SUSE-IU-2026:882-1: Security update of sles-15-sp6-chost-byos-v20260205-arm64
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Feb 7 08:04:04 UTC 2026
SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20260205-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:882-1
Image Tags : sles-15-sp6-chost-byos-v20260205-arm64:20260205
Image Release :
Severity : critical
Type : security
References : 1012628 1027519 1065729 1194869 1214635 1214847 1215146 1215211
1215344 1216062 1216436 1219165 1220419 1223731 1232223 1232351
1233655 1234163 1237888 1241284 1243474 1244003 1244011 1244937
1245193 1245193 1245449 1245667 1246011 1246025 1246328 1247076
1247079 1247500 1247500 1247509 1248807 1248886 1249256 1249547
1249657 1249912 1249982 1250176 1250224 1250237 1250252 1250334
1250655 1250664 1250705 1251120 1251271 1251786 1252046 1252063
1252267 1252303 1252318 1252338 1252342 1252353 1252681 1252686
1252692 1252763 1252773 1252776 1252780 1252794 1252795 1252808
1252809 1252817 1252821 1252824 1252836 1252845 1252861 1252862
1252912 1252917 1252919 1252928 1252973 1253018 1253155 1253176
1253262 1253275 1253318 1253324 1253342 1253349 1253352 1253355
1253360 1253362 1253363 1253367 1253369 1253386 1253393 1253395
1253402 1253403 1253407 1253408 1253409 1253412 1253413 1253416
1253421 1253423 1253424 1253425 1253427 1253428 1253431 1253436
1253438 1253440 1253441 1253442 1253445 1253448 1253449 1253453
1253456 1253458 1253463 1253472 1253647 1253779 1254119 1254126
1254157 1254158 1254159 1254160 1254180 1254297 1254373 1254400
1254401 1254425 1254480 1254518 1254520 1254599 1254606 1254611
1254613 1254615 1254621 1254623 1254624 1254626 1254648 1254649
1254653 1254655 1254657 1254660 1254661 1254662 1254663 1254666
1254669 1254677 1254678 1254688 1254690 1254691 1254693 1254695
1254698 1254701 1254704 1254705 1254707 1254712 1254715 1254717
1254723 1254724 1254732 1254733 1254737 1254739 1254742 1254743
1254749 1254750 1254753 1254754 1254758 1254761 1254762 1254765
1254782 1254791 1254793 1254795 1254796 1254797 1254798 1254813
1254828 1254829 1254832 1254840 1254843 1254847 1254850 1254851
1254858 1254860 1254878 1254894 1254918 1254957 1254959 1254983
1254997 1255005 1255009 1255026 1255033 1255034 1255035 1255041
1255046 1255057 1255062 1255064 1255065 1255068 1255072 1255075
1255077 1255083 1255092 1255094 1255100 1255122 1255135 1255146
1255149 1255152 1255154 1255155 1255163 1255167 1255169 1255171
1255182 1255187 1255190 1255193 1255197 1255199 1255202 1255203
1255206 1255209 1255218 1255221 1255233 1255245 1255246 1255251
1255252 1255253 1255259 1255274 1255276 1255279 1255280 1255281
1255325 1255329 1255351 1255415 1255480 1255483 1255489 1255493
1255495 1255505 1255538 1255540 1255545 1255549 1255550 1255553
1255557 1255558 1255563 1255564 1255570 1255578 1255579 1255580
1255583 1255591 1255601 1255603 1255605 1255611 1255616 1255617
1255618 1255621 1255628 1255629 1255630 1255632 1255636 1255688
1255691 1255702 1255704 1255706 1255715 1255722 1255731 1255732
1255733 1255734 1255758 1255759 1255760 1255763 1255765 1255769
1255770 1255772 1255774 1255775 1255776 1255780 1255785 1255786
1255789 1255790 1255792 1255793 1255795 1255798 1255800 1255801
1255806 1255807 1255809 1255810 1255812 1255814 1255820 1255838
1255842 1255843 1255872 1255875 1255879 1255883 1255884 1255886
1255888 1255890 1255891 1255892 1255899 1255902 1255907 1255911
1255915 1255918 1255921 1255924 1255925 1255931 1255932 1255934
1255943 1255944 1255949 1255951 1255952 1255955 1255957 1255961
1255963 1255964 1255967 1255974 1255978 1255984 1255988 1255990
1255992 1255993 1255994 1255996 1256033 1256034 1256045 1256050
1256058 1256071 1256074 1256081 1256082 1256083 1256084 1256085
1256090 1256093 1256094 1256095 1256096 1256099 1256100 1256104
1256105 1256106 1256107 1256117 1256119 1256121 1256145 1256153
1256178 1256197 1256231 1256233 1256234 1256238 1256243 1256244
1256246 1256263 1256267 1256268 1256271 1256273 1256274 1256279
1256285 1256291 1256292 1256300 1256301 1256302 1256335 1256341
1256348 1256351 1256354 1256358 1256361 1256364 1256367 1256368
1256369 1256370 1256371 1256373 1256375 1256379 1256387 1256390
1256394 1256395 1256396 1256437 1256498 1256499 1256500 1256525
1256526 1256528 1256745 1256747 1256766 1256805 1256822 1256830
1256834 1256834 1256835 1256835 1256836 1256836 1256837 1256837
1256838 1256838 1256839 1256839 1256840 1256840 1257005 1257049
1257353 1257354 1257355 1257364 1257365 510058 CVE-2022-50253
CVE-2023-42752 CVE-2023-53676 CVE-2023-53743 CVE-2023-53750 CVE-2023-53752
CVE-2023-53759 CVE-2023-53762 CVE-2023-53766 CVE-2023-53768 CVE-2023-53777
CVE-2023-53778 CVE-2023-53782 CVE-2023-53784 CVE-2023-53785 CVE-2023-53787
CVE-2023-53791 CVE-2023-53792 CVE-2023-53793 CVE-2023-53794 CVE-2023-53795
CVE-2023-53797 CVE-2023-53799 CVE-2023-53807 CVE-2023-53808 CVE-2023-53813
CVE-2023-53815 CVE-2023-53819 CVE-2023-53821 CVE-2023-53823 CVE-2023-53825
CVE-2023-53828 CVE-2023-53831 CVE-2023-53834 CVE-2023-53836 CVE-2023-53839
CVE-2023-53841 CVE-2023-53842 CVE-2023-53843 CVE-2023-53844 CVE-2023-53846
CVE-2023-53847 CVE-2023-53848 CVE-2023-53850 CVE-2023-53851 CVE-2023-53852
CVE-2023-53855 CVE-2023-53856 CVE-2023-53857 CVE-2023-53858 CVE-2023-53860
CVE-2023-53861 CVE-2023-53863 CVE-2023-53864 CVE-2023-53865 CVE-2023-53989
CVE-2023-53992 CVE-2023-53994 CVE-2023-53995 CVE-2023-53996 CVE-2023-53997
CVE-2023-53998 CVE-2023-53999 CVE-2023-54000 CVE-2023-54001 CVE-2023-54005
CVE-2023-54006 CVE-2023-54008 CVE-2023-54014 CVE-2023-54016 CVE-2023-54017
CVE-2023-54019 CVE-2023-54022 CVE-2023-54023 CVE-2023-54025 CVE-2023-54026
CVE-2023-54027 CVE-2023-54030 CVE-2023-54031 CVE-2023-54032 CVE-2023-54035
CVE-2023-54037 CVE-2023-54038 CVE-2023-54042 CVE-2023-54045 CVE-2023-54048
CVE-2023-54049 CVE-2023-54051 CVE-2023-54052 CVE-2023-54060 CVE-2023-54064
