system: speed up podman generate systemd - envar * test/system: speed up podman-kube at .service template * test/system: speed up kube play healthcheck initialDelaySeconds * test/system: speed up exit-code propagation test * test/system: speed up 'podman run --timeout' * test/system: fix slow kube play --wait with siginterrupt * undo auto-formatting * test/system: speed up podman events tests * Quadlet: Add support for .build files * test/system: speed up 'podman auto-update using systemd' * test/system: remove podman wait test * tests: disable tests affected by a race condition * update golangci-lint to v1.59.0 * kubernetes_support.md: Mark volumeMounts.subPath as supported * working name of pod on start and stop * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.0 * Bump Buildah to v1.36.0 * fix(deps): update module github.com/burntsushi/toml to v1.4.0 * fix typo in Tutorials.rst * Mac PM test: Require pre-installed rosetta * test/e2e: fix new error message * Add configuration for podmansh * Update containers/common to latest main * Only stop chowning volumes once they're not empty * podman: fix --sdnotify=healthy with --rm * libpod: wait another interval for healthcheck * quadlet: Add a network requirement on .image units * test, pasta: Ignore deprecated addresses in tests * [CI:DOCS] performance: update network docs * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0 * CI: disable minikube task * [CI:DOCS] Fix windows action trigger * chore(deps): update dependency setuptools to v70 * Check AppleHypervisor before accessing it * fix(deps): update module github.com/containernetworking/plugins to v1.5.0 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.2 * add podman-clean-transient.service service to rootless * [CI:DOCS] Update podman network docs * fix incorrect host.containers.internal entry for rootless bridge mode * vendor latest c/common main * Add Rosetta support for Apple Silicon mac * bump main to 5.2.0-dev * Use a defined constant instead of a hard-coded magic value * cirrus: use faster VM's for integration tests * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 01a1a0c * [CI:DOCS] Fix Mac pkg link * test: remove test_podman* scripts * test/system: fix documentation * Return StatusNotFound when multiple volumes matching occurs * container_api: do not wait for healtchecks if stopped * libpod: wait for healthy on main thread * `podman events`: check for an error after we finish reading events * remote API: restore v4 payload in container inspect * Fix updating connection when SSH port conflict happens * rootless: fix reexec to use /proc/self/exe * ExitWithError() - enforce required exit status & stderr * ExitWithError() - a few that I missed * [skip-ci] Packit: use only one value for `packages` key for `trigger: commit` copr builds * Revert 'Temporarily disable rootless debian e2e testing' * CI tests: enforce TMPDIR on tmpfs * use new CI images with tmpfs /tmp * run e2e test on tmpfs * Update module github.com/crc-org/crc/v2 to v2.36.0 * [CI:DOCS] Use checkout at v4 in GH Actions * ExitWithError() - rmi_test * ExitWithError() - more r files * ExitWithError() - s files * ExitWithError() - more run_xxx tests * Fix podman-remote support for `podman farm build` * [CI:DOCS] Trigger windows installer action properly * Revert 'container stop: kill conmon' * Ensure that containers do not get stuck in stopping * [CI:DOCS] Improvements to make validatepr * ExitWithError() - rest of the p files * [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.1 * Graceful shutdown during podman kube down * Remove duplicate call * test/system: fix broken 'podman volume globs' test * Quadlet/Container: Add GroupAdd option * Don't panic if a runtime was configured without paths * update c/{buildah,common,image,storage} to latest main * update golangci-lint to 1.58 * machine: Add LibKrun provider detection * ExitWithError() - continue tightening * fix(deps): update module google.golang.org/protobuf to v1.34.1 * test: improve test for powercap presence * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3 * fix(deps): update module go.etcd.io/bbolt to v1.3.10 * fix(deps): update module golang.org/x/tools to v0.21.0 * [skip-ci] RPM: `bats` required only on Fedora * fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 * gpdate and remove parameter settings in `.golangci.yml` * ExitWithError() - play_kube_test.go * Temporarily disable rootless debian e2e testing * fix(deps): update module golang.org/x/crypto to v0.23.0 * CI Docs: Clarify passthrough_envars() comments * Skip machine tests if they don't need to be run * Update CI VMs to F40, F39, D13 * ExitWithError() - v files * Update module golang.org/x/term to v0.20.0 * machine: Add provider detection API * util: specify a not empty pause dir for root too * Add missing option 'healthy' to output of `podman run --help` * [CI:DOCS] Add info on the quay.io images to the README.md * Add a random suffix to healthcheck unit names * test/e2e: remove toolbox image * Also substitute $HOME in runlabel with user's homedir * Update module github.com/cyphar/filepath-securejoin to v0.2.5 * Change tmpDir for macOS * ExitWithError() - pod_xxx tests * ExitWithError() -- run_test.go * Update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f * Update module github.com/shirou/gopsutil/v3 to v3.24.4 * Update module github.com/docker/docker to v26.1.1+incompatible * GHA: Attempt fix exceeded a secondary rate limit * vendor ginkgo 2.17.2 into test/tools * Fix machine volumes with long path and paths with dashes * Update module google.golang.org/protobuf to v1.34.0 * Update module github.com/crc-org/crc/v2 to v2.35.0 * Update module github.com/onsi/gomega to v1.33.1 * test/e2e: podman unshare image mount fix tmpdir leak * test/e2e: do not leak /tmp/private_file * test/e2e: 'persistentVolumeClaim with source' do not leak file * e2e tests: use /var/tmp, not $TMPDIR, as workdirs * Update dependency pytest to v8.1.2 * Remove unncessary lines at the end of specfile summary * Clean machine pull cache * Add krun support to podman machine * Use custom image for make validatepr * test/e2e: force systemd cgroup manager * e2e and bindings tests: fix $PATH setup * Makefile: remove useless HACK variable in e2e test * test/e2e: fix volumes and suid/dev/exec options * test/e2e: volumes and suid/dev/exec options works remote * test/e2e: fix limits test * Update module github.com/rootless-containers/rootlesskit/v2 to v2.1.0 * Correct option name `ip` -> `ip6` * Add the ability to automount images as volumes via play * Add support for image volume subpaths * Bump Buildah to latest main * Update Makefile to Go 1.22 for in-container * ExitWithError() - yet more low-hanging fruit * ExitWithError() - more low-hanging fruit * ExitWithError() - low-hanging fruit * chore: fix function names in comment * Remove redundant Prerequisite before build section * Remove PKG_CONFIG_PATH * Add installation instructions for openSUSE * Replace golang.org/x/exp/slices with slices from std * Update to go 1.21 * fix(deps): update module github.com/docker/docker to v26.1.0+incompatible * [CI:DOCS] Fix artifact action * [skip-ci] Packit/rpm: remove el8 jobs and spec conditionals * e2e tests: stop littering * [CI:DOCS] format podman-pull example as code * [CI:DOCS] Build & upload release artifacts with GitHub Actions * libpod: getHealthCheckLog() remove unessesary check * add containers.conf healthcheck_events support * vendor latest c/common * libpod: make healthcheck events more efficient * libpod: wrap store setup error message * [skip-ci] Packit: enable CentOS 10 Stream build jobs * pkg/systemd: use fileutils.(Le|E)xists * pkg/bindings: use fileutils.(Le|E)xists * pkg/util: use fileutils.(Le|E)xists * pkg/trust: use fileutils.(Le|E)xists * pkg/specgen: use fileutils.(Le|E)xists * pkg/rootless: use fileutils.(Le|E)xists * pkg/machine: use fileutils.(Le|E)xists * pkg/domain: use fileutils.(Le|E)xists * pkg/api: use fileutils.(Le|E)xists * libpod: use fileutils.(Le|E)xists * cmd: use fileutils.(Le|E)xists * vendor: update containers/{buildah,common,image,storage} * fix(deps): update module github.com/docker/docker to v26.0.2+incompatible [security] * fix podman-pod-restart.1.md typo * [skip-ci] Packit: switch to EPEL instead of centos-stream+epel-next * fix(deps): update module github.com/onsi/gomega to v1.33.0 * Add more annnotation information to podman kupe play man page * test/compose: remove compose v1 code * CI: remove compose v1 tests * fix: close resource file * [CI:DOCS] Fix windows installer action * fix(deps): update module tags.cncf.io/container-device-interface to v0.7.2 * add `list` as an alias to list networks * Add support for updating restart policy * Add Compat API for Update * Make `podman update` changes persistent * Emergency fix (well, skip) for failing bud tests * fix swagger doc for manifest create * [CI:DOCS] options/network: fix markdown lists * Makefile: do not hardcode `GOOS` in `podman-remote-static` target * chore(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency setuptools to ~=69.5.0 * Fix some comments * swagger fix infinitive recursion on some types * install swagger from source * Revert 'Swap out javascript engine' * podman exec CID without command should exit 125 * (minor) prefetch systemd image before use * Update go-swagger version * Swap out javascript engine * fix(deps): update module github.com/docker/docker to v26.0.1+incompatible * Add os, arch, and ismanifest to libpod image list * [CI:DOCS]Initial PR validation * fix(deps): update github.com/containers/gvisor-tap-vsock digest to d744d71 * vendor ginkgo 2.17.1 into test/tools * fix 'concurrent map writes' in network ls compat endpoint * chore(deps): update dependency pytest to v8 * e2e: redefine ExitWithError() to require exit code * docs: fix missleading run/create --expose description * podman ps: show exposed ports under PORTS as well * rootless: drop function ReadMappingsProc * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.3 * New CI VMs, to give us pasta 2024-04-05 * Add big warning to GHA workflow * GHA: Fix intermittent workflow error * fix(deps): update module golang.org/x/tools to v0.20.0 * e2e tests: remove requirement for fuse-overlayfs * docs: update Quadlet volume Options desc * fix(deps): update module golang.org/x/sync to v0.7.0 * Fix relabeling failures with Z/z volumes on Mac * fix(deps): update module golang.org/x/net to v0.24.0 * Makefile: fix annoying errors in docs generation * chore: fix function names in comment * Bump tags.cncf.io/container-device-interface to v0.7.1 * fix(deps): update module golang.org/x/crypto to v0.22.0 * Detect unhandled reboots and require user intervention * podman --runroot: remove 50 char length restriction * update github.com/rootless-containers/rootlesskit to v2 * Update module github.com/gorilla/schema to v1.3.0 * Update dependency requests-mock to ~=1.12.1 * Update module github.com/crc-org/crc/v2 to v2.34.1 * rm --force work for more than one arg * [CI:DOCS] Update kube docs * fix(deps): update module github.com/shirou/gopsutil/v3 to v3.24.3 * [CI:DOCS] Add GitHub action to update version on Podman.io * [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.2 * Windows: clean up temporary perl install * pkg/util: FindDeviceNodes() ignore ENOENT errors * [CI:DOCS] build deps: make-validate needs docs * test/system: add rootless-netns test for setup errors * vendor latest c/common main * container: do not chown to dest target with U * [CI:DOCS] golangci-lint: update deprecated flags * systests: conditionalize slirp4netns tests * CI: systests: instrument flaky tests * s3fs docs * test: do not skip tests under rootless * Add note about host networking to Kube PublishPort option * Inject additional build tags from the environment * libpod: use original IDs if idmap is provided * Switch back to checking out the same branch the action script runs in * docs/podman-login: Give an example of writing the persistent path * CI: Bump VMs to 2024-03-28 * [skip-ci] Update dawidd6/action-send-mail action to v3.12.0 * fix(deps): update module github.com/openshift/imagebuilder to v1.2.7 * Fix reference to deprecated types.Info * Use logformatter for podman_machine_windows_task * applehv: Print vfkit logs in --log-level debug * [CI:DOCS]Add Mario to reviewers list * [CI:DOCS] Document CI-maintenance job addition * Add golang 1.21 update warning * Add rootless network command to `podman info` * libpod: don't warn about cgroupsv1 on FreeBSD * hyperv: error if not admin * Properly parse stderr when updating container status * [skip-ci] Packit: specify fedora-latest in propose-downstream * Use built-in ssh impl for all non-pty operations * Add support for annotations * hyperv: fix machine rm -r * [skip-ci] Packit: Enable CentOS Stream 10 update job * 5.0 release note fix typo in cgroupv1 env var * fix remote build isolation on client side * chore: remove repetitive words * Dont save remote context in temp file but stream and extract * fix remote build isolation when server runs as root * util: use private propagation with bind * util: add some tests for ProcessOptions * util: refactor ProcessOptions into an internal function * util: rename files to snake case * Add LoongArch support for libpod * fix(deps): update github.com/containers/common digest to bc5f97c * [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.1 * fix(deps): update module github.com/docker/docker to v25.0.5+incompatible [security] * fix(deps): update module github.com/onsi/gomega to v1.32.0 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.0 * Update module github.com/cpuguy83/go-md2man/v2 to v2.0.4 * Fix type-o * Use correct extension in suite * minikube: instrument tests, to allow debugging failures * libpod: restart always reconfigure the netns * use new c/common pasta2 setup logic to fix dns * utils: drop conversion float->string->float * utils: do not generate duplicate range * logformatter: handle Windows logs * utils: add test for the new function * utils: move rootless code to a new function * xref-helpmsgs-manpages: cross-check Commands.rst * test/system: Add support for multipath routes in pasta networking tests * [skip-ci] rpm: use macro supported vendoring * Adjust to the standard location of gvforwarder used in new images * Makefile: add target `podman-remote-static` * Switch to 5.x WSL machine os stream using new automation * Cleanup build scratch dir if remote end disconnects while passing the context * bump main to 5.1.0-dev * Use faster gzip for compression for 3x speedup for sending large contexts to remote * pkg/machine: make checkExclusiveActiveVM race free * pkg/machine/wsl: remove unused CheckExclusiveActiveVM() * pkg/machine: CheckExclusiveActiveVM should also check for starting * pkg/machine: refresh config after we hold lock * Update dependency setuptools to ~=69.2.0 * [skip-ci] rpm: update containers-common dep on f40+ * fix invalid HTTP header values when hijacking a connection * Add doc to build podman on windows without MSYS * Removing CRI-O related annotations * fix(deps): update module github.com/containers/ocicrypt to v1.1.10 * Pass the restart policy to the individual containers * kube play: always pull when both imagePullPolicy and tag are missing The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.22 updated - libxslt1-1.1.38-slfo.1.1_2.1 updated - podman-5.2.5-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.24 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:25:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:25:42 +0200 (CEST) Subject: SUSE-CU-2025:2748-1: Security update of bci/kiwi Message-ID: <20250423072542.C5D05FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2748-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-22.42 , bci/kiwi:latest Container Release : 22.42 Severity : important Type : security References : 1232234 1235481 1236033 1240343 CVE-2024-10041 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - iproute2-6.4-150600.7.