SUSE-CU-2025:4543-1: Security update of bci/bci-sle15-kernel-module-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jun 20 12:58:37 UTC 2025
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4543-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.44.4
Container Release : 44.4
Severity : important
Type : security
References : 1220112 1223096 1226498 1229491 1230581 1231016 1232649 1232882
1233192 1234154 1235149 1235968 1236142 1236208 1237312 1238212
1238473 1238774 1238992 1239691 1239925 1240593 1240866 1240966
1241148 1241282 1241305 1241340 1241351 1241376 1241448 1241457
1241492 1241519 1241525 1241533 1241538 1241576 1241590 1241595
1241596 1241597 1241625 1241627 1241635 1241638 1241644 1241654
1241657 1242006 1242012 1242035 1242044 1242203 1242343 1242414
1242417 1242501 1242502 1242506 1242507 1242509 1242510 1242512
1242513 1242514 1242520 1242523 1242524 1242529 1242530 1242531
1242532 1242559 1242563 1242564 1242565 1242566 1242567 1242568
1242569 1242574 1242575 1242578 1242584 1242585 1242587 1242591
1242709 1242727 1242758 1242760 1242761 1242762 1242763 1242764
1242766 1242770 1242778 1242781 1242782 1242785 1242786 1242792
1242852 1242854 1242856 1242859 1242860 1242861 1242866 1242867
1242868 1242871 1242873 1242875 1242906 1242908 1242924 1242930
1242944 1242945 1242948 1242949 1242951 1242953 1242955 1242957
1242959 1242961 1242962 1242973 1242974 1242977 1242990 1242993
1243000 1243006 1243011 1243015 1243044 1243049 1243056 1243074
1243076 1243077 1243082 1243090 1243226 1243330 1243342 1243456
1243469 1243470 1243471 1243472 1243473 1243476 1243509 1243511
1243513 1243515 1243516 1243517 1243519 1243522 1243524 1243528
1243529 1243530 1243534 1243536 1243539 1243540 1243541 1243543
1243545 1243547 1243559 1243560 1243562 1243567 1243573 1243574
1243575 1243589 1243621 1243624 1243625 1243626 1243627 1243649
1243657 1243658 1243659 1243660 1243664 1243737 1243805 1243963
1244509 CVE-2023-53146 CVE-2024-28956 CVE-2024-43869 CVE-2024-46713
CVE-2024-50106 CVE-2024-50223 CVE-2024-53135 CVE-2024-54458 CVE-2024-58098
CVE-2024-58099 CVE-2024-58100 CVE-2024-58237 CVE-2025-21629 CVE-2025-21648
CVE-2025-21702 CVE-2025-21787 CVE-2025-21814 CVE-2025-21919 CVE-2025-22005
CVE-2025-22021 CVE-2025-22030 CVE-2025-22056 CVE-2025-22057 CVE-2025-22063
CVE-2025-22066 CVE-2025-22070 CVE-2025-22089 CVE-2025-22095 CVE-2025-22103
CVE-2025-22119 CVE-2025-22124 CVE-2025-22125 CVE-2025-22126 CVE-2025-23140
CVE-2025-23141 CVE-2025-23142 CVE-2025-23144 CVE-2025-23146 CVE-2025-23147
CVE-2025-23148 CVE-2025-23149 CVE-2025-23150 CVE-2025-23151 CVE-2025-23156
CVE-2025-23157 CVE-2025-23158 CVE-2025-23159 CVE-2025-23160 CVE-2025-23161
CVE-2025-37740 CVE-2025-37741 CVE-2025-37742 CVE-2025-37747 CVE-2025-37748
CVE-2025-37749 CVE-2025-37750 CVE-2025-37754 CVE-2025-37755 CVE-2025-37758
CVE-2025-37765 CVE-2025-37766 CVE-2025-37767 CVE-2025-37768 CVE-2025-37769
CVE-2025-37770 CVE-2025-37771 CVE-2025-37772 CVE-2025-37773 CVE-2025-37780
CVE-2025-37781 CVE-2025-37782 CVE-2025-37787 CVE-2025-37788 CVE-2025-37789
CVE-2025-37790 CVE-2025-37792 CVE-2025-37793 CVE-2025-37794 CVE-2025-37796
CVE-2025-37797 CVE-2025-37798 CVE-2025-37803 CVE-2025-37804 CVE-2025-37805
CVE-2025-37809 CVE-2025-37810 CVE-2025-37812 CVE-2025-37815 CVE-2025-37819
CVE-2025-37820 CVE-2025-37823 CVE-2025-37824 CVE-2025-37829 CVE-2025-37830
CVE-2025-37831 CVE-2025-37833 CVE-2025-37836 CVE-2025-37839 CVE-2025-37840
CVE-2025-37841 CVE-2025-37842 CVE-2025-37849 CVE-2025-37850 CVE-2025-37851