CVE-2023-54066 CVE-2023-54067 CVE-2023-54069 CVE-2023-54070 CVE-2023-54072
CVE-2023-54076 CVE-2023-54080 CVE-2023-54081 CVE-2023-54083 CVE-2023-54088
CVE-2023-54089 CVE-2023-54091 CVE-2023-54092 CVE-2023-54093 CVE-2023-54094
CVE-2023-54095 CVE-2023-54096 CVE-2023-54099 CVE-2023-54101 CVE-2023-54104
CVE-2023-54106 CVE-2023-54112 CVE-2023-54113 CVE-2023-54115 CVE-2023-54117
CVE-2023-54121 CVE-2023-54125 CVE-2023-54127 CVE-2023-54133 CVE-2023-54134
CVE-2023-54135 CVE-2023-54136 CVE-2023-54137 CVE-2023-54140 CVE-2023-54141
CVE-2023-54142 CVE-2023-54143 CVE-2023-54145 CVE-2023-54148 CVE-2023-54149
CVE-2023-54153 CVE-2023-54154 CVE-2023-54155 CVE-2023-54156 CVE-2023-54164
CVE-2023-54166 CVE-2023-54169 CVE-2023-54170 CVE-2023-54171 CVE-2023-54172
CVE-2023-54173 CVE-2023-54177 CVE-2023-54178 CVE-2023-54179 CVE-2023-54181
CVE-2023-54183 CVE-2023-54185 CVE-2023-54189 CVE-2023-54194 CVE-2023-54201
CVE-2023-54204 CVE-2023-54207 CVE-2023-54209 CVE-2023-54210 CVE-2023-54211
CVE-2023-54215 CVE-2023-54219 CVE-2023-54220 CVE-2023-54221 CVE-2023-54223
CVE-2023-54224 CVE-2023-54225 CVE-2023-54227 CVE-2023-54229 CVE-2023-54230
CVE-2023-54235 CVE-2023-54240 CVE-2023-54241 CVE-2023-54246 CVE-2023-54247
CVE-2023-54251 CVE-2023-54253 CVE-2023-54254 CVE-2023-54255 CVE-2023-54258
CVE-2023-54261 CVE-2023-54263 CVE-2023-54264 CVE-2023-54266 CVE-2023-54267
CVE-2023-54271 CVE-2023-54276 CVE-2023-54278 CVE-2023-54281 CVE-2023-54282
CVE-2023-54283 CVE-2023-54285 CVE-2023-54289 CVE-2023-54291 CVE-2023-54292
CVE-2023-54293 CVE-2023-54296 CVE-2023-54297 CVE-2023-54299 CVE-2023-54300
CVE-2023-54302 CVE-2023-54303 CVE-2023-54304 CVE-2023-54309 CVE-2023-54312
CVE-2023-54313 CVE-2023-54314 CVE-2023-54315 CVE-2023-54316 CVE-2023-54318
CVE-2023-54319 CVE-2023-54322 CVE-2023-54324 CVE-2023-54326 CVE-2024-26944
CVE-2025-11961 CVE-2025-12084 CVE-2025-13151 CVE-2025-13601 CVE-2025-13836
CVE-2025-13837 CVE-2025-14017 CVE-2025-14087 CVE-2025-14104 CVE-2025-14512
CVE-2025-14524 CVE-2025-14819 CVE-2025-15079 CVE-2025-15224 CVE-2025-15281
CVE-2025-15467 CVE-2025-21710 CVE-2025-27466 CVE-2025-28162 CVE-2025-28164
CVE-2025-37916 CVE-2025-38321 CVE-2025-38359 CVE-2025-38361 CVE-2025-38728
CVE-2025-39788 CVE-2025-39805 CVE-2025-39819 CVE-2025-39859 CVE-2025-39890
CVE-2025-39944 CVE-2025-39977 CVE-2025-39980 CVE-2025-40001 CVE-2025-40006
CVE-2025-40021 CVE-2025-40024 CVE-2025-40027 CVE-2025-40030 CVE-2025-40033
CVE-2025-40038 CVE-2025-40040 CVE-2025-40042 CVE-2025-40048 CVE-2025-40053
CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074
CVE-2025-40075 CVE-2025-40081 CVE-2025-40083 CVE-2025-40098 CVE-2025-40102
CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111
CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121
CVE-2025-40127 CVE-2025-40129 CVE-2025-40134 CVE-2025-40135 CVE-2025-40139
CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40153 CVE-2025-40154
CVE-2025-40156 CVE-2025-40157 CVE-2025-40158 CVE-2025-40159 CVE-2025-40164
CVE-2025-40167 CVE-2025-40168 CVE-2025-40169 CVE-2025-40170 CVE-2025-40171
CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40178 CVE-2025-40179
CVE-2025-40180 CVE-2025-40183 CVE-2025-40186 CVE-2025-40187 CVE-2025-40188
CVE-2025-40194 CVE-2025-40198 CVE-2025-40200 CVE-2025-40204 CVE-2025-40205
CVE-2025-40206 CVE-2025-40207 CVE-2025-40211 CVE-2025-40215 CVE-2025-40219
CVE-2025-40220 CVE-2025-40223 CVE-2025-40233 CVE-2025-40242 CVE-2025-40244
CVE-2025-40256 CVE-2025-40258 CVE-2025-40262 CVE-2025-40263 CVE-2025-40269
CVE-2025-40272 CVE-2025-40273 CVE-2025-40275 CVE-2025-40277 CVE-2025-40280
CVE-2025-40282 CVE-2025-40283 CVE-2025-40284 CVE-2025-40288 CVE-2025-40297
CVE-2025-40301 CVE-2025-40304 CVE-2025-40306 CVE-2025-40308 CVE-2025-40309
CVE-2025-40310 CVE-2025-40311 CVE-2025-40312 CVE-2025-40314 CVE-2025-40315
CVE-2025-40316 CVE-2025-40317 CVE-2025-40318 CVE-2025-40320 CVE-2025-40321
CVE-2025-40322 CVE-2025-40323 CVE-2025-40324 CVE-2025-40328 CVE-2025-40329
CVE-2025-40331 CVE-2025-40342 CVE-2025-40343 CVE-2025-40345 CVE-2025-40349
CVE-2025-40351 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148
CVE-2025-58149 CVE-2025-58150 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720
CVE-2025-65018 CVE-2025-66293 CVE-2025-68160 CVE-2025-68160 CVE-2025-68168
CVE-2025-68172 CVE-2025-68176 CVE-2025-68180 CVE-2025-68183 CVE-2025-68185
CVE-2025-68192 CVE-2025-68194 CVE-2025-68195 CVE-2025-68217 CVE-2025-68218
CVE-2025-68222 CVE-2025-68233 CVE-2025-68235 CVE-2025-68237 CVE-2025-68238
CVE-2025-68244 CVE-2025-68249 CVE-2025-68252 CVE-2025-68257 CVE-2025-68258
CVE-2025-68259 CVE-2025-68276 CVE-2025-68286 CVE-2025-68287 CVE-2025-68289
CVE-2025-68290 CVE-2025-68303 CVE-2025-68305 CVE-2025-68307 CVE-2025-68308
CVE-2025-68312 CVE-2025-68313 CVE-2025-68328 CVE-2025-68330 CVE-2025-68331
CVE-2025-68332 CVE-2025-68335 CVE-2025-68339 CVE-2025-68345 CVE-2025-68346
CVE-2025-68347 CVE-2025-68354 CVE-2025-68362 CVE-2025-68380 CVE-2025-68468
CVE-2025-68471 CVE-2025-68724 CVE-2025-68732 CVE-2025-68734 CVE-2025-68740
CVE-2025-68746 CVE-2025-68750 CVE-2025-68753 CVE-2025-68757 CVE-2025-68758
CVE-2025-68759 CVE-2025-68765 CVE-2025-68766 CVE-2025-68973 CVE-2025-69418
CVE-2025-69418 CVE-2025-69419 CVE-2025-69419 CVE-2025-69420 CVE-2025-69420
CVE-2025-69421 CVE-2025-69421 CVE-2026-0861 CVE-2026-0915 CVE-2026-0988
CVE-2026-0989 CVE-2026-1484 CVE-2026-1485 CVE-2026-1489 CVE-2026-22695
CVE-2026-22795 CVE-2026-22795 CVE-2026-22796 CVE-2026-22796 CVE-2026-22801
CVE-2026-23553
-----------------------------------------------------------------
The container sles-15-sp6-chost-byos-v20260205-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4375-1
Released: Fri Dec 12 10:19:46 2025
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: moderate
References: 1250655,1250664
This update for suse-module-tools fixes the following issues:
- Version update 15.6.13
- Fixing spec file (bsc#1250664).