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:26:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:26:15 +0200 (CEST) Subject: SUSE-CU-2025:2749-1: Security update of bci/nodejs Message-ID: <20250423072615.7FE9CFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2749-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.58 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.58 , bci/nodejs:latest Container Release : 48.58 Severity : important Type : security References : 1232234 1234128 1234713 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:26:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:26:25 +0200 (CEST) Subject: SUSE-CU-2025:2750-1: Security update of bci/nodejs Message-ID: <20250423072625.034D0FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2750-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.46 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.46 Container Release : 31.46 Severity : important Type : security References : 1232234 1234128 1234713 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:26:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:26:33 +0200 (CEST) Subject: SUSE-CU-2025:2751-1: Security update of bci/openjdk-devel Message-ID: <20250423072633.18C41FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2751-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-4.30 Container Release : 4.30 Severity : important Type : security References : 1232234 1234128 1234713 1235481 1236033 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - container:bci-openjdk-17-693cfc263dfcad02fcc0eae6f6d18d21886d6ebe1375dd1c68c5af214d863311-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:26:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:26:40 +0200 (CEST) Subject: SUSE-CU-2025:2752-1: Recommended update of bci/openjdk Message-ID: <20250423072640.5040AFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2752-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-4.21 Container Release : 4.21 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:27:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:27:23 +0200 (CEST) Subject: SUSE-CU-2025:2753-1: Security update of bci/openjdk-devel Message-ID: <20250423072723.91D46FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2753-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.44 , bci/openjdk-devel:latest Container Release : 33.44 Severity : important Type : security References : 1232234 1234128 1234713 1235481 1236033 1239618 1239883 CVE-2024-10041 CVE-2024-8176 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - libexpat1-2.7.1-150400.3.28.1 updated - container:bci-openjdk-21-3a07890ffd3aa4f1df52d90d7267064d7ae8138bb1083e690deab6eb66362c9d-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:28:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:28:01 +0200 (CEST) Subject: SUSE-CU-2025:2754-1: Security update of bci/openjdk Message-ID: <20250423072801.CFD20FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2754-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.30 , bci/openjdk:latest Container Release : 33.30 Severity : important Type : security References : 1234128 1234713 1239618 1239883 CVE-2024-8176 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:28:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:28:33 +0200 (CEST) Subject: SUSE-CU-2025:2755-1: Security update of bci/php-apache Message-ID: <20250423072833.8BD92FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2755-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.28 , bci/php-apache:8.2.28-48.59 , bci/php-apache:latest Container Release : 48.59 Severity : important Type : security References : 1232234 1234128 1234713 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:29:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:29:02 +0200 (CEST) Subject: SUSE-CU-2025:2756-1: Security update of bci/php-fpm Message-ID: <20250423072902.4B707FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2756-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.28 , bci/php-fpm:8.2.28-48.59 , bci/php-fpm:latest Container Release : 48.59 Severity : important Type : security References : 1232234 1234128 1234713 1239883 CVE-2024-10041 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:29:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:29:29 +0200 (CEST) Subject: SUSE-CU-2025:2757-1: Recommended update of bci/php Message-ID: <20250423072929.7AAF5FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2757-1 Container Tags : bci/php:8 , bci/php:8.2.28 , bci/php:8.2.28-48.50 , bci/php:latest Container Release : 48.50 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - timezone-2025b-150600.91.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:30:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:30:03 +0200 (CEST) Subject: SUSE-CU-2025:2758-1: Recommended update of bci/python Message-ID: <20250423073003.07B25FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2758-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.56 Container Release : 60.56 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:30:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:30:41 +0200 (CEST) Subject: SUSE-CU-2025:2759-1: Security update of bci/ruby Message-ID: <20250423073041.0B334FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2759-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.60 , bci/ruby:latest Container Release : 31.60 Severity : moderate Type : security References : 1232234 CVE-2024-10041 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - pam-1.3.0-150000.6.76.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:32:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:32:00 +0200 (CEST) Subject: SUSE-CU-2025:2760-1: Security update of bci/ruby Message-ID: <20250423073200.1EA85FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2760-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-4.29 Container Release : 4.29 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1232234 1233699 1234128 1234665 1234713 1236282 1239883 CVE-2024-10041 CVE-2025-0395 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - findutils-4.10.0-150700.2.4 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - libgcrypt20-1.11.0-150700.3.3 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - permissions-20240826-150700.14.2 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.2 updated - libruby2_5-2_5-2.5.9-150700.22.12 updated - libruby3_4-3_4-3.4.1-150700.1.8 updated - ruby2.5-stdlib-2.5.9-150700.22.12 updated - glibc-devel-2.38-150600.14.26.1 updated - ruby2.5-rubygem-gem2rpm-0.10.1-150700.20.12 updated - ruby2.5-2.5.9-150700.22.12 updated - ruby3.4-3.4.1-150700.1.8 updated - ruby3.4-devel-3.4.1-150700.1.8 updated - container:sles15-image-15.7.0-4.2.57 updated From sle-container-updates at lists.suse.com Wed Apr 23 07:32:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 09:32:12 +0200 (CEST) Subject: SUSE-CU-2025:2761-1: Security update of suse/sle15 Message-ID: <20250423073212.A0CE3FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2761-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.57 , suse/sle15:15.7 , suse/sle15:15.7-4.2.57 Container Release : 4.2.57 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1232234 1233699 1234128 1234665 1234713 1235481 1236033 1236282 1239883 1240343 CVE-2024-10041 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - findutils-4.10.0-150700.2.4 updated - glibc-2.38-150600.14.26.1 updated - grep-3.11-150700.1.6 updated - libblkid1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libgcrypt20-1.11.0-150700.3.3 updated - libgpg-error0-1.50-150700.1.6 updated - liblzma5-5.4.1-150600.3.3.1 updated - libmount1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - libopenssl3-3.2.3-150700.3.14 updated - libsmartcols1-2.40.4-150700.2.2 updated - libuuid1-2.40.4-150700.2.2 updated - openssl-3-3.2.3-150700.3.14 updated - pam-1.3.0-150000.6.76.1 updated - permissions-20240826-150700.14.2 updated - sle-module-basesystem-release-15.7-150700.24.5 updated - sle-module-python3-release-15.7-150700.24.5 updated - sle-module-server-applications-release-15.7-150700.24.5 updated - sles-release-15.7-150700.24.10 updated - timezone-2025b-150600.91.6.2 updated - util-linux-2.40.4-150700.2.2 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:53:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:53:54 +0200 (CEST) Subject: SUSE-CU-2025:2764-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250423135354.3E006FD12@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2764-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-baremetal , rancher/elemental-channel/sl-micro:6.0-baremetal-8.1 Container Release : 8.1 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - container:suse-toolbox-image-1.0.0-7.11 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:54:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:54:00 +0200 (CEST) Subject: SUSE-CU-2025:2765-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250423135400.61FD8FD12@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2765-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-base , rancher/elemental-channel/sl-micro:6.0-base-8.1 Container Release : 8.1 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - container:suse-toolbox-image-1.0.0-7.11 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:54:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:54:05 +0200 (CEST) Subject: SUSE-CU-2025:2766-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250423135405.34E05FD12@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2766-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-kvm , rancher/elemental-channel/sl-micro:6.0-kvm-8.1 Container Release : 8.1 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - container:suse-toolbox-image-1.0.0-7.11 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:54:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:54:11 +0200 (CEST) Subject: SUSE-CU-2025:2767-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250423135411.01F03FD12@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2767-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-rt , rancher/elemental-channel/sl-micro:6.0-rt-8.1 Container Release : 8.1 Severity : important Type : security References : 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) The following package changes have been done: - glibc-2.38-8.1 updated - container:suse-toolbox-image-1.0.0-7.11 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:54:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:54:28 +0200 (CEST) Subject: SUSE-CU-2025:2772-1: Security update of rancher/elemental-operator Message-ID: <20250423135428.93C57FD12@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2772-1 Container Tags : rancher/elemental-operator:1.6.8 , rancher/elemental-operator:1.6.8-7.1 , rancher/elemental-operator:latest Container Release : 7.1 Severity : important Type : security References : 1233699 1234665 1236282 1236878 1237498 1238700 1239335 CVE-2024-12133 CVE-2025-0395 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) ----------------------------------------------------------------- Advisory ID: 262 Released: Mon Mar 31 08:37:17 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1237498 This update for elemental-operator fixes the following issues: - Update to version 1.6.7: * Bump default operator channel to Micro 6.1 images * [v1.6.x][BACKPORT] seedimage: clean-up service on image download deadline (bsc#1237498) * No need to install yq neither to create a GH release ----------------------------------------------------------------- Advisory ID: 266 Released: Tue Apr 1 12:11:15 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: Fixed potential DoS in handling of numerous SEQUENCE OF or SET OF elements (bsc#1236878). ----------------------------------------------------------------- Advisory ID: 284 Released: Fri Apr 11 12:57:37 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to version 1.6.8: * Deactivated e2e workflow * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) The following package changes have been done: - elemental-operator-1.6.8-2.1 updated - glibc-2.38-8.1 updated - libtasn1-6-4.19.0-4.1 updated - container:suse-toolbox-image-1.0.0-7.11 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:54:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:54:41 +0200 (CEST) Subject: SUSE-CU-2025:2773-1: Security update of rancher/seedimage-builder Message-ID: <20250423135441.D3D01FD12@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2773-1 Container Tags : rancher/seedimage-builder:1.6.8 , rancher/seedimage-builder:1.6.8-7.1 , rancher/seedimage-builder:latest Container Release : 7.1 Severity : important Type : security References : 1220338 1223596 1229228 1230145 1231048 1231472 1232227 1232844 1233289 1233322 1233699 1233752 1234015 1234313 1234665 1234765 1235151 1236282 1236588 1236590 1236619 1236878 1237363 1237370 1237418 1237498 1238700 1239335 CVE-2024-12133 CVE-2024-56171 CVE-2025-0167 CVE-2025-0395 CVE-2025-0725 CVE-2025-22869 CVE-2025-22870 CVE-2025-24528 CVE-2025-24928 CVE-2025-27113 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 224 Released: Wed Mar 5 17:35:03 