CVE-2025-37852 CVE-2025-37853 CVE-2025-37854 CVE-2025-37858 CVE-2025-37867
CVE-2025-37870 CVE-2025-37871 CVE-2025-37873 CVE-2025-37875 CVE-2025-37879
CVE-2025-37881 CVE-2025-37886 CVE-2025-37887 CVE-2025-37889 CVE-2025-37890
CVE-2025-37891 CVE-2025-37892 CVE-2025-37897 CVE-2025-37900 CVE-2025-37901
CVE-2025-37903 CVE-2025-37905 CVE-2025-37911 CVE-2025-37912 CVE-2025-37913
CVE-2025-37914 CVE-2025-37915 CVE-2025-37918 CVE-2025-37925 CVE-2025-37928
CVE-2025-37929 CVE-2025-37930 CVE-2025-37931 CVE-2025-37932 CVE-2025-37937
CVE-2025-37943 CVE-2025-37944 CVE-2025-37948 CVE-2025-37949 CVE-2025-37951
CVE-2025-37953 CVE-2025-37954 CVE-2025-37957 CVE-2025-37958 CVE-2025-37959
CVE-2025-37960 CVE-2025-37963 CVE-2025-37969 CVE-2025-37970 CVE-2025-37972
CVE-2025-37974 CVE-2025-37978 CVE-2025-37979 CVE-2025-37980 CVE-2025-37982
CVE-2025-37983 CVE-2025-37985 CVE-2025-37986 CVE-2025-37989 CVE-2025-37990
CVE-2025-38104 CVE-2025-38152 CVE-2025-38240 CVE-2025-38637 CVE-2025-39735
CVE-2025-40014 CVE-2025-40325 CVE-2025-6018 CVE-2025-6020
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2000-1
Released: Wed Jun 18 13:08:14 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1220112,1223096,1226498,1229491,1230581,1231016,1232649,1232882,1233192,1234154,1235149,1235968,1236142,1236208,1237312,1238212,1238473,1238774,1238992,1239691,1239925,1240593,1240866,1240966,1241148,1241282,1241305,1241340,1241351,1241376,1241448,1241457,1241492,1241519,1241525,1241533,1241538,1241576,1241590,1241595,1241596,1241597,1241625,1241627,1241635,1241638,1241644,1241654,1241657,1242006,1242012,1242035,1242044,1242203,1242343,1242414,1242417,1242501,1242502,1242506,1242507,1242509,1242510,1242512,1242513,1242514,1242520,1242523,1242524,1242529,1242530,1242531,1242532,1242559,1242563,1242564,1242565,1242566,1242567,1242568,1242569,1242574,1242575,1242578,1242584,1242585,1242587,1242591,1242709,1242727,1242758,1242760,1242761,1242762,1242763,1242764,1242766,1242770,1242778,1242781,1242782,1242785,1242786,1242792,1242852,1242854,1242856,1242859,1242860,1242861,1242866,1242867,1242868,1242871,1242873,1242875,1242906,1242908,1242924,1242930,1242944,1242945,1242948,1
242949,1242951,1242953,1242955,1242957,1242959,1242961,1242962,1242973,1242974,1242977,1242990,1242993,1243000,1243006,1243011,1243015,1243044,1243049,1243056,1243074,1243076,1243077,1243082,1243090,1243330,1243342,1243456,1243469,1243470,1243471,1243472,1243473,1243476,1243509,1243511,1243513,1243515,1243516,1243517,1243519,1243522,1243524,1243528,1243529,1243530,1243534,1243536,1243539,1243540,1243541,1243543,1243545,1243547,1243559,1243560,1243562,1243567,1243573,1243574,1243575,1243589,1243621,1243624,1243625,1243626,1243627,1243649,1243657,1243658,1243659,1243660,1243664,1243737,1243805,1243963,CVE-2023-53146,CVE-2024-28956,CVE-2024-43869,CVE-2024-46713,CVE-2024-50106,CVE-2024-50223,CVE-2024-53135,CVE-2024-54458,CVE-2024-58098,CVE-2024-58099,CVE-2024-58100,CVE-2024-58237,CVE-2025-21629,CVE-2025-21648,CVE-2025-21702,CVE-2025-21787,CVE-2025-21814,CVE-2025-21919,CVE-2025-22005,CVE-2025-22021,CVE-2025-22030,CVE-2025-22056,CVE-2025-22057,CVE-2025-22063,CVE-2025-22066,CVE-2025-22070,