- Fixing compile problems on livepatch dir when checking for unresolved
symbols (bsc#1250655).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4378-1
Released: Fri Dec 12 10:37:36 2025
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1233655,510058
This update for lvm2 fixes the following issues:
- Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058).
- Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4401-1
Released: Mon Dec 15 14:35:37 2025
Summary: Recommended update for sles-release
Type: recommended
Severity: moderate
References:
This update for sles-release fixes the following issue:
- Add corrected EOL value for the codestream reflecting whats on
https://www.suse.com/lifecycle/ - this also fixes issues reported
by some parsing tools, related to ISO_8601 data format.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4422-1
Released: Wed Dec 17 11:52:45 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1232223,1237888,1243474,1245193,1247076,1247079,1247500,1247509,1249547,1249912,1249982,1250176,1250237,1250252,1250705,1251120,1251786,1252063,1252267,1252303,1252353,1252681,1252763,1252773,1252780,1252794,1252795,1252809,1252817,1252821,1252836,1252845,1252862,1252912,1252917,1252928,1253018,1253176,1253275,1253318,1253324,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253393,1253395,1253403,1253407,1253409,1253412,1253416,1253421,1253423,1253424,1253425,1253427,1253428,1253431,1253436,1253438,1253440,1253441,1253445,1253448,1253449,1253453,1253456,1253472,1253779,CVE-2022-50253,CVE-2023-53676,CVE-2025-21710,CVE-2025-37916,CVE-2025-38359,CVE-2025-38361,CVE-2025-39788,CVE-2025-39805,CVE-2025-39819,CVE-2025-39859,CVE-2025-39944,CVE-2025-39980,CVE-2025-40001,CVE-2025-40021,CVE-2025-40027,CVE-2025-40030,CVE-2025-40038,CVE-2025-40040,CVE-2025-40048,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40083,CVE
-2025-40098,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40149,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40159,CVE-2025-40164,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40176,CVE-2025-40180,CVE-2025-40183,CVE-2025-40186,CVE-2025-40188,CVE-2025-40194,CVE-2025-40198,CVE-2025-40200,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888).
- CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474).
- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
- CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079).
- CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547).
- CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982).
- CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
- CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252).
- CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120).
- CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
- CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
- CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
- CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
- CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773).
- CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
- CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
- CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
- CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
- CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794).
- CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
- CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
- CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917).
- CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928).
- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
- CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
- CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
- CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
- CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
- CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non security issues were fixed:
- ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes).
- ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes).
- ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes).
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes).
- ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
- ACPI: property: Return present device nodes only on fwnode interface (stable-fixes).
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes).
- ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes).
- ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes).
- ALSA: serial-generic: remove shared static buffer (stable-fixes).
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes).
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes).
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes).
- ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
- ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes).
- ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes).
- ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes).
- ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes).
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes).
- ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes).
- ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes).
- ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes).
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes).
- Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes).
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes).
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes).
- Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes).
- Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
- Bluetooth: bcsp: receive data only if registered (stable-fixes).
- Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes).
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes).
- Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes).
- Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
- HID: amd_sfh: Stop sensor before starting (git-fixes).
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes).
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes).
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes).
- HID: uclogic: Fix potential memory leak in error path (git-fixes).
- Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
- Input: imx_sc_key - fix memory corruption on unload (git-fixes).
- Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes).
- KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes).
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes).
- KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes).
- KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes).
- KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes).
- KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes).
- KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes).
- KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes).
- KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes).
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
- KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes).
- KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes).
- KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes).
- NFS4: Fix state renewals missing after boot (git-fixes).
- NFS: check if suid/sgid was cleared after a write as needed (git-fixes).
- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes).
- NFSD: Skip close replay processing if XDR encoding fails (git-fixes).
- NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes).
- NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes).
- NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes).
- PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes).
- PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
- PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes).
- PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
- RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes).
- RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes).
- RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes).
- RDMA/hns: Fix the modification of max_send_sge (git-fixes).
- RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes).
- RDMA/irdma: Fix SD index calculation (git-fixes).
- RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes).
- accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes).
- accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes).
- accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes).
- accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes).
- acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes).
- amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes).
- block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes).
- block: fix kobject double initialization in add_disk (git-fixes).
- btrfs: abort transaction on failure to add link to inode (git-fixes).
- btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix).
- btrfs: avoid using fixed char array size for tree names (git-fix).
- btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes).
- btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
- btrfs: fix inode leak on failure to add link to inode (git-fixes).
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix).
- btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes).
- btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix).
- btrfs: rename err to ret in btrfs_link() (git-fixes).
- btrfs: run btrfs_error_commit_super() early (git-fix).
- btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix).
- btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes).
- btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes).
- btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes).
- btrfs: simplify error handling logic for btrfs_link() (git-fixes).
- btrfs: tree-checker: add dev extent item checks (git-fix).
- btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix).
- btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix).
- btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
- btrfs: tree-checker: validate dref root and objectid (git-fix).
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes).
- char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes).
- char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes).
- char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes).
- cramfs: Verify inode mode when loading from disk (git-fixes).
- crypto: aspeed - fix double free caused by devm (git-fixes).
- crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes).
- crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes).
- crypto: iaa - Do not clobber req->base.data (git-fixes).
- crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes).
- dmaengine: dw-edma: Set status for callback_result (stable-fixes).
- dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
- drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes).
- drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
- drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
- drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes).
- drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
- drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes).
- drm/amd/display: add more cyan skillfish devices (stable-fixes).
- drm/amd/display: ensure committing streams is seamless (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
- drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes).
- drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
- drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (stable-fixes).
- drm/amd: Fix suspend failure with secure display TA (git-fixes).
- drm/amd: add more cyan skillfish PCI ids (stable-fixes).
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes).
- drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes).
- drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes).
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes).
- drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes).
- drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes).
- drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
- drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes).
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes).
- drm/amdkfd: fix vram allocation failure for a special case (stable-fixes).
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes).
- drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes).
- drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
- drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes).
- drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes).
- drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes).
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes).
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes).
- drm/msm: make sure to not queue up recovery more than once (stable-fixes).
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes).
- drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes).
- drm/tegra: Add call to put_pid() (git-fixes).
- drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes).
- drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes).
- drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes).
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes).
- exfat: limit log print for IO error (git-fixes).
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes).
- extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes).
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes).
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes).
- fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes).
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes).
- hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes).
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes).
- hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
- hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes).
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes).
- hwmon: sy7636a: add alias (stable-fixes).
- iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes).
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes).
- ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes).
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes).
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes).
- jfs: Verify inode mode when loading from disk (git-fixes).
- jfs: fix uninitialized waitqueue in transaction manager (git-fixes).
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes).
- md/raid1: fix data lost for writemostly rdev (git-fixes).
- md: fix mssing blktrace bio split events (git-fixes).
- media: adv7180: Add missing lock in suspend callback (stable-fixes).
- media: adv7180: Do not write format to device in set_fmt (stable-fixes).
- media: adv7180: Only validate format in querystd (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
- media: fix uninitialized symbol warnings (stable-fixes).
- media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes).
- media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes).
- media: imon: make send_packet() more robust (stable-fixes).
- media: ov08x40: Fix the horizontal flip control (stable-fixes).
- media: redrat3: use int type to store negative error codes (stable-fixes).
- media: uvcvideo: Use heuristic to find stream entity (git-fixes).
- memstick: Add timeout to prevent indefinite waiting (stable-fixes).
- mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes).
- mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes).
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
- mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
- minixfs: Verify inode mode when loading from disk (git-fixes).
- mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes).
- mm/secretmem: fix use-after-free race in fault handler (git-fixes).
- mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes).
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes).
- mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes).
- mtdchar: fix integer overflow in read/write ioctls (git-fixes).
- net/mana: fix warning in the writer of client oob (git-fixes).
- net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779).
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes).
- net: phy: clear link parameters on admin link down (stable-fixes).
- net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes).
- net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes).
- net: tcp: send zero-window ACK when no memory (bsc#1253779).
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes).
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes).
- nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223).
- nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223).
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes).
- perf script: add --addr2line option (bsc#1247509).
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes).
- phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes).
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes).
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes).
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes).
- pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes).
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes).
- power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
- power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes).
- power: supply: sbs-charger: Support multiple devices (stable-fixes).
- regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes).
- rtc: rx8025: fix incorrect register reference (git-fixes).
- s390/mm,fault: simplify kfence fault handling (bsc#1247076).
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes).
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
- scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes).
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes).
- scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes).
- scsi: mpi3mr: Correctly handle ATA device errors (git-fixes).
- scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes).
- scsi: mpt3sas: Correctly handle ATA device errors (git-fixes).
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes).
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes).
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes).
- selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes).
- selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes).
- selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes).
- selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes).
- selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
- selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes).
- selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes).
- selftests/bpf: fix signedness bug in redir_partial() (git-fixes).
- serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes).
- serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes).
- soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes).
- soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
- soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes).
- spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
- spi: loopback-test: Don't use %pK through printk (stable-fixes).
- spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
- strparser: Fix signed/unsigned mismatch bug (git-fixes).
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705).
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes).
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes).
- tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes).
- tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes).
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes).
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes).
- tools: lib: thermal: don't preserve owner in install (stable-fixes).
- tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes).
- uio_hv_generic: Query the ringbuffer size for device (git-fixes).
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
- usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes).
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes).
- usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes).
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes).
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes).
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes).
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes).
- watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes).
- wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
- wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes).
- wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes).
- wifi: mac80211: Fix HE capabilities element check (stable-fixes).
- wifi: mac80211: reject address change while connecting (git-fixes).
- wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes).
- wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes).
- wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes).
- wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
- wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes).
- wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes).
- wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes).
- x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
- x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
- x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
- x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
- x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
- x86/bugs: Report correct retbleed mitigation status (git-fixes).
- x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
- xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes).
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes).
- xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes).
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes).
- xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4494-1
Released: Fri Dec 19 14:14:12 2025
Summary: Security update for libpng16
Type: security
Severity: important
References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:12-1
Released: Mon Jan 5 11:31:26 2026
Summary: Security update for xen
Type: security
Severity: important
References: 1027519,1248807,1251271,1252692,1254180,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148,CVE-2025-58149
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807).
- CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when
a synthetic timer message has to be delivered (bsc#1248807).
- CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping
of the reference TSC page (bsc#1248807).
- CVE-2025-58147: incorrect input sanitisation in Viridian hypercalls using the HV_VP_SET Sparse format can lead to
out-of-bounds write through `vpmask_set()` (bsc#1251271).
- CVE-2025-58148: incorrect input sanitisation in Viridian hypercalls using any input format can lead to out-of-bounds
read through `send_ipi()` (bsc#1251271).
- CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no
longer assigned to them (bsc#1252692).
Other issues fixed:
- Several upstream bug fixes (bsc#1027519).
