SUSE-IU-2025:1942-1: Security update of suse-sles-15-sp6-chost-byos-v20250711-hvm-ssd-x86_64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sun Jul 13 07:02:52 UTC 2025
SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250711-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1942-1
Image Tags : suse-sles-15-sp6-chost-byos-v20250711-hvm-ssd-x86_64:20250711
Image Release :
Severity : important
Type : security
References : 1220112 1223096 1226498 1228776 1229491 1230092 1230581 1231016
1232649 1232882 1233192 1234154 1235149 1235968 1236142 1236208
1236931 1237312 1238212 1238473 1238774 1238992 1239012 1239119
1239543 1239602 1239691 1239765 1239817 1239925 1240132 1240150
1240593 1240866 1240899 1240966 1241148 1241282 1241305 1241340
1241351 1241376 1241448 1241457 1241463 1241492 1241519 1241525
1241533 1241538 1241576 1241590 1241595 1241596 1241597 1241625
1241627 1241635 1241638 1241644 1241654 1241657 1241667 1241830
1242006 1242012 1242035 1242044 1242114 1242203 1242343 1242414
1242417 1242501 1242502 1242506 1242507 1242509 1242510 1242512
1242513 1242514 1242520 1242523 1242524 1242529 1242530 1242531
1242532 1242559 1242563 1242564 1242565 1242566 1242567 1242568
1242569 1242574 1242575 1242578 1242584 1242585 1242587 1242591
1242709 1242727 1242758 1242760 1242761 1242762 1242763 1242764
1242766 1242770 1242778 1242781 1242782 1242785 1242786 1242792
1242827 1242844 1242852 1242854 1242856 1242859 1242860 1242861
1242866 1242867 1242868 1242871 1242873 1242875 1242906 1242908
1242924 1242930 1242944 1242945 1242948 1242949 1242951 1242953
1242955 1242957 1242959 1242961 1242962 1242973 1242974 1242977
1242990 1242993 1243000 1243006 1243011 1243015 1243044 1243049
1243056 1243074 1243076 1243077 1243082 1243090 1243226 1243226
1243330 1243342 1243456 1243469 1243470 1243471 1243472 1243473
1243476 1243488 1243509 1243511 1243513 1243515 1243516 1243517
1243519 1243522 1243524 1243528 1243529 1243530 1243534 1243536
1243539 1243540 1243541 1243543 1243545 1243547 1243559 1243560
1243562 1243567 1243573 1243574 1243575 1243589 1243621 1243624
1243625 1243626 1243627 1243649 1243657 1243658 1243659 1243660
1243664 1243737 1243805 1243833 1243887 1243901 1243935 1243963
1244035 1244039 1244079 1244105 1244135 1244509 1244596 1245274
1245275 1245309 1245310 1245311 1245314 CVE-2023-53146 CVE-2024-28956
CVE-2024-41965 CVE-2024-43869 CVE-2024-45310 CVE-2024-46713 CVE-2024-47081
CVE-2024-50106 CVE-2024-50223 CVE-2024-53135 CVE-2024-54458 CVE-2024-58098
CVE-2024-58099 CVE-2024-58100 CVE-2024-58237 CVE-2025-0495 CVE-2025-21629
CVE-2025-21648 CVE-2025-21702 CVE-2025-21787 CVE-2025-21814 CVE-2025-21919
CVE-2025-22005 CVE-2025-22021 CVE-2025-22030 CVE-2025-22056 CVE-2025-22057
CVE-2025-22063 CVE-2025-22066 CVE-2025-22070 CVE-2025-22089 CVE-2025-22095
CVE-2025-22103 CVE-2025-22119 CVE-2025-22124 CVE-2025-22125 CVE-2025-22126
CVE-2025-22872 CVE-2025-23140 CVE-2025-23141 CVE-2025-23142 CVE-2025-23144
CVE-2025-23146 CVE-2025-23147 CVE-2025-23148 CVE-2025-23149 CVE-2025-23150
CVE-2025-23151 CVE-2025-23156 CVE-2025-23157 CVE-2025-23158 CVE-2025-23159
CVE-2025-23160 CVE-2025-23161 CVE-2025-29768 CVE-2025-30258 CVE-2025-32462
CVE-2025-32463 CVE-2025-37740 CVE-2025-37741 CVE-2025-37742 CVE-2025-37747
CVE-2025-37748 CVE-2025-37749 CVE-2025-37750 CVE-2025-37754 CVE-2025-37755
CVE-2025-37758 CVE-2025-37765 CVE-2025-37766 CVE-2025-37767 CVE-2025-37768
CVE-2025-37769 CVE-2025-37770 CVE-2025-37771 CVE-2025-37772 CVE-2025-37773
CVE-2025-37780 CVE-2025-37781 CVE-2025-37782 CVE-2025-37787 CVE-2025-37788
CVE-2025-37789 CVE-2025-37790 CVE-2025-37792 CVE-2025-37793 CVE-2025-37794
CVE-2025-37796 CVE-2025-37797 CVE-2025-37798 CVE-2025-37803 CVE-2025-37804
CVE-2025-37805 CVE-2025-37809 CVE-2025-37810 CVE-2025-37812 CVE-2025-37815
CVE-2025-37819 CVE-2025-37820 CVE-2025-37823 CVE-2025-37824 CVE-2025-37829
CVE-2025-37830 CVE-2025-37831 CVE-2025-37833 CVE-2025-37836 CVE-2025-37839
CVE-2025-37840 CVE-2025-37841 CVE-2025-37842 CVE-2025-37849 CVE-2025-37850
CVE-2025-37851 CVE-2025-37852 CVE-2025-37853 CVE-2025-37854 CVE-2025-37858
CVE-2025-37867 CVE-2025-37870 CVE-2025-37871 CVE-2025-37873 CVE-2025-37875
CVE-2025-37879 CVE-2025-37881 CVE-2025-37886 CVE-2025-37887 CVE-2025-37889
CVE-2025-37890 CVE-2025-37891 CVE-2025-37892 CVE-2025-37897 CVE-2025-37900
CVE-2025-37901 CVE-2025-37903 CVE-2025-37905 CVE-2025-37911 CVE-2025-37912