CVE-2025-22089,CVE-2025-22095,CVE-2025-22103,CVE-2025-22119,CVE-2025-22124,CVE-2025-22125,CVE-2025-22126,CVE-2025-23140,CVE-2025-23141,CVE-2025-23142,CVE-2025-23144,CVE-2025-23146,CVE-2025-23147,CVE-2025-23148,CVE-2025-23149,CVE-2025-23150,CVE-2025-23151,CVE-2025-23156,CVE-2025-23157,CVE-2025-23158,CVE-2025-23159,CVE-2025-23160,CVE-2025-23161,CVE-2025-37740,CVE-2025-37741,CVE-2025-37742,CVE-2025-37747,CVE-2025-37748,CVE-2025-37749,CVE-2025-37750,CVE-2025-37754,CVE-2025-37755,CVE-2025-37758,CVE-2025-37765,CVE-2025-37766,CVE-2025-37767,CVE-2025-37768,CVE-2025-37769,CVE-2025-37770,CVE-2025-37771,CVE-2025-37772,CVE-2025-37773,CVE-2025-37780,CVE-2025-37781,CVE-2025-37782,CVE-2025-37787,CVE-2025-37788,CVE-2025-37789,CVE-2025-37790,CVE-2025-37792,CVE-2025-37793,CVE-2025-37794,CVE-2025-37796,CVE-2025-37797,CVE-2025-37798,CVE-2025-37803,CVE-2025-37804,CVE-2025-37805,CVE-2025-37809,CVE-2025-37810,CVE-2025-37812,CVE-2025-37815,CVE-2025-37819,CVE-2025-37820,CVE-2025-37823,CVE-2025-37824,CVE-202
5-37829,CVE-2025-37830,CVE-2025-37831,CVE-2025-37833,CVE-2025-37836,CVE-2025-37839,CVE-2025-37840,CVE-2025-37841,CVE-2025-37842,CVE-2025-37849,CVE-2025-37850,CVE-2025-37851,CVE-2025-37852,CVE-2025-37853,CVE-2025-37854,CVE-2025-37858,CVE-2025-37867,CVE-2025-37870,CVE-2025-37871,CVE-2025-37873,CVE-2025-37875,CVE-2025-37879,CVE-2025-37881,CVE-2025-37886,CVE-2025-37887,CVE-2025-37889,CVE-2025-37890,CVE-2025-37891,CVE-2025-37892,CVE-2025-37897,CVE-2025-37900,CVE-2025-37901,CVE-2025-37903,CVE-2025-37905,CVE-2025-37911,CVE-2025-37912,CVE-2025-37913,CVE-2025-37914,CVE-2025-37915,CVE-2025-37918,CVE-2025-37925,CVE-2025-37928,CVE-2025-37929,CVE-2025-37930,CVE-2025-37931,CVE-2025-37932,CVE-2025-37937,CVE-2025-37943,CVE-2025-37944,CVE-2025-37948,CVE-2025-37949,CVE-2025-37951,CVE-2025-37953,CVE-2025-37954,CVE-2025-37957,CVE-2025-37958,CVE-2025-37959,CVE-2025-37960,CVE-2025-37963,CVE-2025-37969,CVE-2025-37970,CVE-2025-37972,CVE-2025-37974,CVE-2025-37978,CVE-2025-37979,CVE-2025-37980,CVE-2025-37982
,CVE-2025-37983,CVE-2025-37985,CVE-2025-37986,CVE-2025-37989,CVE-2025-37990,CVE-2025-38104,CVE-2025-38152,CVE-2025-38240,CVE-2025-38637,CVE-2025-39735,CVE-2025-40014,CVE-2025-40325
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).
- CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581).
- CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992).
- CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774).
- CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473).
- CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593).
- CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282).
- CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533).
- CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351).
- CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305).
- CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448).
- CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763).
- CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513).
- CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507).
- CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523).
- CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859).
- CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510).
- CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506).
- CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502).
- CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786).
- CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
- CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852).
- CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854).
- CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856).
- CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867).
- CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875).
- CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860).
- CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861).
- CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868).
- CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951).
- CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056).
- CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077).
- CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944).
- CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962).
- CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541).
- CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664).
- CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519).
- CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547).
- CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627).
- CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657).
The following non-security bugs were fixed:
- ACPI: PPTT: Fix processor subtable walk (git-fixes).
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes).
- ALSA: seq: Fix delivery of UMP events to group ports (git-fixes).
- ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes).
- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes).
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes).
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes).
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).
- ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes).
- ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes).
- ASoC: Use of_property_read_bool() (stable-fixes).
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).
- ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes).
- Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes).
- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes).
- Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes).
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes).
- Fix write to cloned skb in ipv6_hop_ioam() (git-fixes).
- HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes).
- HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes).
- IB/cm: use rwlock for MAD agent lock (git-fixes)
- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).
- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).
- Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes).
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes).
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes).
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes).
- Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes).
- Input: xpad - fix Share button on Xbox One controllers (stable-fixes).
- Input: xpad - fix two controller table values (git-fixes).
- KVM: SVM: Allocate IR data using atomic allocation (git-fixes).
- KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes).
- KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes).
- KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes).
- KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes).
- KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes).
- KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes).
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes).
- KVM: arm64: Mark some header functions as inline (git-fixes).
- KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes).
- KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes).
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes).
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes).
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes).
- KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes).
- KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes).
- KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes).
- KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes).
- KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes).
- KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657).
- KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658).
- KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes).
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes).
- KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes).
- KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes).
- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes).
- KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes).
- KVM: x86: Make x2APIC ID 100% readonly (git-fixes).
- KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes).
- KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes).
- KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes).
- NFS: O_DIRECT writes must check and adjust the file length (git-fixes).
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes).
- NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes).
- NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes).
- RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes)
- RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes)
- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes)
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes)
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes)
- RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes)
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes)
- Squashfs: check return result of sb_min_blocksize (git-fixes).
- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).
- Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes).
- add bug reference for an existing hv_netvsc change (bsc#1243737).
- afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes).
- afs: Make it possible to find the volumes that are using a server (git-fixes).
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes)
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes)
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes)
- arm64: insn: Add support for encoding DSB (git-fixes)
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes)
- arm64: proton-pack: Expose whether the branchy loop k value (git-fixes)
- arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes)
- arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes).
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes).
- bnxt_en: Fix coredump logic to free allocated buffer (git-fixes).
- bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes).
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes).
- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes).
- bpf: Scrub packet on bpf_redirect_peer (git-fixes).
- btrfs: adjust subpage bit start based on sectorsize (bsc#1241492).
- btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342).
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208).
- btrfs: avoid monopolizing a core when activating a swap file (git-fixes).
- btrfs: do not loop for nowait writes when checking for cross references (git-fixes).
- btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes).
- btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012).
- btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes).
- cBPF: Refresh fixes for cBPF issue (bsc#1242778)
- can: bcm: add locking for bcm_op runtime updates (git-fixes).
- can: bcm: add missing rcu read protection for procfs content (git-fixes).
- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).
- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).
- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).
- can: slcan: allow reception of short error messages (git-fixes).
- check-for-config-changes: Fix flag name typo
- cifs: change tcon status when need_reconnect is set on it (git-fixes).
- cifs: reduce warning log level for server not advertising interfaces (git-fixes).
- crypto: algif_hash - fix double free in hash_accept (git-fixes).
- devlink: fix port new reply cmd type (git-fixes).
- dm-integrity: fix a warning on invalid table line (git-fixes).
- dma-buf: insert memory barrier before updating num_fences (git-fixes).
- dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes).
- dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes).
- dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes).
- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes).
- dmaengine: idxd: Fix ->poll() return value (git-fixes).
- dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes).
- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes).
- dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes).
- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mediatek: drop unused variable (git-fixes).
- dmaengine: ti: k3-udma: Add missing locking (git-fixes).
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes).
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).
- drm/amd/display: Avoid flooding unnecessary info messages (git-fixes).
- drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes).
- drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes).
- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).
- drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes).
- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).
- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).
- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes).
- drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes).
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes).
- drm/amdgpu: fix pm notifier handling (git-fixes).
- drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes).
- drm/edid: fixed the bug that hdr metadata was not reset (git-fixes).
- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).
- drm/v3d: Add job to pending list if the reset was skipped (stable-fixes).
- exfat: fix potential wrong error return from get_block (git-fixes).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes).
