SUSE-IU-2025:785-1: Security update of sles-15-sp6-chost-byos-v20250320-arm64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Mar 22 08:02:38 UTC 2025
SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250320-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:785-1
Image Tags : sles-15-sp6-chost-byos-v20250320-arm64:20250320
Image Release :
Severity : important
Type : security
References : 1012628 1012628 1189788 1194869 1214290 1215199 1215199 1215212
1216091 1216813 1218470 1219367 1220711 1220893 1220895 1220896
1221326 1222672 1222803 1222803 1224049 1225606 1225742 1225897
1225936 1225939 1225941 1225942 1225981 1226533 1226980 1227637
1227937 1228086 1228434 1228521 1228592 1229163 1229164 1229228
1229685 1229822 1229833 1230078 1230235 1230438 1230439 1230497
1231016 1231088 1231432 1231472 1231775 1231776 1231792 1231912
1231920 1231949 1232087 1232101 1232158 1232159 1232161 1232198
1232201 1232299 1232421 1232508 1232520 1232882 1232919 1233028
1233055 1233109 1233112 1233137 1233221 1233248 1233259 1233260
1233483 1233488 1233522 1233606 1233608 1233609 1233610 1233612
1233613 1233614 1233615 1233616 1233617 1233638 1233642 1233749
1233752 1233778 1233880 1234070 1234089 1234195 1234313 1234619
1234635 1234683 1234693 1234726 1234765 1234825 1234853 1234857
1234863 1234887 1234888 1234891 1234893 1234894 1234895 1234896
1234898 1234901 1234906 1234923 1234931 1234934 1234947 1234957
1234958 1234963 1235000 1235001 1235011 1235031 1235032 1235032
1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235046
1235050 1235051 1235053 1235054 1235054 1235057 1235059 1235061
1235065 1235070 1235073 1235073 1235100 1235112 1235115 1235117
1235122 1235123 1235125 1235132 1235133 1235155 1235160 1235217
1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241
1235244 1235249 1235251 1235252 1235389 1235390 1235391 1235406
1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423
1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433
1235435 1235437 1235439 1235441 1235444 1235445 1235449 1235451
1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480
1235483 1235485 1235486 1235487 1235488 1235489 1235491 1235494
1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235519
1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534
1235537 1235538 1235545 1235552 1235555 1235557 1235563 1235564
1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583
1235584 1235587 1235592 1235599 1235609 1235611 1235612 1235616
1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645
1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235664
1235686 1235695 1235700 1235705 1235707 1235708 1235710 1235714
1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745
1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777
1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814
1235818 1235842 1235865 1235874 1235894 1235902 1235903 1235906
1235912 1235914 1235918 1235919 1235920 1235924 1235932 1235933
1235933 1235940 1235941 1235946 1235948 1235952 1235964 1235965
1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088
1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104
1236106 1236113 1236114 1236115 1236120 1236122 1236123 1236125
1236127 1236131 1236133 1236136 1236138 1236138 1236143 1236144
1236145 1236151 1236160 1236161 1236163 1236165 1236168 1236178
1236180 1236181 1236182 1236190 1236192 1236198 1236199 1236200
1236203 1236205 1236227 1236245 1236247 1236248 1236260 1236262
1236282 1236316 1236317 1236384 1236403 1236481 1236560 1236573
1236575 1236576 1236591 1236628 1236661 1236677 1236680 1236681
1236682 1236683 1236684 1236685 1236688 1236689 1236694 1236696
1236698 1236700 1236702 1236703 1236705 1236732 1236733 1236752
1236757 1236758 1236759 1236760 1236761 1236771 1236803 1236820
1236821 1236822 1236842 1236858 1236878 1236896 1236897 1236921
1236939 1236952 1236960 1236967 1236974 1236983 1236994 1237002
1237006 1237007 1237008 1237009 1237010 1237011 1237012 1237013
1237014 1237017 1237025 1237028 1237040 1237041 1237044 1237045
1237126 1237132 1237137 1237139 1237155 1237158 1237159 1237232
1237234 1237325 1237335 1237356 1237363 1237370 1237374 1237415
1237418 1237452 1237497 1237504 1237521 1237529 1237558 1237562
1237563 1237844 1237848 1237849 1237865 1237879 1237889 1237891
1237901 1237950 1238214 1238303 1238347 1238368 1238509 1238525
1238570 1238739 1238751 1238753 1238759 1238860 1238863 1238877
1239165 CVE-2023-4016 CVE-2023-52489 CVE-2023-52923 CVE-2023-52924
CVE-2023-52925 CVE-2024-12133 CVE-2024-12243 CVE-2024-13176 CVE-2024-26708
CVE-2024-26810 CVE-2024-26810 CVE-2024-29018 CVE-2024-36476 CVE-2024-39282
CVE-2024-40980 CVE-2024-41055 CVE-2024-43790 CVE-2024-43802 CVE-2024-43913
CVE-2024-44974 CVE-2024-45009 CVE-2024-45010 CVE-2024-45306 CVE-2024-45339
CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778
CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783
CVE-2024-45828 CVE-2024-46858 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143
CVE-2024-47701 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49504
CVE-2024-49569 CVE-2024-49884 CVE-2024-49948 CVE-2024-49950 CVE-2024-49951
CVE-2024-49978 CVE-2024-49998 CVE-2024-50029 CVE-2024-50036 CVE-2024-50051
CVE-2024-50073 CVE-2024-50085 CVE-2024-50106 CVE-2024-50115 CVE-2024-50142
CVE-2024-50151 CVE-2024-50185 CVE-2024-50199 CVE-2024-50251 CVE-2024-50258
CVE-2024-50294 CVE-2024-50299 CVE-2024-50304 CVE-2024-52332 CVE-2024-53091
CVE-2024-53095 CVE-2024-53123 CVE-2024-53147 CVE-2024-53164 CVE-2024-53168
CVE-2024-53170 CVE-2024-53172 CVE-2024-53173 CVE-2024-53175 CVE-2024-53176
CVE-2024-53177 CVE-2024-53178 CVE-2024-53185 CVE-2024-53187 CVE-2024-53194
CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53203
CVE-2024-53226 CVE-2024-53227 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232
CVE-2024-53233 CVE-2024-53236 CVE-2024-53239 CVE-2024-53239 CVE-2024-53685
CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916
CVE-2024-56171 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532
CVE-2024-56533 CVE-2024-56538 CVE-2024-56539 CVE-2024-56543 CVE-2024-56546
CVE-2024-56548 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56568
CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572
CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56577 CVE-2024-56578
CVE-2024-56579 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589
CVE-2024-56590 CVE-2024-56592 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595
CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56600 CVE-2024-56601
CVE-2024-56602 CVE-2024-56603 CVE-2024-56605 CVE-2024-56606 CVE-2024-56607
CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614
CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620
CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630
CVE-2024-56631 CVE-2024-56632 CVE-2024-56633 CVE-2024-56634 CVE-2024-56635
CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643
CVE-2024-56644 CVE-2024-56647 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650
CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56658 CVE-2024-56659
CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664
CVE-2024-56665 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677
CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687
CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694
CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705
CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715
CVE-2024-56716 CVE-2024-56720 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724
CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729
CVE-2024-56737 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746
CVE-2024-56747 CVE-2024-56748 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763
CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774
CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779
CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793
CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804
CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857
CVE-2024-57874 CVE-2024-57876 CVE-2024-57882 CVE-2024-57884 CVE-2024-57887
CVE-2024-57888 CVE-2024-57889 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893
CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904
CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911
CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917
CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932
CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940
CVE-2024-57946 CVE-2024-57948 CVE-2024-57994 CVE-2025-0395 CVE-2025-0622
CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685
CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-0938 CVE-2025-1118
CVE-2025-1125 CVE-2025-1215 CVE-2025-21632 CVE-2025-21636 CVE-2025-21637
CVE-2025-21638 CVE-2025-21639 CVE-2025-21640 CVE-2025-21645 CVE-2025-21646
CVE-2025-21647 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652
CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663
CVE-2025-21664 CVE-2025-21665 CVE-2025-21666 CVE-2025-21667 CVE-2025-21668
CVE-2025-21669 CVE-2025-21670 CVE-2025-21673 CVE-2025-21674 CVE-2025-21675
CVE-2025-21676 CVE-2025-21678 CVE-2025-21680 CVE-2025-21681 CVE-2025-21682
CVE-2025-21684 CVE-2025-21687 CVE-2025-21688 CVE-2025-21689 CVE-2025-21690
CVE-2025-21692 CVE-2025-21697 CVE-2025-21699 CVE-2025-21700 CVE-2025-21705
CVE-2025-21715 CVE-2025-21716 CVE-2025-21719 CVE-2025-21724 CVE-2025-21725
CVE-2025-21728 CVE-2025-21767 CVE-2025-21790 CVE-2025-21795 CVE-2025-21799
CVE-2025-21802 CVE-2025-22134 CVE-2025-24014 CVE-2025-24928 CVE-2025-26465
CVE-2025-26466 CVE-2025-27113
-----------------------------------------------------------------
The container sles-15-sp6-chost-byos-v20250320-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:499-1
Released: Thu Feb 13 09:14:42 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1194869,1215199,1216813,1218470,1220711,1221326,1222803,1224049,1225897,1226980,1228592,1229833,1231016,1231088,1232087,1232101,1232158,1232161,1232421,1232882,1233055,1233112,1233221,1233248,1233259,1233260,1233488,1233522,1233638,1233642,1233778,1234195,1234619,1234635,1234683,1234693,1234726,1234825,1234863,1234887,1234888,1234893,1234898,1234901,1234906,1234923,1234931,1234934,1234947,1234957,1235000,1235001,1235011,1235031,1235032,1235035,1235037,1235038,1235039,1235040,1235042,1235043,1235046,1235050,1235051,1235053,1235054,1235057,1235059,1235065,1235070,1235073,1235100,1235112,1235115,1235117,1235122,1235123,1235125,1235132,1235133,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235244,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235441,1235444,1235445,1235449,1
235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,1235584,1235587,1235611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235874,1235894,1235902,1235903,1235906,1235914,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,123608
0,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236680,1236683,1236685,1236688,1236694,1236696,1236698,1236703,1236732,1236733,1236757,1236758,1236760,1236761,CVE-2023-52489,CVE-2023-52923,CVE-2024-26810,CVE-2024-36476,CVE-2024-39282,CVE-2024-43913,CVE-2024-45828,CVE-2024-46858,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47809,CVE-2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50051,CVE-2024-50106,CVE-2024-50151,CVE-2024-50199,CVE-2024-50251,CVE-2024-50258,CVE-2024-50299,CVE-2024-50304,CVE-2024-52332,CVE-2024-53091,CVE-2024-53095,CVE-2024-53164,CVE-2024-53168,CVE-2024-53170,CVE-2024-53172,CVE-2024-53175,CVE-2024-53185,CVE-2024-53187,CVE-2024-53194,CVE-2024-53195,CV
E-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53203,CVE-2024-53227,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53236,CVE-2024-53239,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56538,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56557,CVE-2024-56558,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56577,CVE-2024-56578,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56592,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56620,CVE-2024-
56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56658,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE-2024-56746,CVE-2024-56747,C
