SUSE-IU-2025:2413-1: Security update of suse/sl-micro/6.1/base-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Sep 3 15:52:34 UTC 2025
SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2413-1
Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.27 , suse/sl-micro/6.1/base-os-container:latest
Image Release : 5.27
Severity : important
Type : security
References : 1204142 1218459 1219338 1220262 1221107 1225707 1230216 1230262
1232526 1233300 1235613 1235837 1236333 1236897 1237442 1238491
1238896 1239061 1239566 1239938 1240323 1240414 1240788 1240885
1240966 1241114 1241166 1241345 1241549 1241680 1242086 1242414
1242827 1242837 1242960 1242965 1242993 1243068 1243100 1243479
1243669 1243767 1243806 1243935 1243991 1244050 1244309 1244337
1244457 1244554 1244555 1244557 1244580 1244700 1244735 1244749
1244750 1244792 1244801 1245151 1245201 1245202 1245216 1245260
1245309 1245310 1245311 1245312 1245314 1245317 1245431 1245440
1245457 1245498 1245499 1245504 1245506 1245508 1245510 1245540
1245598 1245599 1245646 1245647 1245649 1245650 1245654 1245658
1245660 1245665 1245666 1245668 1245669 1245670 1245671 1245675
1245676 1245677 1245679 1245682 1245683 1245684 1245688 1245689
1245690 1245691 1245695 1245705 1245708 1245711 1245713 1245714
1245719 1245723 1245729 1245730 1245731 1245735 1245737 1245744
1245745 1245746 1245747 1245748 1245749 1245750 1245751 1245752
1245757 1245758 1245765 1245768 1245769 1245777 1245781 1245789
1245937 1245945 1245951 1245952 1245954 1245957 1245966 1245970
1245976 1245980 1245983 1245985 1245986 1246000 1246002 1246006
1246008 1246020 1246023 1246029 1246031 1246037 1246038 1246041
1246042 1246044 1246045 1246047 1246049 1246050 1246055 1246073
1246093 1246098 1246109 1246122 1246125 1246171 1246173 1246178
1246182 1246183 1246186 1246195 1246203 1246212 1246220 1246236
1246240 1246243 1246246 1246249 1246250 1246253 1246258 1246262
1246264 1246266 1246268 1246273 1246283 1246287 1246292 1246293
1246295 1246296 1246334 1246337 1246342 1246349 1246354 1246358
1246361 1246364 1246370 1246375 1246384 1246386 1246387 1246438
1246453 1246466 1246473 1246490 1246506 1246547 1246777 1246781
1246870 1246879 1246911 1246912 1247018 1247023 1247028 1247031
1247033 1247035 1247054 1247061 1247074 1247089 1247091 1247097
1247098 1247101 1247103 1247104 1247113 1247118 1247123 1247125
1247128 1247132 1247138 1247141 1247143 1247145 1247146 1247147
1247149 1247150 1247151 1247153 1247154 1247156 1247160 1247164
1247169 1247170 1247171 1247172 1247174 1247176 1247177 1247178
1247181 1247209 1247210 1247227 1247233 1247236 1247238 1247241
1247251 1247252 1247253 1247255 1247271 1247273 1247274 1247276
1247277 1247278 1247279 1247284 1247285 1247288 1247289 1247293
1247311 1247314 1247317 1247347 1247348 1247349 1247374 1247437
1247450 1247690 1247819 CVE-2019-11135 CVE-2023-50782 CVE-2024-2236
CVE-2024-36028 CVE-2024-36348 CVE-2024-36349 CVE-2024-36350 CVE-2024-36357
CVE-2024-44963 CVE-2024-56742 CVE-2024-57947 CVE-2025-21839 CVE-2025-21872
CVE-2025-23163 CVE-2025-31115 CVE-2025-37798 CVE-2025-37856 CVE-2025-37864
CVE-2025-37885 CVE-2025-37920 CVE-2025-37984 CVE-2025-38034 CVE-2025-38035
CVE-2025-38051 CVE-2025-38052 CVE-2025-38058 CVE-2025-38061 CVE-2025-38062
CVE-2025-38063 CVE-2025-38064 CVE-2025-38074 CVE-2025-38084 CVE-2025-38085
CVE-2025-38087 CVE-2025-38088 CVE-2025-38089 CVE-2025-38090 CVE-2025-38094
CVE-2025-38095 CVE-2025-38097 CVE-2025-38098 CVE-2025-38099 CVE-2025-38100