CVE-2025-37913 CVE-2025-37914 CVE-2025-37915 CVE-2025-37918 CVE-2025-37925
CVE-2025-37928 CVE-2025-37929 CVE-2025-37930 CVE-2025-37931 CVE-2025-37932
CVE-2025-37937 CVE-2025-37943 CVE-2025-37944 CVE-2025-37948 CVE-2025-37949
CVE-2025-37951 CVE-2025-37953 CVE-2025-37954 CVE-2025-37957 CVE-2025-37958
CVE-2025-37959 CVE-2025-37960 CVE-2025-37963 CVE-2025-37969 CVE-2025-37970
CVE-2025-37972 CVE-2025-37974 CVE-2025-37978 CVE-2025-37979 CVE-2025-37980
CVE-2025-37982 CVE-2025-37983 CVE-2025-37985 CVE-2025-37986 CVE-2025-37989
CVE-2025-37990 CVE-2025-38104 CVE-2025-38152 CVE-2025-38240 CVE-2025-38637
CVE-2025-39735 CVE-2025-40014 CVE-2025-40325 CVE-2025-40909 CVE-2025-4373
CVE-2025-4598 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372
CVE-2025-6018 CVE-2025-6018 CVE-2025-6020 CVE-2025-6052
-----------------------------------------------------------------
The container suse-sles-15-sp6-chost-byos-v20250711-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1998-1
Released: Wed Jun 18 10:42:20 2025
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1244039,CVE-2024-47081
This update for python-requests fixes the following issues:
- CVE-2024-47081: fixed netrc credential leak (bsc#1244039).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2000-1
Released: Wed Jun 18 13:08:14 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1220112,1223096,1226498,1229491,1230581,1231016,1232649,1232882,1233192,1234154,1235149,1235968,1236142,1236208,1237312,1238212,1238473,1238774,1238992,1239691,1239925,1240593,1240866,1240966,1241148,1241282,1241305,1241340,1241351,1241376,1241448,1241457,1241492,1241519,1241525,1241533,1241538,1241576,1241590,1241595,1241596,1241597,1241625,1241627,1241635,1241638,1241644,1241654,1241657,1242006,1242012,1242035,1242044,1242203,1242343,1242414,1242417,1242501,1242502,1242506,1242507,1242509,1242510,1242512,1242513,1242514,1242520,1242523,1242524,1242529,1242530,1242531,1242532,1242559,1242563,1242564,1242565,1242566,1242567,1242568,1242569,1242574,1242575,1242578,1242584,1242585,1242587,1242591,1242709,1242727,1242758,1242760,1242761,1242762,1242763,1242764,1242766,1242770,1242778,1242781,1242782,1242785,1242786,1242792,1242852,1242854,1242856,1242859,1242860,1242861,1242866,1242867,1242868,1242871,1242873,1242875,1242906,1242908,1242924,1242930,1242944,1242945,1242948,1
242949,1242951,1242953,1242955,1242957,1242959,1242961,1242962,1242973,1242974,1242977,1242990,1242993,1243000,1243006,1243011,1243015,1243044,1243049,1243056,1243074,1243076,1243077,1243082,1243090,1243330,1243342,1243456,1243469,1243470,1243471,1243472,1243473,1243476,1243509,1243511,1243513,1243515,1243516,1243517,1243519,1243522,1243524,1243528,1243529,1243530,1243534,1243536,1243539,1243540,1243541,1243543,1243545,1243547,1243559,1243560,1243562,1243567,1243573,1243574,1243575,1243589,1243621,1243624,1243625,1243626,1243627,1243649,1243657,1243658,1243659,1243660,1243664,1243737,1243805,1243963,CVE-2023-53146,CVE-2024-28956,CVE-2024-43869,CVE-2024-46713,CVE-2024-50106,CVE-2024-50223,CVE-2024-53135,CVE-2024-54458,CVE-2024-58098,CVE-2024-58099,CVE-2024-58100,CVE-2024-58237,CVE-2025-21629,CVE-2025-21648,CVE-2025-21702,CVE-2025-21787,CVE-2025-21814,CVE-2025-21919,CVE-2025-22005,CVE-2025-22021,CVE-2025-22030,CVE-2025-22056,CVE-2025-22057,CVE-2025-22063,CVE-2025-22066,CVE-2025-22070,
CVE-2025-22089,CVE-2025-22095,CVE-2025-22103,CVE-2025-22119,CVE-2025-22124,CVE-2025-22125,CVE-2025-22126,CVE-2025-23140,CVE-2025-23141,CVE-2025-23142,CVE-2025-23144,CVE-2025-23146,CVE-2025-23147,CVE-2025-23148,CVE-2025-23149,CVE-2025-23150,CVE-2025-23151,CVE-2025-23156,CVE-2025-23157,CVE-2025-23158,CVE-2025-23159,CVE-2025-23160,CVE-2025-23161,CVE-2025-37740,CVE-2025-37741,CVE-2025-37742,CVE-2025-37747,CVE-2025-37748,CVE-2025-37749,CVE-2025-37750,CVE-2025-37754,CVE-2025-37755,CVE-2025-37758,CVE-2025-37765,CVE-2025-37766,CVE-2025-37767,CVE-2025-37768,CVE-2025-37769,CVE-2025-37770,CVE-2025-37771,CVE-2025-37772,CVE-2025-37773,CVE-2025-37780,CVE-2025-37781,CVE-2025-37782,CVE-2025-37787,CVE-2025-37788,CVE-2025-37789,CVE-2025-37790,CVE-2025-37792,CVE-2025-37793,CVE-2025-37794,CVE-2025-37796,CVE-2025-37797,CVE-2025-37798,CVE-2025-37803,CVE-2025-37804,CVE-2025-37805,CVE-2025-37809,CVE-2025-37810,CVE-2025-37812,CVE-2025-37815,CVE-2025-37819,CVE-2025-37820,CVE-2025-37823,CVE-2025-37824,CVE-202
