SUSE-CU-2025:7622-1: Security update of bci/bci-sle15-kernel-module-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Oct 28 08:40:58 UTC 2025
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7622-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.54.5
Container Release : 54.5
Severity : important
Type : security
References : 1012628 1194869 1213061 1213666 1214073 1214928 1214953 1215150
1215696 1216436 1216976 1218644 1220186 1220419 1229165 1230062
1236897 1237449 1237776 1240324 1241166 1241219 1241292 1241866
1243100 1243112 1245193 1245260 1245700 1246057 1246125 1246190
1246248 1246298 1246509 1246782 1247099 1247118 1247126 1247136
1247137 1247223 1247239 1247262 1247442 1247483 1247500 1247963
1248111 1248121 1248192 1248199 1248200 1248202 1248225 1248296
1248334 1248343 1248357 1248360 1248365 1248378 1248380 1248392
1248512 1248610 1248619 1248622 1248626 1248628 1248634 1248639
1248647 1248674 1248681 1248733 1248734 1248735 1248775 1248847
1249122 1249123 1249124 1249125 1249126 1249143 1249156 1249159
1249163 1249164 1249166 1249169 1249170 1249172 1249176 1249177
1249186 1249190 1249194 1249195 1249196 1249199 1249200 1249202
1249203 1249204 1249206 1249215 1249220 1249221 1249254 1249255
1249257 1249258 1249260 1249262 1249263 1249265 1249266 1249271
1249272 1249273 1249278 1249279 1249281 1249282 1249284 1249285
1249288 1249290 1249292 1249295 1249296 1249299 1249300 1249303
1249304 1249305 1249308 1249312 1249315 1249318 1249321 1249323
1249324 1249334 1249338 1249374 1249413 1249479 1249482 1249486
1249488 1249489 1249490 1249494 1249504 1249506 1249508 1249510
1249513 1249515 1249516 1249522 1249523 1249524 1249526 1249533
1249538 1249540 1249542 1249545 1249548 1249554 1249584 1249598
1249604 1249608 1249615 1249640 1249641 1249642 1249658 1249662
1249672 1249673 1249677 1249678 1249679 1249682 1249687 1249698
1249707 1249712 1249730 1249756 1249758 1249761 1249762 1249768
1249770 1249774 1249779 1249780 1249785 1249787 1249795 1249815
1249820 1249823 1249824 1249825 1249826 1249833 1249842 1249845
1249849 1249850 1249853 1249856 1249861 1249863 1249864 1249865
1249866 1249869 1249870 1249880 1249883 1249888 1249894 1249896
1249897 1249901 1249911 1249917 1249919 1249923 1249926 1249938
1249949 1249950 1249952 1249975 1249979 1249984 1249988 1249990
1249993 1249994 1249997 1250002 1250004 1250007 1250012 1250022
1250024 1250025 1250028 1250029 1250035 1250049 1250055 1250057
1250058 1250062 1250063 1250065 1250066 1250067 1250069 1250070
1250073 1250074 1250088 1250089 1250106 1250112 1250117 1250120
1250125 1250127 1250128 1250145 1250150 1250156 1250157 1250161
1250163 1250166 1250167 1250171 1250177 1250179 1250180 1250186
1250196 1250198 1250199 1250201 1250203 1250204 1250206 1250208
1250241 1250242 1250243 1250247 1250249 1250251 1250262 1250263
1250266 1250267 1250268 1250275 1250276 1250281 1250290 1250291
1250292 1250294 1250297 1250298 1250313 1250319 1250323 1250325
1250329 1250336 1250337 1250344 1250358 1250365 1250371 1250377
1250384 1250389 1250395 1250397 1250402 1250406 1250407 1250426
1250450 1250459 1250519 1250522 1250530 1250655 1250712 1250713
1250732 1250736 1250741 1250759 1250763 1250765 1250807 1250808
1250809 1250812 1250813 1250815 1250816 1250820 1250823 1250825
1250827 1250830 1250831 1250837 1250841 1250861 1250863 1250867
1250872 1250873 1250878 1250905 1250907 1250917 1250918 1250923
1250926 1250928 1250929 1250930 1250931 1250941 1250942 1250949
1250952 1250957 1250964 1251263 CVE-2023-31248 CVE-2023-3772
CVE-2023-39197 CVE-2023-42753 CVE-2023-53147 CVE-2023-53148 CVE-2023-53150
CVE-2023-53151 CVE-2023-53152 CVE-2023-53165 CVE-2023-53167 CVE-2023-53170
CVE-2023-53174 CVE-2023-53175 CVE-2023-53177 CVE-2023-53179 CVE-2023-53180
CVE-2023-53181 CVE-2023-53183 CVE-2023-53184 CVE-2023-53185 CVE-2023-53187
CVE-2023-53189 CVE-2023-53192 CVE-2023-53195 CVE-2023-53196 CVE-2023-53201
CVE-2023-53204 CVE-2023-53205 CVE-2023-53206 CVE-2023-53207 CVE-2023-53208
CVE-2023-53209 CVE-2023-53210 CVE-2023-53215 CVE-2023-53217 CVE-2023-53220
CVE-2023-53221 CVE-2023-53222 CVE-2023-53226 CVE-2023-53230 CVE-2023-53231
CVE-2023-53235 CVE-2023-53238 CVE-2023-53243 CVE-2023-53245 CVE-2023-53247
CVE-2023-53248 CVE-2023-53249 CVE-2023-53251 CVE-2023-53252 CVE-2023-53255
CVE-2023-53257 CVE-2023-53258 CVE-2023-53260 CVE-2023-53261 CVE-2023-53263
CVE-2023-53264 CVE-2023-53272 CVE-2023-53274 CVE-2023-53275 CVE-2023-53280
CVE-2023-53286 CVE-2023-53287 CVE-2023-53288 CVE-2023-53291 CVE-2023-53292
CVE-2023-53303 CVE-2023-53304 CVE-2023-53305 CVE-2023-53309 CVE-2023-53311
CVE-2023-53312 CVE-2023-53313 CVE-2023-53314 CVE-2023-53316 CVE-2023-53319
CVE-2023-53321 CVE-2023-53322 CVE-2023-53323 CVE-2023-53324 CVE-2023-53325
CVE-2023-53328 CVE-2023-53331 CVE-2023-53333 CVE-2023-53336 CVE-2023-53338