- hv_netvsc: Remove rmsg_pgcnt (git-fixes).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes).
- i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes).
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes).
- idpf: fix offloads support for encapsulated packets (git-fixes).
- idpf: fix potential memory leak on kcalloc() failure (git-fixes).
- idpf: protect shutdown from reset (git-fixes).
- igc: fix lock order in igc_ptp_reset (git-fixes).
- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).
- iio: adc: ad7606: fix serial register access (git-fixes).
- iio: adis16201: Correct inclinometer channel resolution (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).
- inetpeer: remove create argument of inet_getpeer_v() (git-fixes).
- inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes).
- ipv4/route: avoid unused-but-set-variable warning (git-fixes).
- ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes).
- ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes).
- ipv4: Fix incorrect source address in Record Route option (git-fixes).
- ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes).
- ipv4: fix source address selection with route leak (git-fixes).
- ipv4: give an IPv4 dev to blackhole_netdev (git-fixes).
- ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes).
- ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes).
- ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes).
- ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes).
- ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes).
- ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes).
- ipv6: Align behavior across nexthops during path selection (git-fixes).
- ipv6: Do not consider link down nexthops in path selection (git-fixes).
- ipv6: Start path selection from the first nexthop (git-fixes).
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes).
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).
- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993).
- jiffies: Define secs_to_jiffies() (bsc#1242993).
- kernel-obs-qa: Use srchash for dependency as well
- loop: Add sanity check for read/write_iter (git-fixes).
- loop: aio inherit the ioprio of original request (git-fixes).
- loop: do not require ->write_iter for writable files in loop_configure (git-fixes).
- md/raid1,raid10: do not ignore IO flags (git-fixes).
- md/raid10: fix missing discard IO accounting (git-fixes).
- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes).
- md/raid1: Add check for missing source disk in process_checks() (git-fixes).
- md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes).
- md/raid5: implement pers->bitmap_sector() (git-fixes).
- md: add a new callback pers->bitmap_sector() (git-fixes).
- md: ensure resync is prioritized over recovery (git-fixes).
- md: fix mddev uaf while iterating all_mddevs list (git-fixes).
- md: preserve KABI in struct md_personality v2 (git-fixes).
- media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- neighbour: delete redundant judgment statements (git-fixes).
- net/handshake: Fix handshake_req_destroy_test1 (git-fixes).
- net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes).
- net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes).
- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes).
- net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes).
- net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes).
- net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes).
- net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes).
- net: Add non-RCU dev_getbyhwaddr() helper (git-fixes).
- net: Clear old fragment checksum value in napi_reuse_skb (git-fixes).
- net: Handle napi_schedule() calls from non-interrupt (git-fixes).
- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes).
- net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes).
- net: do not dump stack on queue timeout (git-fixes).
- net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes).
- net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes).
- net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes).
- net: qede: Initialize qede_ll_ops with designated initializer (git-fixes).
- net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes).
- net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes).
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes).
- netdev-genl: avoid empty messages in queue dump (git-fixes).
- netdev: fix repeated netlink messages in queue dump (git-fixes).
- netlink: annotate data-races around sk->sk_err (git-fixes).
- netpoll: Ensure clean state on setup failures (git-fixes).
- nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes).
- nfsd: add list_head nf_gc to struct nfsd_file (git-fixes).
- nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes).
- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes).
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096).
- nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148).
- nvme-pci: fix queue unquiesce check on slot_reset (git-fixes).
- nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes).
- nvme-tcp: fix premature queue removal and I/O failover (git-fixes).
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes).
- nvme: Add 'partial_nid' quirk (bsc#1241148).
- nvme: Add warning when a partiually unique NID is detected (bsc#1241148).
- nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149).
- nvme: Update patch nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149).
- nvme: fixup scan failure for non-ANA multipath controllers (git-fixes).
- nvme: multipath: fix return value of nvme_available_path (git-fixes).
- nvme: re-read ANA log page after ns scan completes (git-fixes).
- nvme: requeue namespace scan on missed AENs (git-fixes).
- nvme: unblock ctrl state transition for firmware update (git-fixes).
- nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes).
- nvmet-fc: inline nvmet_fc_free_hostport (git-fixes).
- nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes).
- nvmet-fc: take tgtport reference only once (git-fixes).
- nvmet-fc: update tgtport ref per assoc (git-fixes).
- nvmet-fcloop: Remove remote port from list when unlinking (git-fixes).