5-37829,CVE-2025-37830,CVE-2025-37831,CVE-2025-37833,CVE-2025-37836,CVE-2025-37839,CVE-2025-37840,CVE-2025-37841,CVE-2025-37842,CVE-2025-37849,CVE-2025-37850,CVE-2025-37851,CVE-2025-37852,CVE-2025-37853,CVE-2025-37854,CVE-2025-37858,CVE-2025-37867,CVE-2025-37870,CVE-2025-37871,CVE-2025-37873,CVE-2025-37875,CVE-2025-37879,CVE-2025-37881,CVE-2025-37886,CVE-2025-37887,CVE-2025-37889,CVE-2025-37890,CVE-2025-37891,CVE-2025-37892,CVE-2025-37897,CVE-2025-37900,CVE-2025-37901,CVE-2025-37903,CVE-2025-37905,CVE-2025-37911,CVE-2025-37912,CVE-2025-37913,CVE-2025-37914,CVE-2025-37915,CVE-2025-37918,CVE-2025-37925,CVE-2025-37928,CVE-2025-37929,CVE-2025-37930,CVE-2025-37931,CVE-2025-37932,CVE-2025-37937,CVE-2025-37943,CVE-2025-37944,CVE-2025-37948,CVE-2025-37949,CVE-2025-37951,CVE-2025-37953,CVE-2025-37954,CVE-2025-37957,CVE-2025-37958,CVE-2025-37959,CVE-2025-37960,CVE-2025-37963,CVE-2025-37969,CVE-2025-37970,CVE-2025-37972,CVE-2025-37974,CVE-2025-37978,CVE-2025-37979,CVE-2025-37980,CVE-2025-37982
,CVE-2025-37983,CVE-2025-37985,CVE-2025-37986,CVE-2025-37989,CVE-2025-37990,CVE-2025-38104,CVE-2025-38152,CVE-2025-38240,CVE-2025-38637,CVE-2025-39735,CVE-2025-40014,CVE-2025-40325
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).
- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).
- CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).
- CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).
- CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473).
- CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).
- CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).
- CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).
- CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).
- CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).
- CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).
- CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).
- CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).
- CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507).
- CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).
- CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).
- CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).
- CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).
- CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).
- CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).
- CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
- CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).
- CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).
- CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).
- CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).
- CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).
- CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).
- CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).
- CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).
- CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).
- CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).
- CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).
- CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).
- CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).
- CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).
- CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664).
- CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).
- CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).
- CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).
- CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).
The following non-security bugs were fixed:
- ACPI: PPTT: Fix processor subtable walk (git-fixes).
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).
- ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).
- ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).
- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).
- ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).
- ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).
- ASoC: Use of_property_read_bool() (stable-fixes).
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).
- ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).
- Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).
- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).
- Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).
- Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).
- HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).
- HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).