CVE-2023-53339 CVE-2023-53342 CVE-2023-53343 CVE-2023-53350 CVE-2023-53352
CVE-2023-53354 CVE-2023-53356 CVE-2023-53357 CVE-2023-53360 CVE-2023-53362
CVE-2023-53364 CVE-2023-53365 CVE-2023-53367 CVE-2023-53368 CVE-2023-53369
CVE-2023-53370 CVE-2023-53371 CVE-2023-53374 CVE-2023-53377 CVE-2023-53379
CVE-2023-53380 CVE-2023-53384 CVE-2023-53385 CVE-2023-53386 CVE-2023-53391
CVE-2023-53394 CVE-2023-53395 CVE-2023-53397 CVE-2023-53401 CVE-2023-53420
CVE-2023-53421 CVE-2023-53424 CVE-2023-53425 CVE-2023-53426 CVE-2023-53428
CVE-2023-53429 CVE-2023-53432 CVE-2023-53436 CVE-2023-53438 CVE-2023-53441
CVE-2023-53442 CVE-2023-53444 CVE-2023-53446 CVE-2023-53447 CVE-2023-53448
CVE-2023-53451 CVE-2023-53454 CVE-2023-53456 CVE-2023-53457 CVE-2023-53461
CVE-2023-53462 CVE-2023-53463 CVE-2023-53465 CVE-2023-53472 CVE-2023-53479
CVE-2023-53480 CVE-2023-53485 CVE-2023-53487 CVE-2023-53488 CVE-2023-53490
CVE-2023-53491 CVE-2023-53492 CVE-2023-53493 CVE-2023-53495 CVE-2023-53496
CVE-2023-53500 CVE-2023-53501 CVE-2023-53504 CVE-2023-53505 CVE-2023-53507
CVE-2023-53508 CVE-2023-53510 CVE-2023-53515 CVE-2023-53516 CVE-2023-53518
CVE-2023-53519 CVE-2023-53520 CVE-2023-53523 CVE-2023-53526 CVE-2023-53527
CVE-2023-53528 CVE-2023-53530 CVE-2023-53531 CVE-2024-26584 CVE-2024-58090
CVE-2024-58240 CVE-2025-22022 CVE-2025-3576 CVE-2025-38119 CVE-2025-38234
CVE-2025-38255 CVE-2025-38263 CVE-2025-38351 CVE-2025-38402 CVE-2025-38408
CVE-2025-38418 CVE-2025-38419 CVE-2025-38456 CVE-2025-38465 CVE-2025-38466
CVE-2025-38488 CVE-2025-38514 CVE-2025-38526 CVE-2025-38527 CVE-2025-38533
CVE-2025-38544 CVE-2025-38556 CVE-2025-38574 CVE-2025-38584 CVE-2025-38590
CVE-2025-38593 CVE-2025-38595 CVE-2025-38597 CVE-2025-38605 CVE-2025-38614
CVE-2025-38616 CVE-2025-38622 CVE-2025-38623 CVE-2025-38639 CVE-2025-38640
CVE-2025-38643 CVE-2025-38645 CVE-2025-38659 CVE-2025-38660 CVE-2025-38664
CVE-2025-38668 CVE-2025-38676 CVE-2025-38678 CVE-2025-38679 CVE-2025-38680
CVE-2025-38681 CVE-2025-38683 CVE-2025-38684 CVE-2025-38685 CVE-2025-38687
CVE-2025-38691 CVE-2025-38692 CVE-2025-38693 CVE-2025-38694 CVE-2025-38695
CVE-2025-38697 CVE-2025-38698 CVE-2025-38701 CVE-2025-38702 CVE-2025-38705
CVE-2025-38706 CVE-2025-38709 CVE-2025-38712 CVE-2025-38713 CVE-2025-38714
CVE-2025-38715 CVE-2025-38721 CVE-2025-38722 CVE-2025-38724 CVE-2025-38725
CVE-2025-38727 CVE-2025-38729 CVE-2025-38730 CVE-2025-38732 CVE-2025-38734
CVE-2025-38735 CVE-2025-38736 CVE-2025-39675 CVE-2025-39677 CVE-2025-39678
CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39684 CVE-2025-39685
CVE-2025-39686 CVE-2025-39691 CVE-2025-39693 CVE-2025-39694 CVE-2025-39701
CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39709 CVE-2025-39710
CVE-2025-39713 CVE-2025-39714 CVE-2025-39718 CVE-2025-39719 CVE-2025-39721
CVE-2025-39724 CVE-2025-39726 CVE-2025-39730 CVE-2025-39732 CVE-2025-39738
CVE-2025-39739 CVE-2025-39742 CVE-2025-39743 CVE-2025-39744 CVE-2025-39746
CVE-2025-39749 CVE-2025-39750 CVE-2025-39751 CVE-2025-39754 CVE-2025-39757
CVE-2025-39758 CVE-2025-39759 CVE-2025-39760 CVE-2025-39761 CVE-2025-39763
CVE-2025-39764 CVE-2025-39766 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773
CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39790 CVE-2025-39797
CVE-2025-39798 CVE-2025-39800 CVE-2025-39801 CVE-2025-39806 CVE-2025-39808
CVE-2025-39810 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826
CVE-2025-39827 CVE-2025-39832 CVE-2025-39833 CVE-2025-39835 CVE-2025-39838
CVE-2025-39839 CVE-2025-39842 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846
CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39853
CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863
CVE-2025-39864 CVE-2025-39865 CVE-2025-39869 CVE-2025-39870 CVE-2025-39871
CVE-2025-39873 CVE-2025-39882 CVE-2025-39885 CVE-2025-39889 CVE-2025-39891
CVE-2025-39907 CVE-2025-39920 CVE-2025-39923 CVE-2025-39925 CVE-2025-40300
CVE-2025-59375 CVE-2025-9187
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3600-1
Released: Wed Oct 15 14:54:51 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1194869,1213061,1213666,1214073,1214928,1214953,1215150,1215696,1216436,1216976,1218644,1220186,1220419,1229165,1230062,1236897,1237449,1237776,1240324,1241166,1241292,1241866,1243100,1243112,1245193,1245260,1245700,1246057,1246125,1246190,1246248,1246298,1246509,1246782,1247099,1247118,1247126,1247136,1247137,1247223,1247239,1247262,1247442,1247483,1247500,1247963,1248111,1248121,1248192,1248199,1248200,1248202,1248225,1248296,1248334,1248343,1248357,1248360,1248365,1248378,1248380,1248392,1248512,1248610,1248619,1248622,1248626,1248628,1248634,1248639,1248647,1248674,1248681,1248733,1248734,1248735,1248775,1248847,1249122,1249123,1249124,1249125,1249126,1249143,1249156,1249159,1249163,1249164,1249166,1249169,1249170,1249172,1249176,1249177,1249186,1249190,1249194,1249195,1249196,1249199,1249200,1249202,1249203,1249204,1249206,1249215,1249220,1249221,1249254,1249255,1249257,1249258,1249260,1249262,1249263,1249265,1249266,1249271,1249272,1249273,1249278,1249279,1