VE-2024-56748,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE-2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57882,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-57938,CVE-2024-57940,CVE-2024-57946,CVE-2025-21632,CVE-2025-21645,CVE-2025
-21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21666,CVE-2025-21669,CVE-2025-21670,CVE-2025-21674,CVE-2025-21675,CVE-2025-21676,CVE-2025-21678,CVE-2025-21682
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703).
- CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
- CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696).
- CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
- CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688).
- CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
- CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
- CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680).
- CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262).
- CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260).
- CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198).
- CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163).
- CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161).
- CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160).
- CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145).
- CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144).
- CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143).
- CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106).
- CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247).
- CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182).
- CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178).
- CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190).
- CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192).
- CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096).
- CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127).
- CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967).
- CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965).
- CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964).
- CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948).
- CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
- CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946).
- CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798).
- CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793).
- CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779).
- CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941).
- CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940).
- CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906).
- CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657).
- CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653).
- CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627).
- CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934).
- CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503).
- CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656).
- CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583).
- CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582).
- CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578).
- CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587).
- CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612).
- CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565).
- CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564).
- CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412).
- CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418).
- CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498).
- CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555).
- CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437).
- CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132).
- CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526).
- CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523).
- CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520).
- CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251).
- CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227).
- CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429).
- CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426).
- CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424).
- CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391).
- CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390).
- CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487).
- CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244).
- CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241).
- CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031).
- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
- CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753).
- CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745).
- CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737).
- CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720).
- CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000).
- CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050).
- CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011).
- CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001).
- CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923).
- CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906).
- CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957).
- CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947).
- CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901).
- CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893).
- CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898).
- CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638).
- CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522).
- CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488).
- CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221).
- CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055).
- CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087).
- CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101).
- CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158).
- CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161).
- CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705).
- CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803).
- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).
The following non-security bugs were fixed:
- ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes).
- ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes).
- ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes).
- ACPI: fan: cleanup resources in the error path of .probe() (git-fixes).
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes).
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes).
- ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes).
- ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes).
- ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes).
- ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes).
- ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686).
- ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes).
- ALSA: ump: Use guard() for locking (stable-fixes).
- ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes).
- ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes).
- ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes).
- ASoC: acp: Support microphone from Lenovo Go S (stable-fixes).
- ASoC: mediatek: disable buffer pre-allocation (stable-fixes).
- ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes).
- ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes).
- ASoC: samsung: Add missing depends on I2C (git-fixes).
- ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes).
- ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes).
- ASoC: wm8994: Add depends on MFD core (stable-fixes).
- Align git commit ID abbreviation guidelines and checks (git-fixes).
- Bluetooth: Add support ITTIM PE50-M75C (stable-fixes).
- Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes).
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes).
- Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes).
- Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes).
- Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes).
- Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes).
- Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes).
- Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes).
- Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes).
- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
- HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes).
- HID: fix generic desktop D-Pad controls (git-fixes).
- HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes).
- HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes).
- HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes).
- Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes).
- Input: bbnsm_pwrkey - add remove hook (git-fixes).
- Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes).
- Input: davinci-keyscan - remove leftover header (git-fixes).
- Input: xpad - add QH Electronics VID/PID (stable-fixes).
- Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes).
- Input: xpad - add support for Nacon Pro Compact (stable-fixes).
- Input: xpad - add support for wooting two he (arm) (stable-fixes).
- Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes).
- Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes).
- KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635).
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776).
- KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778).
- NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes).
- NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes).
- NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes).
- PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes).
- PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes).
- PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes).
- PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes).
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes).
- PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes).
- PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes).
- PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes).
- PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes).
- PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes).
- PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes).
- PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes).
- PM: hibernate: Add error handling for syscore_suspend() (git-fixes).
- RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes)
- RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes)
- RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes)
- RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes)
- RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes)
- RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes)
- RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes)
- RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes)
- RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes)
- RDMA/mlx5: Fix implicit ODP use after free (git-fixes)
- RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes)
- RDMA/rxe: Fix mismatched max_msg_sz (git-fixes)
- RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes)
- RDMA/srp: Fix error handling in srp_add_port (git-fixes)
- Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes).
- Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes).
- Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes).
- Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes).
- USB: serial: option: add MeiG Smart SRM815 (stable-fixes).
- USB: serial: option: add Neoway N723-EA support (stable-fixes).
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes).
- USB: usblp: return error when setting unsupported protocol (git-fixes).
- VFS: use system_unbound_wq for delayed_mntput (bsc#1234683).
