SUSE-CU-2025:7239-1: Security update of bci/bci-sle15-kernel-module-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Oct 2 11:29:20 UTC 2025
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7239-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-47.1 , bci/bci-sle15-kernel-module-devel:latest
Container Release : 47.1
Severity : important
Type : security
References : 1012628 1170284 1213545 1215199 1221858 1222323 1230557 1230708
1232089 1233120 1240708 1240890 1241353 1242034 1242754 1242960
1244734 1244930 1245410 1245663 1245710 1245767 1245780 1245815
1245956 1245973 1245977 1246005 1246012 1246181 1246193 1246974
1247057 1247078 1247112 1247116 1247119 1247155 1247162 1247167
1247229 1247243 1247280 1247290 1247313 1247712 1247976 1248088
1248108 1248164 1248166 1248175 1248178 1248179 1248180 1248183
1248186 1248194 1248196 1248198 1248205 1248206 1248208 1248209
1248212 1248213 1248214 1248216 1248217 1248223 1248227 1248228
1248229 1248232 1248240 1248255 1248297 1248306 1248312 1248333
1248334 1248337 1248338 1248340 1248341 1248345 1248349 1248350
1248354 1248355 1248361 1248363 1248368 1248370 1248374 1248377
1248386 1248390 1248395 1248399 1248401 1248511 1248573 1248575
1248577 1248609 1248614 1248617 1248621 1248636 1248643 1248647
1248648 1248652 1248655 1248666 1248669 1248746 1248748 1249022
1249346 1249375 CVE-2023-3867 CVE-2023-4130 CVE-2023-4515 CVE-2024-26661
CVE-2024-46733 CVE-2024-49996 CVE-2024-58238 CVE-2024-58239 CVE-2025-37885
CVE-2025-38006 CVE-2025-38075 CVE-2025-38103 CVE-2025-38125 CVE-2025-38146
CVE-2025-38160 CVE-2025-38184 CVE-2025-38185 CVE-2025-38190 CVE-2025-38201
CVE-2025-38205 CVE-2025-38208 CVE-2025-38245 CVE-2025-38251 CVE-2025-38360
CVE-2025-38439 CVE-2025-38440 CVE-2025-38441 CVE-2025-38444 CVE-2025-38445
CVE-2025-38458 CVE-2025-38459 CVE-2025-38464 CVE-2025-38472 CVE-2025-38490
CVE-2025-38491 CVE-2025-38499 CVE-2025-38500 CVE-2025-38503 CVE-2025-38506
CVE-2025-38510 CVE-2025-38511 CVE-2025-38512 CVE-2025-38513 CVE-2025-38515
CVE-2025-38516 CVE-2025-38520 CVE-2025-38521 CVE-2025-38524 CVE-2025-38528
CVE-2025-38529 CVE-2025-38530 CVE-2025-38531 CVE-2025-38535 CVE-2025-38537
CVE-2025-38538 CVE-2025-38540 CVE-2025-38541 CVE-2025-38543 CVE-2025-38546
CVE-2025-38548 CVE-2025-38550 CVE-2025-38553 CVE-2025-38555 CVE-2025-38560
CVE-2025-38563 CVE-2025-38565 CVE-2025-38566 CVE-2025-38568 CVE-2025-38571
CVE-2025-38572 CVE-2025-38576 CVE-2025-38581 CVE-2025-38582 CVE-2025-38583
CVE-2025-38585 CVE-2025-38587 CVE-2025-38588 CVE-2025-38591 CVE-2025-38601
CVE-2025-38602 CVE-2025-38604 CVE-2025-38605 CVE-2025-38608 CVE-2025-38609
CVE-2025-38610 CVE-2025-38612 CVE-2025-38617 CVE-2025-38618 CVE-2025-38621
CVE-2025-38624 CVE-2025-38630 CVE-2025-38632 CVE-2025-38634 CVE-2025-38635
CVE-2025-38644 CVE-2025-38646 CVE-2025-38650 CVE-2025-38656 CVE-2025-38663
CVE-2025-38665 CVE-2025-38668 CVE-2025-38670 CVE-2025-38671 CVE-2025-8114
CVE-2025-8277
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3290-1