- nvmet-fcloop: add ref counting to lport (git-fixes).
- nvmet-fcloop: replace kref with refcount (git-fixes).
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes).
- objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- octeontx2-pf: qos: fix VF root node parent queue index (git-fixes).
- padata: do not leak refcount in reorder_work (git-fixes).
- phy: Fix error handling in tegra_xusb_port_init (git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes).
- phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes).
- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes).
- phy: tegra: xusb: remove a stray unlock (git-fixes).
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).
- platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes).
- powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes).
- powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555).
- qibfs: fix _another_ leak (git-fixes)
- rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes)
- rcu/tasks: Handle new PF_IDLE semantics (git-fixes)
- rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes)
- rcu: Introduce rcu_cpu_online() (git-fixes)
- regulator: max20086: fix invalid memory access (git-fixes).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805).
- scsi: Improve CDL control (git-fixes).
- scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes).
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes).
- scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993).
- scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993).
- scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993).
- scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993).
- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993).
- scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993).
- scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993).
- scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993).
- scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993).
- scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993).
- scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966).
- scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993).
- scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes).
- scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes).
- scsi: qla2xxx: Fix typos in a comment (bsc#1243090).
- scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090).
- scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090).
- scsi: qla2xxx: Remove unused module parameters (bsc#1243090).
- scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090).
- scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090).
- scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090).
- scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090).
- scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090).
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203).
- smb3: fix Open files on server counter going negative (git-fixes).
- smb: client: Use str_yes_no() helper function (git-fixes).
- smb: client: allow more DFS referrals to be cached (git-fixes).
- smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes).
- smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes).
- smb: client: do not retry DFS targets on server shutdown (git-fixes).
- smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes).
- smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes).
- smb: client: fix DFS interlink failover (git-fixes).
- smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes).
- smb: client: fix hang in wait_for_response() for negproto (bsc#1242709).
- smb: client: fix potential race in cifs_put_tcon() (git-fixes).
- smb: client: fix return value of parse_dfs_referrals() (git-fixes).
- smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes).
- smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes).
- smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes).
- smb: client: improve purging of cached referrals (git-fixes).
- smb: client: introduce av_for_each_entry() helper (git-fixes).
- smb: client: optimize referral walk on failed link targets (git-fixes).
- smb: client: parse DNS domain name from domain= option (git-fixes).
- smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes).
- smb: client: provide dns_resolve_{unc,name} helpers (git-fixes).
- smb: client: refresh referral without acquiring refpath_lock (git-fixes).
- smb: client: remove unnecessary checks in open_cached_dir() (git-fixes).
- spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes).
- spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes).
- spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes).
- spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes).
- spi: tegra114: Use value to check for invalid delays (git-fixes).
- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).
- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).
- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes).
- tcp_cubic: fix incorrect HyStart round start detection (git-fixes).
- thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes).
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).
- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).
- usb: gadget: f_ecm: Add get_status callback (git-fixes).
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).
- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).
- usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes).
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).
- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).
- usb: uhci-platform: Make the clock really optional (git-fixes).
- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).
- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).
- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).
- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes).
- virtio_console: fix missing byte order handling for cols and rows (git-fixes).
- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).
- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes).
- wifi: mt76: disable napi on driver removal (git-fixes).
- x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes).
- x86/xen: move xen_reserve_extra_memory() (git-fixes).
- xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes).
- xen: Change xen-acpi-processor dom0 dependency (git-fixes).
- xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes).
- xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes).
- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).
- xhci: split free interrupter into separate remove and free parts (git-fixes).
- xsk: Add truesize to skb_add_rx_frag() (git-fixes).
- xsk: Do not assume metadata is always requested in TX completion (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2013-1
Released: Wed Jun 18 20:05:07 2025
Summary: Security update for pam
Type: security
Severity: important
References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
The following package changes have been done:
- pam-1.3.0-150000.6.83.1 updated
- kernel-macros-6.4.0-150600.23.53.1 updated
- kernel-devel-6.4.0-150600.23.53.1 updated
- kernel-default-devel-6.4.0-150600.23.53.1 updated
- kernel-syms-6.4.0-150600.23.53.1 updated
- container:registry.suse.com-bci-bci-base-15.6-dbdc31a07ebfb930fa5997578ce6f6c51fcac74f6ff64205846b8f6f7b30b679-0 updated
More information about the sle-container-updates
mailing list