- VMCI: fix reference to ioctl-number.rst (git-fixes).
- afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes).
- afs: Fix cleanup of immediately failed async calls (git-fixes).
- afs: Fix directory format encoding struct (git-fixes).
- afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes).
- afs: Fix the maximum cell name length (git-fixes).
- arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes)
- arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes)
- arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245).
- arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes)
- arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes).
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes)
- arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes).
- arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes)
- arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes)
- arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes)
- ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes).
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes)
- btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445).
- btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445).
- bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes).
- ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592).
- cleanup: Add conditional guard support (stable-fixes).
- cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes).
- cleanup: Remove address space of returned pointer (git-fixes).
- cpufreq: ACPI: Fix max-frequency computation (git-fixes).
- cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes).
- cpufreq: amd-pstate: remove global header file (git-fixes).
- cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619).
- cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619).
- cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619).
- cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619).
- cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619).
- cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619).
- cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes).
- cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619).
- cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619).
- cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619).
- cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619).
- cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619).
- cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619).
- cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619).
- cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes).
- cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619).
- cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619).
- cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes).
- cpuidle: Avoid potential overflow in integer multiplication (git-fixes).
- cpupower: fix TSC MHz calculation (git-fixes).
- crypto: caam - use JobR's space to access page 0 regs (git-fixes).
- crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes).
- crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes).
- crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes).
- crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes).
- crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes).
- crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes).
- crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes).
- crypto: qce - fix goto jump in error path (git-fixes).
- crypto: qce - fix priority to be less than ARMv8 CE (git-fixes).
- crypto: qce - unregister previously registered algos in error path (git-fixes).
- devcoredump: cleanup some comments (git-fixes).
- dlm: fix possible lkb_resource null dereference (git-fixes).
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes).
- docs: media: update location of the media patches (stable-fixes).
- docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes).
- driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes).
- drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes).
- drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes).
- drm/amd/display: Fix DSC-re-computing (stable-fixes).
- drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes).
- drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes).
- drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes).
- drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes).
- drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes).
- drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes).
- drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes).
- drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes).
- drm/amdkfd: Correct the migration DMA map direction (stable-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes).
- drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes).
- drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes).
- drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes).
- drm/mediatek: Add return value check when reading DPCD (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/msm/dp: set safe_to_exit_level before printing it (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes).
- drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes).
- drm/msm: Check return value of of_dma_configure() (git-fixes).
- drm/msm: do not clean up priv->kms prematurely (git-fixes).
- drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes).
- drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes).
- drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes).
- drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes).
- drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes).
- drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes).
- drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes).
- drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes).
- drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes).
- drm/v3d: Stop active perfmon if it is being destroyed (git-fixes).
- drm/vmwgfx: Add new keep_resv BO param (git-fixes).
- exfat: ensure that ctime is updated whenever the mtime is (git-fixes).
- exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes).
- exfat: fix the infinite loop in exfat_readdir() (git-fixes).
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes).
- genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes).
- genksyms: fix memory leak when the same symbol is added from source (git-fixes).
- genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes).
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes).
- gpio: mxc: remove dead code after switch to DT-only (git-fixes).
- gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes).
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes).
- hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes).
- hwmon: (tmp513) Fix division of negative numbers (git-fixes).
- hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes).
- i2c: core: fix reference leak in i2c_register_adapter() (git-fixes).
- i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes).
- i2c: i801: Add support for Intel Panther Lake (stable-fixes).
- i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes).
- i2c: rcar: fix NACK handling when being a target (git-fixes).
- i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes).
- ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time (git-fixes).
- iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes).
- iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices (git-fixes).
- iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes).
- iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes).
- intel_th: core: fix kernel-doc warnings (git-fixes).
- ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes).
- ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes).
- irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes).
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes).
- kABI workaround for struct auto_pin_cfg_item change (git-fixes).
- kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes).
- kheaders: Ignore silly-rename files (stable-fixes).
- ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes).
- ktest.pl: Check kernelrelease return in get_version (git-fixes).
- ktest.pl: Fix typo 'accesing' (git-fixes).
- ktest.pl: Fix typo in comment (git-fixes).
- ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes).
- ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes).
- landlock: Handle weird files (git-fixes).
- latencytop: use correct kernel-doc format for func params (git-fixes).
- leds: lp8860: Write full EEPROM, not only half of it (git-fixes).
- leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes).
- lib/inflate.c: remove dead code (git-fixes).
- lib/stackdepot: print disabled message only if truly disabled (git-fixes).
- mac802154: check local interfaces before deleting sdata list (stable-fixes).
- mailbox: pcc: Add support for platform notification handling (stable-fixes).
- mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes).
- mailbox: tegra-hsp: Clear mailbox before using message (git-fixes).
- maple_tree: simplify split calculation (git-fixes).
- media: camif-core: Add check for clk_enable() (git-fixes).
- media: ccs: Clean up parsed CCS static data on parse failure (git-fixes).
- media: ccs: Fix CCS static data parsing for large block sizes (git-fixes).
- media: ccs: Fix cleanup order in ccs_probe() (git-fixes).
- media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes).
- media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
- media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
- media: i2c: imx412: Add missing newline to prints (git-fixes).
- media: i2c: ov9282: Correct the exposure offset (git-fixes).
- media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes).
- media: imx296: Add standby delay during probe (git-fixes).
- media: lmedm04: Handle errors for lme2510_int_read (git-fixes).
- media: marvell: Add check for clk_enable() (git-fixes).
- media: mc: fix endpoint iteration (git-fixes).
- media: mipi-csis: Add check for clk_enable() (git-fixes).
- media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes).
- media: ov08x40: Fix hblank out of range issue (git-fixes).
- media: ov5640: fix get_light_freq on auto (git-fixes).
- media: rc: iguanair: handle timeouts (git-fixes).
- media: rkisp1: Fix unused value issue (git-fixes).
- media: uvcvideo: Drop uvcvideo fix due to regression (bsc#1235894)
- media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes).
- media: uvcvideo: Fix double free in error path (git-fixes).
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes).
- media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes).
- media: uvcvideo: Only save async fh if success (git-fixes).
- media: uvcvideo: Propagate buf->error to userspace (git-fixes).
- media: uvcvideo: Remove dangling pointers (git-fixes).
- media: uvcvideo: Remove redundant NULL assignment (git-fixes).
- media: uvcvideo: Support partial control reads (git-fixes).
- memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes).
- memory-failure: use a folio in me_huge_page() (git-fixes).
- memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes).
- misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes).
- misc: fastrpc: Fix copy buffer page size (git-fixes).
- misc: fastrpc: Fix registered buffer page address (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes).
- misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes).
- misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes).
- mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
- mm/memory-failure: cast index to loff_t before shifting it (git-fixes).
- mm/memory-failure: check the mapcount of the precise page (git-fixes).
- mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes).
- mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes).
- mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes).
- mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes).
- mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes).
- mm/memory_hotplug: prevent accessing by index=-1 (git-fixes).
- mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes).
- mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes).
- mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes).
- mm/migrate: putback split folios when numa hint migration fails (git-fixes).
- mm/migrate: split source folio if it is on deferred split list (git-fixes).
- mm/page_owner: remove free_ts from page_owner output (git-fixes).
- mm/rodata_test: use READ_ONCE() to read const variable (git-fixes).
- mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes).
- mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes).
- mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes).
- mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes).
- mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes).
- mm: memory-failure: remove unneeded PageHuge() check (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input() (git-fixes).
- mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes).
- mtd: spinand: Remove write_enable_op() in markbad() (git-fixes).
- net/rose: prevent integer overflows in rose_setsockopt() (git-fixes).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes).
- net: rose: fix timer races against user threads (git-fixes).
- net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes).