- IB/cm: use rwlock for MAD agent lock (git-fixes)
- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).
- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).
- Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).
- Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).
- Input: xpad - fix Share button on Xbox One controllers (stable-fixes).
- Input: xpad - fix two controller table values (git-fixes).
- KVM: SVM: Allocate IR data using atomic allocation (git-fixes).
- KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes).
- KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).
- KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).
- KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).
- KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).
- KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).
- KVM: arm64: Mark some header functions as inline (git-fixes).
- KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).
- KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).
- KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).
- KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).
- KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).
- KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).
- KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).
- KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).
- KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).
- KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes).
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).
- KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes).
- KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).
- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes).
- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).
- KVM: x86: Make x2APIC ID 100% readonly (git-fixes).
- KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).
- KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).
- KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).
- NFS: O_DIRECT writes must check and adjust the file length (git-fixes).
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes).
- NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).
- NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).
- RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)
- RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes)
- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)
- RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes)
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)
- Squashfs: check return result of sb_min_blocksize (git-fixes).
- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).
- Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).
- add bug reference for an existing hv_netvsc change (bsc#1243737).
- afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).
- afs: Make it possible to find the volumes that are using a server (git-fixes).
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)
- arm64: insn: Add support for encoding DSB (git-fixes)
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes)
- arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)
- arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)
- arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).
- bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).
- bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).
- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).
- bpf: Scrub packet on bpf_redirect_peer (git-fixes).
- btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).
- btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).
- btrfs: avoid monopolizing a core when activating a swap file (git-fixes).
- btrfs: do not loop for nowait writes when checking for cross references (git-fixes).
- btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).
- btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).
- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).
- cBPF: Refresh fixes for cBPF issue (bsc#1242778)
- can: bcm: add locking for bcm_op runtime updates (git-fixes).
- can: bcm: add missing rcu read protection for procfs content (git-fixes).
- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).
- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).
- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).
- can: slcan: allow reception of short error messages (git-fixes).