2025 Summary: Security update for glibc Type: security Severity: important References: 1233699,1234665,1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). Other fixes: - Fix underallocation of abort_msg_s struct - Correctly determine livepatching support - Remove nss-systemd from default nsswitch.conf (bsc#1233699) ----------------------------------------------------------------- Advisory ID: 229 Released: Mon Mar 10 14:39:19 2025 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596,1230145 This update for e2fsprogs fixes the following issues: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145) - EA Inode handling fixes * e2fsck: Add more checks for EA inode consistency (bsc#1223596) * e2fsck: Fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: 230 Released: Tue Mar 11 11:01:13 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1220338,1229228,1231048,1232227,1232844,1233752,1234015,1234313,1234765 This update for systemd fixes the following issues: - Fixed agetty fails to open credentials directory (bsc#1229228) - hwdb: comment out the entry for Logitech MX Keys for Mac - test: answer 2nd mdadm --create question for compat with new version - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: Also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) - add a allow/denylist for reading sysfs attributes (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType - drop efifar SystemdOptions (bsc#1220338) Upstream deprecated it and plan to drop it in the future. - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else (bsc#1232227) - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) - restore some legacy symlinks Given that SLE16 will be based on SLFO, we have no choice but to continue supporting these compat symlinks. This compatibility code is no longer maintained in the Git repository though, as we primarily backport upstream commits these days. Additionally, the compat code rarely changes and often causes conflicts when merged into recent versions of systemd. ----------------------------------------------------------------- Advisory ID: 239 Released: Wed Mar 12 11:47:54 2025 Summary: Security update for curl Type: security Severity: moderate References: 1235151,1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) Other issues fixed: - Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. (bsc#1235151) ----------------------------------------------------------------- Advisory ID: 244 Released: Fri Mar 14 12:51:07 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches - modified patches ----------------------------------------------------------------- Advisory ID: 245 Released: Fri Mar 14 12:55:02 2025 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: 1233289,1233322 This update for elemental-toolkit fixes the following issues: - Bump yip to v1.9.6 (bsc#1233322) - Make lint happy - Fixes squashfs images creation (bsc#1233289) ----------------------------------------------------------------- Advisory ID: 251 Released: Wed Mar 19 11:42:10 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: 262 Released: Mon Mar 31 08:37:17 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1237498 This update for elemental-operator fixes the following issues: - Update to version 1.6.7: * Bump default operator channel to Micro 6.1 images * [v1.6.x][BACKPORT] seedimage: clean-up service on image download deadline (bsc#1237498) * No need to install yq neither to create a GH release ----------------------------------------------------------------- Advisory ID: 266 Released: Tue Apr 1 12:11:15 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: Fixed potential DoS in handling of numerous SEQUENCE OF or SET OF elements (bsc#1236878). ----------------------------------------------------------------- Advisory ID: 272 Released: Fri Apr 4 15:07:10 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in xmlPatMatch (bsc#1237418). ----------------------------------------------------------------- Advisory ID: 284 Released: Fri Apr 11 12:57:37 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to version 1.6.8: * Deactivated e2e workflow * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) The following package changes have been done: - elemental-httpfy-1.6.8-2.1 updated - elemental-seedimage-hooks-1.6.8-2.1 updated - glibc-2.38-8.1 updated - libtasn1-6-4.19.0-4.1 updated - libcom_err2-1.47.0-3.1 updated - libxml2-2-2.11.6-7.1 updated - libext2fs2-1.47.0-3.1 updated - libudev1-254.23-1.1 updated - findutils-4.9.0-4.1 updated - libsystemd0-254.23-1.1 updated - glibc-locale-base-2.38-8.1 updated - e2fsprogs-1.47.0-3.1 updated - krb5-1.20.1-6.1 updated - libcurl4-8.6.0-6.1 updated - curl-8.6.0-6.1 updated - systemd-254.23-1.1 updated - udev-254.23-1.1 updated - elemental-toolkit-2.1.2-1.1 updated - container:suse-toolbox-image-1.0.0-7.11 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:56:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:56:57 +0200 (CEST) Subject: SUSE-CU-2025:2774-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250423135657.3AF81FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2774-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.120 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.120 Severity : moderate Type : recommended References : 1234383 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1354-1 Released: Tue Apr 22 05:14:53 2025 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1234383 This update for iproute2 fixes the following issues: - Avoid false cgroup warnings (bsc#1234383) The following package changes have been done: - iproute2-5.14-150400.3.3.1 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:58:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:58:40 +0200 (CEST) Subject: SUSE-CU-2025:2775-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250423135840.73256FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2775-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.120 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.120 Severity : moderate Type : recommended References : 1234383 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1354-1 Released: Tue Apr 22 05:14:53 2025 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1234383 This update for iproute2 fixes the following issues: - Avoid false cgroup warnings (bsc#1234383) The following package changes have been done: - iproute2-5.14-150400.3.3.1 updated From sle-container-updates at lists.suse.com Wed Apr 23 13:59:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 15:59:58 +0200 (CEST) Subject: SUSE-CU-2025:2776-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250423135958.A2EE1FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2776-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.23 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.23 Severity : moderate Type : recommended References : 1234383 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1354-1 Released: Tue Apr 22 05:14:53 2025 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1234383 This update for iproute2 fixes the following issues: - Avoid false cgroup warnings (bsc#1234383) The following package changes have been done: - iproute2-5.14-150400.3.3.1 updated From sle-container-updates at lists.suse.com Wed Apr 23 14:00:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 16:00:34 +0200 (CEST) Subject: SUSE-IU-2025:1188-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250423140034.BD1B0FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1188-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.17 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.17 Severity : important Type : security References : 1238591 1239330 1239625 1239637 CVE-2023-40403 CVE-2024-55549 CVE-2024-6104 CVE-2025-22869 CVE-2025-24855 CVE-2025-27144 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 292 Released: Tue Apr 22 16:17:16 2025 Summary: Security update for podman Type: security Severity: important References: 1239330,CVE-2024-6104,CVE-2025-22869,CVE-2025-27144 This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330). ----------------------------------------------------------------- Advisory ID: 297 Released: Wed Apr 23 15:11:10 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: * CVE-2025-24855: Fix use-after-free of XPath context node (bsc#1239625) * CVE-2024-55549: Fix UAF related to excluded namespaces (bsc#1239637) * CVE-2023-40403: Make generate-id() deterministic (bsc#1238591) The following package changes have been done: - libxml2-2-2.11.6-7.1 updated - SL-Micro-release-6.0-25.17 updated - elemental-register-1.6.8-2.1 updated - elemental-support-1.6.8-2.1 updated - libxslt1-1.1.38-4.1 updated - podman-4.9.5-4.1 updated - container:SL-Micro-base-container-2.1.3-6.14 updated From sle-container-updates at lists.suse.com Wed Apr 23 14:00:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Apr 2025 16:00:57 +0200 (CEST) Subject: SUSE-IU-2025:1189-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250423140057.23546FD1B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1189-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.24 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.24 Severity : important Type : security References : 1224013 1224757 1228659 1231910 1234074 1234157 1234698 1235550 1235870 1237874 1237882 1238052 1238565 1238746 1238970 1238990 1239066 1239475 1239684 1239906 1239925 1240167 1240168 1240171 1240176 1240184 1240185 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2024-27415 CVE-2024-50038 CVE-2024-53124 CVE-2024-53139 CVE-2024-58018 CVE-2024-58071 CVE-2025-21729 CVE-2025-21755 CVE-2025-21806 CVE-2025-21836 CVE-2025-21863 CVE-2025-21873 CVE-2025-21875 CVE-2025-21881 CVE-2025-21884 CVE-2025-21887 CVE-2025-21889 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-15 Released: Wed Apr 23 14:42:21 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1224013,1224757,1228659,1231910,1234074,1234157,1234698,1235550,1235870,1237874,1237882,1238052,1238565,1238746,1238970,1238990,1239066,1239475,1239684,1239906,1239925,1240167,1240168,1240171,1240176,1240184,1240185,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2024-27415,CVE-2024-50038,CVE-2024-53124,CVE-2024-53139,CVE-2024-58018,CVE-2024-58071,CVE-2025-21729,CVE-2025-21755,CVE-2025-21806,CVE-2025-21836,CVE-2025-21863,CVE-2025-21873,CVE-2025-21875,CVE-2025-21881,CVE-2025-21884,CVE-2025-21887,CVE-2025-21889,CVE-2025-21894,CVE -2025-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: mm: Correct the update of max_pfn (git-fixes) - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). The following package changes have been done: - kernel-rt-6.4.0-29.1 updated - cpio-2.15-slfo.1.1_2.4 removed - dracut-059+suse.607.g2d95edb5-slfo.1.1_1.4 removed - elfutils-0.189-slfo.1.1_1.5 removed - file-5.44-slfo.1.1_1.4 removed - libasm1-0.189-slfo.1.1_1.5 removed - libdw1-0.189-slfo.1.1_1.5 removed - perl-Bootloader-1.13.0-slfo.1.1_1.2 removed - pigz-2.8-slfo.1.1_1.2 removed - util-linux-systemd-2.40.1-slfo.1.1_1.2 removed - zstd-1.5.5-slfo.1.1_1.4 removed From sle-container-updates at lists.suse.com Thu Apr 24 07:04:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:04:48 +0200 (CEST) Subject: SUSE-IU-2025:1190-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250424070448.4C2B1FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1190-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.19 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.19 Severity : important Type : recommended References : 1234015 1236886 1237180 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 298 Released: Wed Apr 23 16:01:26 2025 Summary: Recommended update for open-vm-tools Type: recommended Severity: important References: 1237180 This update for open-vm-tools fixes the following issues: - Ensure vmtoolsd.service and vgauthd.service are set to enabled by default. Do this by removing vmblock-fuse.service from the %pre section in the spec file. vmblock-fuse.service still remains in the %pre desktop section (bsc#1237180). - remove unused pcre build dependency - Revert previous change. The proposed solutions was non-standard. - Ensure vmtoolsd.service, vgauthd.service, and vmblock-fuse.service are set to enabled by default (bsc#1237180). ----------------------------------------------------------------- Advisory ID: 299 Released: Wed Apr 23 16:13:01 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). - allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) The following package changes have been done: - libudev1-254.24-1.1 updated - libsystemd0-254.24-1.1 updated - SL-Micro-release-6.0-25.18 updated - systemd-254.24-1.1 updated - udev-254.24-1.1 updated - libvmtools0-12.5.0-2.1 updated - open-vm-tools-12.5.0-2.1 updated - container:SL-Micro-base-container-2.1.3-6.15 updated From sle-container-updates at lists.suse.com Thu Apr 24 07:05:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:05:18 +0200 (CEST) Subject: SUSE-IU-2025:1191-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20250424070518.81F51FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1191-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-6.15 , suse/sl-micro/6.0/base-os-container:latest Image Release : 6.15 Severity : moderate Type : recommended References : 1234015 1236886 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 299 Released: Wed Apr 23 16:13:01 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). - allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) The following package changes have been done: - libudev1-254.24-1.1 updated - libsystemd0-254.24-1.1 updated - SL-Micro-release-6.0-25.18 updated - systemd-254.24-1.1 updated - udev-254.24-1.1 updated From sle-container-updates at lists.suse.com Thu Apr 24 07:05:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:05:52 +0200 (CEST) Subject: SUSE-IU-2025:1192-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250424070552.0FB2BFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1192-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.16 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.16 Severity : moderate Type : recommended References : 1234015 1236886 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 299 Released: Wed Apr 23 16:13:01 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). - allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) The following package changes have been done: - libudev1-254.24-1.1 updated - libsystemd0-254.24-1.1 updated - SL-Micro-release-6.0-25.18 updated - systemd-254.24-1.1 updated - udev-254.24-1.1 updated - container:SL-Micro-base-container-2.1.3-6.15 updated From sle-container-updates at lists.suse.com Thu Apr 24 07:06:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:06:26 +0200 (CEST) Subject: SUSE-IU-2025:1193-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250424070626.64B0CFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1193-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.19 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.19 Severity : important Type : security References : 1224013 1224757 1228659 1231910 1234074 1234157 1234698 1235550 1235870 1237874 1237882 1238052 1238565 1238746 1238970 1238990 1239066 1239475 1239684 1239906 1239925 1240167 1240168 1240171 1240176 1240184 1240185 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2024-27415 CVE-2024-50038 CVE-2024-53124 CVE-2024-53139 CVE-2024-58018 CVE-2024-58071 CVE-2025-21729 CVE-2025-21755 CVE-2025-21806 CVE-2025-21836 CVE-2025-21863 CVE-2025-21873 CVE-2025-21875 CVE-2025-21881 CVE-2025-21884 CVE-2025-21887 CVE-2025-21889 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-15 Released: Wed Apr 23 14:42:21 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1224013,1224757,1228659,1231910,1234074,1234157,1234698,1235550,1235870,1237874,1237882,1238052,1238565,1238746,1238970,1238990,1239066,1239475,1239684,1239906,1239925,1240167,1240168,1240171,1240176,1240184,1240185,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2024-27415,CVE-2024-50038,CVE-2024-53124,CVE-2024-53139,CVE-2024-58018,CVE-2024-58071,CVE-2025-21729,CVE-2025-21755,CVE-2025-21806,CVE-2025-21836,CVE-2025-21863,CVE-2025-21873,CVE-2025-21875,CVE-2025-21881,CVE-2025-21884,CVE-2025-21887,CVE-2025-21889,CVE-2025-21894,CVE -2025-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: mm: Correct the update of max_pfn (git-fixes) - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). The following package changes have been done: - kernel-rt-6.4.0-29.1 updated - cpio-2.15-1.3 removed - dracut-059+suse.591.ge2ab3f62-1.1 removed - elfutils-0.189-4.143 removed - file-5.44-4.151 removed - libasm1-0.189-4.143 removed - libdw1-0.189-4.143 removed - perl-Bootloader-1.8.2-1.1 removed - perl-base-5.38.2-1.52 removed - pigz-2.8-1.8 removed - util-linux-systemd-2.39.3-3.1 removed - zstd-1.5.5-8.142 removed From sle-container-updates at lists.suse.com Thu Apr 24 07:06:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:06:27 +0200 (CEST) Subject: SUSE-IU-2025:1194-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250424070627.54361FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1194-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.20 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.20 Severity : moderate Type : recommended References : 1234015 1236886 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 299 Released: Wed Apr 23 16:13:01 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). - allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) The following package changes have been done: - libudev1-254.24-1.1 updated - libsystemd0-254.24-1.1 updated - SL-Micro-release-6.0-25.18 updated - systemd-254.24-1.1 updated - udev-254.24-1.1 updated - container:SL-Micro-container-2.1.3-6.19 updated From sle-container-updates at lists.suse.com Thu Apr 24 07:11:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:11:52 +0200 (CEST) Subject: SUSE-CU-2025:2783-1: Recommended update of bci/rust Message-ID: <20250424071152.23D1FFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2783-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.1 , bci/rust:1.84.1-2.2.18 , bci/rust:oldstable , bci/rust:oldstable-2.2.18 Container Release : 2.18 Severity : moderate Type : recommended References : 1238491 1239566 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1360-1 Released: Wed Apr 23 11:14:40 2025 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1238491,1239566 This update for gcc13 fixes the following issues: - Record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fix for parsing tzdata 2024b [gcc#116657] - includes fix for samba build with glibc 2.40 The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - cpp13-13.3.1+git9426-150000.1.18.1 updated - gcc13-13.3.1+git9426-150000.1.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Thu Apr 24 07:12:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:12:32 +0200 (CEST) Subject: SUSE-CU-2025:2784-1: Recommended update of bci/rust Message-ID: <20250424071232.1CFEFFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2784-1 Container Tags : bci/rust:1.85 , bci/rust:1.85.1 , bci/rust:1.85.1-1.2.18 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.18 Container Release : 2.18 Severity : moderate Type : recommended References : 1238491 1239566 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1360-1 Released: Wed Apr 23 11:14:40 2025 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1238491,1239566 This update for gcc13 fixes the following issues: - Record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fix for parsing tzdata 2024b [gcc#116657] - includes fix for samba build with glibc 2.40 The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - cpp13-13.3.1+git9426-150000.1.18.1 updated - gcc13-13.3.1+git9426-150000.1.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Thu Apr 24 07:14:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:14:09 +0200 (CEST) Subject: SUSE-CU-2025:2785-1: Security update of bci/bci-base-fips Message-ID: <20250424071409.A4642FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2785-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-3.86 Container Release : 3.86 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1233699 1234128 1234665 1234713 1236282 1239883 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - sles-release-15.7-150700.24.10 updated - libopenssl1_1-1.1.1w-150700.9.31 updated - container:sles15-image-15.7.0-4.2.57 updated From sle-container-updates at lists.suse.com Thu Apr 24 07:15:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 24 Apr 2025 09:15:24 +0200 (CEST) Subject: SUSE-CU-2025:2793-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250424071524.8D1D8FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2793-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.84 Container Release : 4.84 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1232234 1233699 1234128 1234665 1234713 1236282 1239883 CVE-2024-10041 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - findutils-4.10.0-150700.2.4 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - libgcrypt20-1.11.0-150700.3.3 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - sles-release-15.7-150700.25.1 updated - permissions-20240826-150700.14.2 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.2 updated - openssl-3-3.2.3-150700.3.14 updated - glibc-locale-base-2.38-150600.14.26.1 updated - kernel-macros-6.4.0-150700.49.1 updated - libopenssl1_1-1.1.1w-150700.9.31 updated - glibc-locale-2.38-150600.14.26.1 updated - kernel-devel-6.4.0-150700.49.1 updated - glibc-devel-2.38-150600.14.26.1 updated - kernel-default-devel-6.4.0-150700.49.1 updated - kernel-syms-6.4.0-150700.49.1 updated - container:sles15-image-15.7.0-4.2.58 updated From sle-container-updates at lists.suse.com Fri Apr 25 07:07:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Apr 2025 09:07:27 +0200 (CEST) Subject: SUSE-IU-2025:1196-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250425070727.06C20F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1196-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-6.17 , suse/sl-micro/6.0/base-os-container:latest Image Release : 6.17 Severity : important Type : security References : 1035807 1036457 1079600 1198823 1198830 1198832 867620 CVE-2014-2240 CVE-2014-2241 CVE-2017-8105 CVE-2017-8287 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 300 Released: Thu Apr 24 16:44:51 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1035807,1036457,1079600,1198823,1198830,1198832,867620,CVE-2014-2240,CVE-2014-2241,CVE-2017-8105,CVE-2017-8287,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 This update for freetype2 fixes the following issues: Update to 2.13.2: * Some fields in the `FT_Outline` structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. * Rare double-free crashes in the cache subsystem have been fixed. * Excessive stack allocation in the autohinter has been fixed. * The B/W rasterizer has received a major upkeep that results in large performance improvements. The rendering speed has increased and even doubled for very complex glyphs. The following package changes have been done: - libfreetype6-2.13.3-1.1 updated - SL-Micro-release-6.0-25.19 updated From sle-container-updates at lists.suse.com Fri Apr 25 07:24:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Apr 2025 09:24:59 +0200 (CEST) Subject: SUSE-CU-2025:2830-1: Recommended update of bci/python Message-ID: <20250425072459.14C37F783@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2830-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-62.18 Container Release : 62.18 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Fri Apr 25 07:25:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Apr 2025 09:25:43 +0200 (CEST) Subject: SUSE-CU-2025:2832-1: Recommended update of bci/python Message-ID: <20250425072543.33FA4F783@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2832-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-63.18 , bci/python:latest Container Release : 63.18 Severity : important Type : recommended References : 1234128 1234713 1239883 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-34a982ded6ebd3e50f0f7544bef2522f75e3c6eac47a2cfc107c848dd15e94e7-0 updated From sle-container-updates at lists.suse.com Fri Apr 25 07:26:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Apr 2025 09:26:47 +0200 (CEST) Subject: SUSE-CU-2025:2835-1: Security update of suse/rmt-server Message-ID: <20250425072647.D7290F783@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2835-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-61.7 , suse/rmt-server:latest Container Release : 61.7 Severity : important Type : security References : 1230930 1235773 1237804 1237806 CVE-2024-47220 CVE-2025-27219 CVE-2025-27220 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1369-1 Released: Thu Apr 24 19:11:18 2025 Summary: Security update for ruby2.5 Type: security Severity: important References: 1230930,1235773,1237804,1237806,CVE-2024-47220,CVE-2025-27219,CVE-2025-27220 This update for ruby2.5 fixes the following issues: - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804) - CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806) Other fixes: - Improved fix for CVE-2024-47220 (bsc#1230930, bsc#1235773) The following package changes have been done: - libruby2_5-2_5-2.5.9-150000.4.41.1 updated - ruby2.5-stdlib-2.5.9-150000.4.41.1 updated - ruby2.5-2.5.9-150000.4.41.1 updated From sle-container-updates at lists.suse.com Fri Apr 25 07:31:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Apr 2025 09:31:44 +0200 (CEST) Subject: SUSE-CU-2025:2846-1: Security update of bci/python Message-ID: <20250425073144.29435FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2846-1 Container Tags : bci/python:3.13 , bci/python:3.13.0 , bci/python:3.13.0-5.24 Container Release : 5.24 Severity : important Type : security References : 1221482 1228042 1230638 1231051 1233699 1234128 1234665 1234713 1236282 1239883 CVE-2025-0395 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - libuuid1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - findutils-4.10.0-150700.2.4 updated - libopenssl3-3.2.3-150700.3.14 updated - libgcrypt20-1.11.0-150700.3.3 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - openssl-3-3.2.3-150700.3.14 updated - libpython3_13-1_0-3.13.0-150700.2.16 updated - python313-base-3.13.0-150700.2.16 updated - python313-3.13.0-150700.2.4 updated - python313-devel-3.13.0-150700.2.16 updated - container:sles15-image-15.7.0-4.2.58 updated From sle-container-updates at lists.suse.com Fri Apr 25 07:27:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Apr 2025 09:27:28 +0200 (CEST) Subject: SUSE-CU-2025:2837-1: Security update of bci/ruby Message-ID: <20250425072728.A63ABF783@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2837-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.63 , bci/ruby:latest Container Release : 31.63 Severity : important Type : security References : 1230930 1235773 1237804 1237806 CVE-2024-47220 CVE-2025-27219 CVE-2025-27220 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1369-1 Released: Thu Apr 24 19:11:18 2025 Summary: Security update for ruby2.5 Type: security Severity: important References: 1230930,1235773,1237804,1237806,CVE-2024-47220,CVE-2025-27219,CVE-2025-27220 This update for ruby2.5 fixes the following issues: - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804) - CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806) Other fixes: - Improved fix for CVE-2024-47220 (bsc#1230930, bsc#1235773) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.11.1 updated - libruby2_5-2_5-2.5.9-150000.4.41.1 updated - ruby2.5-stdlib-2.5.9-150000.4.41.1 updated - ruby2.5-2.5.9-150000.4.41.1 updated - ruby2.5-devel-2.5.9-150000.4.41.1 updated - container:registry.suse.com-bci-bci-base-15.6-f3afe9485569457ebd4f47c3345be5e179b382f490db42fc625b2103b92069af-0 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:04:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:04:27 +0200 (CEST) Subject: SUSE-IU-2025:1199-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250426070427.A776DF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1199-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.164 , suse/sle-micro/base-5.5:latest Image Release : 5.8.164 Severity : important Type : recommended References : 1232234 1234452 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1371-1 Released: Fri Apr 25 12:02:27 2025 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1232234,1234452 This update for apparmor fixes the following issues: - Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234) The following package changes have been done: - libapparmor1-3.0.4-150500.11.15.1 updated - apparmor-parser-3.0.4-150500.11.15.1 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:05:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:05:05 +0200 (CEST) Subject: SUSE-IU-2025:1200-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250426070505.D5470F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1200-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.312 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.312 Severity : important Type : recommended References : 1232234 1234452 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1371-1 Released: Fri Apr 25 12:02:27 2025 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1232234,1234452 This update for apparmor fixes the following issues: - Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234) The following package changes have been done: - libapparmor1-3.0.4-150500.11.15.