- net: usb: rtl8150: enable basic endpoint checking (git-fixes).
- net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes).
- net: wwan: t7xx: Fix FSM command timeout issue (git-fixes).
- netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454).
- nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes).
- nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes).
- nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes).
- nvme: Add error path for xa_store in nvme_init_effects (git-fixes).
- nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes).
- nvmet: propagate npwg topology (git-fixes).
- ocfs2: temporarily disable upstream patch (bsc#1236138)
- padata: add pd get/put refcnt helper (git-fixes).
- padata: avoid UAF for reorder_work (git-fixes).
- padata: fix UAF in padata_reorder (git-fixes).
- pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes).
- pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897).
- pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes).
- power: ip5xxx_power: Fix return value on ADC read errors (git-fixes).
- powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755).
- powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755).
- powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755).
- powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755).
- powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755).
- powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825).
- pps: add an error check in parport_attach (git-fixes).
- pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes).
- printk: Add is_printk_legacy_deferred() (bsc#1236733).
- printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733).
- pwm: stm32-lp: Add check for clk_enable() (git-fixes).
- pwm: stm32: Add check for clk_enable() (git-fixes).
- r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
- rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes)
- rcu/tree: Defer setting of jiffies during stall reset (git-fixes)
- rcu: Dump memory object info if callback function is invalid (git-fixes)
- rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes)
- rcuscale: Move rcu_scale_writer() (git-fixes)
- rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes)
- regulator: core: Add missing newline character (git-fixes).
- regulator: of: Implement the unwind path of of_regulator_match() (git-fixes).
- remoteproc: core: Fix ida_free call while not allocated (git-fixes).
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes).
- rtc: zynqmp: Fix optional clock name property (git-fixes).
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes).
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865).
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865).
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes).
- seccomp: Stub for !CONFIG_SECCOMP (stable-fixes).
- selftest: media_tests: fix trivial UAF typo (git-fixes).
- selftests/alsa: Fix circular dependency involving global-timer (stable-fixes).
- selftests/landlock: Fix error message (git-fixes).
- selftests/mm/cow: modify the incorrect checking parameters (git-fixes).
- selftests/powerpc: Fix argument order to timer_sub() (git-fixes).
- selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes).
- selftests: mptcp: avoid spurious errors on disconnect (git-fixes).
- selftests: tc-testing: reduce rshift value (stable-fixes).
- selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes).
- selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes).
- serial: 8250: Adjust the timeout for FIFO mode (git-fixes).
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes).
- serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes).
- soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes).
- soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes).
- soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes).
- sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes).
- sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes).
- spi: zynq-qspi: Add check for clk_enable() (git-fixes).
- srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes)
- srcu: Only accelerate on enqueue time (git-fixes)
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes).
- staging: media: max96712: fix kernel oops when removing module (git-fixes).
- thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes).
- thunderbolt: Add support for Intel Lunar Lake (stable-fixes).
- thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- tools: Sync if_xdp.h uapi tooling header (git-fixes).
- tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421).
- tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes).
- tty: xilinx_uartps: split sysrq handling (git-fixes).
- ubifs: skip dumping tnc tree when zroot is null (git-fixes).
- uio: Fix return value of poll (git-fixes).
- uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes).
- usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes).
- usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes).
- usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes).
- usb: gadget: f_tcm: Do not free command immediately (git-fixes).
- usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes).
- usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes).
- usb: gadget: f_tcm: Translate error to sense (git-fixes).
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes).
- usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes).
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001)
- usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes).
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes).
- usbnet: ipheth: break up NCM header size computation (git-fixes).
- usbnet: ipheth: check that DPE points past NCM header (git-fixes).
- usbnet: ipheth: fix DPE OoB read (git-fixes).
- usbnet: ipheth: fix possible overflow in DPE length check (git-fixes).
- usbnet: ipheth: refactor NCM datagram loop (git-fixes).
- usbnet: ipheth: use static NDP16 location in URB (git-fixes).
- virtio-mem: check if the config changed before fake offlining memory (git-fixes).
- virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes).
- virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes).
- virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
- vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes).
- vsock/virtio: cancel close work in the destructor (git-fixes)
- vsock: Keep the binding until socket destruction (git-fixes)
- vsock: reset socket state when de-assigning the transport (git-fixes)
- watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes).
- watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes).
- watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes).
- wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes).
- wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes).
- wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes).
- wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes).
- wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes).
- wifi: cfg80211: adjust allocation of colocated AP data (git-fixes).
- wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes).
- wifi: mac80211: Add non-atomic station iterator (stable-fixes).
- wifi: mac80211: Fix common size calculation for ML element (git-fixes).
- wifi: mac80211: do not flush non-uploaded STAs (git-fixes).
- wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes).
- wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes).
- wifi: mac80211: fix tid removal during mesh forwarding (git-fixes).
- wifi: mac80211: prohibit deactivating all links (git-fixes).
- wifi: mac80211: wake the queues in case of failure in resume (stable-fixes).
- wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes).
- wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes).
- wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes).
- wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes).
- wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes).
- wifi: mt76: mt7915: fix register mapping (git-fixes).
- wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes).
- wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes).
- wifi: mt76: mt7996: add max mpdu len capability (git-fixes).
- wifi: mt76: mt7996: fix HE Phy capability (git-fixes).
- wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes).
- wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes).
- wifi: mt76: mt7996: fix ldpc setting (git-fixes).
- wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes).
- wifi: mt76: mt7996: fix register mapping (git-fixes).
- wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes).
- wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes).
- wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes).
- wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes).
- wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes).
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes).
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes).
- wifi: rtlwifi: remove unused check_buddy_priv (git-fixes).
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes).
- wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes).
- wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes).
- wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes).
- wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes).
- wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes).
- wifi: wcn36xx: fix channel survey memory allocation size (git-fixes).
- wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes).
- workqueue: Add rcu lock check at the end of work item execution (bsc#1236732).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
- xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes).
- xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:501-1
Released: Thu Feb 13 10:53:21 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1236960
This update for permissions fixes the following issues:
- Version update 20240826.
- Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:504-1
Released: Thu Feb 13 11:26:56 2025
Summary: Recommended update for kdump
Type: recommended
Severity: moderate
References: 1233137,1236921
This update for kdump fixes the following issues:
- Version update kdump-2.0.6+git20.gf8ecc01 (bsc#1236921).
- Fix filtering ro keys in kdump_bond_config (bsc#1233137).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:508-1
Released: Thu Feb 13 12:29:31 2025
Summary: Recommended update for findutils
Type: recommended
Severity: moderate
References: 1231472
This update for findutils fixes the following issue:
- fix crash when file system loop was encountered (bsc#1231472).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:515-1
Released: Thu Feb 13 12:58:42 2025
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1228086,1231792,1235912
This update for dracut fixes the following issue:
- Version update 059+suse.552.g232957b4
- fixes related to getting live image size (bsc#1235912).
- fixes for booting from iSCSI offload with bnx2i (bsc#1228086).