- check-for-config-changes: Fix flag name typo
- cifs: change tcon status when need_reconnect is set on it (git-fixes).
- cifs: reduce warning log level for server not advertising interfaces (git-fixes).
- crypto: algif_hash - fix double free in hash_accept (git-fixes).
- devlink: fix port new reply cmd type (git-fixes).
- dm-integrity: fix a warning on invalid table line (git-fixes).
- dma-buf: insert memory barrier before updating num_fences (git-fixes).
- dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes).
- dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).
- dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).
- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).
- dmaengine: idxd: Fix ->poll() return value (git-fixes).
- dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).
- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mediatek: drop unused variable (git-fixes).
- dmaengine: ti: k3-udma: Add missing locking (git-fixes).
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).
- drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).
- drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes).
- drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).
- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).
- drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).
- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).
- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).
- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).
- drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).
- drm/amdgpu: fix pm notifier handling (git-fixes).
- drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).
- drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).
- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).
- drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).
- exfat: fix potential wrong error return from get_block (git-fixes).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).
- hv_netvsc: Remove rmsg_pgcnt (git-fixes).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).
- i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).
- idpf: fix offloads support for encapsulated packets (git-fixes).
- idpf: fix potential memory leak on kcalloc() failure (git-fixes).
- idpf: protect shutdown from reset (git-fixes).
- igc: fix lock order in igc_ptp_reset (git-fixes).
- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).
- iio: adc: ad7606: fix serial register access (git-fixes).
- iio: adis16201: Correct inclinometer channel resolution (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).
- inetpeer: remove create argument of inet_getpeer_v() (git-fixes).
- inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).
- ipv4/route: avoid unused-but-set-variable warning (git-fixes).
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).
- ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).
- ipv4: Fix incorrect source address in Record Route option (git-fixes).
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).
- ipv4: fix source address selection with route leak (git-fixes).
- ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).
- ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).
- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes).
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).
- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).
- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).
- ipv6: Align behavior across nexthops during path selection (git-fixes).
- ipv6: Do not consider link down nexthops in path selection (git-fixes).
- ipv6: Start path selection from the first nexthop (git-fixes).
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).
- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).
- jiffies: Define secs_to_jiffies() (bsc#1242993).
- kernel-obs-qa: Use srchash for dependency as well
- loop: Add sanity check for read/write_iter (git-fixes).
- loop: aio inherit the ioprio of original request (git-fixes).
- loop: do not require ->write_iter for writable files in loop_configure (git-fixes).
- md/raid1,raid10: do not ignore IO flags (git-fixes).
- md/raid10: fix missing discard IO accounting (git-fixes).
- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).
- md/raid1: Add check for missing source disk in process_checks() (git-fixes).
- md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).
- md/raid5: implement pers->bitmap_sector() (git-fixes).
- md: add a new callback pers->bitmap_sector() (git-fixes).
- md: ensure resync is prioritized over recovery (git-fixes).
- md: fix mddev uaf while iterating all_mddevs list (git-fixes).
- md: preserve KABI in struct md_personality v2 (git-fixes).
- media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- neighbour: delete redundant judgment statements (git-fixes).
- net/handshake: Fix handshake_req_destroy_test1 (git-fixes).
- net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).
- net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).
- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).
- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).
- net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).
- net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).
- net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).
- net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).
- net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).
- net: Handle napi_schedule() calls from non-interrupt (git-fixes).
- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).
- net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).
- net: do not dump stack on queue timeout (git-fixes).
- net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).
- net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).
- net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).
- net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).
- net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).
- net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).
- netdev-genl: avoid empty messages in queue dump (git-fixes).
- netdev: fix repeated netlink messages in queue dump (git-fixes).
- netlink: annotate data-races around sk->sk_err (git-fixes).
- netpoll: Ensure clean state on setup failures (git-fixes).
- nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).
- nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).
- nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).
- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).
- nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).
- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
- nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).
- nvme-tcp: fix premature queue removal and I/O failover (git-fixes).
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).
- nvme: Add 'partial_nid' quirk (bsc#1241148).
- nvme: Add warning when a partiually unique NID is detected (bsc#1241148).
- nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149).
- nvme: Update patch nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149).
- nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).
- nvme: multipath: fix return value of nvme_available_path (git-fixes).