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.164 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:06:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:06:04 +0200 (CEST) Subject: SUSE-IU-2025:1201-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250426070604.947C3F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1201-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.369 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.369 Severity : important Type : recommended References : 1232234 1234452 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1371-1 Released: Fri Apr 25 12:02:27 2025 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1232234,1234452 This update for apparmor fixes the following issues: - Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234) The following package changes have been done: - libapparmor1-3.0.4-150500.11.15.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.282 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:07:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:07:04 +0200 (CEST) Subject: SUSE-IU-2025:1202-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250426070704.8F9D5F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1202-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.282 , suse/sle-micro/5.5:latest Image Release : 5.5.282 Severity : important Type : recommended References : 1232234 1234452 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1371-1 Released: Fri Apr 25 12:02:27 2025 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1232234,1234452 This update for apparmor fixes the following issues: - Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234) The following package changes have been done: - libapparmor1-3.0.4-150500.11.15.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.164 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:10:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:10:09 +0200 (CEST) Subject: SUSE-CU-2025:2857-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250426071009.6B062F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2857-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.121 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.121 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:11:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:11:39 +0200 (CEST) Subject: SUSE-CU-2025:2858-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250426071139.596B2F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2858-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.121 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.121 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:12:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:12:55 +0200 (CEST) Subject: SUSE-CU-2025:2859-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250426071255.B039BF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2859-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.24 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.24 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:13:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:13:32 +0200 (CEST) Subject: SUSE-IU-2025:1203-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250426071332.E9337F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1203-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.22 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.22 Severity : important Type : security References : 1224013 1224757 1228659 1231910 1234074 1234157 1234698 1235550 1235870 1237874 1237882 1238052 1238565 1238746 1238970 1238990 1239066 1239475 1239684 1239906 1239925 1240167 1240168 1240171 1240176 1240184 1240185 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2024-27415 CVE-2024-50038 CVE-2024-53124 CVE-2024-53139 CVE-2024-58018 CVE-2024-58071 CVE-2025-21729 CVE-2025-21755 CVE-2025-21806 CVE-2025-21836 CVE-2025-21863 CVE-2025-21873 CVE-2025-21875 CVE-2025-21881 CVE-2025-21884 CVE-2025-21887 CVE-2025-21889 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-15 Released: Fri Apr 25 11:37:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1224013,1224757,1228659,1231910,1234074,1234157,1234698,1235550,1235870,1237874,1237882,1238052,1238565,1238746,1238970,1238990,1239066,1239475,1239684,1239906,1239925,1240167,1240168,1240171,1240176,1240184,1240185,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2024-27415,CVE-2024-50038,CVE-2024-53124,CVE-2024-53139,CVE-2024-58018,CVE-2024-58071,CVE-2025-21729,CVE-2025-21755,CVE-2025-21806,CVE-2025-21836,CVE-2025-21863,CVE-2025-21873,CVE-2025-21875,CVE-2025-21881,CVE-2025-21884,CVE-2025-21887,CVE-2025-21889,CVE-2025-21894,CVE -2025-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: mm: Correct the update of max_pfn (git-fixes) - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). The following package changes have been done: - kernel-rt-6.4.0-30.1 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:13:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:13:53 +0200 (CEST) Subject: SUSE-IU-2025:1204-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250426071353.D1AA3F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1204-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.25 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.25 Severity : important Type : security References : 1224013 1224757 1228659 1231910 1234074 1234157 1234698 1235550 1235870 1237874 1237882 1238052 1238565 1238746 1238970 1238990 1239066 1239475 1239684 1239906 1239925 1240167 1240168 1240171 1240176 1240184 1240185 1240375 1240575 1240581 1240582 1240583 1240584 1240585 1240587 1240590 1240591 1240592 1240594 1240595 1240596 1240600 1240612 1240616 1240639 1240643 1240647 1240691 1240700 1240701 1240703 1240708 1240714 1240715 1240716 1240718 1240719 1240720 1240722 1240727 1240739 1240742 1240779 1240783 1240784 1240795 1240796 1240797 1240799 1240801 1240806 1240808 1240812 1240813 1240815 1240816 1240819 1240821 1240825 1240829 1240873 1240937 1240938 1240940 1240942 1240943 1240978 1240979 1241038 CVE-2024-27415 CVE-2024-50038 CVE-2024-53124 CVE-2024-53139 CVE-2024-58018 CVE-2024-58071 CVE-2025-21729 CVE-2025-21755 CVE-2025-21806 CVE-2025-21836 CVE-2025-21863 CVE-2025-21873 CVE-2025-21875 CVE-2025-21881 CVE-2025-21884 CVE-2025-21887 CVE-2025-21889 CVE-2025-21894 CVE-2025-21895 CVE-2025-21905 CVE-2025-21906 CVE-2025-21908 CVE-2025-21909 CVE-2025-21910 CVE-2025-21912 CVE-2025-21913 CVE-2025-21914 CVE-2025-21915 CVE-2025-21916 CVE-2025-21917 CVE-2025-21918 CVE-2025-21922 CVE-2025-21923 CVE-2025-21924 CVE-2025-21927 CVE-2025-21928 CVE-2025-21930 CVE-2025-21934 CVE-2025-21935 CVE-2025-21936 CVE-2025-21937 CVE-2025-21941 CVE-2025-21943 CVE-2025-21948 CVE-2025-21950 CVE-2025-21951 CVE-2025-21953 CVE-2025-21956 CVE-2025-21957 CVE-2025-21960 CVE-2025-21961 CVE-2025-21966 CVE-2025-21968 CVE-2025-21969 CVE-2025-21970 CVE-2025-21971 CVE-2025-21972 CVE-2025-21975 CVE-2025-21978 CVE-2025-21979 CVE-2025-21981 CVE-2025-21991 CVE-2025-21992 CVE-2025-21993 CVE-2025-21995 CVE-2025-21996 CVE-2025-22001 CVE-2025-22003 CVE-2025-22007 CVE-2025-22008 CVE-2025-22009 CVE-2025-22010 CVE-2025-22013 CVE-2025-22014 CVE-2025-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-15 Released: Fri Apr 25 11:37:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1224013,1224757,1228659,1231910,1234074,1234157,1234698,1235550,1235870,1237874,1237882,1238052,1238565,1238746,1238970,1238990,1239066,1239475,1239684,1239906,1239925,1240167,1240168,1240171,1240176,1240184,1240185,1240375,1240575,1240581,1240582,1240583,1240584,1240585,1240587,1240590,1240591,1240592,1240594,1240595,1240596,1240600,1240612,1240616,1240639,1240643,1240647,1240691,1240700,1240701,1240703,1240708,1240714,1240715,1240716,1240718,1240719,1240720,1240722,1240727,1240739,1240742,1240779,1240783,1240784,1240795,1240796,1240797,1240799,1240801,1240806,1240808,1240812,1240813,1240815,1240816,1240819,1240821,1240825,1240829,1240873,1240937,1240938,1240940,1240942,1240943,1240978,1240979,1241038,CVE-2024-27415,CVE-2024-50038,CVE-2024-53124,CVE-2024-53139,CVE-2024-58018,CVE-2024-58071,CVE-2025-21729,CVE-2025-21755,CVE-2025-21806,CVE-2025-21836,CVE-2025-21863,CVE-2025-21873,CVE-2025-21875,CVE-2025-21881,CVE-2025-21884,CVE-2025-21887,CVE-2025-21889,CVE-2025-21894,CVE -2025-21895,CVE-2025-21905,CVE-2025-21906,CVE-2025-21908,CVE-2025-21909,CVE-2025-21910,CVE-2025-21912,CVE-2025-21913,CVE-2025-21914,CVE-2025-21915,CVE-2025-21916,CVE-2025-21917,CVE-2025-21918,CVE-2025-21922,CVE-2025-21923,CVE-2025-21924,CVE-2025-21927,CVE-2025-21928,CVE-2025-21930,CVE-2025-21934,CVE-2025-21935,CVE-2025-21936,CVE-2025-21937,CVE-2025-21941,CVE-2025-21943,CVE-2025-21948,CVE-2025-21950,CVE-2025-21951,CVE-2025-21953,CVE-2025-21956,CVE-2025-21957,CVE-2025-21960,CVE-2025-21961,CVE-2025-21966,CVE-2025-21968,CVE-2025-21969,CVE-2025-21970,CVE-2025-21971,CVE-2025-21972,CVE-2025-21975,CVE-2025-21978,CVE-2025-21979,CVE-2025-21981,CVE-2025-21991,CVE-2025-21992,CVE-2025-21993,CVE-2025-21995,CVE-2025-21996,CVE-2025-22001,CVE-2025-22003,CVE-2025-22007,CVE-2025-22008,CVE-2025-22009,CVE-2025-22010,CVE-2025-22013,CVE-2025-22014,CVE-2025-2312 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-27415: netfilter: br_netfilter: skip conntrack input hook for promisc packets (bsc#1224757). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). The following non-security bugs were fixed: - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: mm: Correct the update of max_pfn (git-fixes) - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: fix potential error return (git-fixes). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). The following package changes have been done: - kernel-rt-6.4.0-30.1 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:14:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:14:39 +0200 (CEST) Subject: SUSE-CU-2025:2861-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20250426071439.A4F2CF783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2861-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.5.41 , suse/ltss/sle15.4/bci-base-fips:latest Container Release : 5.41 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated - container:sles15-ltss-image-15.4.0-2.36 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:15:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:15:23 +0200 (CEST) Subject: SUSE-CU-2025:2862-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250426071523.E4FF1F783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2862-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.36 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.36 , suse/ltss/sle15.4/sle15:latest Container Release : 2.36 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:18:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:18:03 +0200 (CEST) Subject: SUSE-CU-2025:2863-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250426071803.E012AF783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2863-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.26 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.26 , suse/ltss/sle15.5/sle15:latest Container Release : 4.26 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated - patterns-base-minimal_base-20200124-150400.20.13.1 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:31:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:31:13 +0200 (CEST) Subject: SUSE-CU-2025:2887-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250426073113.8A2EFF783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2887-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.16 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.16 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated - container:sles15-ltss-image-15.4.0-2.36 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:32:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:32:07 +0200 (CEST) Subject: SUSE-CU-2025:2888-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250426073207.9DB7AF783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2888-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.22 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.22 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated - container:sles15-ltss-image-15.4.0-2.36 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:32:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:32:54 +0200 (CEST) Subject: SUSE-CU-2025:2889-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20250426073254.B6339F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2889-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.15 , suse/manager/4.3/proxy-squid:4.3.15.9.62.12 , suse/manager/4.3/proxy-squid:latest Container Release : 9.62.12 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated - container:sles15-ltss-image-15.4.0-2.36 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:33:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:33:43 +0200 (CEST) Subject: SUSE-CU-2025:2890-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20250426073343.99E20F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2890-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.15 , suse/manager/4.3/proxy-ssh:4.3.15.9.53.12 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.53.12 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated - container:sles15-ltss-image-15.4.0-2.36 updated From sle-container-updates at lists.suse.com Sat Apr 26 07:34:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 26 Apr 2025 09:34:37 +0200 (CEST) Subject: SUSE-CU-2025:2891-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250426073437.6287AF783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2891-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.15 , suse/manager/4.3/proxy-tftpd:4.3.15.9.53.13 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.53.13 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1372-1 Released: Fri Apr 25 12:35:02 2025 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: - add bpftool to patterns enhanced base. jsc#PED-8375 The following package changes have been done: - patterns-base-fips-20200124-150400.20.13.1 