- Failure to restart xenstored (bsc#1254180).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:18-1
Released: Mon Jan 5 11:52:25 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released: Mon Jan 5 13:45:08 2026
Summary: Security update for python3
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:36-1
Released: Tue Jan 6 11:22:39 2026
Summary: Security update for libpcap
Type: security
Severity: low
References: 1255765,CVE-2025-11961
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:48-1
Released: Wed Jan 7 09:08:18 2026
Summary: Recommended update for pciutils
Type: recommended
Severity: moderate
References: 1252338
This update for pciutils fixes the following issues:
- Add a strict dependency to libpci to prevent possible segfault (bsc#1252338)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:50-1
Released: Wed Jan 7 10:28:14 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:77-1
Released: Thu Jan 8 20:03:59 2026
Summary: Security update for curl
Type: security
Severity: moderate
References: 1256105,CVE-2025-14017
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:115-1
Released: Mon Jan 12 16:03:42 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1254666,CVE-2025-14104
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:215-1
Released: Thu Jan 22 13:10:16 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1255715,1256243,1256244,1256246,1256390,CVE-2025-68973
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix a memory leak in gpg2 agent (bsc#1256243).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:224-1
Released: Thu Jan 22 13:18:20 2026
Summary: Security update for libtasn1
Type: security
Severity: moderate
References: 1256341,CVE-2025-13151
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:234-1
Released: Thu Jan 22 13:24:43 2026
Summary: Security update for libpng16
Type: security
Severity: moderate
References: 1256525,1256526,CVE-2026-22695,CVE-2026-22801
This update for libpng16 fixes the following issues:
- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525)
- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:259-1
Released: Thu Jan 22 17:10:44 2026
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1256498,1256499,1256500,CVE-2025-68276,CVE-2025-68468,CVE-2025-68471
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:286-1
Released: Sat Jan 24 00:35:35 2026
Summary: Security update for glib2
Type: security
Severity: low
References: 1257049,CVE-2026-0988
This update for glib2 fixes the following issues:
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:293-1
Released: Mon Jan 26 12:36:40 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1065729,1194869,1214635,1214847,1215146,1215211,1215344,1216062,1216436,1219165,1220419,1223731,1234163,1245193,1245449,1246328,1247500,1248886,1249256,1250334,1252046,1252342,1252686,1252776,1252808,1252824,1252861,1252919,1252973,1253155,1253262,1253342,1253386,1253402,1253408,1253413,1253442,1253458,1253463,1253647,1254119,1254126,1254373,1254518,1254520,1254599,1254606,1254611,1254613,1254615,1254621,1254623,1254624,1254626,1254648,1254649,1254653,1254655,1254657,1254660,1254661,1254663,1254669,1254677,1254678,1254688,1254690,1254691,1254693,1254695,1254698,1254701,1254704,1254705,1254707,1254712,1254715,1254717,1254723,1254724,1254732,1254733,1254737,1254739,1254742,1254743,1254749,1254750,1254753,1254754,1254758,1254761,1254762,1254765,1254782,1254791,1254793,1254795,1254796,1254797,1254798,1254813,1254828,1254829,1254832,1254840,1254843,1254847,1254850,1254851,1254858,1254860,1254894,1254918,1254957,1254959,1254983,1255005,1255009,1255026,1255033,1255034,1
255035,1255041,1255046,1255057,1255062,1255064,1255065,1255068,1255072,1255075,1255077,1255083,1255092,1255094,1255100,1255122,1255135,1255146,1255149,1255152,1255154,1255155,1255163,1255167,1255169,1255171,1255182,1255187,1255190,1255193,1255197,1255199,1255202,1255203,1255206,1255209,1255218,1255221,1255233,1255245,1255246,1255251,1255252,1255253,1255259,1255274,1255276,1255279,1255280,1255281,1255325,1255329,1255351,1255415,1255480,1255483,1255489,1255493,1255495,1255505,1255538,1255540,1255545,1255549,1255550,1255553,1255557,1255558,1255563,1255564,1255570,1255578,1255579,1255580,1255583,1255591,1255601,1255603,1255605,1255611,1255616,1255617,1255618,1255621,1255628,1255629,1255630,1255632,1255636,1255688,1255691,1255702,1255704,1255706,1255722,1255758,1255759,1255760,1255763,1255769,1255770,1255772,1255774,1255775,1255776,1255780,1255785,1255786,1255789,1255790,1255792,1255793,1255795,1255798,1255800,1255801,1255806,1255807,1255809,1255810,1255812,1255814,1255820,1255838,125584
2,1255843,1255872,1255875,1255879,1255883,1255884,1255886,1255888,1255890,1255891,1255892,1255899,1255902,1255907,1255911,1255915,1255918,1255921,1255924,1255925,1255931,1255932,1255934,1255943,1255944,1255949,1255951,1255952,1255955,1255957,1255961,1255963,1255964,1255967,1255974,1255978,1255984,1255988,1255990,1255992,1255993,1255994,1255996,1256033,1256034,1256045,1256050,1256058,1256071,1256074,1256081,1256082,1256083,1256084,1256085,1256090,1256093,1256094,1256095,1256096,1256099,1256100,1256104,1256106,1256107,1256117,1256119,1256121,1256145,1256153,1256178,1256197,1256231,1256233,1256234,1256238,1256263,1256267,1256268,1256271,1256273,1256274,1256279,1256285,1256291,1256292,1256300,1256301,1256302,1256335,1256348,1256351,1256354,1256358,1256361,1256364,1256367,1256368,1256369,1256370,1256371,1256373,1256375,1256379,1256387,1256394,1256395,1256396,1256528,CVE-2023-42752,CVE-2023-53743,CVE-2023-53750,CVE-2023-53752,CVE-2023-53759,CVE-2023-53762,CVE-2023-53766,CVE-2023-53768,CVE
-2023-53777,CVE-2023-53778,CVE-2023-53782,CVE-2023-53784,CVE-2023-53785,CVE-2023-53787,CVE-2023-53791,CVE-2023-53792,CVE-2023-53793,CVE-2023-53794,CVE-2023-53795,CVE-2023-53797,CVE-2023-53799,CVE-2023-53807,CVE-2023-53808,CVE-2023-53813,CVE-2023-53815,CVE-2023-53819,CVE-2023-53821,CVE-2023-53823,CVE-2023-53825,CVE-2023-53828,CVE-2023-53831,CVE-2023-53834,CVE-2023-53836,CVE-2023-53839,CVE-2023-53841,CVE-2023-53842,CVE-2023-53843,CVE-2023-53844,CVE-2023-53846,CVE-2023-53847,CVE-2023-53848,CVE-2023-53850,CVE-2023-53851,CVE-2023-53852,CVE-2023-53855,CVE-2023-53856,CVE-2023-53857,CVE-2023-53858,CVE-2023-53860,CVE-2023-53861,CVE-2023-53863,CVE-2023-53864,CVE-2023-53865,CVE-2023-53989,CVE-2023-53992,CVE-2023-53994,CVE-2023-53995,CVE-2023-53996,CVE-2023-53997,CVE-2023-53998,CVE-2023-53999,CVE-2023-54000,CVE-2023-54001,CVE-2023-54005,CVE-2023-54006,CVE-2023-54008,CVE-2023-54014,CVE-2023-54016,CVE-2023-54017,CVE-2023-54019,CVE-2023-54022,CVE-2023-54023,CVE-2023-54025,CVE-2023-54026,CVE-2023-5