249281,1249282,1249284,1249285,1249288,1249290,1249292,1249295,1249296,1249299,1249300,1249303,1249304,1249305,1249308,1249312,1249315,1249318,1249321,1249323,1249324,1249334,1249338,1249374,1249413,1249479,1249482,1249486,1249488,1249489,1249490,1249494,1249504,1249506,1249508,1249510,1249513,1249515,1249516,1249522,1249523,1249524,1249526,1249533,1249538,1249540,1249542,1249545,1249548,1249554,1249598,1249604,1249608,1249615,1249640,1249641,1249642,1249658,1249662,1249672,1249673,1249677,1249678,1249679,1249682,1249687,1249698,1249707,1249712,1249730,1249756,1249758,1249761,1249762,1249768,1249770,1249774,1249779,1249780,1249785,1249787,1249795,1249815,1249820,1249823,1249824,1249825,1249826,1249833,1249842,1249845,1249849,1249850,1249853,1249856,1249861,1249863,1249864,1249865,1249866,1249869,1249870,1249880,1249883,1249888,1249894,1249896,1249897,1249901,1249911,1249917,1249919,1249923,1249926,1249938,1249949,1249950,1249952,1249975,1249979,1249984,1249988,1249990,1249993,124999
4,1249997,1250002,1250004,1250007,1250012,1250022,1250024,1250025,1250028,1250029,1250035,1250049,1250055,1250057,1250058,1250062,1250063,1250065,1250066,1250067,1250069,1250070,1250073,1250074,1250088,1250089,1250106,1250112,1250117,1250120,1250125,1250127,1250128,1250145,1250150,1250156,1250157,1250161,1250163,1250166,1250167,1250171,1250177,1250179,1250180,1250186,1250196,1250198,1250199,1250201,1250203,1250204,1250206,1250208,1250241,1250242,1250243,1250247,1250249,1250251,1250262,1250263,1250266,1250267,1250268,1250275,1250276,1250281,1250290,1250291,1250292,1250294,1250297,1250298,1250313,1250319,1250323,1250325,1250329,1250336,1250337,1250344,1250358,1250365,1250371,1250377,1250384,1250389,1250395,1250397,1250402,1250406,1250407,1250426,1250450,1250459,1250519,1250522,1250530,1250655,1250712,1250713,1250732,1250736,1250741,1250759,1250763,1250765,1250807,1250808,1250809,1250812,1250813,1250815,1250816,1250820,1250823,1250825,1250827,1250830,1250831,1250837,1250841,1250861,125
0863,1250867,1250872,1250873,1250878,1250905,1250907,1250917,1250918,1250923,1250926,1250928,1250929,1250930,1250931,1250941,1250942,1250949,1250952,1250957,1250964,CVE-2023-31248,CVE-2023-3772,CVE-2023-39197,CVE-2023-42753,CVE-2023-53147,CVE-2023-53148,CVE-2023-53150,CVE-2023-53151,CVE-2023-53152,CVE-2023-53165,CVE-2023-53167,CVE-2023-53170,CVE-2023-53174,CVE-2023-53175,CVE-2023-53177,CVE-2023-53179,CVE-2023-53180,CVE-2023-53181,CVE-2023-53183,CVE-2023-53184,CVE-2023-53185,CVE-2023-53187,CVE-2023-53189,CVE-2023-53192,CVE-2023-53195,CVE-2023-53196,CVE-2023-53201,CVE-2023-53204,CVE-2023-53205,CVE-2023-53206,CVE-2023-53207,CVE-2023-53208,CVE-2023-53209,CVE-2023-53210,CVE-2023-53215,CVE-2023-53217,CVE-2023-53220,CVE-2023-53221,CVE-2023-53222,CVE-2023-53226,CVE-2023-53230,CVE-2023-53231,CVE-2023-53235,CVE-2023-53238,CVE-2023-53243,CVE-2023-53245,CVE-2023-53247,CVE-2023-53248,CVE-2023-53249,CVE-2023-53251,CVE-2023-53252,CVE-2023-53255,CVE-2023-53257,CVE-2023-53258,CVE-2023-53260,CVE-2023
-53261,CVE-2023-53263,CVE-2023-53264,CVE-2023-53272,CVE-2023-53274,CVE-2023-53275,CVE-2023-53280,CVE-2023-53286,CVE-2023-53287,CVE-2023-53288,CVE-2023-53291,CVE-2023-53292,CVE-2023-53303,CVE-2023-53304,CVE-2023-53305,CVE-2023-53309,CVE-2023-53311,CVE-2023-53312,CVE-2023-53313,CVE-2023-53314,CVE-2023-53316,CVE-2023-53319,CVE-2023-53321,CVE-2023-53322,CVE-2023-53323,CVE-2023-53324,CVE-2023-53325,CVE-2023-53328,CVE-2023-53331,CVE-2023-53333,CVE-2023-53336,CVE-2023-53338,CVE-2023-53339,CVE-2023-53342,CVE-2023-53343,CVE-2023-53350,CVE-2023-53352,CVE-2023-53354,CVE-2023-53356,CVE-2023-53357,CVE-2023-53360,CVE-2023-53362,CVE-2023-53364,CVE-2023-53365,CVE-2023-53367,CVE-2023-53368,CVE-2023-53369,CVE-2023-53370,CVE-2023-53371,CVE-2023-53374,CVE-2023-53377,CVE-2023-53379,CVE-2023-53380,CVE-2023-53384,CVE-2023-53385,CVE-2023-53386,CVE-2023-53391,CVE-2023-53394,CVE-2023-53395,CVE-2023-53397,CVE-2023-53401,CVE-2023-53420,CVE-2023-53421,CVE-2023-53424,CVE-2023-53425,CVE-2023-53426,CVE-2023-53428,
CVE-2023-53429,CVE-2023-53432,CVE-2023-53436,CVE-2023-53438,CVE-2023-53441,CVE-2023-53442,CVE-2023-53444,CVE-2023-53446,CVE-2023-53447,CVE-2023-53448,CVE-2023-53451,CVE-2023-53454,CVE-2023-53456,CVE-2023-53457,CVE-2023-53461,CVE-2023-53462,CVE-2023-53463,CVE-2023-53465,CVE-2023-53472,CVE-2023-53479,CVE-2023-53480,CVE-2023-53485,CVE-2023-53487,CVE-2023-53488,CVE-2023-53490,CVE-2023-53491,CVE-2023-53492,CVE-2023-53493,CVE-2023-53495,CVE-2023-53496,CVE-2023-53500,CVE-2023-53501,CVE-2023-53504,CVE-2023-53505,CVE-2023-53507,CVE-2023-53508,CVE-2023-53510,CVE-2023-53515,CVE-2023-53516,CVE-2023-53518,CVE-2023-53519,CVE-2023-53520,CVE-2023-53523,CVE-2023-53526,CVE-2023-53527,CVE-2023-53528,CVE-2023-53530,CVE-2023-53531,CVE-2024-26584,CVE-2024-58090,CVE-2024-58240,CVE-2025-22022,CVE-2025-38119,CVE-2025-38234,CVE-2025-38255,CVE-2025-38263,CVE-2025-38351,CVE-2025-38402,CVE-2025-38408,CVE-2025-38418,CVE-2025-38419,CVE-2025-38456,CVE-2025-38465,CVE-2025-38466,CVE-2025-38488,CVE-2025-38514,CVE-202