- nvme: re-read ANA log page after ns scan completes (git-fixes).
- nvme: requeue namespace scan on missed AENs (git-fixes).
- nvme: unblock ctrl state transition for firmware update (git-fixes).
- nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).
- nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).
- nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes).
- nvmet-fc: take tgtport reference only once (git-fixes).
- nvmet-fc: update tgtport ref per assoc (git-fixes).
- nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).
- nvmet-fcloop: add ref counting to lport (git-fixes).
- nvmet-fcloop: replace kref with refcount (git-fixes).
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).
- objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).
- padata: do not leak refcount in reorder_work (git-fixes).
- phy: Fix error handling in tegra_xusb_port_init (git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).
- phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).
- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).
- phy: tegra: xusb: remove a stray unlock (git-fixes).
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).
- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).
- powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).
- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).
- qibfs: fix _another_ leak (git-fixes)
- rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)
- rcu/tasks: Handle new PF_IDLE semantics (git-fixes)
- rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes)
- rcu: Introduce rcu_cpu_online() (git-fixes)
- regulator: max20086: fix invalid memory access (git-fixes).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).
- scsi: Improve CDL control (git-fixes).
- scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).
- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).
- scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).
- scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).
- scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).
- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).
- scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993).
- scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).
- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).
- scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).
- scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).
- scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).
- scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).
- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).
- scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).
- scsi: qla2xxx: Fix typos in a comment (bsc#1243090).
- scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).
- scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).
- scsi: qla2xxx: Remove unused module parameters (bsc#1243090).
- scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).
- scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).
- scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).
- scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203).
- smb3: fix Open files on server counter going negative (git-fixes).
- smb: client: Use str_yes_no() helper function (git-fixes).
- smb: client: allow more DFS referrals to be cached (git-fixes).
- smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes).
- smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes).
- smb: client: do not retry DFS targets on server shutdown (git-fixes).
- smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes).
- smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes).
- smb: client: fix DFS interlink failover (git-fixes).
- smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes).
- smb: client: fix hang in wait_for_response() for negproto (bsc#1242709).
- smb: client: fix potential race in cifs_put_tcon() (git-fixes).
- smb: client: fix return value of parse_dfs_referrals() (git-fixes).
- smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes).
- smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes).
- smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes).
- smb: client: improve purging of cached referrals (git-fixes).
- smb: client: introduce av_for_each_entry() helper (git-fixes).
- smb: client: optimize referral walk on failed link targets (git-fixes).
- smb: client: parse DNS domain name from domain= option (git-fixes).
- smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes).
- smb: client: provide dns_resolve_{unc,name} helpers (git-fixes).
- smb: client: refresh referral without acquiring refpath_lock (git-fixes).
- smb: client: remove unnecessary checks in open_cached_dir() (git-fixes).
- spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).
- spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).
- spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).
- spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).
- spi: tegra114: Use value to check for invalid delays (git-fixes).
- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).
- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).
- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).
- tcp_cubic: fix incorrect HyStart round start detection (git-fixes).
- thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).
- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).
- usb: gadget: f_ecm: Add get_status callback (git-fixes).
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).
- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).
- usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).
- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).
- usb: uhci-platform: Make the clock really optional (git-fixes).
- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).
- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).
- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).
- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).
- virtio_console: fix missing byte order handling for cols and rows (git-fixes).
- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).
- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).
- wifi: mt76: disable napi on driver removal (git-fixes).
- x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).
- x86/xen: move xen_reserve_extra_memory() (git-fixes).
- xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).
- xen: Change xen-acpi-processor dom0 dependency (git-fixes).
- xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes).
- xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).
- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).
- xhci: split free interrupter into separate remove and free parts (git-fixes).
- xsk: Add truesize to skb_add_rx_frag() (git-fixes).