4027,CVE-2023-54030,CVE-2023-54031,CVE-2023-54032,CVE-2023-54035,CVE-2023-54037,CVE-2023-54038,CVE-2023-54042,CVE-2023-54045,CVE-2023-54048,CVE-2023-54049,CVE-2023-54051,CVE-2023-54052,CVE-2023-54060,CVE-2023-54064,CVE-2023-54066,CVE-2023-54067,CVE-2023-54069,CVE-2023-54070,CVE-2023-54072,CVE-2023-54076,CVE-2023-54080,CVE-2023-54081,CVE-2023-54083,CVE-2023-54088,CVE-2023-54089,CVE-2023-54091,CVE-2023-54092,CVE-2023-54093,CVE-2023-54094,CVE-2023-54095,CVE-2023-54096,CVE-2023-54099,CVE-2023-54101,CVE-2023-54104,CVE-2023-54106,CVE-2023-54112,CVE-2023-54113,CVE-2023-54115,CVE-2023-54117,CVE-2023-54121,CVE-2023-54125,CVE-2023-54127,CVE-2023-54133,CVE-2023-54134,CVE-2023-54135,CVE-2023-54136,CVE-2023-54137,CVE-2023-54140,CVE-2023-54141,CVE-2023-54142,CVE-2023-54143,CVE-2023-54145,CVE-2023-54148,CVE-2023-54149,CVE-2023-54153,CVE-2023-54154,CVE-2023-54155,CVE-2023-54156,CVE-2023-54164,CVE-2023-54166,CVE-2023-54169,CVE-2023-54170,CVE-2023-54171,CVE-2023-54172,CVE-2023-54173,CVE-2023-54177,CV
E-2023-54178,CVE-2023-54179,CVE-2023-54181,CVE-2023-54183,CVE-2023-54185,CVE-2023-54189,CVE-2023-54194,CVE-2023-54201,CVE-2023-54204,CVE-2023-54207,CVE-2023-54209,CVE-2023-54210,CVE-2023-54211,CVE-2023-54215,CVE-2023-54219,CVE-2023-54220,CVE-2023-54221,CVE-2023-54223,CVE-2023-54224,CVE-2023-54225,CVE-2023-54227,CVE-2023-54229,CVE-2023-54230,CVE-2023-54235,CVE-2023-54240,CVE-2023-54241,CVE-2023-54246,CVE-2023-54247,CVE-2023-54251,CVE-2023-54253,CVE-2023-54254,CVE-2023-54255,CVE-2023-54258,CVE-2023-54261,CVE-2023-54263,CVE-2023-54264,CVE-2023-54266,CVE-2023-54267,CVE-2023-54271,CVE-2023-54276,CVE-2023-54278,CVE-2023-54281,CVE-2023-54282,CVE-2023-54283,CVE-2023-54285,CVE-2023-54289,CVE-2023-54291,CVE-2023-54292,CVE-2023-54293,CVE-2023-54296,CVE-2023-54297,CVE-2023-54299,CVE-2023-54300,CVE-2023-54302,CVE-2023-54303,CVE-2023-54304,CVE-2023-54309,CVE-2023-54312,CVE-2023-54313,CVE-2023-54314,CVE-2023-54315,CVE-2023-54316,CVE-2023-54318,CVE-2023-54319,CVE-2023-54322,CVE-2023-54324,CVE-2023-
54326,CVE-2024-26944,CVE-2025-38321,CVE-2025-38728,CVE-2025-39890,CVE-2025-39977,CVE-2025-40006,CVE-2025-40024,CVE-2025-40033,CVE-2025-40042,CVE-2025-40053,CVE-2025-40081,CVE-2025-40102,CVE-2025-40134,CVE-2025-40135,CVE-2025-40153,CVE-2025-40158,CVE-2025-40167,CVE-2025-40170,CVE-2025-40178,CVE-2025-40179,CVE-2025-40187,CVE-2025-40211,CVE-2025-40215,CVE-2025-40219,CVE-2025-40220,CVE-2025-40223,CVE-2025-40233,CVE-2025-40242,CVE-2025-40244,CVE-2025-40256,CVE-2025-40258,CVE-2025-40262,CVE-2025-40263,CVE-2025-40269,CVE-2025-40272,CVE-2025-40273,CVE-2025-40275,CVE-2025-40277,CVE-2025-40280,CVE-2025-40282,CVE-2025-40283,CVE-2025-40284,CVE-2025-40288,CVE-2025-40297,CVE-2025-40301,CVE-2025-40304,CVE-2025-40306,CVE-2025-40308,CVE-2025-40309,CVE-2025-40310,CVE-2025-40311,CVE-2025-40312,CVE-2025-40314,CVE-2025-40315,CVE-2025-40316,CVE-2025-40317,CVE-2025-40318,CVE-2025-40320,CVE-2025-40321,CVE-2025-40322,CVE-2025-40323,CVE-2025-40324,CVE-2025-40328,CVE-2025-40329,CVE-2025-40331,CVE-2025-40342,C
VE-2025-40343,CVE-2025-40345,CVE-2025-40349,CVE-2025-40351,CVE-2025-68168,CVE-2025-68172,CVE-2025-68176,CVE-2025-68180,CVE-2025-68183,CVE-2025-68185,CVE-2025-68192,CVE-2025-68194,CVE-2025-68195,CVE-2025-68217,CVE-2025-68218,CVE-2025-68222,CVE-2025-68233,CVE-2025-68235,CVE-2025-68237,CVE-2025-68238,CVE-2025-68244,CVE-2025-68249,CVE-2025-68252,CVE-2025-68257,CVE-2025-68258,CVE-2025-68259,CVE-2025-68286,CVE-2025-68287,CVE-2025-68289,CVE-2025-68290,CVE-2025-68303,CVE-2025-68305,CVE-2025-68307,CVE-2025-68308,CVE-2025-68312,CVE-2025-68313,CVE-2025-68328,CVE-2025-68330,CVE-2025-68331,CVE-2025-68332,CVE-2025-68335,CVE-2025-68339,CVE-2025-68345,CVE-2025-68346,CVE-2025-68347,CVE-2025-68354,CVE-2025-68362,CVE-2025-68380,CVE-2025-68724,CVE-2025-68732,CVE-2025-68734,CVE-2025-68740,CVE-2025-68746,CVE-2025-68750,CVE-2025-68753,CVE-2025-68757,CVE-2025-68758,CVE-2025-68759,CVE-2025-68765,CVE-2025-68766
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).
- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
- CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (bsc#1250334).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
- CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
- CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).
- CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).
- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
- CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).
- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).
- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
- CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).
- CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).
- CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).
The following non security issues were fixed:
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes).
- ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes).
- ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes).
- ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes).
- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes).
- ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes).
- ALSA: uapi: Fix typo in asound.h comment (git-fixes).
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes).
- ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes).
- ASoC: ak4458: Disable regulator when error happens (git-fixes).
- ASoC: ak5558: Disable regulator when error happens (git-fixes).
- ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes).
- ASoC: fsl_xcvr: clear the channel status control memory (git-fixes).
- ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes).
- ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes).
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: stm32: sai: fix OF node leak on probe (git-fixes).
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes).
- ASoC: stm32: sai: fix device leak on probe (git-fixes).
- Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes).
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes).
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes).
- Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes).
- Documentation: hid-alps: Fix packet format section headings (git-fixes).
- Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes).
- HID: logitech-dj: Remove duplicate error logging (git-fixes).
- HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes).
- Input: cros_ec_keyb - fix an invalid memory access (stable-fixes).
- Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes).
- Input: goodix - add support for ACPI ID GDX9110 (stable-fixes).
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes).
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes).
- PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes).
- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes).
- Revert 'mtd: rawnand: marvell: fix layouts' (git-fixes).
- USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes).
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes).
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: option: add Quectel RG255C (stable-fixes).
- USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes).
- USB: serial: option: add UNISOC UIS7720 (stable-fixes).
- USB: serial: option: add support for Rolling RW101R-GL (stable-fixes).
- USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes).
- arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes).
- arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes).
- atm/fore200e: Fix possible data race in fore200e_open() (git-fixes).