CVE-2025-38102 CVE-2025-38105 CVE-2025-38107 CVE-2025-38108 CVE-2025-38109
CVE-2025-38110 CVE-2025-38111 CVE-2025-38112 CVE-2025-38113 CVE-2025-38115
CVE-2025-38117 CVE-2025-38118 CVE-2025-38120 CVE-2025-38122 CVE-2025-38123
CVE-2025-38124 CVE-2025-38126 CVE-2025-38127 CVE-2025-38129 CVE-2025-38131
CVE-2025-38132 CVE-2025-38135 CVE-2025-38136 CVE-2025-38138 CVE-2025-38142
CVE-2025-38143 CVE-2025-38145 CVE-2025-38147 CVE-2025-38148 CVE-2025-38149
CVE-2025-38151 CVE-2025-38153 CVE-2025-38154 CVE-2025-38155 CVE-2025-38157
CVE-2025-38158 CVE-2025-38159 CVE-2025-38161 CVE-2025-38162 CVE-2025-38165
CVE-2025-38166 CVE-2025-38173 CVE-2025-38174 CVE-2025-38177 CVE-2025-38180
CVE-2025-38181 CVE-2025-38182 CVE-2025-38183 CVE-2025-38187 CVE-2025-38188
CVE-2025-38192 CVE-2025-38193 CVE-2025-38194 CVE-2025-38197 CVE-2025-38198
CVE-2025-38200 CVE-2025-38202 CVE-2025-38203 CVE-2025-38204 CVE-2025-38206
CVE-2025-38210 CVE-2025-38211 CVE-2025-38212 CVE-2025-38213 CVE-2025-38214
CVE-2025-38215 CVE-2025-38217 CVE-2025-38220 CVE-2025-38222 CVE-2025-38225
CVE-2025-38226 CVE-2025-38227 CVE-2025-38229 CVE-2025-38231 CVE-2025-38236
CVE-2025-38239 CVE-2025-38244 CVE-2025-38246 CVE-2025-38248 CVE-2025-38249
CVE-2025-38250 CVE-2025-38257 CVE-2025-38259 CVE-2025-38264 CVE-2025-38272
CVE-2025-38273 CVE-2025-38275 CVE-2025-38277 CVE-2025-38279 CVE-2025-38283
CVE-2025-38286 CVE-2025-38289 CVE-2025-38290 CVE-2025-38292 CVE-2025-38293
CVE-2025-38300 CVE-2025-38303 CVE-2025-38304 CVE-2025-38305 CVE-2025-38307
CVE-2025-38310 CVE-2025-38312 CVE-2025-38313 CVE-2025-38319 CVE-2025-38323
CVE-2025-38326 CVE-2025-38328 CVE-2025-38332 CVE-2025-38334 CVE-2025-38335
CVE-2025-38336 CVE-2025-38337 CVE-2025-38338 CVE-2025-38342 CVE-2025-38343
CVE-2025-38344 CVE-2025-38345 CVE-2025-38348 CVE-2025-38349 CVE-2025-38350
CVE-2025-38352 CVE-2025-38354 CVE-2025-38362 CVE-2025-38363 CVE-2025-38364
CVE-2025-38365 CVE-2025-38369 CVE-2025-38371 CVE-2025-38373 CVE-2025-38375
CVE-2025-38376 CVE-2025-38377 CVE-2025-38380 CVE-2025-38382 CVE-2025-38384
CVE-2025-38385 CVE-2025-38386 CVE-2025-38387 CVE-2025-38389 CVE-2025-38391
CVE-2025-38392 CVE-2025-38393 CVE-2025-38395 CVE-2025-38396 CVE-2025-38399
CVE-2025-38400 CVE-2025-38401 CVE-2025-38403 CVE-2025-38404 CVE-2025-38406
CVE-2025-38409 CVE-2025-38410 CVE-2025-38412 CVE-2025-38414 CVE-2025-38415
CVE-2025-38416 CVE-2025-38420 CVE-2025-38424 CVE-2025-38425 CVE-2025-38426
CVE-2025-38428 CVE-2025-38429 CVE-2025-38430 CVE-2025-38436 CVE-2025-38443
CVE-2025-38448 CVE-2025-38449 CVE-2025-38455 CVE-2025-38457 CVE-2025-38460
CVE-2025-38461 CVE-2025-38462 CVE-2025-38463 CVE-2025-38465 CVE-2025-38467
CVE-2025-38468 CVE-2025-38470 CVE-2025-38471 CVE-2025-38473 CVE-2025-38474
CVE-2025-38476 CVE-2025-38477 CVE-2025-38478 CVE-2025-38480 CVE-2025-38481
CVE-2025-38482 CVE-2025-38483 CVE-2025-38485 CVE-2025-38487 CVE-2025-38489
CVE-2025-38494 CVE-2025-38495 CVE-2025-38496 CVE-2025-38497 CVE-2025-38498
CVE-2025-4598 CVE-2025-4877 CVE-2025-4878 CVE-2025-49794 CVE-2025-49795
CVE-2025-49796 CVE-2025-5278 CVE-2025-5318 CVE-2025-5351 CVE-2025-5372
CVE-2025-5987 CVE-2025-6021 CVE-2025-6170 CVE-2025-7425
-----------------------------------------------------------------
The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 197
Released: Thu Jul 31 13:53:17 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Update to gcc-14 branch head, 3418d740b344e0ba38022f3be, git11702
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- cross-compiler builds with --enable-host-pie.