updated - container:sles15-ltss-image-15.4.0-2.36 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:04:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:04:28 +0200 (CEST) Subject: SUSE-CU-2025:2921-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250429070428.48259FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2921-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.76 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.76 Severity : important Type : recommended References : 1223272 1234028 1235091 1235092 1236007 1237358 1237371 1237382 1241079 1241586 CVE-2023-51793 CVE-2024-12361 CVE-2024-35365 CVE-2024-35368 CVE-2024-36613 CVE-2025-0518 CVE-2025-22919 CVE-2025-22921 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1384-1 Released: Mon Apr 28 14:53:11 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1223272,1234028,1235091,1235092,1236007,1237358,1237371,1237382,1241079,1241586,CVE-2023-51793,CVE-2024-12361,CVE-2024-35365,CVE-2024-35368,CVE-2024-36613,CVE-2025-0518,CVE-2025-22919,CVE-2025-22921 This update for systemd fixes the following issues: - Fixed issue with systemd reload causing boot to fail (bsc#1241586) - Fixed regression caused by Kernel update (bsc#1241079) The following package changes have been done: - libsystemd0-228-157.69.1 updated - libudev1-228-157.69.1 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:09:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:09:56 +0200 (CEST) Subject: SUSE-CU-2025:2929-1: Security update of suse/cosign Message-ID: <20250429070956.03053FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2929-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.0 , suse/cosign:2.5.0-2.2 , suse/cosign:latest Container Release : 2.2 Severity : important Type : security References : 1227031 1232985 1237682 1238693 1239204 1239337 CVE-2024-51744 CVE-2024-6104 CVE-2025-22868 CVE-2025-22869 CVE-2025-22870 CVE-2025-27144 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1333-1 Released: Thu Apr 17 03:38:16 2025 Summary: Security update for cosign Type: security Severity: important References: 1227031,1232985,1237682,1238693,1239204,1239337,CVE-2024-51744,CVE-2024-6104,CVE-2025-22868,CVE-2025-22869,CVE-2025-22870,CVE-2025-27144 This update for cosign fixes the following issues: - CVE-2024-6104: cosign: hashicorp/go-retryablehttp: Fixed sensitive information disclosure to log file (bsc#1227031) - CVE-2024-51744: cosign: github.com/golang-jwt/jwt/v4: Fixed bad documentation of error handling in ParseWithClaims leading to potentially dangerous situations (bsc#1232985) - CVE-2025-27144: cosign: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's Parsing (bsc#1237682) - CVE-2025-22870: cosign: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238693) - CVE-2025-22868: cosign: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239204) - CVE-2025-22869: cosign: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239337) Other fixes: - Update to version 2.5.0 (jsc#SLE-23476): * Update sigstore-go to pick up bug fixes (#4150) * Update golangci-lint to v2, update golangci-lint-action (#4143) * Feat/non filename completions (#4115) * update builder to use go1.24.1 (#4116) * Add support for new bundle specification for attesting/verifying OCI image attestations (#3889) * Remove cert log line (#4113) * cmd/cosign/cli: fix typo in ignoreTLogMessage (#4111) * bump to latest scaffolding release for testing (#4099) * increase 2e2_test docker compose tiemout to 180s (#4091) * Fix replace with compliant image mediatype (#4077) * Add TSA certificate related flags and fields for cosign attest (#4079) - Update to version 2.4.3 (jsc#SLE-23476): * Enable fetching signatures without remote get. (#4047) * Bump sigstore/sigstore to support KMS plugins (#4073) * sort properly Go imports (#4071) * sync comment with parameter name in function signature (#4063) * fix go imports order to be alphabetical (#4062) * fix comment typo and imports order (#4061) * Feat/file flag completion improvements (#4028) * Udpate builder to use go1.23.6 (#4052) * Refactor verifyNewBundle into library function (#4013) * fix parsing error in --only for cosign copy (#4049) * Fix codeowners syntax, add dep-maintainers (#4046) - Update to version 2.4.2 (jsc#SLE-23476): - Updated open-policy-agent to 1.1.0 library (#4036) - Note that only Rego v0 policies are supported at this time - Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006) - Add support for verifying root checksum in cosign initialize (#3953) - Detect if user supplied a valid protobuf bundle (#3931) - Add a log message if user doesn't provide --trusted-root (#3933) - Support mTLS towards container registry (#3922) - Add bundle create helper command (#3901) - Add trusted-root create helper command (#3876) Bug Fixes: - fix: set tls config while retaining other fields from default http transport (#4007) - policy fuzzer: ignore known panics (#3993) - Fix for multiple WithRemote options (#3982) - Add nightly conformance test workflow (#3979) - Fix copy --only for signatures + update/align docs (#3904) The following package changes have been done: - cosign-2.5.0-150400.3.27.1 updated - libgcrypt20-1.10.3-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:24:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:24:11 +0200 (CEST) Subject: SUSE-CU-2025:2959-1: Recommended update of bci/rust Message-ID: <20250429072411.2B98FFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2959-1 Container Tags : bci/rust:1.85 , bci/rust:1.85.1 , bci/rust:1.85.1-2.2.3 , bci/rust:oldstable , bci/rust:oldstable-2.2.3 Container Release : 2.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:773-1 Released: Tue Mar 4 08:48:41 2025 Summary: Recommended update for rust, rust1.85 Type: recommended Severity: moderate References: This update for rust, rust1.85 fixes the following issues: Rust Version 1.85.0 (2025-02-20) ========================== Language -------- - The 2024 Edition is now stable. See the edition guide https://doc.rust-lang.org/nightly/edition-guide/rust-2024/index.html for more details. - Stabilize async closures See RFC 3668 https://rust-lang.github.io/rfcs/3668-async-closures.html for more details. - Stabilize `#[diagnostic::do_not_recommend]` - Add `unpredictable_function_pointer_comparisons` lint to warn against function pointer comparisons - Lint on combining `#[no_mangle]` and `#[export_name]` attributes. Compiler -------- - The unstable flag `-Zpolymorphize` has been removed, see https://github.com/rust-lang/compiler-team/issues/810 for some background. Platform Support ---------------- - Promote `powerpc64le-unknown-linux-musl` to tier 2 with host tools Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Panics in the standard library now have a leading `library/` in their path - `std::env::home_dir()` on Windows now ignores the non-standard `$HOME` environment variable It will be un-deprecated in a subsequent release. - Add `AsyncFn*` to the prelude in all editions. Stabilized APIs --------------- - `BuildHasherDefault::new` https://doc.rust-lang.org/stable/std/hash/struct.BuildHasherDefault.html#method.new - `ptr::fn_addr_eq` https://doc.rust-lang.org/std/ptr/fn.fn_addr_eq.html - `io::ErrorKind::QuotaExceeded` https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.QuotaExceeded - `io::ErrorKind::CrossesDevices` https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.CrossesDevices - `{float}::midpoint` https://doc.rust-lang.org/core/primitive.f32.html#method.midpoint - Unsigned `{integer}::midpoint` https://doc.rust-lang.org/std/primitive.u64.html#method.midpoint - `NonZeroU*::midpoint` https://doc.rust-lang.org/std/num/type.NonZeroU32.html#method.midpoint - impl `std::iter::Extend` for tuples with arity 1 through 12 https://doc.rust-lang.org/stable/std/iter/trait.Extend.html#impl-Extend%3C(A,)%3E-for-(EA,) - `FromIterator<(A, ...)>` for tuples with arity 1 through 12 https://doc.rust-lang.org/stable/std/iter/trait.FromIterator.html#impl-FromIterator%3C(EA,)%3E-for-(A,) - `std::task::Waker::noop` https://doc.rust-lang.org/stable/std/task/struct.Waker.html#method.noop These APIs are now stable in const contexts: - `mem::size_of_val` https://doc.rust-lang.org/stable/std/mem/fn.size_of_val.html - `mem::align_of_val` https://doc.rust-lang.org/stable/std/mem/fn.align_of_val.html - `Layout::for_value` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.for_value - `Layout::align_to` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.align_to - `Layout::pad_to_align` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.pad_to_align - `Layout::extend` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.extend - `Layout::array` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.array - `std::mem::swap` https://doc.rust-lang.org/stable/std/mem/fn.swap.html - `std::ptr::swap` https://doc.rust-lang.org/stable/std/ptr/fn.swap.html - `NonNull::new` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.new - `HashMap::with_hasher` https://doc.rust-lang.org/stable/std/collections/struct.HashMap.html#method.with_hasher - `HashSet::with_hasher` https://doc.rust-lang.org/stable/std/collections/struct.HashSet.html#method.with_hasher - `BuildHasherDefault::new` https://doc.rust-lang.org/stable/std/hash/struct.BuildHasherDefault.html#method.new - `::recip` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.recip - `::to_degrees` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.to_degrees - `::to_radians` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.to_radians - `::max` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.max - `::min` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.min - `::clamp` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.clamp - `::abs` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.abs - `::signum` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.signum - `::copysign` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.copysign - `MaybeUninit::write` https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.write Cargo ----- - Add future-incompatibility warning against keywords in cfgs and add raw-idents - Stabilize higher precedence trailing flags - Pass `CARGO_CFG_FEATURE` to build scripts Rustdoc ----- - Doc comment on impl blocks shows the first line, even when the impl block is collapsed Compatibility Notes ------------------- - `rustc` no longer treats the `test` cfg as a well known check-cfg, instead it is up to the build systems and users of `--check-cfg`[^check-cfg] to set it as a well known cfg using `--check-cfg=cfg(test)`. his is done to enable build systems like Cargo to set it conditionally, as not all source files are suitable for unit tests. Cargo (for now) unconditionally sets the `test` cfg as a well known cfg ^check-cfg]: https://doc.rust-lang.org/nightly/rustc/check-cfg.html - Disable potentially incorrect type inference if there are trivial and non-trivial where-clauses - `std::env::home_dir()` has been deprecated for years, because it can give surprising results in some Windows configurations if the `HOME` environment variable is set (which is not the normal configuration on Windows). We had previously avoided changing its behavior, out of concern for compatibility with code depending on this non-standard configuration. Given how long this function has been deprecated, we're now fixing its behavior as a bugfix. A subsequent release will remove the deprecation for this function. - Make `core::ffi::c_char` signedness more closely match that of the platform-default `char` This changed `c_char` from an `i8` to `u8` or vice versa on many Tier 2 and 3 targets (mostly Arm and RISC-V embedded targets). The new definition may result in compilation failures but fixes compatibility issues with C. The `libc` crate matches this change as of its 0.2.169 release. - When compiling a nested `macro_rules` macro from an external crate, the content of the inner `macro_rules` is now built with the edition of the external crate, not the local crate. - Increase `sparcv9-sun-solaris` and `x86_64-pc-solaris` Solaris baseline to 11.4. - Show `abi_unsupported_vector_types` lint in future breakage reports - Error if multiple super-trait instantiations of `dyn Trait` need associated types to be specified but only one is provided - Change `powerpc64-ibm-aix` default `codemodel` to large Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - Build `x86_64-unknown-linux-gnu` with LTO for C/C++ code (e.g., `jemalloc`) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1140-1 Released: Fri Apr 4 13:29:35 2025 Summary: Recommended update for rust1.85 Type: recommended Severity: moderate References: This update for rust1.85 fixes the following issues: Version 1.85.1 (2025-03-18) ========================== - Fix the doctest-merging feature of the 2024 Edition. - Relax some `target_feature` checks when generating docs. - Fix errors in `std::fs::rename` on Windows 10, version 1607. - Downgrade bootstrap `cc` to fix custom targets. - Skip submodule updates when building Rust from a source tarball. The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - glibc-devel-2.38-150600.14.29.1 updated - rust1.85-1.85.1-150300.7.6.1 added - cargo1.85-1.85.1-150300.7.6.1 added - container:registry.suse.com-bci-bci-base-15.6-497869098014f9e869e4a2d36f3074d1505e200185ee8d005410a6bebbffb9d9-0 updated - cargo1.84-1.84.1-150300.7.7.1 removed - rust1.84-1.84.1-150300.7.7.1 removed From sle-container-updates at lists.suse.com Tue Apr 29 07:24:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:24:49 +0200 (CEST) Subject: SUSE-CU-2025:2960-1: Recommended update of bci/rust Message-ID: <20250429072449.A0C51FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2960-1 Container Tags : bci/rust:1.86 , bci/rust:1.86.0 , bci/rust:1.86.0-1.2.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.3 Container Release : 2.