- xsk: Do not assume metadata is always requested in TX completion (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2007-1
Released: Wed Jun 18 16:03:17 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1239012,1239543,1240132,1241463,1243887,1243901,1244105
This update for libzypp, zypper fixes the following issues:
- Fix credential handling in HEAD requests (bsc#1244105)
- RepoInfo: use pathNameSetTrailingSlash
- Fix wrong userdata parameter type when running zypp with debug
verbosity (bsc#1239012)
- Do not warn about no mirrors if mirrorlist was switched on
automatically. (bsc#1243901)
- Relax permission of cached packages to 0644 & ~umask
(bsc#1243887)
- Add a note to service maintained .repo file entries
- Support using %{url} variable in a RIS service's repo section.
- Use a cookie file to validate mirrorlist cache.
This patch extends the mirrorlist code to use a cookie file to
validate the contents of the cache against the source URL, making
sure that we do not accidentially use a old cache when the
mirrorlist url was changed. For example when migrating a system
from one release to the next where the same repo alias might just
have a different URL.
- Let Service define and update gpgkey, mirrorlist and metalink.
- Preserve a mirrorlist file in the raw cache during refresh.
- Enable curl2 backend and parallel package download by
default.
Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1>
can be used to turn the features on or off.
- Make gpgKeyUrl the default source for gpg keys.
When refreshing zypp now primarily uses gpgKeyUrl information
from the repo files and only falls back to a automatically
generated key Url if a gpgKeyUrl was not specified.
- Introduce mirrors into the Media backends (bsc#1240132)
- Drop MediaMultiCurl backend.
- Throttle progress updates when preloading packages (bsc#1239543)
- Check if request is in valid state in CURL callbacks
- spec/CMake: add conditional build
'--with[out] classic_rpmtrans_as_default'.
classic_rpmtrans is the current builtin default for SUSE,
otherwise it's single_rpmtrans.
The `enable_preview_single_rpmtrans_as_default_for_zypper` switch
was removed from the spec file. Accordingly the CMake option
ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed.
- BuildRequires: libzypp-devel >= 17.37.0.
- Use libzypp improvements for preload and mirror handling.
- xmlout.rnc: Update repo-element (bsc#1241463)
Add the 'metalink' attribute and reflect that the 'url' elements
list may in fact be empty, if no baseurls are defined in the
.repo files.
- man: update --allow-unsigned-rpm description.
Explain how to achieve the same for packages provided by
repositories.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2013-1
Released: Wed Jun 18 20:05:07 2025
Summary: Security update for pam
Type: security
Severity: important
References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2027-1
Released: Thu Jun 19 17:15:41 2025
Summary: Security update for perl
Type: security
Severity: moderate
References: 1244079,CVE-2025-40909
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2080-1
Released: Tue Jun 24 12:26:23 2025
Summary: Security update for pam-config
Type: security
Severity: important
References: 1243226,CVE-2025-6018
This update for pam-config fixes the following issues:
- CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2103-1
Released: Wed Jun 25 10:26:23 2025
Summary: Recommended update for cifs-utils
Type: recommended
Severity: important
References: 1243488
This update for cifs-utils fixes the following issues:
- Add patches:
* Fix cifs.mount with krb5 auth (bsc#1243488)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2104-1
Released: Wed Jun 25 10:26:59 2025
Summary: Recommended update for nfs-utils
Type: recommended
Severity: important
References: 1240899
This update for nfs-utils fixes the following issues:
- gssd: add support for an 'allowed-enctypes' option in nfs.conf
(bsc#1240899)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2167-1
Released: Mon Jun 30 09:14:40 2025
Summary: Security update for glib2
Type: security
Severity: important
References: 1242844,1244596,CVE-2025-4373,CVE-2025-6052
This update for glib2 fixes the following issues:
- CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596).
- CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2177-1
Released: Mon Jun 30 19:53:04 2025
Summary: Security update for sudo
Type: security
Severity: important
References: 1245274,1245275,CVE-2025-32462,CVE-2025-32463
This update for sudo fixes the following issues:
- CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274).