- rework timeout for devices added via --mount and --add-device (bsc#1231792).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:547-1
Released: Fri Feb 14 08:26:30 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1229228,1233752,1234313,1234765
This update for systemd fixes the following issues:
- Fix agetty failing to open credentials directory (bsc#1229228)
- stdio-bridge: fix polled fds
- hwdb: comment out the entry for Logitech MX Keys for Mac
- core/unit-serialize: fix serialization of markers
- locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
- core: fix assert when AddDependencyUnitFiles is called with invalid parameter
- Fix systemd-network recommending libidn2-devel (bsc#1234765)
- tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:548-1
Released: Fri Feb 14 11:19:24 2025
Summary: Security update for libtasn1
Type: security
Severity: important
References: 1236878,CVE-2024-12133
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:554-1
Released: Fri Feb 14 16:10:40 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1236705,CVE-2025-0938
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:582-1
Released: Tue Feb 18 15:55:29 2025
Summary: Security update for glibc
Type: security
Severity: low
References: 1236282,CVE-2025-0395
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:585-1
Released: Tue Feb 18 17:42:14 2025
Summary: Security update for openssh
Type: security
Severity: moderate
References: 1237040,1237041,CVE-2025-26465,CVE-2025-26466
This update for openssh fixes the following issues:
- CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
- CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:586-1
Released: Wed Feb 19 08:28:47 2025
Summary: Security update for grub2
Type: security
Severity: important
References: 1229163,1229164,1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-49504,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125
This update for grub2 fixes the following issues:
- CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)
- CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)
- CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)
- CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)
- CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)
- CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)
- CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)
- CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)
- CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)
- CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606)
- CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)
- CVE-2024-49504: Fixed an issue that can bypass TPM-bound disk encryption on SL(E)M encrypted Images. (bsc#1229164)
- CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316)
- CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317)
- CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command.
(bsc#1237012)
- CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode.
(bsc#1237013)
- CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs.
(bsc#1237002)
- CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs.
(bsc#1237008)
- CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs.
(bsc#1237009)
- CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs.
(bsc#1237010)
- CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011)
- CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014)
- CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:611-1
Released: Fri Feb 21 11:36:56 2025
Summary: Security update for google-osconfig-agent
Type: security
Severity: important
References: 1236560,CVE-2024-45339
This update for google-osconfig-agent fixes the following issues:
- CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to
overwrite other sensitive files in a system. (bsc#1236560)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:613-1
Released: Fri Feb 21 11:37:54 2025
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1236136,1236771,CVE-2024-13176
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136).
Other bugfixes:
- Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:626-1
Released: Fri Feb 21 12:18:09 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1236858
This update for crypto-policies fixes the following issue:
- Remove dangling symlink for the libreswan config (bsc#1236858).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:680-1
Released: Mon Feb 24 12:01:16 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1228434,1236384,1236820,1236939,1236983
This update for libzypp, zypper fixes the following issues:
- Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983)
- Drop zypp-CheckAccessDeleted in favor of 'zypper ps'
- Fix Repoverification plugin not being executed
- Refresh: Fetch the master index file before key and signature (bsc#1236820)
- Deprecate RepoReports we do not trigger
- Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939)
- New system-architecture command (bsc#1236384)
- Change versioncmp command to return exit code according to the comparison result
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:723-1
Released: Wed Feb 26 14:29:39 2025
Summary: Security update for vim
Type: security
Severity: moderate
References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:741-1
Released: Fri Feb 28 11:15:50 2025
Summary: Security update for procps
Type: security
Severity: important
References: 1214290,1236842,CVE-2023-4016
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:746-1
Released: Fri Feb 28 17:10:22 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:749-1
Released: Fri Feb 28 17:23:17 2025
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1215212,1233880,1236803
This update for samba fixes the following issues:
- Fix crossing automounter mount points (bsc#1215212, bsc#1236803).
- Update shipped /etc/samba/smb.conf to point to smb.conf man page
(bsc#1233880).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:759-1
Released: Mon Mar 3 04:44:21 2025
Summary: Recommended update for google-guest-agent
Type: recommended
Severity: moderate
References: 1231775,1231776,1235664,1236403
This update for google-guest-agent fixes the following issues:
google-guest-agent was updated from version 20241011.01 to 20250116.00:
- Version 20250116.00 (bsc#1236403):
* Implemented support for vlan dynamic removal
* Update logging library
- Version 20241209.01 (bsc#1235664):
* Avoid changing permissions of directory if parent is `/`
* Fixed fallback from systemd-networkd to dhclient
* network: fixed nmcli check pattern
* network: force NetworkManager to connect to primary nic
* Updated metadata script runner to honor cloud logging config flag
* Updated README.md with note regarding the introduction of Agent Plugin Manager
- Version 20241018.01 (bsc#1231775, bsc#1231776):
* Implemented support for Agent Plugin Manager to manage plugins via
a systemd service file.
* documentation: Updated metadata script runner details
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:764-1
Released: Mon Mar 3 09:43:37 2025
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1236974,CVE-2024-12243
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:776-1
Released: Tue Mar 4 15:55:35 2025
Summary: Security update for docker
Type: security
Severity: moderate
References: 1234089,1237335,CVE-2024-29018
This update for docker fixes the following issues:
Update to Docker 27.5.1-ce (bsc#1237335):
- CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:794-1
Released: Thu Mar 6 07:59:29 2025
Summary: Recommended update for pkg-config
Type: recommended
Severity: important
References: 1237374
This update for pkg-config fixes the following issues:
- Build with system GLib instead of bundled GLib (bsc#1237374).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:828-1
Released: Tue Mar 11 05:49:36 2025
Summary: Recommended update for kdump
Type: recommended
Severity: important
References: 1235933,1237497,1237529
This update for kdump fixes the following issues:
- Fix bonding options (bsc#1235933)
- Don't use wicked to read bond and bridge config (bsc#1235933)
- Prevent KDUMP_NET_TIMEOUT busy loop when DNS fails
- Limit dump file permissions (bsc#1237497, bsc#1237529)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:832-1
Released: Tue Mar 11 09:56:30 2025
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
* Improve historical data for Mexico, Mongolia, and Portugal
* System V names are now obsolescent
* The main data form now uses %z
* The code now conforms to RFC 8536 for early timestamps
* Support POSIX.1-2024, which removes asctime_r and ctime_r
* Assume POSIX.2-1992 or later for shell scripts
* SUPPORT_C89 now defaults to 1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:837-1
Released: Tue Mar 11 13:10:41 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1189788,1216091,1236481,1237044
This update for libzypp, zypper fixes the following issues:
- Disable zypp.conf:download.use_deltarpm by default
Measurements show that you don't benefit from using deltarpms
unless your network connection is very slow. That's why most
distributions even stop offering deltarpms. The default remains
unchanged on SUSE-15.6 and older.
- Make sure repo variables are evaluated in the right context
(bsc#1237044)
- Introducing MediaCurl2 a alternative HTTP backend.
This patch adds MediaCurl2 as a testbed for experimenting with a
more simple way to download files. Set ZYPP_CURL2=1 in the
environment to use it.
- Filesystem usrmerge must not be done in singletrans mode
(bsc#1236481, bsc#1189788)
- Commit will amend the backend in case the transaction would
perform a filesystem usrmerge.
- Workaround bsc#1216091 on Code16.