- atm: idt77252: Add missing `dma_map_error()` (stable-fixes).
- backlight: led-bl: Add devlink to supplier LEDs (git-fixes).
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes).
- bs-upload-kernel: Fix cve branch uploads.
- btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes).
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes).
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes).
- can: sja1000: fix max irq loop handling (git-fixes).
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes).
- cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449).
- cifs: after disabling multichannel, mark tcon for reconnect (git-fixes).
- cifs: avoid redundant calls to disable multichannel (git-fixes).
- cifs: cifs_pick_channel should try selecting active channels (git-fixes).
- cifs: deal with the channel loading lag while picking channels (git-fixes).
- cifs: dns resolution is needed only for primary channel (git-fixes).
- cifs: do not disable interface polling on failure (git-fixes).
- cifs: do not search for channel if server is terminating (git-fixes).
- cifs: fix a pending undercount of srv_count (git-fixes).
- cifs: fix lock ordering while disabling multichannel (git-fixes).
- cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes).
- cifs: fix use after free for iface while disabling secondary channels (git-fixes).
- cifs: handle servers that still advertise multichannel after disabling (git-fixes).
- cifs: handle when server starts supporting multichannel (git-fixes).
- cifs: handle when server stops supporting multichannel (git-fixes).
- cifs: make cifs_chan_update_iface() a void function (git-fixes).
- cifs: make sure server interfaces are requested only for SMB3+ (git-fixes).
- cifs: make sure that channel scaling is done only once (git-fixes).
- cifs: reconnect worker should take reference on server struct unconditionally (git-fixes).
- cifs: reset connections for all channels when reconnect requested (git-fixes).
- cifs: reset iface weights when we cannot find a candidate (git-fixes).
- cifs: serialize other channels when query server interfaces is pending (git-fixes).
- cifs: update dstaddr whenever channel iface is updated (git-fixes).
- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes).
- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes).
- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes).
- clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes).
- comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes).
- comedi: check device's attached status in compat ioctls (git-fixes).
- comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes).
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes).
- cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes).
- cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes).
- crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes).
- crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes).
- crypto: hisilicon/qm - restore original qos values (git-fixes).
- crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes).
- crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes).
- dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes).
- dm-verity: fix unreliable memory allocation (git-fixes).
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386).
- drivers/usb/dwc3: fix PCI parent check (git-fixes).
- drm/amd/display: Check NULL before accessing (stable-fixes).
- drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes).
- drm/amd/display: Increase DPCD read retries (stable-fixes).
- drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes).
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes).
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes).
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes).
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes).
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes).
- drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes).
- drm/mgag200: Fix big-endian support (git-fixes).
- drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes).
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes).
- drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes).
- drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes).
- drm/nouveau: restrict the flush page to a 32-bit address (git-fixes).
- drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes).
- drm/vgem-fence: Fix potential deadlock on release (git-fixes).
- drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes).
- drm: sti: fix device leaks at component probe (git-fixes).
- efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes).
- efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes).
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes).
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes).
- fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes).
- firmware: imx: scu-irq: fix OF node leak in (git-fixes).
- firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes).
- firmware: stratix10-svc: fix bug in saving controller data (git-fixes).
- firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes).
- gpu: host1x: Fix race in syncpt alloc/free (git-fixes).
- hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes).
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes).
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes).
- hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes).
- i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes).
- i2c: i2c.h: fix a bad kernel-doc line (git-fixes).
- i3c: master: svc: Prevent incomplete IBI transaction (git-fixes).
- iio: accel: bmc150: Fix irq assumption regression (stable-fixes).
- iio: accel: fix ADXL355 startup race condition (git-fixes).
- iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes).
- iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes).
- iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes).
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes).
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes).
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes).
- ima: Handle error code returned by ima_filter_rule_match() (git-fixes).
- intel_th: Fix error handling in intel_th_output_open (git-fixes).
- ipmi: Fix handling of messages with provided receive message pointer (git-fixes).
- ipmi: Rework user message limit handling (git-fixes).
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes).
- kconfig/mconf: Initialize the default locale at startup (stable-fixes).
- kconfig/nconf: Initialize the default locale at startup (stable-fixes).
- leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes).
- leds: leds-lp50xx: Enable chip before any communication (git-fixes).
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes).
- leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes).
- lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes).
- mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes).
- media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes).
- media: amphion: Cancel message work before releasing the VPU core (git-fixes).
- media: atomisp: Prefix firmware paths with 'intel/ipu/' (bsc#1252973).
- media: atomisp: Remove firmware_name module parameter (bsc#1252973).
- media: cec: Fix debugfs leak on bus_register() failure (git-fixes).
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes).
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes).
- media: pvrusb2: Fix incorrect variable used in trace message (git-fixes).
- media: rc: st_rc: Fix reset control resource leak (git-fixes).
- media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes).
- media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes).
- media: v4l2-mem2mem: Fix outdated documentation (git-fixes).
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes).
- media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes).
- media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes).
- media: vpif_capture: fix section mismatch (git-fixes).
- media: vpif_display: fix section mismatch (git-fixes).
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes).
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes).
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes).
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes).
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes).
- most: usb: fix double free on late probe failure (git-fixes).
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes).
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes).
- mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes).
- mtd: nand: relax ECC parameter validation check (git-fixes).
- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes).
- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes).
- net: phy: adin1100: Fix software power-down ready condition (git-fixes).
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes).
- net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes).
- nvme: Use non zero KATO for persistent discovery connections (git-fixes).
- orangefs: fix xattr related buffer overflow.. (git-fixes).
- phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes).
- pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes).
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes).
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes).
- platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes).
- platform/x86: intel: punit_ipc: fix memory corruption (git-fixes).
- power: supply: apm_power: only unset own apm_get_power_status (git-fixes).
- power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes).
- power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes).
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187).
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029).
- pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes).
- regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes).
- regulator: core: disable supply if enabling main regulator fails (git-fixes).
- rpmsg: glink: fix rpmsg device leak (git-fixes).
- rtc: gamecube: Check the return value of ioremap() (git-fixes).
- scripts: teaapi: Add paging.
- scrits: teaapi: Add list_repos.
- scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
- serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes).
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes).
- smb3: add missing null server pointer check (git-fixes).
- smb: client: fix cifs_pick_channel when channel needs reconnect (git-fixes).
- smb: client: fix warning when reconnecting channel (git-fixes).
- smb: client: introduce close_cached_dir_locked() (git-fixes).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- soc: amlogic: canvas: fix device leak on lookup (git-fixes).
- soc: qcom: ocmem: fix device leak on lookup (git-fixes).
- soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes).
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes).
- spi: bcm63xx: drop wrong casts in probe() (git-fixes).
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes).
- spi: tegra210-qspi: Remove cache operations (git-fixes).
- spi: tegra210-quad: Add support for internal DMA (git-fixes).
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155).
- spi: tegra210-quad: Fix timeout handling (bsc#1253155).
- spi: tegra210-quad: Fix timeout handling (git-fixes).
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155).
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes).
- staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes).
- thunderbolt: Add support for Intel Wildcat Lake (stable-fixes).