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1350-1 Released: Sun Apr 20 19:58:33 2025 Summary: Recommended update for rust, rust1.86 Type: recommended Severity: moderate References: This update for rust, rust1.86 fixes the following issues: Changes in rust1.86: Version 1.86.0 (2025-04-03) ========================== Language -------- - Stabilize upcasting trait objects to supertraits. - Allow safe functions to be marked with the `#[target_feature]` attribute. - The `missing_abi` lint now warns-by-default. - Rust now lints about double negations, to catch cases that might have intended to be a prefix decrement operator (`--x`) as written in other languages. This was previously a clippy lint, `clippy::double_neg`, and is [now available directly in Rust as `double_negations`. - More pointers are now detected as definitely not-null based on their alignment in const eval. - Empty `repr()` attribute applied to invalid items are now correctly rejected. - Inner attributes `#![test]` and `#![rustfmt::skip]` are no longer accepted in more places than intended. Compiler -------- - Debug-assert that raw pointers are non-null on access. - Change `-O` to mean `-C opt-level=3` instead of `-C opt-level=2` to match Cargo's defaults. - Fix emission of `overflowing_literals` under certain macro environments. Platform Support ---------------- - Replace `i686-unknown-redox` target with `i586-unknown-redox`. - Increase baseline CPU of `i686-unknown-hurd-gnu` to Pentium 4. - New tier 3 targets: - `{aarch64-unknown,x86_64-pc}-nto-qnx710_iosock` For supporting Neutrino QNX 7.1 with `io-socket` network stack. - `{aarch64-unknown,x86_64-pc}-nto-qnx800` For supporting Neutrino QNX 8.0 (`no_std`-only). - `{x86_64,i686}-win7-windows-gnu` Intended for backwards compatibility with Windows 7. `{x86_64,i686}-win7-windows-msvc` are the Windows MSVC counterparts that already exist as Tier 3 targets. - `amdgcn-amd-amdhsa` - `x86_64-pc-cygwin` - `{mips,mipsel}-mti-none-elf` Initial bare-metal support. - `m68k-unknown-none-elf` - `armv7a-nuttx-{eabi,eabihf}`, `aarch64-unknown-nuttx`, and `thumbv7a-nuttx-{eabi,eabihf}` Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - The type of `FromBytesWithNulError` in `CStr::from_bytes_with_nul(bytes: &[u8]) -> Result<&Self, FromBytesWithNulError>` was changed from an opaque struct to an enum, allowing users to examine why the conversion failed. - Remove `RustcDecodable` and `RustcEncodable`. - Deprecate libtest's `--logfile` option. - On recent versions of Windows, `std::fs::remove_file` will now remove read-only files. Stabilized APIs --------------- - `{float}::next_down` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.next_down - `{float}::next_up` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.next_up - `<[_]>::get_disjoint_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.get_disjoint_mut - `<[_]>::get_disjoint_unchecked_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.get_disjoint_unchecked_mut - `slice::GetDisjointMutError` https://doc.rust-lang.org/stable/std/slice/enum.GetDisjointMutError.html - `HashMap::get_disjoint_mut` https://doc.rust-lang.org/std/collections/hash_map/struct.HashMap.html#method.get_disjoint_mut - `HashMap::get_disjoint_unchecked_mut` https://doc.rust-lang.org/std/collections/hash_map/struct.HashMap.html#method.get_disjoint_unchecked_mut - `NonZero::count_ones` https://doc.rust-lang.org/stable/std/num/struct.NonZero.html#method.count_ones - `Vec::pop_if` https://doc.rust-lang.org/std/vec/struct.Vec.html#method.pop_if - `sync::Once::wait` https://doc.rust-lang.org/stable/std/sync/struct.Once.html#method.wait - `sync::Once::wait_force` https://doc.rust-lang.org/stable/std/sync/struct.Once.html#method.wait_force - `sync::OnceLock::wait` https://doc.rust-lang.org/stable/std/sync/struct.OnceLock.html#method.wait These APIs are now stable in const contexts: - `hint::black_box` https://doc.rust-lang.org/stable/std/hint/fn.black_box.html - `io::Cursor::get_mut` https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.get_mut - `io::Cursor::set_position` https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.set_position - `str::is_char_boundary` https://doc.rust-lang.org/stable/std/primitive.str.html#method.is_char_boundary - `str::split_at` https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at - `str::split_at_checked` https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_checked - `str::split_at_mut` https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_mut - `str::split_at_mut_checked` https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_mut_checked Cargo ----- - When merging, replace rather than combine configuration keys that refer to a program path and its arguments. - Error if both `--package` and `--workspace` are passed but the requested package is missing. This was previously silently ignored, which was considered a bug since missing packages should be reported. - Deprecate the token argument in `cargo login` to avoid shell history leaks. - Simplify the implementation of `SourceID` comparisons. This may potentially change behavior if the canonicalized URL compares differently in alternative registries. Rustdoc ----- - Add a sans-serif font setting. Compatibility Notes ------------------- - The `wasm_c_abi` future compatibility warning is now a hard error. Users of `wasm-bindgen` should upgrade to at least version 0.2.89, otherwise compilation will fail. - Remove long-deprecated no-op attributes `#![no_start]` and `#![crate_id]`. - The future incompatibility lint `cenum_impl_drop_cast` has been made into a hard error. This means it is now an error to cast a field-less enum to an integer if the enum implements `Drop`. - SSE2 is now required for 'i686' 32-bit x86 hard-float targets; disabling it causes a warning that will become a hard error eventually. To compile for pre-SSE2 32-bit x86, use a 'i586' target instead. Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - Build the rustc on AArch64 Linux with ThinLTO + PGO. The ARM 64-bit compiler (AArch64) on Linux is now optimized with ThinLTO and PGO, similar to the optimizations we have already performed for the x86-64 compiler on Linux. This should make it up to 30% faster. The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - glibc-devel-2.38-150600.14.29.1 updated - rust1.86-1.86.0-150300.7.5.1 added - cargo1.86-1.86.0-150300.7.5.1 added - container:registry.suse.com-bci-bci-base-15.6-497869098014f9e869e4a2d36f3074d1505e200185ee8d005410a6bebbffb9d9-0 updated - cargo1.85-1.85.1-150300.7.6.1 removed - rust1.85-1.85.1-150300.7.6.1 removed From sle-container-updates at lists.suse.com Tue Apr 29 07:27:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:27:36 +0200 (CEST) Subject: SUSE-CU-2025:2964-1: Security update of suse/sles/15.7/cdi-apiserver Message-ID: <20250429072736.BE38CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2964-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.50 , suse/sles/15.7/cdi-apiserver:1.58.0.27.126 Container Release : 27.126 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - containerized-data-importer-api-1.58.0-150700.7.50 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:27:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:27:39 +0200 (CEST) Subject: SUSE-CU-2025:2965-1: Security update of suse/sles/15.7/cdi-cloner Message-ID: <20250429072739.BE307FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2965-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.50 , suse/sles/15.7/cdi-cloner:1.58.0.28.126 Container Release : 28.126 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - util-linux-2.40.4-150700.2.2 updated - containerized-data-importer-cloner-1.58.0-150700.7.50 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:27:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:27:42 +0200 (CEST) Subject: SUSE-CU-2025:2966-1: Security update of suse/sles/15.7/cdi-controller Message-ID: <20250429072742.BAE46FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2966-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.50 , suse/sles/15.7/cdi-controller:1.58.0.27.126 Container Release : 27.126 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - containerized-data-importer-controller-1.58.0-150700.7.50 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:27:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:27:45 +0200 (CEST) Subject: SUSE-CU-2025:2967-1: Security update of suse/sles/15.7/cdi-importer Message-ID: <20250429072745.BB17FFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2967-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.50 , suse/sles/15.7/cdi-importer:1.58.0.29.96 Container Release : 29.96 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - libgcrypt20-1.11.0-150700.3.3 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - util-linux-2.40.4-150700.2.2 updated - libnettle8-3.10.1-150700.2.13 updated - libhogweed6-3.10.1-150700.2.13 updated - qemu-img-9.2.2-150700.1.2 updated - libnbd0-1.20.3-150700.1.6 updated - containerized-data-importer-importer-1.58.0-150700.7.50 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:27:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:27:48 +0200 (CEST) Subject: SUSE-CU-2025:2968-1: Security update of suse/sles/15.7/cdi-operator Message-ID: <20250429072748.AD602FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2968-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.50 , suse/sles/15.7/cdi-operator:1.58.0.27.126 Container Release : 27.126 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - containerized-data-importer-operator-1.58.0-150700.7.50 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:27:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:27:51 +0200 (CEST) Subject: SUSE-CU-2025:2969-1: Security update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20250429072751.71D02FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2969-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.50 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.126 Container Release : 27.126 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.50 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:27:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:27:54 +0200 (CEST) Subject: SUSE-CU-2025:2970-1: Security update of suse/sles/15.7/cdi-uploadserver Message-ID: <20250429072754.496A8FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2970-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.50 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.139 Container Release : 28.139 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - libgcrypt20-1.11.0-150700.3.3 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - util-linux-2.40.4-150700.2.2 updated - libnettle8-3.10.1-150700.2.13 updated - libhogweed6-3.10.1-150700.2.13 updated - qemu-img-9.2.2-150700.1.2 updated - libnbd0-1.20.3-150700.1.6 updated - libnbd-1.20.3-150700.1.6 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.50 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:28:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:28:37 +0200 (CEST) Subject: SUSE-CU-2025:2974-1: Security update of suse/sles/15.7/virt-api Message-ID: <20250429072837.9A123FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2974-1 Container Tags : suse/sles/15.7/virt-api:1.4.0 , suse/sles/15.7/virt-api:1.4.0-150700.1.10 , suse/sles/15.7/virt-api:1.4.0.27.125 Container Release : 27.125 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - kubevirt-virt-api-1.4.0-150700.1.10 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:28:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:28:40 +0200 (CEST) Subject: SUSE-CU-2025:2975-1: Security update of suse/sles/15.7/virt-controller Message-ID: <20250429072840.9CB41FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2975-1 Container Tags : suse/sles/15.7/virt-controller:1.4.0 , suse/sles/15.7/virt-controller:1.4.0-150700.1.10 , suse/sles/15.7/virt-controller:1.4.0.27.125 Container Release : 27.125 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - kubevirt-virt-controller-1.4.0-150700.1.10 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:28:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:28:43 +0200 (CEST) Subject: SUSE-CU-2025:2976-1: Security update of suse/sles/15.7/virt-exportproxy Message-ID: <20250429072843.9FFF5FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2976-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.4.0 , suse/sles/15.7/virt-exportproxy:1.4.0-150700.1.10 , suse/sles/15.7/virt-exportproxy:1.4.0.11.125 Container Release : 11.125 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - kubevirt-virt-exportproxy-1.4.0-150700.1.10 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:28:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:28:46 +0200 (CEST) Subject: SUSE-CU-2025:2977-1: Security update of suse/sles/15.7/virt-exportserver Message-ID: <20250429072846.A16D7FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2977-1 Container Tags : suse/sles/15.7/virt-exportserver:1.4.0 , suse/sles/15.7/virt-exportserver:1.4.0-150700.1.10 , suse/sles/15.7/virt-exportserver:1.4.0.12.125 Container Release : 12.125 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - kubevirt-virt-exportserver-1.4.0-150700.1.10 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:28:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:28:49 +0200 (CEST) Subject: SUSE-CU-2025:2978-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20250429072849.81DF1FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2978-1 Container Tags : suse/sles/15.7/virt-handler:1.4.0 , suse/sles/15.7/virt-handler:1.4.0-150700.1.10 , suse/sles/15.7/virt-handler:1.4.0.29.142 Container Release : 29.142 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - findutils-4.10.0-150700.2.4 updated - libgcrypt20-1.11.0-150700.3.3 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - sles-release-15.7-150700.25.1 updated - permissions-20240826-150700.14.2 updated - util-linux-2.40.4-150700.2.2 updated - kubevirt-container-disk-1.4.0-150700.1.10 updated - kubevirt-virt-handler-1.4.0-150700.1.10 updated - libnettle8-3.10.1-150700.2.13 updated - libhogweed6-3.10.1-150700.2.13 updated - qemu-img-9.2.2-150700.1.2 updated - util-linux-systemd-2.40.4-150700.2.2 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:28:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:28:52 +0200 (CEST) Subject: SUSE-CU-2025:2979-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20250429072852.7657AFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2979-1 Container Tags : suse/sles/15.7/virt-launcher:1.4.0 , suse/sles/15.7/virt-launcher:1.4.0-150700.1.10 , suse/sles/15.7/virt-launcher:1.4.0.34.123 Container Release : 34.123 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - findutils-4.10.0-150700.2.4 updated - libgcrypt20-1.11.0-150700.3.3 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - sles-release-15.7-150700.25.1 updated - permissions-20240826-150700.14.2 updated - util-linux-2.40.4-150700.2.2 updated - kubevirt-container-disk-1.4.0-150700.1.10 updated - libdevmapper1_03-2.03.24_1.02.198-150700.5.1 updated - libnettle8-3.10.1-150700.2.13 updated - qemu-accel-tcg-x86-9.2.2-150700.1.2 updated - qemu-hw-usb-host-9.2.2-150700.1.2 updated - qemu-ipxe-9.2.2-150700.1.2 updated - qemu-seabios-9.2.21.16.3_3_g3d33c746-150700.1.2 updated - qemu-vgabios-9.2.21.16.3_3_g3d33c746-150700.1.2 updated - libhogweed6-3.10.1-150700.2.13 updated - qemu-hw-usb-redirect-9.2.2-150700.1.2 updated - xen-libs-4.20.0_08-150700.2.8 updated - qemu-img-9.2.2-150700.1.2 updated - rdma-core-54.0-150700.1.7 updated - kubevirt-virt-launcher-1.4.0-150700.1.10 updated - libibverbs1-54.0-150700.1.7 updated - libmlx5-1-54.0-150700.1.7 updated - libmlx4-1-54.0-150700.1.7 updated - libmana1-54.0-150700.1.7 updated - libhns1-54.0-150700.1.7 updated - libefa1-54.0-150700.1.7 updated - libibverbs-54.0-150700.1.7 updated - librdmacm1-54.0-150700.1.7 updated - qemu-x86-9.2.2-150700.1.2 updated - qemu-9.2.2-150700.1.2 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:28:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:28:55 +0200 (CEST) Subject: SUSE-CU-2025:2980-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20250429072855.64B16FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2980-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.4.0 , suse/sles/15.7/libguestfs-tools:1.4.0-150700.1.10 , suse/sles/15.7/libguestfs-tools:1.4.0.28.163 Container Release : 28.163 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libuuid1-2.40.4-150700.2.2 updated - libsmartcols1-2.40.4-150700.2.2 updated - libgpg-error0-1.50-150700.1.6 updated - findutils-4.10.0-150700.2.4 updated - libgcrypt20-1.11.0-150700.3.3 updated - libblkid1-2.40.4-150700.2.2 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libmount1-2.40.4-150700.2.2 updated - libfdisk1-2.40.4-150700.2.