5-38526,CVE-2025-38527,CVE-2025-38533,CVE-2025-38544,CVE-2025-38556,CVE-2025-38574,CVE-2025-38584,CVE-2025-38590,CVE-2025-38593,CVE-2025-38595,CVE-2025-38597,CVE-2025-38605,CVE-2025-38614,CVE-2025-38616,CVE-2025-38622,CVE-2025-38623,CVE-2025-38639,CVE-2025-38640,CVE-2025-38643,CVE-2025-38645,CVE-2025-38659,CVE-2025-38660,CVE-2025-38664,CVE-2025-38668,CVE-2025-38676,CVE-2025-38678,CVE-2025-38679,CVE-2025-38680,CVE-2025-38681,CVE-2025-38683,CVE-2025-38684,CVE-2025-38685,CVE-2025-38687,CVE-2025-38691,CVE-2025-38692,CVE-2025-38693,CVE-2025-38694,CVE-2025-38695,CVE-2025-38697,CVE-2025-38698,CVE-2025-38701,CVE-2025-38702,CVE-2025-38705,CVE-2025-38706,CVE-2025-38709,CVE-2025-38712,CVE-2025-38713,CVE-2025-38714,CVE-2025-38715,CVE-2025-38721,CVE-2025-38722,CVE-2025-38724,CVE-2025-38725,CVE-2025-38727,CVE-2025-38729,CVE-2025-38730,CVE-2025-38732,CVE-2025-38734,CVE-2025-38735,CVE-2025-38736,CVE-2025-39675,CVE-2025-39677,CVE-2025-39678,CVE-2025-39679,CVE-2025-39681,CVE-2025-39682,CVE-2025-39684
,CVE-2025-39685,CVE-2025-39686,CVE-2025-39691,CVE-2025-39693,CVE-2025-39694,CVE-2025-39701,CVE-2025-39703,CVE-2025-39705,CVE-2025-39706,CVE-2025-39709,CVE-2025-39710,CVE-2025-39713,CVE-2025-39714,CVE-2025-39718,CVE-2025-39719,CVE-2025-39721,CVE-2025-39724,CVE-2025-39726,CVE-2025-39730,CVE-2025-39732,CVE-2025-39738,CVE-2025-39739,CVE-2025-39742,CVE-2025-39743,CVE-2025-39744,CVE-2025-39746,CVE-2025-39749,CVE-2025-39750,CVE-2025-39751,CVE-2025-39754,CVE-2025-39757,CVE-2025-39758,CVE-2025-39759,CVE-2025-39760,CVE-2025-39761,CVE-2025-39763,CVE-2025-39764,CVE-2025-39766,CVE-2025-39770,CVE-2025-39772,CVE-2025-39773,CVE-2025-39782,CVE-2025-39783,CVE-2025-39787,CVE-2025-39790,CVE-2025-39797,CVE-2025-39798,CVE-2025-39800,CVE-2025-39801,CVE-2025-39806,CVE-2025-39808,CVE-2025-39810,CVE-2025-39823,CVE-2025-39824,CVE-2025-39825,CVE-2025-39826,CVE-2025-39827,CVE-2025-39832,CVE-2025-39833,CVE-2025-39835,CVE-2025-39838,CVE-2025-39839,CVE-2025-39842,CVE-2025-39844,CVE-2025-39845,CVE-2025-39846,CVE-20
25-39847,CVE-2025-39848,CVE-2025-39849,CVE-2025-39850,CVE-2025-39853,CVE-2025-39854,CVE-2025-39857,CVE-2025-39860,CVE-2025-39861,CVE-2025-39863,CVE-2025-39864,CVE-2025-39865,CVE-2025-39869,CVE-2025-39870,CVE-2025-39871,CVE-2025-39873,CVE-2025-39882,CVE-2025-39885,CVE-2025-39889,CVE-2025-39891,CVE-2025-39907,CVE-2025-39920,CVE-2025-39923,CVE-2025-39925,CVE-2025-40300
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770).
- CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324).
- CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292).
- CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700).
- CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057).
- CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248).
- CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782).
- CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262).
- CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126).
- CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137).
- CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136).
- CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099).
- CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202).
- CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192).
- CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199).
- CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200).
- CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225).
- CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).
- CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).
- CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343).
- CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360).
- CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357).
- CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380).
- CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378).
- CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334).
- CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512).
- CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619).
- CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).
- CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).
- CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622).
- CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681).
- CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647).
- CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202).
- CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156).
- CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258).
- CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334).
- CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199).
- CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176).
- CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163).
- CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172).
- CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288).
- CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300).
- CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290).
- CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295).
- CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305).
- CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540).
- CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533).
- CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524).
- CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513).
- CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510).
- CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508).
- CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504).
- CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526).
- CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179).
- CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901).
- CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025).
- CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).
- CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251).
- CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294).
- CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).
- CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).
The following non-security bugs were fixed:
- 9p/xen: fix init sequence (git-fixes).
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes).
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes).
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes).
- ACPI: debug: fix signedness issues in read/write helpers (git-fixes).
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).
- ACPICA: Fix largest possible resource descriptor index (git-fixes).
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes).
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes).
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes).
- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes).
- ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes).
- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes).
- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes).
- ALSA: lx_core: use int type to store negative error codes (git-fixes).
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes).
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes).
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Convert comma to semicolon (git-fixes).
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes).
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes).
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes).
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes).
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes).
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes).
- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).
- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes).
- ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes).
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes).
- ASoC: wm8940: Correct PLL rate rounding (git-fixes).
- ASoC: wm8940: Correct typo in control name (git-fixes).
- ASoC: wm8974: Correct PLL rate rounding (git-fixes).
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes).
- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).
- Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes).
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).
- Bluetooth: MGMT: Fix possible UAFs (git-fixes).
- Bluetooth: compute LE flow credits based on recvbuf space (git-fixes).
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes).
- Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes).
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes).
- Bluetooth: qca: fix invalid device address check (git-fixes).
- Bluetooth: qca: fix wcn3991 device address check (git-fixes).
- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes).
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- Correct typos of References tags in some patches
- Do not self obsolete older kernel variants
- Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes).
- Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes).
- EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes).
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes).