Released: Mon Sep 22 14:34:03 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1170284,1213545,1215199,1221858,1222323,1230557,1230708,1232089,1233120,1240708,1240890,1241353,1242034,1242754,1242960,1244734,1244930,1245410,1245663,1245710,1245767,1245780,1245815,1245956,1245973,1245977,1246005,1246012,1246181,1246193,1247057,1247078,1247112,1247116,1247119,1247155,1247162,1247167,1247229,1247243,1247280,1247290,1247313,1247712,1247976,1248088,1248108,1248164,1248166,1248175,1248178,1248179,1248180,1248183,1248186,1248194,1248196,1248198,1248205,1248206,1248208,1248209,1248212,1248213,1248214,1248216,1248217,1248223,1248227,1248228,1248229,1248232,1248240,1248255,1248297,1248306,1248312,1248333,1248334,1248337,1248338,1248340,1248341,1248345,1248349,1248350,1248354,1248355,1248361,1248363,1248368,1248370,1248374,1248377,1248386,1248390,1248395,1248399,1248401,1248511,1248573,1248575,1248577,1248609,1248614,1248617,1248621,1248636,1248643,1248647,1248648,1248652,1248655,1248666,1248669,1248746,1248748,1249022,1249346,CVE-2023-3867,CVE-2023-41
30,CVE-2023-4515,CVE-2024-26661,CVE-2024-46733,CVE-2024-49996,CVE-2024-58238,CVE-2024-58239,CVE-2025-37885,CVE-2025-38006,CVE-2025-38075,CVE-2025-38103,CVE-2025-38125,CVE-2025-38146,CVE-2025-38160,CVE-2025-38184,CVE-2025-38185,CVE-2025-38190,CVE-2025-38201,CVE-2025-38205,CVE-2025-38208,CVE-2025-38245,CVE-2025-38251,CVE-2025-38360,CVE-2025-38439,CVE-2025-38440,CVE-2025-38441,CVE-2025-38444,CVE-2025-38445,CVE-2025-38458,CVE-2025-38459,CVE-2025-38464,CVE-2025-38472,CVE-2025-38490,CVE-2025-38491,CVE-2025-38499,CVE-2025-38500,CVE-2025-38503,CVE-2025-38506,CVE-2025-38510,CVE-2025-38511,CVE-2025-38512,CVE-2025-38513,CVE-2025-38515,CVE-2025-38516,CVE-2025-38520,CVE-2025-38521,CVE-2025-38524,CVE-2025-38528,CVE-2025-38529,CVE-2025-38530,CVE-2025-38531,CVE-2025-38535,CVE-2025-38537,CVE-2025-38538,CVE-2025-38540,CVE-2025-38541,CVE-2025-38543,CVE-2025-38546,CVE-2025-38548,CVE-2025-38550,CVE-2025-38553,CVE-2025-38555,CVE-2025-38560,CVE-2025-38563,CVE-2025-38565,CVE-2025-38566,CVE-2025-38568,CVE-2
025-38571,CVE-2025-38572,CVE-2025-38576,CVE-2025-38581,CVE-2025-38582,CVE-2025-38583,CVE-2025-38585,CVE-2025-38587,CVE-2025-38588,CVE-2025-38591,CVE-2025-38601,CVE-2025-38602,CVE-2025-38604,CVE-2025-38605,CVE-2025-38608,CVE-2025-38609,CVE-2025-38610,CVE-2025-38612,CVE-2025-38617,CVE-2025-38618,CVE-2025-38621,CVE-2025-38624,CVE-2025-38630,CVE-2025-38632,CVE-2025-38634,CVE-2025-38635,CVE-2025-38644,CVE-2025-38646,CVE-2025-38650,CVE-2025-38656,CVE-2025-38663,CVE-2025-38665,CVE-2025-38668,CVE-2025-38670,CVE-2025-38671
The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).
- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).
- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).
- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).
- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).
- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).
- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).
- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).
- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).
- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).
- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).
- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).
- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).
- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).
- CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290).
- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).
- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).
- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).
- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).
- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).
- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).
- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).
- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).
- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).
- CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186).
- CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217).
- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).
- CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198).
- CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355).
- CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
The following non-security bugs were fixed:
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).
- ACPI: pfr_update: Fix the driver update version check (git-fixes).
- ACPI: processor: fix acpi_object initialization (stable-fixes).
- ACPI: processor: perflib: Move problematic pr->performance check (git-fixes).
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).
- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).
- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).
- ALSA: hda: Disable jack polling at shutdown (stable-fixes).
- ALSA: hda: Handle the jack polling always via a work (stable-fixes).
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).
- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).
- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).
- ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes).
- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).
- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).
- ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes).
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).
- ASoC: qcom: use drvdata instead of component to keep id (stable-fixes).
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).
- ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes).
- Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes).
- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).
- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).
- Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes).
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).
- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).
- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).
- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).
- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).
- Fix 'drm/amdgpu: read back register after written for VCN v4.0.5' (bsc#1248370).
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).
- PCI: Add ACS quirk for Loongson PCIe (git-fixes).
- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).
- PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes).
- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).
- PCI: imx6: Delay link start until configfs 'start' written (git-fixes).
- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).
- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).
- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).
- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).
- PCI: rockchip: Use standard PCIe definitions (git-fixes).
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).
- PM: sleep: console: Fix the black screen issue (stable-fixes).
- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).
- RAS/AMD/FMPM: Get masked address (bsc#1242034).
- RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034).
- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes).
- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes).
- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes).
- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes).
- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes).
- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes).
- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes).
- RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes).
- RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes).
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes).
- Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes).
- USB: serial: option: add Foxconn T99W709 (stable-fixes).
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).
- accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes).
- amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes).
- aoe: defer rexmit timer downdev work to workqueue (git-fixes).
- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).
- arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes).
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes).
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes).
- arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes).
- arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes).
- arm64: Restrict pagetable teardown to avoid false warning (git-fixes).
- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes).
- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes).
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes).
- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes).
- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes).
- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes).
- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes).
- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes).
- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes).
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes).
- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes).
- ata: libata-scsi: Fix CDL control (git-fixes).
- block: fix kobject leak in blk_unregister_queue (git-fixes).
- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).
- bpf: fix kfunc btf caching for modules (git-fixes).
- bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).
- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).
- btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes).
- btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes).
- btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes).
- btrfs: fix the length of reserved qgroup to free (bsc#1240708).
- btrfs: retry block group reclaim without infinite loop (git-fixes).
- btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120).
- btrfs: run delayed iputs when flushing delalloc (git-fixes).
- btrfs: update target inode's ctime on unlink (git-fixes).
- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).
- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).
- comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes).
- comedi: fix race between polling and detaching (git-fixes).
- comedi: pcl726: Prevent invalid irq number (git-fixes).
- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).
- crypto: jitter - fix intermediary handling (stable-fixes).
- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).
- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).
- devlink: add value check to devlink_info_version_put() (bsc#1245410 jsc#PED-12320).
- devlink: let driver opt out of automatic phys_port_name generation (git-fixes).
- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).
- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).
- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).
- drm/amd/display: Allow DCN301 to clear update flags (git-fixes).
- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).
- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).
- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).
- drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes).
- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).
- drm/amd/display: Do not print errors for nonexistent connectors (git-fixes).
- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes).
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).
- drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes).
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).
- drm/amd/display: Initialize mode_select to 0 (stable-fixes).
- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).
- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).
- drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes).
- drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes).
- drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes).
- drm/amd/pm: fix null pointer access (stable-fixes).
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).
- drm/amd: Restore cached power limit during resume (stable-fixes).
- drm/amdgpu/swm14: Update power limit logic (stable-fixes).
- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).
- drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes).
- drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes).
- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).
- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).
- drm/amdgpu: fix vram reservation issue (git-fixes).
- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).
- drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes).
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).
- drm/bridge: fix OF node leak (git-fixes).
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).
- drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes).
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).
- drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes).
- drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes).
- drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes).
- drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes).
- drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes).
- drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes).
- drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes).
- drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes).
- drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes).
- drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes).
- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).
- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).
- drm/msm: Add error handling for krealloc in metadata setup (stable-fixes).
- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).
- drm/msm: update the high bitfield of certain DSI registers (git-fixes).
- drm/msm: use trylock for debugfs (stable-fixes).
- drm/nouveau/disp: Always accept linear modifier (git-fixes).
- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).
- drm/nouveau: fix typos in comments (git-fixes).
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).
- drm/nouveau: remove unused memory target test (git-fixes).
- drm/tests: Fix endian warning (git-fixes).
- drm/ttm: Respect the shrinker core free target (stable-fixes).
- drm/ttm: Should to return the evict error (stable-fixes).
- drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes).
- drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes).
- drm/xe/xe_sync: avoid race during ufence signaling (git-fixes).
- drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes).
- drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes).
- drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes).
- et131x: Add missing check after DMA map (stable-fixes).
- exfat: add cluster chain loop check for dir (git-fixes).
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).
- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).
- fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120)
- fs/orangefs: use snprintf() instead of sprintf() (git-fixes).
- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).
- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).
- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).
- hfs: fix not erasing deleted b-tree node issue (git-fixes).
- hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes).
- hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes).
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).
- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).
- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).
- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).
- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).
- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).
- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).
- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).
- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).
- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).
- ipmi: Fix strcpy source and destination the same (stable-fixes).
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- ixgbe: add .info_get extension specific for E610 devices (bsc#1245410 jsc#PED-12320).
- ixgbe: add E610 functions for acquiring flash data (bsc#1245410 jsc#PED-12320).
- ixgbe: add E610 functions getting PBA and FW ver info (bsc#1245410 jsc#PED-12320).
- ixgbe: add E610 implementation of FW recovery mode (bsc#1245410 jsc#PED-12320).
- ixgbe: add FW API version check (bsc#1245410 jsc#PED-12320).
- ixgbe: add device flash update via devlink (bsc#1245410 jsc#PED-12320).
- ixgbe: add handler for devlink .info_get() (bsc#1245410 jsc#PED-12320).
- ixgbe: add initial devlink support (bsc#1245410 jsc#PED-12320).
- ixgbe: add support for FW rollback mode (bsc#1245410 jsc#PED-12320).
- ixgbe: add support for devlink reload (bsc#1245410 jsc#PED-12320).
- ixgbe: extend .info_get() with stored versions (bsc#1245410 jsc#PED-12320).
- ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410).
- ixgbe: prevent from unwanted interface name changes (git-fixes).
- ixgbe: read the OROM version information (bsc#1245410 jsc#PED-12320).
- ixgbe: read the netlist version information (bsc#1245410 jsc#PED-12320).
- ixgbe: wrap netdev_priv() usage (bsc#1245410 jsc#PED-12320).
- jfs: Regular file corruption check (git-fixes).
- jfs: truncate good inode pages when hard link is 0 (git-fixes).
- jfs: upper bound check of tree index in dbAllocAG (git-fixes).
- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes).
- kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes).
- kselftest/runner.sh: add netns support.
- kselftests: Sort the collections list to avoid duplicate tests.
- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).
- livepatch: Add 'replace' sysfs attribute (poo#187320).
- livepatch: Add stack_order sysfs attribute (poo#187320).
- livepatch: Replace snprintf() with sysfs_emit() (poo#187320).
- loop: use kiocb helpers to fix lockdep warning (git-fixes).
- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).
- md/md-cluster: handle REMOVE message earlier (bsc#1247057).
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- md: allow removing faulty rdev during resync (git-fixes).
- md: make rdev_addable usable for rcu mode (git-fixes).
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).
- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).
- media: tc358743: Check I2C succeeded during probe (stable-fixes).
- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).
- media: usb: hdpvr: disable zero-length read messages (stable-fixes).
- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).
- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).
- memstick: Fix deadlock by moving removing flag earlier (git-fixes).
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes).
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).
- most: core: Drop device reference after usage in get_channel() (git-fixes).
- mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes).
