SUSE-IU-2025:3681-1: Security update of suse/sl-micro/6.0/kvm-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Nov 14 08:22:33 UTC 2025
SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3681-1
Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.88 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release : 6.88
Severity : important
Type : security
References : 1012628 1214954 1215143 1215199 1216396 1220419 1236743 1239206
1244939 1248211 1248230 1248517 1248630 1248754 1248886 1249161
1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512
1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274
1250296 1250379 1250400 1250455 1250491 1250519 1250650 1250702
1250704 1250721 1250742 1250946 1251024 1251027 1251028 1251031
1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056
1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071
1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106
1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134
1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170
1251177 1251180 1251206 1251215 1251216 1251222 1251230 1251232
1251233 1251247 1251268 1251269 1251270 1251282 1251283 1251286
1251290 1251319 1251321 1251323 1251328 1251529 1251721 1251732
1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755
1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769
1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967
1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056
1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074
1252075 1252078 1252079 1252082 1252083 1252265 1252269 1252332
1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489
1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537
1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632
1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775
1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848
1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873
1252902 1252904 1252909 1252918 1252939 CVE-2023-53538 CVE-2023-53539
CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546
CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554
CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559
CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572
CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580
CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593
CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601
CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615
CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621
CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638
CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649
CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656
CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662
CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670
CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686
CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699
CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711
CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725
CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730
CVE-2023-53731 CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552
CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673
CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756
CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828
CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881
CVE-2025-39895 CVE-2025-39898 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931
CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946
CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955
CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969
CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978
CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987
CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995
CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010
CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019
CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036
CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052
CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062
CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085
CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100
-----------------------------------------------------------------
The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: kernel-204
Released: Thu Nov 13 16:32:12 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1
251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560,CVE-2023
-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-2023-53707,
CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39898,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-202
5-39987,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non-security bugs were fixed:
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).
- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).
- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).
- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).
- ACPI: property: Add code comments explaining what is going on (stable-fixes).
- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).
- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).
- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).
- ACPICA: Allow to skip Global Lock initialization (stable-fixes).
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).
- ALSA: usb-audio: fix control pipe direction (git-fixes).
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).
- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).
- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).
- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).
- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).
- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).
- HID: multitouch: fix name of Stylus input devices (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).
- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).
- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).
- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).
- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).
- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).
- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).
- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).
- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).
- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).
- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).
- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix crash in nfsd4_read_release() (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Minor cleanup in layoutcommit processing (git-fixes).
- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).
- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).
- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).
- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).
- PCI: j721e: Enable ACSPCIE Refclk if 'ti,syscon-acspcie-proxy-ctrl' exists (stable-fixes).
- PCI: j721e: Fix programming sequence of 'strap' settings (git-fixes).
- PM: runtime: Add new devm functions (stable-fixes).
- Revert 'KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()' (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).
- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).
- add bug reference to existing hv_netvsc change (bsc#1252265)
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)
- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)
- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).
- cpuidle: menu: Avoid discarding useful information (stable-fixes).
- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).
- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).
- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).
- drm/etnaviv: fix flush sequence logic (git-fixes).
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).
- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).
- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).
- drm/mediatek: Fix device use-after-free on unbind (git-fixes).
- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).
- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).
- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).
- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).
- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).
- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).
- ext4: check fast symlink for ea_inode correctly (git-fixes).
- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).
- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).
- ext4: ensure i_size is smaller than maxbytes (git-fixes).
- ext4: factor out ext4_get_maxbytes() (git-fixes).
- ext4: fix calculation of credits for extent tree modification (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).
- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).
- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).
- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).
- ext4: fix zombie groups in average fragment size lists (git-fixes).
- ext4: preserve SB_I_VERSION on remount (git-fixes).
- ext4: reorder capability check last (git-fixes).
- fbdev: Fix logic error in 'offb' name match (git-fixes).
- fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes).
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).
- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- i2c: ocores: use devm_ managed clks (git-fixes).
- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).
- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- isofs: Verify inode mode when loading from disk (git-fixes).
- jbd2: do not try to recover wiped journal (git-fixes).
- kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).
- locking/mutex: Introduce devm_mutex_init() (stable-fixes).
- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: tunner: xc5000: Refactor firmware load (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).
- misc: fastrpc: Add missing dev_err newlines (stable-fixes).
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- mmc: core: SPI mode remove cmd7 (stable-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).
- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).
- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).
- net: sysfs: Fix /sys/class/net/<iface> path (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes).
- net: usb: rtl8150: Fix frame padding (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).
- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).
- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).
- overlayfs: set ctime when setting mtime and atime (stable-fixes).
- ovl: Always reevaluate the file signature for IMA (stable-fixes).
- ovl: fix file reference leak when submitting aio (stable-fixes).
- ovl: fix incorrect fdput() on aio completion (stable-fixes).
- perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes).
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).
- perf/amd: Prevent grouping of IBS events (git-fixes).
- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).
- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).
- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).
- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).
- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).
- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).
- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).
- perf/core: Fix small negative period being ignored (git-fixes).
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).
- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).
- perf/x86/amd: Warn only on new bits set (git-fixes).
- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).
- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).
- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Apply static call for drain_pebs (git-fixes).
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).
- perf/x86/intel: Use better start period for frequency mode (git-fixes).
- perf/x86: Fix low freqency setting issue (git-fixes).
- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).
- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).
- perf: Extract a few helpers (git-fixes).
- perf: Fix cgroup state vs ERROR (git-fixes).
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- r8152: add error handling in rtl8152_driver_init (git-fixes).
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).
- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).
- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).
- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).
- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).
- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).
- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).
- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).
- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).
- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).
- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).
- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).
- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).
- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).
- serial: 8250_dw: handle reset control deassert error (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).
- udf: Verify partition map count (git-fixes).
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).
- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).
- usbnet: Prevents free active kevent (git-fixes).
- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).
- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).
- wifi: ath12k: free skb during idr cleanup callback (git-fixes).
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).
- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
The following package changes have been done:
- kernel-default-base-6.4.0-36.1.21.13 updated
- container:SL-Micro-base-container-2.1.3-7.65 updated
More information about the sle-container-updates
mailing list