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Update to gcc-14 branch head, 9ffecde121af883b60bbe60d0, git11321
* fixes reported ICE in [bsc#1237442]
- Adjust cross compiler requirements to use %requires_ge
- Fix condition on whether to enable plugins or JIT support to
not check sle_version which is not defined in SLFO but to check
is_opensuse and suse_version instead.
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
- Update to gcc-14 branch head, 4af44f2cf7d281f3e4f3957ef, git10750
* includes libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
-----------------------------------------------------------------
Advisory ID: 196
Released: Thu Jul 31 14:00:30 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: Fixed timing based side-channel in RSA implementation (bsc#1221107)
-----------------------------------------------------------------
Advisory ID: 206
Released: Fri Aug 8 12:26:24 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: 208
Released: Fri Aug 8 13:09:13 2025
Summary: Recommended update for zypper, libzypp
Type: recommended
Severity: important
References: 1218459,1245985,1246038,1246466,1247054,1247690
This update for zypper, libzypp fixes the following issues:
libzypp was updated to 17.37.16:
- Fix evaluation of libproxy results (bsc#1247690)
- Replace URL variables inside mirrorlist/metalink files
(fixes #667)
- Append RepoInfo::path() to the mirror URLs in Preloader
(bsc#1247054)
- During installation indicate the backend being used (bsc#1246038)
If some package actually needs to know, it should test for
ZYPP_CLASSIC_RPMTRANS being set in the environment.
Otherwise the transaction is driven by librpm.
- Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459)
- Verbose log libproxy results if PX_DEBUG=1 is set.
- BuildRequires: cmake >= 3.17.
- Allow explicit request to probe an added repo's URL
(bsc#1246466)
- Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 (fixes #661)
zypper was updated to 1.14.93:
- Fix addrepo to handle explicit --check and --no-check requests
(bsc#1246466)
- Accept 'show' as alias for 'info' (bsc#1245985)
-----------------------------------------------------------------
Advisory ID: 215
Released: Thu Aug 14 12:12:18 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
-----------------------------------------------------------------
Advisory ID: 213
Released: Thu Aug 14 12:19:26 2025
Summary: Security update for libssh
Type: security
Severity: important
References: 1245309,1245310,1245311,1245312,1245314,1245317,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987
This update for libssh fixes the following issues:
- CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
- CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317)
- CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
- CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
- CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
- CVE-2025-5351: Double free in functions exporting keys (bsc#1245312)
-----------------------------------------------------------------
Advisory ID: 218
Released: Sat Aug 16 13:46:56 2025
Summary: Security update for systemd
Type: security
Severity: moderate
References: 1242827,1243935,1247074,CVE-2025-4598
This update for systemd fixes the following issues:
- Remove the script used to help migrating the language and locale settings
located in /etc/sysconfig/language on old systems to the systemd default
locations (bsc#1247074)
The script was introduced more than 7 years ago and all systems running TW
should have been migrated since then. Moreover the installer supports the
systemd default locations since approximately SLE15.
- triggers.systemd: skip update of hwdb, journal-catalog if executed during an
offline update.
- logs-show: get timestamp and boot ID only when necessary (bsc#1242827)
- sd-journal: drop to use Hashmap to manage journal files per boot ID
- tree-wide: set SD_JOURNAL_ASSUME_IMMUTABLE where appropriate
- sd-journal: introduce SD_JOURNAL_ASSUME_IMMUTABLE flag
- sd-journal: make journal_file_read_tail_timestamp() notify to the caller that some new journal entries added
- sd-journal: cache last entry offset and journal file state
- sd-journal: fix typo in function name
- coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598)
-----------------------------------------------------------------
Advisory ID: 227
Released: Fri Aug 22 14:33:27 2025
Summary: Recommended update for elemental-toolkit
Type: recommended
Severity: moderate
References:
This update for elemental-toolkit fixes the following issues:
- Update to v2.2.4:
* Avoid panic when MaxSnaps is set to 0
-----------------------------------------------------------------
Advisory ID: kernel-82