- Annonunce --root in commands not launching a Target
(bsc#1237044)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:856-1
Released: Thu Mar 13 16:46:37 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1215199,1219367,1222672,1222803,1225606,1225742,1225981,1227937,1228521,1230235,1230438,1230439,1230497,1231432,1231912,1231920,1231949,1232159,1232198,1232201,1232299,1232508,1232520,1232919,1233028,1233109,1233483,1233749,1234070,1234853,1234857,1234891,1234894,1234895,1234896,1234963,1235032,1235054,1235061,1235073,1235435,1235485,1235592,1235599,1235609,1235932,1235933,1236113,1236114,1236115,1236122,1236123,1236133,1236138,1236199,1236200,1236203,1236205,1236573,1236575,1236576,1236591,1236661,1236677,1236681,1236682,1236684,1236689,1236700,1236702,1236752,1236759,1236821,1236822,1236896,1236897,1236952,1236967,1236994,1237007,1237017,1237025,1237028,1237045,1237126,1237132,1237139,1237155,1237158,1237159,1237232,1237234,1237325,1237356,1237415,1237452,1237504,1237521,1237558,1237562,1237563,1237848,1237849,1237879,1237889,1237891,1237901,1237950,1238214,1238303,1238347,1238368,1238509,1238525,1238570,1238739,1238751,1238753,1238759,1238860,1238863,1238877,C
VE-2023-52924,CVE-2023-52925,CVE-2024-26708,CVE-2024-26810,CVE-2024-40980,CVE-2024-41055,CVE-2024-44974,CVE-2024-45009,CVE-2024-45010,CVE-2024-47701,CVE-2024-49884,CVE-2024-49950,CVE-2024-50029,CVE-2024-50036,CVE-2024-50073,CVE-2024-50085,CVE-2024-50115,CVE-2024-50142,CVE-2024-50185,CVE-2024-50294,CVE-2024-53123,CVE-2024-53147,CVE-2024-53173,CVE-2024-53176,CVE-2024-53177,CVE-2024-53178,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56568,CVE-2024-56579,CVE-2024-56605,CVE-2024-56633,CVE-2024-56647,CVE-2024-56720,CVE-2024-57889,CVE-2024-57948,CVE-2024-57994,CVE-2025-21636,CVE-2025-21637,CVE-2025-21638,CVE-2025-21639,CVE-2025-21640,CVE-2025-21647,CVE-2025-21665,CVE-2025-21667,CVE-2025-21668,CVE-2025-21673,CVE-2025-21680,CVE-2025-21681,CVE-2025-21684,CVE-2025-21687,CVE-2025-21688,CVE-2025-21689,CVE-2025-21690,CVE-2025-21692,CVE-2025-21697,CVE-2025-21699,CVE-2025-21700,CVE-2025-21705,CVE-2025-21715,CVE-2025-21716,CVE-2025-21719,CVE-2025-21724,CVE-2025-21725,CVE-2025
-21728,CVE-2025-21767,CVE-2025-21790,CVE-2025-21795,CVE-2025-21799,CVE-2025-21802
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937).
- CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235).
- CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438).
- CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439).
- CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949).
- CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912).
- CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109).
- CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483).
- CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
- CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032).
- CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
- CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435).
- CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592).
- CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901).
- CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113).
- CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114).
- CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115).
- CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122).
- CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
- CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
- CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
- CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689).
- CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700).
- CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
- CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879).
- CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
- CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
- CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891).
- CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860).
- CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863).
- CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
- CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509).
- CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753).
- CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
- CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
- CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751).
The following non-security bugs were fixed:
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes).
- ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
- ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
- ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes).
- ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
- ALSA: seq: Make dependency on UMP clearer (git-fixes).
- ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes).
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes).
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes).
- APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
- ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
- ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
- ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes).
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes).
- ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
- ASoC: es8328: fix route from DAC to output (git-fixes).
- ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes).
- Fix memory-hotplug regression (bsc#1237504).
- Grab mm lock before grabbing pt lock (git-fixes).
- HID: Wacom: Add PCI Wacom device support (stable-fixes).
- HID: hid-steam: Add Deck IMU support (stable-fixes).
- HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes).
- HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
- HID: hid-steam: Clean up locking (stable-fixes).
- HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes).
- HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes).
- HID: hid-steam: Fix cleanup in probe() (git-fixes).
- HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
- HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
- HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
- HID: hid-steam: remove pointless error message (stable-fixes).
- HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes).
- HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
- IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
- Input: allocate keycode for phone linking (stable-fixes).
- KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes).
- KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
- KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes).
- KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes).
- KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
- KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes).
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
- KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes).
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155).
- KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes).
- KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
- KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes).
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
- KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes).
- KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes).
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes).
- KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348).
- KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
- PCI: Use downstream bridges for distributing resources (bsc#1237325).
- PCI: hookup irq_get_affinity callback (bsc#1236896).
- PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes).
- PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
- RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes)
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
- RDMA/efa: Reset device on probe failure (git-fixes)
- RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
- RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
- RDMA/mlx5: Fix AH static rate parsing (git-fixes)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes)
- RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
- RDMA/rxe: Improve newline in printing messages (git-fixes)
- Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes).
- Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes).
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes).
- USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes).
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
- USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
- USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes).
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
- USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
- USB: serial: option: drop MeiG Smart defines (stable-fixes).
- USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
- Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094).
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- acct: block access to kernel internal filesystems (git-fixes).
- acct: perform last write from workqueue (git-fixes).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849).
- amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
- ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes).
- batman-adv: Drop unmanaged ELP metric worker (git-fixes).
- batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
- batman-adv: fix panic during interface removal (git-fixes).
- bio-integrity: do not restrict the size of integrity metadata (git-fixes).
- blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558).
- blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606).
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes).
- blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes).
- blk-mq: add number of queue calc helper (bsc#1236897).
- blk-mq: create correct map for fallback case (bsc#1236896).
- blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes).
- blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897).
- blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
- blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes).
- blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
- blk_iocost: remove some duplicate irq disable/enables (git-fixes).
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
- block: Clear zone limits for a non-zoned stacked queue (git-fixes).
- block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
- block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
- block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes).
- block: Provide bdev_open_* functions (git-fixes).
- block: Remove special-casing of compound pages (git-fixes).
- block: Set memalloc_noio to false on device_add_disk() error path (git-fixes).
- block: add a disk_has_partscan helper (git-fixes).
- block: add a partscan sysfs attribute for disks (git-fixes).
- block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes).
- block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes).
- block: change rq_integrity_vec to respect the iterator (git-fixes).
- block: copy back bounce buffer to user-space correctly in case of split (git-fixes).
- block: ensure we hold a queue reference when using queue limits (git-fixes).
- block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
- block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes).
- block: fix integer overflow in BLKSECDISCARD (git-fixes).
- block: fix missing dispatching request when queue is started or unquiesced (git-fixes).
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes).
- block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes).
- block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
- block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes).
- block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes).
- block: retry call probe after request_module in blk_request_module (git-fixes).
- block: return unsigned int from bdev_io_min (git-fixes).
- block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes).
- block: support to account io_ticks precisely (git-fixes).
- block: use the right type for stub rq_integrity_vec() (git-fixes).
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
- bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
- bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232).
- can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
- can: ctucanfd: handle skb allocation failure (git-fixes).
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes).
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes).
- chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
- cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes).
- cifs: Remove intermediate object of failed create reparse call (git-fixes).
- cifs: commands that are retried should have replay flag set (bsc#1231432).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432).
- cifs: helper function to check replayable error codes (bsc#1231432).
- cifs: new mount option called retrans (bsc#1231432).
- cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
- cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
- cifs: update desired access while requesting for directory lease (git-fixes).
- cifs: update the same create_guid on replay (git-fixes).
- clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
- clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes).
- clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
- clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
- clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes).
- clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
- cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
- cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
- cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
- cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
- cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
- cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
- cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
- cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
- cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
- cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
- cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
- cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
- cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
- cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes).
- cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes).
- cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
- crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
- crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
- crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
- cxgb4: Avoid removal of uninserted tid (git-fixes).
- cxgb4: use port number to set mac addr (git-fixes).
- devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234).
- dlm: fix srcu_read_lock() return type to int (git-fixes).
- doc: update managed_irq documentation (bsc#1236897).
- driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
- drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes).
- drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes).
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes).
- drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
- drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
- drm/amdkfd: only flush the validate MES contex (stable-fixes).
- drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes).
- drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
- drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
- drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
- drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes).
- drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
- drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
- drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
- drm/i915/selftests: avoid using uninitialized context (git-fixes).
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
- drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
- drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes).
- drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
- drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
- drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
- drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
- drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes).
- drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
- drm/msm: Avoid rounding up to one jiffy (git-fixes).
- drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
- drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes).
- drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
- drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
- drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
- drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes).
- drm/virtio: New fence for every plane update (stable-fixes).
- efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
- eth: gve: use appropriate helper to set xdp_features (git-fixes).
- exfat: convert to ctime accessor functions (git-fixes).
- exfat: fix file being changed by unaligned direct write (git-fixes).
- exfat: fix zero the unwritten part for dio read (git-fixes).
- fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
- futex: Do not include process MM in futex key on no-MMU (git-fixes).
- gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes).
- gpio: pca953x: Improve interrupt support (git-fixes).
- gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes).
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
- gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
- gup: make the stack expansion warning a bit more targeted (bsc#1238214).
- hfs: Sanity check the root record (git-fixes).
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
- i2c: ls2x: Fix frequency division register access (git-fixes).
- i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
- iavf: allow changing VLAN state without calling PF (git-fixes).
- ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
- ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes).
- ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
- ice: fix max values for dpll pin phase adjust (git-fixes).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
- ice: gather page_count()'s of each frag right before XDP prog call (git-fixes).
- ice: put Rx buffers after being done with current frame (git-fixes).
- ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
- ice: use internal pf id instead of function number (git-fixes).
- idpf: add read memory barrier when checking descriptor done bit (git-fixes).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661).
- idpf: convert workqueues to unbound (git-fixes).
- idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
- idpf: fix handling rsc packet with a single segment (git-fixes).
- igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
- igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
- igc: return early when failing to read EECD register (git-fixes).
- iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
- kabi: fix bus type (bsc#1236896).
- kabi: fix group_cpus_evenly (bsc#1236897).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
- kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
- kernel-source: Also replace bin/env
- lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
- lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897).
- lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
- lib: stackinit: hide never-taken branch from compiler (stable-fixes).
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
- lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
- locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes).
- loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
- md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
- md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes).
- md/md-cluster: fix spares warnings for __le64 (git-fixes).
- md/raid0: do not free conf on raid0_run failure (git-fixes).
- md/raid1: do not free conf on raid0_run failure (git-fixes).
- md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
- md: Do not flush sync_work in md_write_start() (git-fixes).
- md: convert comma to semicolon (git-fixes).
- media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
- media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes).
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes).
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes).
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
- mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
- mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
- mptcp: export local_address (git-fixes)
- mptcp: fix NL PM announced address accounting (git-fixes)
- mptcp: fix data races on local_id (git-fixes)
- mptcp: fix inconsistent state on fastopen race (bsc#1222672).
- mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
- mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
- mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
- mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes)
- mptcp: pm: deny endp with signal + subflow + port (git-fixes)
- mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
- mptcp: pm: do not try to create sf if alloc failed (git-fixes)
- mptcp: pm: fullmesh: select the right ID later (git-fixes)
- mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
- mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
- mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
- mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
- mptcp: pm: re-using ID of unused removed subflows (git-fixes)
- mptcp: pm: reduce indentation blocks (git-fixes)
- mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
- mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
- mptcp: unify pm get_local_id interfaces (git-fixes)
- mptcp: unify pm set_flags interfaces (git-fixes)
- mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
- mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
- mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
- nbd: Fix signal handling (git-fixes).
- nbd: Improve the documentation of the locking assumptions (git-fixes).
- nbd: do not allow reconnect after disconnect (git-fixes).
- net/mlx5: Correct TASR typo into TSAR (git-fixes).
- net/mlx5: Fix RDMA TX steering prio (git-fixes).
- net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
- net/mlx5: SF, Fix add port error handling (git-fixes).
- net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
- net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
- net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
- net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: rose: lock the socket in rose_bind() (git-fixes).
- net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
- net: smc: fix spurious error message from __sock_release() (bsc#1237126).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes).
- nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes).
- null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes).
- null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes).
- null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes).
- null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
- null_blk: fix validation of block size (git-fixes).
- nvme-fc: use ctrl state getter (git-fixes).
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
- nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
- nvme/ioctl: add missing space in err message (git-fixes).
- nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
- nvme: make nvme_tls_attrs_group static (git-fixes).
- nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- nvme: tcp: Fix compilation warning with W=1 (git-fixes).
- nvmet: Fix crash when a namespace is disabled (git-fixes).
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138).
- padata: Clean up in padata_do_multithreaded() (bsc#1237563).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- partitions: ldm: remove the initial kernel-doc notation (git-fixes).
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes).
- phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
- phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
- platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
- platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
- platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452).
- platform/x86: ISST: Ignore minor version change (bsc#1237452).
- platform/x86: acer-wmi: Ignore AC events (stable-fixes).
- platform/x86: int3472: Check for adev == NULL (stable-fixes).
- power: supply: da9150-fg: fix potential overflow (git-fixes).
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199).
- powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199).
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199).
- powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
- powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988).
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950).
- rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
- rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
- rbd: do not move requests to the running list on errors (git-fixes).
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
- regmap-irq: Add missing kfree() (git-fixes).
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205).
- s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
- s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200).
- s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
- s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752).
- s390/pci: Ignore RID for isolated VFs (bsc#1236752).
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368).
- s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
- s390/pci: Use topology ID for multi-function devices (bsc#1236752).
- s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
- s390/topology: Improve topology detection (bsc#1236591).
- s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203).
- scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes).
- scsi: core: Clear driver private data when retrying request (git-fixes).
- scsi: core: Handle depopulation and restoration in progress (git-fixes).
- scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
- scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347).
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347).
- scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
- scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347).
- scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
- scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- selftest: hugetlb_dio: fix test naming (git-fixes).
- selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes).
- selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes).
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes).
- selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
- selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes).
- selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes).
- selftests: mptcp: connect: -f: no reconnect (git-fixes).
- selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
- serial: 8250: Fix fifo underflow on flush (git-fixes).
- serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
- smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes).
- smb3: request handle caching when caching directories (bsc#1231432).
- smb3: retrying on failed server close (bsc#1231432).
- smb: cached directories can be more than root file handle (bsc#1231432).
- smb: cilent: set reparse mount points as automounts (git-fixes).
- smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
- smb: client: Fix minor whitespace errors and warnings (git-fixes).
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes).
- smb: client: add support for WSL reparse points (git-fixes).
- smb: client: allow creating special files via reparse points (git-fixes).
- smb: client: allow creating symlinks via reparse points (git-fixes).
- smb: client: cleanup smb2_query_reparse_point() (git-fixes).
- smb: client: do not query reparse points twice on symlinks (git-fixes).
- smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432).
- smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
- smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
- smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
- smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
- smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
- smb: client: fix hardlinking of reparse points (git-fixes).
- smb: client: fix missing mode bits for SMB symlinks (git-fixes).
- smb: client: fix possible double free in smb2_set_ea() (git-fixes).
- smb: client: fix potential broken compound request (git-fixes).
- smb: client: fix renaming of reparse points (git-fixes).
- smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
- smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
- smb: client: handle path separator of created SMB symlinks (git-fixes).
- smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
- smb: client: ignore unhandled reparse tags (git-fixes).
- smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
- smb: client: instantiate when creating SFU files (git-fixes).
- smb: client: introduce ->parse_reparse_point() (git-fixes).
- smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
- smb: client: introduce cifs_sfu_make_node() (git-fixes).
- smb: client: introduce reparse mount option (git-fixes).
- smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432).
- smb: client: move most of reparse point handling code to common file (git-fixes).
- smb: client: move some params to cifs_open_info_data (bsc#1231432).
- smb: client: optimise reparse point querying (git-fixes).
- smb: client: parse owner/group when creating reparse points (git-fixes).
- smb: client: parse reparse point flag in create response (bsc#1231432).
- smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
- smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
- smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
- smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
- smb: client: retry compound request without reusing lease (git-fixes).
- smb: client: return reparse type in /proc/mounts (git-fixes).
- smb: client: reuse file lease key in compound operations (git-fixes).
- smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes).
- smb: client: set correct file type from NFS reparse points (git-fixes).
- smb: client: stop revalidating reparse points unnecessarily (git-fixes).
- smb: use kernel_connect() and kernel_bind() (git-fixes).
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes).
- soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
- soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
- soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
- soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
- spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
- spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes).
- spi: sn-f-ospi: Fix division by zero (git-fixes).
- tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
- tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
- tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes).
- ublk: fix error code for unsupported command (git-fixes).
- ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
- ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
- ublk: move zone report data out of request pdu (git-fixes).
- usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
- usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
- usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
- usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes).
- usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
- usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes).
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
- usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
- usb: roles: set switch registered flag early on (git-fixes).
- usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes).
- usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
- usbnet: ipheth: document scope of NCM implementation (stable-fixes).
- util_macros.h: fix/rework find_closest() macros (git-fixes).
- vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
- virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897).
- virtio: hookup irq_get_affinity callback (bsc#1236896).
- virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
- wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes).
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes).
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes).
- wifi: iwlwifi: avoid memory leak (stable-fixes).
- wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
- wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
- wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
- wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
- wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes).
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
- x86/asm: Make serialize() always_inline (git-fixes).
- x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
- x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes).
- x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (git-fixes).
- xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
- zram: clear IDLE flag after recompression (git-fixes).
- zram: clear IDLE flag in mark_idle() (git-fixes).
- zram: do not mark idle slots that cannot be idle (git-fixes).
- zram: fix potential UAF of zram table (git-fixes).
- zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
- zram: refuse to use zero sized block device as backing device (git-fixes).
- zram: split memory-tracking and ac-time tracking (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes).
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
- arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes)
- arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes).
- drm/sched: Fix preprocessor guard (git-fixes).
- exfat: do not zero the extended part (bsc#1237356).
- exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
- exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
- ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes)
- packaging: Turn gcc version into config.sh variable.
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- scsi: core: Do not retry I/Os during depopulation (git-fixes).
- scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
- scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes).
- scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes).
- scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
- scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes).
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes).
- scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
- scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
- scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
- scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253).
- scsi: myrb: Remove dead code (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
- scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
- scsi: sg: Enable runtime power management (git-fixes).
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes).
- scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
- wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
- wifi: iwlwifi: limit printed string from FW file (git-fixes).
- wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
- wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:915-1
Released: Wed Mar 19 08:04:05 2025
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942
This update for libgcrypt fixes the following issues:
- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
- FIPS: Disallow rsa < 2048 [bsc#1225941]
* Mark RSA operations with keysize < 2048 as non-approved in the SLI
- FIPS: Service level indicator for libgcrypt [bsc#1225939]
- FIPS: Consider deprecate sha1 [bsc#1225942]
* In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
transition at the end of 2030. Mark SHA1 as non-approved in SLI.
- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
* cipher: Do not run RSA encryption selftest by default
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
for the whole length entropy buffer in FIPS mode. [bsc#1220893]
- FIPS: Set the FSM into error state if Jitter RNG is returning an
error code to the caller when an health test error occurs when
random bytes are requested through the jent_read_entropy_safe()
function. [bsc#1220895]
- FIPS: Replace the built-in jitter rng with standalone version
* Remove the internal jitterentropy copy [bsc#1220896]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:933-1
Released: Wed Mar 19 11:07:35 2025
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1237844,1237865
This update for grub2 fixes the following issues:
- Fix 'zfs.mo not found' message when booting on legacy BIOS (bsc#1237865)
- Upstream XFS fixes
- Fix 'attempt to read of write outside of partition' error message (bsc#1237844)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:967-1
Released: Thu Mar 20 09:31:40 2025
Summary: Recommended update for nfs-utils
Type: recommended
Severity: moderate
References: 1226533,1239165
This update for nfs-utils fixes the following issues:
- Sources fix: nfsopen() failures should not be fatal (bsc#1239165).
- Enable ldap support for nfsidmap (bsc#1226533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:969-1
Released: Thu Mar 20 14:28:47 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1227637,1236165
This update for crypto-policies fixes the following issues:
- Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637).
- tolerate fips dracut module presence w/o FIPS
* Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode
(bsc#1236165).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.9.2 updated
- docker-27.5.1_ce-150000.215.3 updated
- dracut-059+suse.552.g232957b4-150600.3.17.2 updated
- findutils-4.8.0-150300.3.3.2 updated
- glibc-locale-base-2.38-150600.14.23.1 updated
- glibc-locale-2.38-150600.14.23.1 updated
- glibc-2.38-150600.14.23.1 updated
- google-guest-agent-20250116.00-150000.1.54.1 updated
- google-guest-oslogin-20240311.00-150000.1.48.1 updated
- google-osconfig-agent-20250115.01-150000.1.44.1 updated
- grub2-i386-pc-2.12-150600.8.21.2 updated
- grub2-x86_64-efi-2.12-150600.8.21.2 updated
- grub2-2.12-150600.8.21.2 updated
- kdump-2.0.6+git25.g1dbf786-150600.3.14.1 updated
- kernel-default-6.4.0-150600.23.42.2 updated
- libgcrypt20-1.10.3-150600.3.3.1 updated
- libgnutls30-3.8.3-150600.4.6.2 updated
- libnfsidmap1-1.0-150600.28.9.2 updated
- libopenssl1_1-1.1.1w-150600.5.12.2 updated
- libprocps8-3.3.17-150000.7.42.1 updated
- libpython3_6m1_0-3.6.15-150300.10.81.1 updated
- libsystemd0-254.23-150600.4.25.1 updated
- libtasn1-6-4.13-150000.4.11.1 updated
- libtasn1-4.13-150000.4.11.1 updated
- libudev1-254.23-150600.4.25.1 updated
- libxml2-2-2.10.3-150500.5.23.1 updated
- libzypp-17.36.3-150600.3.50.1 updated
- nfs-client-2.6.4-150600.28.9.2 updated
- openssh-clients-9.6p1-150600.6.15.2 updated
- openssh-common-9.6p1-150600.6.15.2 updated
- openssh-server-9.6p1-150600.6.15.2 updated
- openssh-9.6p1-150600.6.15.2 updated
- permissions-20240826-150600.10.18.2 updated
- pkg-config-0.29.2-150600.15.3.1 updated
- procps-3.3.17-150000.7.42.1 updated
- python3-base-3.6.15-150300.10.81.1 updated
- samba-client-libs-4.19.8+git.404.38b26805d4-150600.3.12.2 updated
- systemd-254.23-150600.4.25.1 updated
- timezone-2025a-150600.91.3.1 updated
- udev-254.23-150600.4.25.1 updated
- vim-data-common-9.1.1101-150500.20.21.1 updated
- vim-9.1.1101-150500.20.21.1 updated
- zypper-1.14.85-150600.10.28.1 updated
- libxslt1-1.1.34-150400.3.3.1 removed
- python-instance-billing-flavor-check-0.1.2-150000.1.17.1 removed
- python3-3.6.15-150300.10.78.1 removed
- python3-apipkg-2.1.0-150500.1.1 removed
- python3-asn1crypto-0.24.0-3.2.1 removed
- python3-certifi-2018.1.18-150000.3.3.1 removed
- python3-cffi-1.13.2-3.2.5 removed
- python3-chardet-3.0.4-150000.5.3.1 removed
- python3-cryptography-3.3.2-150400.23.1 removed
- python3-cssselect-1.0.3-150400.3.7.4 removed
- python3-idna-2.6-150000.3.3.1 removed
- python3-iniconfig-1.1.1-150000.1.11.1 removed
- python3-lxml-4.9.1-150500.3.4.3 removed
- python3-py-1.10.0-150100.5.12.1 removed
- python3-pyOpenSSL-21.0.0-150400.7.62 removed
- python3-pyasn1-0.4.2-150000.3.5.1 removed
- python3-pycparser-2.17-3.2.1 removed
- python3-requests-2.25.1-150300.3.12.2 removed
- python3-urllib3-1.25.10-150300.4.12.1 removed
More information about the sle-container-updates
mailing list