- CVE-2025-32463: Fixed a possible local privilege Escalation via chroot option (bsc#1245275).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2198-1
Released: Wed Jul 2 11:22:33 2025
Summary: Security update for runc
Type: security
Severity: low
References: 1230092,CVE-2024-45310
This update for runc fixes the following issues:
- CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092)
Other fixes:
- Update to runc v1.2.6.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2226-1
Released: Fri Jul 4 15:31:04 2025
Summary: Security update for vim
Type: security
Severity: moderate
References: 1228776,1239602,CVE-2024-41965,CVE-2025-29768
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2229-1
Released: Fri Jul 4 18:02:30 2025
Summary: Security update for libssh
Type: security
Severity: important
References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372
This update for libssh fixes the following issues:
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2237-1
Released: Mon Jul 7 14:59:13 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References:
This update for openssl-3 fixes the following issues:
- Backport mdless cms signing support [jsc#PED-12895]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2239-1
Released: Mon Jul 7 15:32:03 2025
Summary: Recommended update for libbpf
Type: recommended
Severity: moderate
References: 1244135
This update for libbpf fixes the following issue:
- Workaround kernel module size increase, 6.15 modules are 2-4 times larger than
6.14's (bsc#1244135).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2240-1
Released: Mon Jul 7 18:16:10 2025
Summary: Recommended update for openssh
Type: recommended
Severity: moderate
References: 1241667
This update for openssh fixes the following issue:
- 'scp' on SLE 15 ignores write directory permissions for group and world (bsc#1241667).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2244-1
Released: Tue Jul 8 10:44:02 2025
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1242827,1243935,CVE-2025-4598
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
Other bugfixes:
- logs-show: get timestamp and boot ID only when necessary (bsc#1242827).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2259-1
Released: Wed Jul 9 17:18:02 2025
Summary: Recommended update for gpg2
Type: security
Severity: low
References: 1236931,1239119,1239817,CVE-2025-30258
This update for gpg2 fixes the following issues:
- CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119).
Other bugfixes:
- Do not install expired sks certificate (bsc#1243069).
- gpg hangs when importing a key (bsc#1236931).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2289-1
Released: Fri Jul 11 13:12:28 2025
Summary: Security update for docker
Type: security
Severity: moderate
References: 1239765,1240150,1241830,1242114,1243833,1244035,CVE-2025-0495,CVE-2025-22872
This update for docker fixes the following issues:
Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114):
- CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials
allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765)
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830).
Other fixes:
- Update to docker-buildx v0.22.0.
- Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035).
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
- SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150).
The following package changes have been done:
- cifs-utils-6.15-150400.3.15.1 updated
- docker-28.2.2_ce-150000.227.1 updated
- glib2-tools-2.78.6-150600.4.16.1 updated
- gpg2-2.4.4-150600.3.9.1 updated
- kernel-default-6.4.0-150600.23.53.1 updated
- libbpf1-1.2.2-150600.3.6.2 updated
- libgio-2_0-0-2.78.6-150600.4.16.1 updated
- libglib-2_0-0-2.78.6-150600.4.16.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.16.1 updated
- libgobject-2_0-0-2.78.6-150600.4.16.1 updated
- libnfsidmap1-1.0-150600.28.12.1 updated
- libopenssl3-3.1.4-150600.5.33.1 updated
- libssh-config-0.9.8-150600.11.3.1 updated
- libssh4-0.9.8-150600.11.3.1 updated
- libsystemd0-254.25-150600.4.40.1 updated
- libudev1-254.25-150600.4.40.1 updated
- libzypp-17.37.5-150600.3.60.1 updated
- nfs-client-2.6.4-150600.28.12.1 updated
- openssh-clients-9.6p1-150600.6.29.2 updated
- openssh-common-9.6p1-150600.6.29.2 updated
- openssh-server-config-disallow-rootlogin-9.6p1-150600.6.29.2 updated
- openssh-server-9.6p1-150600.6.29.2 updated
- openssh-9.6p1-150600.6.29.2 updated
- openssl-3-3.1.4-150600.5.33.1 updated
- pam-config-1.1-150600.16.8.1 updated
- pam-1.3.0-150000.6.83.1 updated
- perl-base-5.26.1-150300.17.20.1 updated
- perl-5.26.1-150300.17.20.1 updated
- python3-requests-2.25.1-150300.3.15.1 updated
- runc-1.2.6-150000.73.2 updated
- sudo-1.9.15p5-150600.3.9.1 updated
- systemd-254.25-150600.4.40.1 updated
- udev-254.25-150600.4.40.1 updated
- vim-data-common-9.1.1406-150500.20.27.1 updated
- vim-9.1.1406-150500.20.27.1 updated
- zypper-1.14.90-150600.10.34.3 updated
More information about the sle-container-updates
mailing list