Released: Mon Aug 25 15:33:57 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1204142,1219338,1225707,1230216,1233300,1235613,1235837,1236333,1236897,1238896,1239061,1240323,1240885,1240966,1241166,1241345,1242086,1242414,1242837,1242960,1242965,1242993,1243068,1243100,1243479,1243669,1243806,1244309,1244337,1244457,1244735,1244749,1244750,1244792,1244801,1245151,1245201,1245202,1245216,1245260,1245431,1245440,1245457,1245498,1245499,1245504,1245506,1245508,1245510,1245540,1245598,1245599,1245646,1245647,1245649,1245650,1245654,1245658,1245660,1245665,1245666,1245668,1245669,1245670,1245671,1245675,1245676,1245677,1245679,1245682,1245683,1245684,1245688,1245689,1245690,1245691,1245695,1245705,1245708,1245711,1245713,1245714,1245719,1245723,1245729,1245730,1245731,1245735,1245737,1245744,1245745,1245746,1245747,1245748,1245749,1245750,1245751,1245752,1245757,1245758,1245765,1245768,1245769,1245777,1245781,1245789,1245937,1245945,1245951,1245952,1245954,1245957,1245966,1245970,1245976,1245980,1245983,1245986,1246000,1246002,1246006,1246008,1246020,1
246023,1246029,1246031,1246037,1246041,1246042,1246044,1246045,1246047,1246049,1246050,1246055,1246073,1246093,1246098,1246109,1246122,1246125,1246171,1246173,1246178,1246182,1246183,1246186,1246195,1246203,1246212,1246220,1246236,1246240,1246243,1246246,1246249,1246250,1246253,1246258,1246262,1246264,1246266,1246268,1246273,1246283,1246287,1246292,1246293,1246295,1246334,1246337,1246342,1246349,1246354,1246358,1246361,1246364,1246370,1246375,1246384,1246386,1246387,1246438,1246453,1246473,1246490,1246506,1246547,1246777,1246781,1246870,1246879,1246911,1247018,1247023,1247028,1247031,1247033,1247035,1247061,1247089,1247091,1247097,1247098,1247101,1247103,1247104,1247113,1247118,1247123,1247125,1247128,1247132,1247138,1247141,1247143,1247145,1247146,1247147,1247149,1247150,1247151,1247153,1247154,1247156,1247160,1247164,1247169,1247170,1247171,1247172,1247174,1247176,1247177,1247178,1247181,1247209,1247210,1247227,1247233,1247236,1247238,1247241,1247251,1247252,1247253,1247255,124727
1,1247273,1247274,1247276,1247277,1247278,1247279,1247284,1247285,1247288,1247289,1247293,1247311,1247314,1247317,1247347,1247348,1247349,1247374,1247437,1247450,CVE-2019-11135,CVE-2024-36028,CVE-2024-36348,CVE-2024-36349,CVE-2024-36350,CVE-2024-36357,CVE-2024-44963,CVE-2024-56742,CVE-2024-57947,CVE-2025-21839,CVE-2025-21872,CVE-2025-23163,CVE-2025-37798,CVE-2025-37856,CVE-2025-37864,CVE-2025-37885,CVE-2025-37920,CVE-2025-37984,CVE-2025-38034,CVE-2025-38035,CVE-2025-38051,CVE-2025-38052,CVE-2025-38058,CVE-2025-38061,CVE-2025-38062,CVE-2025-38063,CVE-2025-38064,CVE-2025-38074,CVE-2025-38084,CVE-2025-38085,CVE-2025-38087,CVE-2025-38088,CVE-2025-38089,CVE-2025-38090,CVE-2025-38094,CVE-2025-38095,CVE-2025-38097,CVE-2025-38098,CVE-2025-38099,CVE-2025-38100,CVE-2025-38102,CVE-2025-38105,CVE-2025-38107,CVE-2025-38108,CVE-2025-38109,CVE-2025-38110,CVE-2025-38111,CVE-2025-38112,CVE-2025-38113,CVE-2025-38115,CVE-2025-38117,CVE-2025-38118,CVE-2025-38120,CVE-2025-38122,CVE-2025-38123,CVE-2025-3
8124,CVE-2025-38126,CVE-2025-38127,CVE-2025-38129,CVE-2025-38131,CVE-2025-38132,CVE-2025-38135,CVE-2025-38136,CVE-2025-38138,CVE-2025-38142,CVE-2025-38143,CVE-2025-38145,CVE-2025-38147,CVE-2025-38148,CVE-2025-38149,CVE-2025-38151,CVE-2025-38153,CVE-2025-38154,CVE-2025-38155,CVE-2025-38157,CVE-2025-38158,CVE-2025-38159,CVE-2025-38161,CVE-2025-38162,CVE-2025-38165,CVE-2025-38166,CVE-2025-38173,CVE-2025-38174,CVE-2025-38177,CVE-2025-38180,CVE-2025-38181,CVE-2025-38182,CVE-2025-38183,CVE-2025-38187,CVE-2025-38188,CVE-2025-38192,CVE-2025-38193,CVE-2025-38194,CVE-2025-38197,CVE-2025-38198,CVE-2025-38200,CVE-2025-38202,CVE-2025-38203,CVE-2025-38204,CVE-2025-38206,CVE-2025-38210,CVE-2025-38211,CVE-2025-38212,CVE-2025-38213,CVE-2025-38214,CVE-2025-38215,CVE-2025-38217,CVE-2025-38220,CVE-2025-38222,CVE-2025-38225,CVE-2025-38226,CVE-2025-38227,CVE-2025-38229,CVE-2025-38231,CVE-2025-38236,CVE-2025-38239,CVE-2025-38244,CVE-2025-38246,CVE-2025-38248,CVE-2025-38249,CVE-2025-38250,CVE-2025-38257,CV
E-2025-38259,CVE-2025-38264,CVE-2025-38272,CVE-2025-38273,CVE-2025-38275,CVE-2025-38277,CVE-2025-38279,CVE-2025-38283,CVE-2025-38286,CVE-2025-38289,CVE-2025-38290,CVE-2025-38292,CVE-2025-38293,CVE-2025-38300,CVE-2025-38303,CVE-2025-38304,CVE-2025-38305,CVE-2025-38307,CVE-2025-38310,CVE-2025-38312,CVE-2025-38313,CVE-2025-38319,CVE-2025-38323,CVE-2025-38326,CVE-2025-38328,CVE-2025-38332,CVE-2025-38334,CVE-2025-38335,CVE-2025-38336,CVE-2025-38337,CVE-2025-38338,CVE-2025-38342,CVE-2025-38343,CVE-2025-38344,CVE-2025-38345,CVE-2025-38348,CVE-2025-38349,CVE-2025-38350,CVE-2025-38352,CVE-2025-38354,CVE-2025-38362,CVE-2025-38363,CVE-2025-38364,CVE-2025-38365,CVE-2025-38369,CVE-2025-38371,CVE-2025-38373,CVE-2025-38375,CVE-2025-38376,CVE-2025-38377,CVE-2025-38380,CVE-2025-38382,CVE-2025-38384,CVE-2025-38385,CVE-2025-38386,CVE-2025-38387,CVE-2025-38389,CVE-2025-38391,CVE-2025-38392,CVE-2025-38393,CVE-2025-38395,CVE-2025-38396,CVE-2025-38399,CVE-2025-38400,CVE-2025-38401,CVE-2025-38403,CVE-2025-