- mptcp: reset when MPTCP opts are dropped after join (git-fixes).
- net: phy: micrel: Add ksz9131_resume() (stable-fixes).
- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).
- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).
- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).
- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).
- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).
- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).
- pNFS: Handle RPC size limit for layoutcommits (git-fixes).
- phy: mscc: Fix parsing of unicast frames (git-fixes).
- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).
- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).
- pinctrl: stm32: Manage irq affinity settings (stable-fixes).
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).
- platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes).
- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).
- platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes).
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).
- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).
- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).
- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).
- powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199).
- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).
- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).
- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).
- powerpc: do not build ppc_save_regs.o always (bsc#1215199).
- pwm: mediatek: Fix duty and period setting (git-fixes).
- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).
- Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes).
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).
- samples/bpf: Fix compilation errors with cf-protection option (git-fixes).
- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).
- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).
- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).
- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).
- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).
- selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE.
- selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes).
- selftests/livepatch: Add selftests for 'replace' sysfs attribute.
- selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320).
- selftests/livepatch: Replace hardcoded module name.
- selftests/livepatch: define max test-syscall processes.
- selftests/livepatch: fix and refactor new dmesg message code.
- selftests/livepatch: wait for atomic replace to occur.
- selftests/run_kselftest.sh: Fix help string for --per-test-log.
- selftests/run_kselftest.sh: Use readlink if realpath is not available.
- selftests/tracing: Fix false failure of subsystem event test (git-fixes).
- selftests: Fix errno checking in syscall_user_dispatch test (git-fixes).
- selftests: allow runners to override the timeout.
- selftests: livepatch: Avoid running the tests for certain kernel-devel situations.
- selftests: livepatch: Test atomic replace against multiple modules.
- selftests: livepatch: Test livepatching a heavily called syscall.
- selftests: livepatch: add new ftrace helpers functions.
- selftests: livepatch: add test cases of stack_order sysfs interface.
- selftests: livepatch: handle PRINTK_CALLER in check_result().
- selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR.
- selftests: livepatch: save and restore kprobe state.
- selftests: livepatch: test if ftrace can trace a livepatched function.
- selftests: livepatch: test livepatching a kprobed function.
- selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes).
- serial: 8250: fix panic due to PSLVERR (git-fixes).
- serial: core: fix OF node leak (git-fixes).
- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).
- smb: client: fix parsing of device numbers (git-fixes).
- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).
- soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes).
- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).
- squashfs: fix memory leak in squashfs_fill_super (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).
- ublk: sanity check add_dev input for underflow (git-fixes).
- ublk: use vmalloc for ublk_device's __queues (git-fixes).
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).
- usb: core: usb_submit_urb: downgrade type check (stable-fixes).
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).
- usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes).
- usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes).
- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes).
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes).
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).
- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).
- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).
- usb: xhci: Fix slot_id resource race conflict (git-fixes).
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).
- usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes).
- vfs: Add a sysctl for automated deletion of dentry (bsc#1240890).
- watchdog: dw_wdt: Fix default timeout (stable-fixes).
- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).
- wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes).
- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).
- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).
- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).
- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).
- wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes).
- wifi: cfg80211: Fix interface type validation (stable-fixes).
- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).
- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).
- wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes).
- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).
- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).
- wifi: mac80211: avoid weird state in error path (stable-fixes).
- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).
- wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes).
- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).
- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).
- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).
- wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes).
- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).
- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3369-1
Released: Fri Sep 26 12:54:43 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
The following package changes have been done:
- libssh-config-0.9.8-150600.11.6.1 updated
- libssh4-0.9.8-150600.11.6.1 updated
- kernel-macros-6.4.0-150700.53.16.1 updated
- kernel-devel-6.4.0-150700.53.16.1 updated
- kernel-default-devel-6.4.0-150700.53.16.1 updated
- kernel-syms-6.4.0-150700.53.16.1 updated
- container:registry.suse.com-bci-bci-base-15.7-c748b740034bd7faee2a71a60ccfdc9e27e13d317b6e9823dbac93189c7f6c8f-0 updated
More information about the sle-container-updates
mailing list