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - sles-release-15.7-150700.25.1 updated - permissions-20240826-150700.14.2 updated - util-linux-2.40.4-150700.2.2 updated - libguestfs-winsupport-1.55.6-150700.1.5 updated - libdevmapper1_03-2.03.24_1.02.198-150700.5.1 updated - libnettle8-3.10.1-150700.2.13 updated - libopenssl1_1-1.1.1w-150700.9.31 updated - mdadm-4.4-150700.2.2 updated - qemu-accel-tcg-x86-9.2.2-150700.1.2 updated - qemu-ipxe-9.2.2-150700.1.2 updated - qemu-seabios-9.2.21.16.3_3_g3d33c746-150700.1.2 updated - qemu-vgabios-9.2.21.16.3_3_g3d33c746-150700.1.2 updated - libhogweed6-3.10.1-150700.2.13 updated - libmpath0-0.10.2+122+suse.51e02cc-150700.1.2 updated - xen-libs-4.20.0_08-150700.2.8 updated - qemu-vmsr-helper-9.2.2-150700.1.2 updated - qemu-pr-helper-9.2.2-150700.1.2 updated - qemu-img-9.2.2-150700.1.2 updated - qemu-tools-9.2.2-150700.1.2 updated - util-linux-systemd-2.40.4-150700.2.2 updated - dracut-059+suse.562.g5ab4efaa-150700.1.3 updated - supermin-5.3.5-150700.2.6 updated - rdma-core-54.0-150700.1.7 updated - dracut-fips-059+suse.562.g5ab4efaa-150700.1.3 updated - libibverbs1-54.0-150700.1.7 updated - libmlx5-1-54.0-150700.1.7 updated - libmlx4-1-54.0-150700.1.7 updated - libmana1-54.0-150700.1.7 updated - libhns1-54.0-150700.1.7 updated - libefa1-54.0-150700.1.7 updated - libibverbs-54.0-150700.1.7 updated - librdmacm1-54.0-150700.1.7 updated - qemu-x86-9.2.2-150700.1.2 updated - qemu-9.2.2-150700.1.2 updated - libguestfs0-1.55.6-150700.1.5 updated - libguestfs-devel-1.55.6-150700.1.5 updated - libguestfs-appliance-1.55.6-150700.1.5 updated - libguestfs-1.55.6-150700.1.5 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Tue Apr 29 07:28:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Apr 2025 09:28:58 +0200 (CEST) Subject: SUSE-CU-2025:2981-1: Security update of suse/sles/15.7/virt-operator Message-ID: <20250429072858.3D8F1FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:2981-1 Container Tags : suse/sles/15.7/virt-operator:1.4.0 , suse/sles/15.7/virt-operator:1.4.0-150700.1.10 , suse/sles/15.7/virt-operator:1.4.0.27.125 Container Release : 27.125 Severity : moderate Type : security References : 1221482 1228042 1230638 1231051 1233699 1234665 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - libopenssl3-3.2.3-150700.3.14 updated - grep-3.11-150700.1.6 updated - libopenssl-3-fips-provider-3.2.3-150700.3.14 updated - permissions-20240826-150700.14.2 updated - kubevirt-virt-operator-1.4.0-150700.1.10 updated - container:sles15-image-15.7.0-3.54 updated From sle-container-updates at lists.suse.com Wed Apr 30 07:05:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Apr 2025 09:05:12 +0200 (CEST) Subject: SUSE-IU-2025:1208-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250430070512.C8130FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1208-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.21 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.21 Severity : important Type : security References : 1219559 1219561 1221289 1229930 1229931 1229932 1232579 1232601 1238700 1239119 1239335 1239618 CVE-2013-0340 CVE-2019-15903 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 CVE-2025-22869 CVE-2025-22870 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 304 Released: Tue Apr 29 13:07:45 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: * Bug fixes: * Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext * Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives Version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]) * Security fixes: * CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: * Document changes since the previous release * Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Version update to 2.6.4: * Security fixes: [bsc#1232601][bsc#1232579] * CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: * Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. * Other changes: - Version info bumped from 10:2:9 (libexpat*.so.1.9.2) to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ for what these numbers do Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: 306 Released: Tue Apr 29 13:11:44 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119) ----------------------------------------------------------------- Advisory ID: 305 Released: Tue Apr 29 13:13:15 2025 Summary: Security update for elemental-toolkit Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-toolkit fixes the following issues: - Updated to version 2.1.3: * Simplify podman calls in CI steup * Switched GHA runners to Ubuntu 24.04 * Updated year in headers * Updated to go1.23, required by the new x/crypto module * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) The following package changes have been done: - libexpat1-2.7.1-1.1 updated - SL-Micro-release-6.0-25.20 updated - elemental-toolkit-2.1.3-1.1 updated - gpg2-2.4.4-2.1 updated - container:SL-Micro-base-container-2.1.3-6.18 updated From sle-container-updates at lists.suse.com Wed Apr 30 07:05:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Apr 2025 09:05:39 +0200 (CEST) Subject: SUSE-IU-2025:1209-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250430070539.EE620FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1209-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-6.18 , suse/sl-micro/6.0/base-os-container:latest Image Release : 6.18 Severity : important Type : security References : 1219559 1219561 1221289 1229930 1229931 1229932 1232579 1232601 1238700 1239119 1239335 1239618 CVE-2013-0340 CVE-2019-15903 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 CVE-2025-22869 CVE-2025-22870 CVE-2025-30258 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 304 Released: Tue Apr 29 13:07:45 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: * Bug fixes: * Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext * Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives Version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]) * Security fixes: * CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: * Document changes since the previous release * Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Version update to 2.6.4: * Security fixes: [bsc#1232601][bsc#1232579] * CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: * Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. * Other changes: - Version info bumped from 10:2:9 (libexpat*.so.1.9.2) to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ for what these numbers do Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: 306 Released: Tue Apr 29 13:11:44 2025 Summary: Security update for gpg2 Type: security Severity: low References: 1239119,CVE-2025-30258 This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119) ----------------------------------------------------------------- Advisory ID: 305 Released: Tue Apr 29 13:13:15 2025 Summary: Security update for elemental-toolkit Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-toolkit fixes the following issues: - Updated to version 2.1.3: * Simplify podman calls in CI steup * Switched GHA runners to Ubuntu 24.04 * Updated year in headers * Updated to go1.23, required by the new x/crypto module * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) The following package changes have been done: - libexpat1-2.7.1-1.1 updated - SL-Micro-release-6.0-25.20 updated - elemental-toolkit-2.1.3-1.1 updated - gpg2-2.4.4-2.1 updated From sle-container-updates at lists.suse.com Wed Apr 30 07:06:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Apr 2025 09:06:08 +0200 (CEST) Subject: SUSE-IU-2025:1210-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250430070608.BEBE7FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1210-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.18 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.18 Severity : important Type : security References : 1219559 1219561 1221289 1229930 1229931 1229932 1232579 1232601 1238700 1239335 1239618 CVE-2013-0340 CVE-2019-15903 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 304 Released: Tue Apr 29 13:07:45 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: * Bug fixes: * Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext * Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives Version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]) * Security fixes: * CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: * Document changes since the previous release * Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Version update to 2.6.4: * Security fixes: [bsc#1232601][bsc#1232579] * CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: * Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. * Other changes: - Version info bumped from 10:2:9 (libexpat*.so.1.9.2) to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ for what these numbers do Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: 305 Released: Tue Apr 29 13:13:15 2025 Summary: Security update for elemental-toolkit Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-toolkit fixes the following issues: - Updated to version 2.1.3: * Simplify podman calls in CI steup * Switched GHA runners to Ubuntu 24.04 * Updated year in headers * Updated to go1.23, required by the new x/crypto module * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) The following package changes have been done: - libexpat1-2.7.1-1.1 updated - SL-Micro-release-6.0-25.20 updated - elemental-toolkit-2.1.3-1.1 updated - container:SL-Micro-base-container-2.1.3-6.18 updated From sle-container-updates at lists.suse.com Wed Apr 30 07:06:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Apr 2025 09:06:45 +0200 (CEST) Subject: SUSE-IU-2025:1211-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250430070645.B4A97FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1211-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.23 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.23 Severity : important Type : security References : 1219559 1219561 1221289 1229930 1229931 1229932 1232579 1232601 1238700 1239335 1239618 CVE-2013-0340 CVE-2019-15903 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 304 Released: Tue Apr 29 13:07:45 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: * Bug fixes: * Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext * Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives Version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]) * Security fixes: * CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: * Document changes since the previous release * Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Version update to 2.6.4: * Security fixes: [bsc#1232601][bsc#1232579] * CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: * Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. * Other changes: - Version info bumped from 10:2:9 (libexpat*.so.1.9.2) to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ for what these numbers do Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: 305 Released: Tue Apr 29 13:13:15 2025 Summary: Security update for elemental-toolkit Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-toolkit fixes the following issues: - Updated to version 2.1.3: * Simplify podman calls in CI steup * Switched GHA runners to Ubuntu 24.04 * Updated year in headers * Updated to go1.23, required by the new x/crypto module * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) The following package changes have been done: - libexpat1-2.7.1-1.1 updated - SL-Micro-release-6.0-25.20 updated - elemental-toolkit-2.1.3-1.1 updated - container:SL-Micro-container-2.1.3-6.21 updated From sle-container-updates at lists.suse.com Wed Apr 30 07:07:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Apr 2025 09:07:45 +0200 (CEST) Subject: SUSE-IU-2025:1212-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250430070745.319C2FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1212-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.25 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.25 Severity : important Type : recommended References : 1167721 1237180 CVE-2019-20633 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 83 Released: Tue Apr 29 10:20:23 2025 Summary: Recommended update for open-vm-tools Type: recommended Severity: important References: 1167721,1237180,CVE-2019-20633 This update for open-vm-tools fixes the following issues: - Ensure vmtoolsd.service and vgauthd.service are set to enabled by default. Do this by removing vmblock-fuse.service from the %pre section in the spec file. vmblock-fuse.service still remains in the %pre desktop section (bsc#1237180). - remove unused pcre build dependency - Revert previous change. The proposed solutions was non-standard. - Ensure vmtoolsd.service, vgauthd.service, and vmblock-fuse.service are set to enabled by default (bsc#1237180). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.23 updated - libvmtools0-12.5.0-slfo.1.1_2.1 updated - open-vm-tools-12.5.0-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.0-4.25 updated