38404,CVE-2025-38406,CVE-2025-38409,CVE-2025-38410,CVE-2025-38412,CVE-2025-38414,CVE-2025-38415,CVE-2025-38416,CVE-2025-38420,CVE-2025-38424,CVE-2025-38425,CVE-2025-38426,CVE-2025-38428,CVE-2025-38429,CVE-2025-38430,CVE-2025-38436,CVE-2025-38443,CVE-2025-38448,CVE-2025-38449,CVE-2025-38455,CVE-2025-38457,CVE-2025-38460,CVE-2025-38461,CVE-2025-38462,CVE-2025-38463,CVE-2025-38465,CVE-2025-38467,CVE-2025-38468,CVE-2025-38470,CVE-2025-38471,CVE-2025-38473,CVE-2025-38474,CVE-2025-38476,CVE-2025-38477,CVE-2025-38478,CVE-2025-38480,CVE-2025-38481,CVE-2025-38482,CVE-2025-38483,CVE-2025-38485,CVE-2025-38487,CVE-2025-38489,CVE-2025-38494,CVE-2025-38495,CVE-2025-38496,CVE-2025-38497,CVE-2025-38498
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may
- CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707).
- CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:
x86/process: Move the buffer clearing before MONITOR (bsc#1238896).
- CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216).
- CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323).
- CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479).
- CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801).
- CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202).
- CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201).
- CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735).
- CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649).
- CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660).
- CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654).
- CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671).
- CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650).
- CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682).
- CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708).
- CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677).
- CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679).
- CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768).
- CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750).
- CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752).
- CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006).
- CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951).
- CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980).
- CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044).
- CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093).
- CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173).
- CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182).
- CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264).
- CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273).
- CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354).
- CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384).
- CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between
handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141).
- CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253).
- CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103).
- CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118).
- CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
The following non-security bugs were fixed:
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122).
- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).
- ACPICA: Refuse to evaluate a method if arguments are missing (stable-fixes).
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- ALSA: hda/tegra: Add Tegra264 support (stable-fixes).
- ALSA: hda: Add missing NVIDIA HDA codec IDs (stable-fixes).
- ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes).
- ALSA: hda: Ignore unsol events for cards being shut down (stable-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- ALSA: sb: Do not allow changing the DMA mode during operations (stable-fixes).
- ALSA: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes).
- ASoC: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes).
- ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes).
- ASoC: amd: yc: update quirk data for HP Victus (stable-fixes).
- ASoC: codec: wcd9335: Convert to GPIO descriptors (stable-fixes).
- ASoC: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes).
- ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes).
- ASoC: cs35l56: probe() should fail if the device ID is not recognized (git-fixes).
- ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes).
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes).
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes).
- Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes).
- Bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes).
- Bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes).
- Bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes).
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes).
- Bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes).
- Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes).
- Bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes).
- Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- Bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes).
- Bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes).
- Bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes).
- Bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes).
- Bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes).
- Bluetooth: hci_sync: revert some mesh modifications (git-fixes).
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Fix dma_unmap_sg() nents value (git-fixes)
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure __hid_request reserves the report ID as the first byte (git-fixes).
- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes).
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes).
- IB/mlx5: Fix potential deadlock in MR deregistration (git-fixes)
- Input: iqs7222 - explicitly define number of external channels (git-fixes).
- Input: xpad - adjust error handling for disconnect (git-fixes).
- Input: xpad - set correct controller type for Acer NGR200 (git-fixes).
- Input: xpad - support Acer NGR 200 Controller (stable-fixes).
- Logitech C-270 even more broken (stable-fixes).
- Move upstreamed SCSI and ACPI patches into sorted section
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- NFSv4.2: another fix for listxattr (git-fixes).
- NFSv4.2: fix listxattr to return selinux security label (git-fixes).
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes).
- NFSv4: Always set NLINK even if the server does not support it (git-fixes).
- NFSv4: xattr handlers should check for absent nfs filehandles (git-fixes).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes).
- PCI: endpoint: Fix configfs group list head handling (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes).
- PM / devfreq: Check governor before using governor->name (git-fixes).
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA/mlx5: Fix CC counters query for MPV (git-fixes)
- RDMA/mlx5: Fix HW counters query for non-representor devices (git-fixes)
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- RDMA/mlx5: Fix vport loopback for MPV device (git-fixes)
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes)
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes).
- Revert 'ACPI: battery: negate current when discharging' (stable-fixes).
- Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338).
- Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes).
- Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes).
- Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes).
- Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes).
- SMB3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes).
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes).
- af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093).
- amd/amdkfd: fix a kfd_process ref leak (stable-fixes).
- aoe: clean device rq_list in aoedev_downdev() (git-fixes).
- apple-mfi-fastcharge: protect first device name (git-fixes).
- ata: pata_cs5536: fix build on 32-bit UML (stable-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- bpf, sockmap: Fix sk_msg_reset_curr (git-fixes).
- bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes).
- bpf/selftests: Check errno when percpu map value size exceeds (git-fixes).
- bpf: Add a possibly-zero-sized read test (git-fixes).
- bpf: Avoid __hidden__ attribute in static object (git-fixes).
- bpf: Check percpu map value size first (git-fixes).
- bpf: Disable some `attribute ignored' warnings in GCC (git-fixes).
- bpf: Fix memory leak in bpf_core_apply (git-fixes).
- bpf: Fix potential integer overflow in resolve_btfids (git-fixes).
- bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes).
- bpf: Make the pointer returned by iter next method valid (git-fixes).
- bpf: Simplify checking size of helper accesses (git-fixes).
- bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes).
- bpf: sockmap, updating the sg structure should also update curr (git-fixes).
- bpftool: Fix missing pids during link show (git-fixes).
- bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes).
- bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes).
- bpftool: Remove unnecessary source files from bootstrap version (git-fixes).
- bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: rename err to ret in btrfs_rmdir() (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes).
- can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789).
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166).
- cifs: reconnect helper should set reconnect for the right channel (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457).
- clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457).
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes).
- comedi: Fix initialization of data for instructions that write to subdevice (git-fixes).
- comedi: Fix some signed shift left operations (git-fixes).
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes).
- comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes).
- comedi: das16m1: Fix bit shift out of bounds (git-fixes).
- comedi: das6402: Fix bit shift out of bounds (git-fixes).
- comedi: pcl812: Fix bit shift out of bounds (git-fixes).
- compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes).
- config: enable RBD (jsc#PED-13238)
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- dm-bufio: fix sched in atomic context (git-fixes).
- dm-flakey: error all IOs when num_features is absent (git-fixes).
- dm-flakey: make corrupting read bios work (git-fixes).
- dm-mirror: fix a tiny race condition (git-fixes).
- dm-raid: fix variable in journal device check (git-fixes).
- dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes).
- dm: do not change md if dm_table_set_restrictions() fails (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- dm: restrict dm device size to 2^63-512 bytes (git-fixes).
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: xilinx_dma: Set dma_device directions (stable-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes).
- drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes).
- drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes).
- drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes).
- drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes).
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes).
- drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes).
- drm/framebuffer: Acquire internal references on GEM handles (git-fixes).
- drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes).
- drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes).
- drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes).
- drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes).
- drm/i915/selftests: Change mock_request() to return error pointers (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm: Fix a fence leak in submit error path (stable-fixes).
- drm/msm: Fix another leak in the submit error path (stable-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Increment job count before swapping tail spsc queue (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/scheduler: signal scheduled fence when kill job (stable-fixes).
- drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes).
- drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- fs/jfs: consolidate sanity checking in dbMount (git-fixes).
- fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes).
- gpio: sim: include a missing header (git-fixes).
- gpio: vf610: add locking to gpio direction functions (git-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes).
- gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes).
- gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300).
- gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300).
- gpiolib: cdev: Ignore reconfiguration without direction (git-fixes).
- gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes).
- hfs: make splice write available again (git-fixes).
- hfsplus: make splice write available again (git-fixes).
- hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes).
- hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203).
- hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- i2c/designware: Fix an initialization issue (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: stm32: fix the device used for the DMA map (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes).
- iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes).
- iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/amd: Set the pgsize_bitmap correctly (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- jfs: fix metapage reference count leak in dbAllocCtl (git-fixes).
- kABI workaround for struct drm_framebuffer changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes).
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- leds: multicolor: Fix intensity setting while SW blinking (stable-fixes).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes).
- md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes).
- mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes).
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes).
- mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes).
- mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spinand: fix memory leak of ECC engine conf (stable-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes).
- mtk-sd: Prevent memory corruption from DMA map failure (git-fixes).
- mtk-sd: reset host->mrq on prepare_data() error (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- nbd: fix uaf in nbd_genl_connect() error path (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net: mana: Add debug logs in MANA network driver (bsc#1246212).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: phy: Do not register LEDs for genphy (git-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes).
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes).
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes).
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes).
- net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nilfs2: reject invalid file types when reading inodes (git-fixes).
- nvme-pci: refresh visible attrs after being checked (git-fixes).
- nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes).
- objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes).
- objtool: Fix _THIS_IP_ detection for cold functions (git-fixes).
- objtool: Fix error handling inconsistencies in check() (git-fixes).
- objtool: Ignore dangling jump table entries (git-fixes).
- objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes).
- objtool: Properly disable uaccess validation (git-fixes).
- objtool: Silence more KCOV warnings (git-fixes).
- objtool: Silence more KCOV warnings, part 2 (git-fixes).
- objtool: Stop UNRET validation on UD2 (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes).
- perf: Fix sample vs do_exit() (bsc#1246547).
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes).
- pinctrl: amd: Clear GPIO debounce for suspend (git-fixes).
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes).
- platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes).
- platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes).
- platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes).
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: think-lmi: Create ksets consecutively (stable-fixes).
- platform/x86: think-lmi: Fix kobject cleanup (git-fixes).
- platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes).
- powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Ensure to disable clocks in error path (git-fixes).
- regmap: fix potential memory leak of regmap_bus (git-fixes).
- regulator: fan53555: add enable_time support and soft-start times (stable-fixes).
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes).
- regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes).
- resource: fix false warning in __request_region() (git-fixes).
- restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes).
- rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870).
- s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806).
- s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646).
- s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647).
- s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598).
- s390: Add z17 elf platform (LTC#214086 bsc#1245540).
- samples: mei: Fix building on musl libc (git-fixes).
- sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338).
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes).
- scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes).
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Copyright updates for 14.4.0.10 patches (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142).
- scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125).
- scsi: megaraid_sas: Fix invalid node index (git-fixes).
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes).
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes).
- scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599).
- selftests/bpf: Add CFLAGS per source file and runner (git-fixes).
- selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes).
- selftests/bpf: Change functions definitions to support GCC (git-fixes).
- selftests/bpf: Fix a few tests for GCC related warnings (git-fixes).
- selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes).
- selftests/bpf: Fix prog numbers in test_sockmap (git-fixes).
- smb3: move server check earlier when setting channel sequence number (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes).
- soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soundwire: amd: fix for clearing command status register (git-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- struct cdns: move new member to the end (git-fixes).
- struct ucsi_operations: use padding for new operation (git-fixes).
- sunrpc: do not immediately retransmit on seqno miss (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- thunderbolt: Fix wake on connect at runtime (git-fixes).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- types: Complement the aligned types with signed 64-bit one (stable-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- ucsi-glink: adapt to kABI consistency (git-fixes).
- ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes).
- ucsi_operations: add stubs for all operations (git-fixes).
- ucsi_ops: adapt update_connector to kABI consistency (git-fixes).
- usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes).
- usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes).
- usb: cdnsp: Fix issue with resuming from L1 (git-fixes).
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: cdnsp: do not disable slot for disabled slot (git-fixes).
- usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes).
- usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes).
- usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: hub: Do not try to recover devices lost during warm reset (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: musb: fix gadget state on disconnect (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: net: sierra: check for no status endpoint (git-fixes).
- usb: potential integer overflow in usbg_make_tpg() (stable-fixes).
- usb: typec: Update sysfs when setting ops (git-fixes).
- usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes).
- usb: typec: displayport: Fix potential deadlock (git-fixes).
- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes).
- usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes).
- usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes).
- usb: typec: ucsi: Delay alternate mode discovery (git-fixes).
- usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes).
- usb: typec: ucsi: Fix the partner PD revision (git-fixes).
- usb: typec: ucsi: Get PD revision for partner (git-fixes).
- usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: add callback for connector status updates (git-fixes).
- usb: typec: ucsi: add update_connector callback (git-fixes).
- usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes).
- usb: typec: ucsi: extract code to read PD caps (git-fixes).
- usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes).
- usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes).
- usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes).
- usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes).
- usb: typec: ucsi: glink: use typec_set_orientation (git-fixes).
- usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes).
- usb: typec: ucsi: properly register partner's PD device (git-fixes).
- usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes).
- usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes).
- usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes).
- usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes).
- usb: typec: ucsi_glink: rework quirks implementation (git-fixes).
- usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes).
- usb: xhci: quirk for data loss in ISOC transfers (stable-fixes).
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes).
- virtgpu: do not reset on shutdown (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vt: add missing notification when switching back to text mode (stable-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath6kl: remove WARN on bad firmware input (stable-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: mac80211: Add link iteration macro for link data (stable-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes).
- wifi: mac80211: drop invalid source address OCB frames (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes).
- wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes).
- wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: prevent A-MSDU attacks in mesh networks (stable-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes).
- x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce/amd: Fix threshold limit reset (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes).
- x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345).
- xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes).
- xhci: dbc: Flush queued requests before stopping dbc (git-fixes).
- xhci: dbctty: disable ECHO flag by default (git-fixes).
-----------------------------------------------------------------
Advisory ID: 229
Released: Tue Aug 26 10:49:45 2025
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1241114,1241680,1247819
This update for dracut fixes the following issues:
- fix (dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819)
- fix (rngd): adjust license to match the license of the whole project
- fix (dracut): kernel module name normalization in drivers lists (bsc#1241680)
- fix (dracut-init): assign real path to srcmods (bsc#1241114)
-----------------------------------------------------------------
Advisory ID: 234
Released: Wed Aug 27 09:48:38 2025
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1246912
This update for libzypp fixes the following issues:
- Make ld.so ignore the subarch packages during install
(bsc#1246912)
-----------------------------------------------------------------
Advisory ID: 236
Released: Wed Aug 27 11:46:23 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1244554,1244555,1244557,1244580,1244700,1246296,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425
This update for libxml2 fixes the following issues:
- CVE-2025-6021: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [bsc#1244580]
- CVE-2025-6170: stack buffer overflow may lead to a crash [bsc#1244700]
- CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr [bsc#1246296]
- CVE-2025-49794: heap use after free (UAF) can lead to Denial of service (DoS) [bsc#1244554]
- CVE-2025-49795: null pointer dereference may lead to Denial of service (DoS) [bsc#1244555]
- CVE-2025-49796: type confusion may lead to Denial of service (DoS) [bsc#1244557]
-----------------------------------------------------------------
Advisory ID: 238
Released: Thu Aug 28 17:15:06 2025
Summary: Security update for coreutils
Type: security
Severity: moderate
References: 1243767,CVE-2025-5278
This update for coreutils fixes the following issues:
- CVE-2025-5278: Sort with key character offsets of SIZE_MAX, could induce a read of 1 byte before an allocated heap buffer (bsc#1243767).
The following package changes have been done:
- liblzma5-5.4.3-slfo.1.1_2.1 updated
- libgcc_s1-14.3.0+git11799-slfo.1.1_1.1 updated
- libxml2-2-2.11.6-slfo.1.1_6.1 updated
- libopenssl3-3.1.4-slfo.1.1_6.1 updated
- libgcrypt20-1.10.3-slfo.1.1_2.1 updated
- libstdc++6-14.3.0+git11799-slfo.1.1_1.1 updated
- libudev1-254.27-slfo.1.1_1.1 updated
- libsystemd0-254.27-slfo.1.1_1.1 updated
- xz-5.4.3-slfo.1.1_2.1 updated
- coreutils-9.4-slfo.1.1_2.1 updated
- SL-Micro-release-6.1-slfo.1.11.53 updated
- systemd-254.27-slfo.1.1_1.1 updated
- udev-254.27-slfo.1.1_1.1 updated
- dracut-059+suse.639.g19f24feb-slfo.1.1_1.1 updated
- kernel-default-6.4.0-33.1 updated
- libssh-config-0.10.6-slfo.1.1_2.1 updated
- libssh4-0.10.6-slfo.1.1_2.1 updated
- openssl-3-3.1.4-slfo.1.1_6.1 updated
- elemental-toolkit-2.2.4-slfo.1.1_1.1 updated
- libzypp-17.37.17-slfo.1.1_1.1 updated
- zypper-1.14.93-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-4.66 updated
More information about the sle-container-updates
mailing list