- tracing: Fix access to trace_event_file (bsc#1254373).
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes).
- usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes).
- usb: chaoskey: fix locking for O_NONBLOCK (git-fixes).
- usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes).
- usb: dwc2: fix hang during suspend if set as peripheral (git-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes).
- usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes).
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes).
- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes).
- usb: phy: Initialize struct usb_phy list_head (git-fixes).
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes).
- usb: raw-gadget: do not limit transfer length (git-fixes).
- usb: storage: Fix memory leak in USB bulk transport (git-fixes).
- usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes).
- usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes).
- usb: udc: Add trace event for usb_gadget_set_state (stable-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).
- watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes).
- wifi: ath11k: fix peer HE MCS assignment (git-fixes).
- wifi: ath11k: restore register window after global reset (git-fixes).
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes).
- wifi: ieee80211: correct FILS status codes (git-fixes).
- wifi: mac80211: fix CMAC functions not handling errors (git-fixes).
- wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes).
- wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes).
- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes).
- x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes).
- x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).
- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528).
- x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528).
- x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528).
- x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528).
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528).
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528).
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528).
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528).
- x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528).
- x86/microcode/AMD: Select which microcode patch to load (bsc#1256528).
- x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528).
- x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528).
- xhci: dbgtty: fix device unregister (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:306-1
Released: Tue Jan 27 17:15:18 2026
Summary: Security update for xen
Type: security
Severity: moderate
References: 1256745,1256747,CVE-2025-58150,CVE-2026-23553
This update for xen fixes the following issues:
- CVE-2025-58150: Fixed buffer overrun with shadow paging and
tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation
(XSA-479) (bsc#1256747)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:312-1
Released: Wed Jan 28 10:37:55 2026
Summary: Security update for openssl-3
Type: security
Severity: critical
References: 1256830,1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-15467,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:324-1
Released: Wed Jan 28 15:53:56 2026
Summary: Recommended update for supportutils
Type: recommended
Severity: important
References: 1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425
This update for supportutils fixes the following issues:
- Changes to version 3.2.12
* Optimized lsof usage and honors OPTION_OFILES (bsc#1232351)
* Run in containers without errors (bsc#1245667)
* Removed pmap PID from memory.txt (bsc#1246011)
* Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025)
* Improved database perforce with kGraft patching (bsc#1249657)
* Using last boot for journalctl for optimization (bsc#1250224)
* Fixed extraction failures (bsc#1252318)
* Update supportconfig.conf path in docs (bsc#1254425)
* drm_sub_info: Catch error when dir doesn't exist
* Replace remaining `egrep` with `grep -E`
* Add process affinity to slert logs
* Reintroduce cgroup statistics (and v2)
* Minor changes to basic-health-check: improve information level
* Collect important machine health counters
* powerpc: collect hot-pluggable PCI and PHB slots
* podman: collect podman disk usage
* Exclude binary files in crondir
* kexec/kdump: collect everything under /sys/kernel/kexec dir
* Use short-iso for journalctl
- Changes to version 3.2.11
* Collect rsyslog frule files (bsc#1244003)
* Remove proxy passwords (bsc#1244011)
* Missing NetworkManager information (bsc#1241284)
* Include agama logs bsc#1244937)
* Additional NFS conf files
* New fadump sysfs files
* Fixed change log dates
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:346-1
Released: Fri Jan 30 10:01:27 2026
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1256834,1256835,1256836,1256837,1256838,1256839,1256840,CVE-2025-68160,CVE-2025-69418,CVE-2025-69419,CVE-2025-69420,CVE-2025-69421,CVE-2026-22795,CVE-2026-22796
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:364-1
Released: Tue Feb 3 10:50:53 2026
Summary: Security update for libpng16
Type: security
Severity: moderate
References: 1257364,1257365,CVE-2025-28162,CVE-2025-28164
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:371-1
Released: Tue Feb 3 19:08:49 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1256437,1256766,1256822,1257005,CVE-2025-15281,CVE-2026-0861,CVE-2026-0915
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256437).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:373-1
Released: Wed Feb 4 03:50:41 2026
Summary: Security update for glib2
Type: security
Severity: important
References: 1257353,1257354,1257355,CVE-2026-1484,CVE-2026-1485,CVE-2026-1489
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:391-1
Released: Thu Feb 5 15:23:42 2026
Summary: Security update for libxml2
Type: security
Severity: low
References: 1256805,CVE-2026-0989
This update for libxml2 fixes the following issues:
- CVE-2026-0989: Fixed call stack exhaustion leading to application
crash due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256805)
The following package changes have been done:
- curl-8.14.1-150600.4.37.1 updated
- glib2-tools-2.78.6-150600.4.35.1 updated
- glibc-locale-base-2.38-150600.14.40.1 updated
- glibc-locale-2.38-150600.14.40.1 updated
- glibc-2.38-150600.14.40.1 updated
- gpg2-2.4.4-150600.3.12.1 updated
- iptables-1.8.7-1.1 added
- kernel-default-6.4.0-150600.23.84.1 updated
- libavahi-client3-0.8-150600.15.12.1 updated
- libavahi-common3-0.8-150600.15.12.1 updated
- libblkid1-2.39.3-150600.4.15.1 updated
- libcurl4-8.14.1-150600.4.37.1 updated
- libdevmapper1_03-2.03.22_1.02.196-150600.3.9.3 updated
- libfdisk1-2.39.3-150600.4.15.1 updated
- libgio-2_0-0-2.78.6-150600.4.35.1 updated
- libglib-2_0-0-2.78.6-150600.4.35.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.35.1 updated
- libgobject-2_0-0-2.78.6-150600.4.35.1 updated
- libip6tc2-1.8.7-1.1 added
- libmount1-2.39.3-150600.4.15.1 updated
- libnftnl11-1.2.0-150400.1.6 added
- libopenssl1_1-1.1.1w-150600.5.21.1 updated
- libopenssl3-3.1.4-150600.5.42.1 updated
- libpcap1-1.10.4-150600.3.9.1 updated
- libpci3-3.13.0-150300.13.12.1 updated
- libpng16-16-1.6.40-150600.3.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.103.1 updated
- libsmartcols1-2.39.3-150600.4.15.1 updated
- libtasn1-6-4.13-150000.4.14.1 updated
- libtasn1-4.13-150000.4.14.1 updated
- libuuid1-2.39.3-150600.4.15.1 updated
- libxml2-2-2.10.3-150500.5.35.1 updated
- openssl-3-3.1.4-150600.5.42.1 updated
- pciutils-3.13.0-150300.13.12.1 updated
- python3-base-3.6.15-150300.10.103.1 updated
- sles-release-15.6-150600.64.12.1 updated
- supportutils-3.2.12.2-150600.3.9.1 updated
- suse-module-tools-15.6.13-150600.3.14.2 updated
- util-linux-systemd-2.39.3-150600.4.15.1 updated
- util-linux-2.39.3-150600.4.15.1 updated
- xen-libs-4.18.5_10-150600.3.37.1 updated
- xtables-plugins-1.8.7-1.1 added
- iproute2-6.4-150600.7.9.1 removed
- libbpf1-1.2.2-150600.3.6.2 removed
More information about the sle-container-updates
mailing list