- HID: input: rename hidinput_set_battery_charge_status() (stable-fixes).
- HID: input: report battery status changes immediately (git-fixes).
- HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes).
- HID: mcp2221: Do not set bus speed on every transfer (stable-fixes).
- HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes).
- HID: quirks: add support for Legion Go dual dinput modes (stable-fixes).
- HID: wacom: Add a new Art Pen 2 (stable-fixes).
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)
- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: iqs7222 - avoid enabling unused interrupts (stable-fixes).
- KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes).
- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes).
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes).
- KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes).
- KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes).
- KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes).
- KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes).
- KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes).
- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).
- KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336).
- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes).
- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes).
- KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes).
- KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes).
- KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes).
- KVM: x86: avoid underflow when scaling TSC frequency (git-fixes).
- NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes).
- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes).
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes).
- NFSv4: Do not clear capabilities that won't be reset (git-fixes).
- PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes).
- PCI/ERR: Fix uevent on failure to recover (git-fixes).
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes).
- PCI/sysfs: Ensure devices are powered for config reads (git-fixes).
- PCI: Extend isolated function probing to LoongArch (git-fixes).
- PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes).
- PCI: rcar-host: Drop PMSR spinlock (git-fixes).
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: tegra194: Handle errors in BPMP response (git-fixes).
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes).
- PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes).
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes).
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)
- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)
- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)
- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)
- RDMA/rxe: Fix race in do_task() when draining (git-fixes)
- RDMA/siw: Always report immediate post SQ errors (git-fixes)
- Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes).
- Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes).
- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).
- Squashfs: add additional inode sanity checking (git-fixes).
- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).
- Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes).
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes).
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes).
- afs: Fix potential null pointer dereference in afs_put_server (git-fixes).
- arch: arm64: Drop arm64 patches that may lead to module load failure (bsc#1250057).
- arm64: Handle KCOV __init vs inline mismatches (git-fixes)
- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)
- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)
- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)
- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes).
- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)
- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).
- batman-adv: fix OOB read/write in network-coding decode (git-fixes).
- bpf, bpftool: Fix incorrect disasm pc (git-fixes).
- bpf: Adjust free target to avoid global starvation of LRU map (git-fixes).
- bpf: Fix iter/task tid filtering (git-fixes).
- bpf: Fix link info netfilter flags to populate defrag flag (git-fixes).
- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).
- bpf: Properly test iter/task tid filtering (git-fixes).
- bpf: bpftool: Setting error code in do_loader() (git-fixes).
- bpf: handle implicit declaration of function gettid in bpf_iter.c
- bpf: skip non exist keys in generic_map_lookup_batch (git-fixes).
- bpftool: Fix JSON writer resource leak in version command (git-fixes).
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes).
- bpftool: Fix readlink usage in get_fd_type (git-fixes).
- bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes).
- bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes).
- btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes).
- btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes).
- btrfs: add cancellation points to trim loops (git-fixes).
- btrfs: always abort transaction on failure to add block group to free space tree (git-fixes).
- btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes).
- btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes).
- btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes).
- btrfs: fix invalid extref key setup when replaying dentry (git-fixes).
- btrfs: fix race between logging inode and checking if it was logged before (git-fixes).
- btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes).
- btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes).
- btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes).
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes).
- btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes).
- btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes).
- btrfs: scrub: fix grouping of read IO (git-fixes).
- btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes).
- btrfs: split remaining space to discard in chunks (git-fixes).
- btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes).
- btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes).
- build_bug.h: Add KABI assert (bsc#1249186).
- bus: fsl-mc: Check return value of platform_get_resource() (git-fixes).
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes).
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes).
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes).
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes).
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes).
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes).
- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes).
- ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes).
- ceph: validate snapdirname option length when mounting (git-fixes).
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166).
- cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963).
- cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963).
- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).
- cgroup: make css_rstat_updated nmi safe (bsc#1247963).
- cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963).
- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).
- cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963).
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes).
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes).
- cpufreq: Exit governor when failed to start old governor (stable-fixes).
- cpufreq: Init policy->rwsem before it may be possibly used (git-fixes).
- cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes).
- cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes).
- cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes).
- cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes).
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes).
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes).
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes).
- cpufreq: scpi: compare kHz instead of Hz (git-fixes).
- cpufreq: tegra186: Share policy per cluster (stable-fixes).
- cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes).
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes).
- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).
- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).
- crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes).
- crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes).
- crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes).
- crypto: qat - add shutdown handler to qat_c3xxx (git-fixes).
- crypto: qat - add shutdown handler to qat_c62x (git-fixes).
- crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes).
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes).
- dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes).
- dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes).
- dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes).
- dmaengine: idxd: Fix refcount underflow on module unload (git-fixes).
- dmaengine: idxd: Remove improper idxd_free (git-fixes).
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes).
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes).
- docs: admin-guide: update to current minimum pipe size default (git-fixes).
- drivers/base/node: fix double free in register_one_node() (git-fixes).
- drivers/base/node: handle error properly in register_one_node() (git-fixes).
- drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866).
- drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866).
- drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866).
- drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866).
- drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866).
- drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes).
- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).
- drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes).
- drm/amd/display: Remove redundant semicolons (git-fixes).
- drm/amd/display: use udelay rather than fsleep (git-fixes).
- drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes).
- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes).
- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes).
- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).
- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).
- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes).
- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes).
- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes).
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).
- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).
- drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes).
- drm/amdgpu: remove the redeclaration of variable i (git-fixes).
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes).
- drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530).
- drm/bridge: it6505: select REGMAP_I2C (git-fixes).
- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).
- drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121).
- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121).
- drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121).
- drm/edid: Define the quirks in an enum list (bsc#1248121).
- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes).
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes).
- drm/mediatek: fix potential OF node use-after-free (git-fixes).
- drm/msm/dpu: fix incorrect type for ret (git-fixes).
- drm/panel: novatek-nt35560: Fix invalid return value (git-fixes).
- drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes).
- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes).
- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes).
- ext4: remove writable userspace mappings before truncating page cache (bsc#1247223).
- fbcon: Fix OOB access in font allocation (git-fixes).
- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).
- firewire: core: fix overlooked update of subsystem ABI version (git-fixes).
- firmware: meson_sm: fix device leak at probe (git-fixes).
- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes).
- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).
- fs: Limit patch filenames to 100 characters (bsc#1249604).
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes).
- hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes).
- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes).
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes).
- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).
- hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122).
- i2c: designware: Add disabling clocks when probe fails (git-fixes).
- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes).
- i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes).
- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)
- i3c: Fix default I2C adapter timeout value (git-fixes).
- i3c: master: svc: Recycle unused IBI slot (git-fixes).
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes).
- iio: dac: ad5360: use int type to store negative error codes (git-fixes).
- iio: dac: ad5421: use int type to store negative error codes (git-fixes).
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes).
- iio: frequency: adf4350: Fix prescaler usage (git-fixes).
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes).
- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).
- iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes).
- iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes).
- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).
- kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes).
- kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes).
- kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121).
- kABI workaround for RCU tasks exit tracking (bsc#1246298).
- kABI: adjust new field on ip_ct_sctp struct (git-fixes).
- kABI: arm64: ftrace: Restore init_module behavior (git-fixes).
- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).
- kABI: make nft_trans_gc_catchall() public again (git-fixes).
- kABI: netfilter flowtable move gc operation to bottom (git-fixes).
- kabi: Restore layout of parallel_data (bsc1248343).
- kabi: add struct cgroup_extra (bsc#1247963).
- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).
- kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).
- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes).
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes).
- media: cx18: Add missing check after DMA map (git-fixes).
- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).
- media: lirc: Fix error handling in lirc_register() (git-fixes).
- media: pci: ivtv: Add missing check after DMA map (git-fixes).
- media: rc: fix races with imon_disconnect() (git-fixes).
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).
- media: st-delta: avoid excessive stack usage (git-fixes).
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes).
- media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes).
- media: zoran: Remove zoran_fh structure (git-fixes).
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes).
- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes).
- misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes).
- mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes).
- mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes).
- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).
- mm: move page table sync declarations to linux/pgtable.h (git-fixes).
- mmc: core: Use GFP_NOIO in ACMD22 (git-fixes).
- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).
- mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes).
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes).
- mtd: rawnand: omap2: fix device leak on probe failure (git-fixes).
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes).
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).
- net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes).
- net: nfc: nci: Add parameter validation for packet data (git-fixes).
- net: phy: fix phy_uses_state_machine() (git-fixes).
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes).
- net: rose: convert 'use' field to refcount_t (git-fixes).
- net: rose: fix a typo in rose_clear_routes() (git-fixes).
- net: rose: include node references in rose_neigh refcount (git-fixes).
- net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes).
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes).
- net: usb: cdc-ncm: check for filtering capability (git-fixes).
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes).
- netfilter: conntrack: fix extension size table (git-fixes).
- netfilter: flowtable: GC pushes back packets to classic path (git-fixes).
- netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes).
- netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes).
- netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes).
- netfilter: nf_tables: A better name for nft_obj_filter (git-fixes).
- netfilter: nf_tables: Audit log rule reset (git-fixes).
- netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes).
- netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes).
- netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes).
- netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes).
- netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes).
- netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes).
- netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes).
- netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes).
- netfilter: nf_tables: Unbreak audit log reset (git-fixes).
- netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes).
- netfilter: nf_tables: audit log object reset once per table (git-fixes).
- netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes).
- netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes).
- netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes).
- netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes).
- netfilter: nf_tables: remove catchall element in GC sync path (git-fixes).
- netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes).
- netfilter: nf_tables: split async and sync catchall in two functions (git-fixes).
- netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes).
- netfilter: nft_payload: fix wrong mac header matching (git-fixes).
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes).
- netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes).
- netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes).
- netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes).
- netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes).
- netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes).
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes).
- nouveau: fix disabling the nonstall irq due to storm code (git-fixes).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-pci: try function level reset on init failure (git-fixes).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes).
- pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes).
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes).
- pcmcia: omap: Add missing check for platform_get_resource (git-fixes).
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes).
- phy: tegra: xusb: fix device and OF node leak at probe (git-fixes).
- phy: ti-pipe3: fix device leak at unbind (git-fixes).
- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).
- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).
- pinctrl: renesas: Use int type to store negative error codes (git-fixes).
- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).
- platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes).
- platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes).
- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes).
- platform/x86: think-lmi: Fix class device unregistration (git-fixes).
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes).
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes).
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes).
- power: supply: cw2015: Fix a alignment coding style issue (git-fixes).
- power: supply: max77976_charger: fix constant current reporting (git-fixes).
- pptp: fix pptp_xmit() error path (git-fixes).
- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes).
- pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes).
- rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298)
- rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298)
- rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298)
- rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298)
- rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298)
- rcu-tasks: Maintain real-time response in (bsc#1246298)
- rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes)
- rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes)
- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)
- regmap: Remove superfluous check for !config in __regmap_init() (git-fixes).
- regulator: scmi: Use int type to store negative error codes (git-fixes).
- regulator: sy7636a: fix lifecycle of power good gpio (git-fixes).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481).
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881).
- s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881).
- s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735).
- s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482).
- s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880).
- s390/sclp: Fix SCCB present check (git-fixes bsc#1249123).
- s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124).
- s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125).
- s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488).
- sched/deadline: Collect sched_dl_entity initialization (git-fixes)
- sched/fair: Remove unused parameter from sched_asym() (git-fixes)
- sched/fair: Take the scheduling domain into account in (git-fixes)
- sched/isolation: Fix boot crash when maxcpus < first (git-fixes)
- sched/numa, mm: do not try to migrate memory to memoryless (git-fixes)
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes).
- scsi: qla2xxx: Remove firmware URL (git-fixes).
- scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes).
- scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes).
- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes).
- selftests/bpf: Add asserts for netfilter link info (git-fixes).
- selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes).
- selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes).
- selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes).
- selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344).
- selftests: bpf: test batch lookup on array of maps with holes (git-fixes).
- serial: max310x: Add error checking in probe() (git-fixes).
- serial: sc16is7xx: fix bug in flow control levels init (git-fixes).
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes).
- spi: bcm2835: Remove redundant semicolons (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes).
- spi: mtk-snfi: Remove redundant semicolons (git-fixes).
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes).
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes).
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes).
- struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes).
- struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes).
- struct l2cap_chan: shift new member rx_avail to end (git-fixes).
- supported.conf: mark hyperv_drm as external
- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).
- thunderbolt: Compare HMAC values in constant time (git-fixes).
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062).
- tty: n_gsm: Do not block input queue by waiting MSC (git-fixes).
- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).
- usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes).
- usb: core: Add 0x prefix to quirks debug output (stable-fixes).
- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).
- usb: dwc3: qcom: Do not leave BCR asserted (git-fixes).
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes).
- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes).
- usb: typec: fusb302: cache PD RX state (git-fixes).
- usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes).
- usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes).
- usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes).
- usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes).
- usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes).
- use uniform permission checks for all mount propagation changes (git-fixes).
- vhost-scsi: Fix log flooding with target does not exist errors (git-fixes).
- vhost-scsi: Return queue full for page alloc failures during copy (git-fixes).
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes).
- vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes).
- vhost: fail early when __vhost_add_used() fails (git-fixes).
- vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes).
- vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes).
- vsock: Allow retrying on connect() failure (git-fixes).
- vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes).
- vsock: avoid timeout during connect() if the socket is closing (git-fixes).
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes).
- wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes).
- wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes).
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes).
- wifi: ath11k: fix group data packet drops during rekey (git-fixes).
- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes).
- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).
- wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes).
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes).
- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).
- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).
- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).
- wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes).
- wifi: mac80211: fix incorrect type for ret (stable-fixes).
- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes).
- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes).
- wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes).
- wifi: mwifiex: send world regulatory domain to driver (git-fixes).
- wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes).
- wifi: virt_wifi: Fix page fault on connect (stable-fixes).
- wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes).
- wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes).
- writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776).
- writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776).
- writeback: Avoid excessively long inode switching times (bsc#1237776).
- writeback: Avoid softlockup when switching many inodes (bsc#1237776).
- wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112).
- x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes).
- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).
- x86/amd_nb: Restrict init function to AMD-based systems (git-fixes).
- x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes).
- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).
- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes).
- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).
- xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes).
- xen/netfront: Fix TX response spurious interrupts (git-fixes).
- xen: Add support for XenServer 6.1 platform device (git-fixes).
- xenbus: Allow PVH dom0 a non-local xenstore (git-fixes).
- xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449).
- xfs: rework datasync tracking and execution (bsc#1237449).
- xhci: Fix control transfer error on Etron xHCI host (git-fixes).
- xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes).
- xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes).
- xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3624-1
Released: Thu Oct 16 21:59:19 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released: Tue Oct 21 12:07:47 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3804-1
Released: Mon Oct 27 12:35:04 2025
Summary: Security update for mozilla-nss
Type: security
Severity: important
References: 1251263,CVE-2025-9187
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
The following package changes have been done:
- krb5-1.20.1-150600.11.14.1 updated
- kernel-macros-6.4.0-150600.23.73.1 updated
- libexpat1-2.7.1-150400.3.31.1 updated
- libfreebl3-3.112.2-150400.3.60.1 updated
- kernel-devel-6.4.0-150600.23.73.1 updated
- mozilla-nss-certs-3.112.2-150400.3.60.1 updated
- mozilla-nss-3.112.2-150400.3.60.1 updated
- libsoftokn3-3.112.2-150400.3.60.1 updated
- mozilla-nss-tools-3.112.2-150400.3.60.1 updated
- kernel-default-devel-6.4.0-150600.23.73.1 updated
- kernel-syms-6.4.0-150600.23.73.1 updated
- container:registry.suse.com-bci-bci-base-15.6-4a0457aee30dfe45c61fd8659c66aaf72ab3ff16a243da33921454932d702808-0 updated
More information about the sle-container-updates
mailing list