SUSE-IU-2026:1159-1: Security update of suse/sl-micro/6.0/base-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Feb 25 08:10:25 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1159-1
Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.95 , suse/sl-micro/6.0/base-os-container:latest
Image Release : 7.95
Severity : important
Type : security
References : 1012628 1065729 1194869 1205462 1214285 1214635 1214847 1215146
1215199 1215211 1215344 1216062 1216436 1219165 1220419 1223731
1223800 1228490 1232223 1233563 1234163 1234842 1237888 1241437
1242909 1243474 1243677 1243678 1245193 1245193 1245449 1246184
1246328 1246447 1247030 1247076 1247079 1247500 1247500 1247509
1247712 1248211 1248886 1249256 1249307 1249547 1249912 1249982
1250032 1250082 1250176 1250237 1250252 1250334 1250388 1250705
1250705 1250748 1251120 1251786 1252046 1252063 1252267 1252303
1252342 1252353 1252511 1252681 1252686 1252712 1252763 1252773
1252776 1252780 1252794 1252795 1252808 1252809 1252817 1252821
1252824 1252836 1252845 1252861 1252862 1252891 1252900 1252912
1252917 1252919 1252928 1252973 1253018 1253087 1253155 1253176
1253262 1253275 1253318 1253324 1253342 1253349 1253352 1253355
1253360 1253362 1253363 1253365 1253367 1253369 1253386 1253393
1253395 1253400 1253402 1253403 1253407 1253408 1253409 1253412
1253413 1253416 1253421 1253423 1253424 1253425 1253427 1253428
1253431 1253436 1253438 1253440 1253441 1253442 1253445 1253448
1253449 1253451 1253453 1253456 1253458 1253463 1253472 1253623
1253647 1253739 1253779 1254119 1254126 1254244 1254373 1254378
1254447 1254465 1254510 1254518 1254520 1254599 1254606 1254611
1254613 1254615 1254621 1254623 1254624 1254626 1254648 1254649
1254653 1254655 1254657 1254660 1254661 1254663 1254669 1254677
1254678 1254688 1254690 1254691 1254693 1254695 1254698 1254701
1254704 1254705 1254707 1254712 1254715 1254717 1254723 1254724
1254732 1254733 1254737 1254739 1254742 1254743 1254749 1254750
1254753 1254754 1254758 1254761 1254762 1254765 1254767 1254782
1254791 1254793 1254794 1254795 1254796 1254797 1254798 1254813
1254815 1254825 1254828 1254829 1254830 1254832 1254835 1254839
1254840 1254842 1254843 1254845 1254846 1254847 1254849 1254850
1254851 1254852 1254854 1254856 1254858 1254860 1254864 1254869
1254871 1254894 1254918 1254957 1254959 1254983 1255005 1255009
1255025 1255026 1255030 1255033 1255034 1255035 1255039 1255041
1255042 1255046 1255057 1255062 1255064 1255065 1255068 1255072
1255075 1255077 1255081 1255082 1255083 1255092 1255094 1255095
1255100 1255102 1255120 1255122 1255128 1255131 1255134 1255135
1255136 1255138 1255140 1255142 1255146 1255149 1255152 1255154
1255155 1255157 1255163 1255164 1255167 1255169 1255171 1255172
1255175 1255179 1255182 1255187 1255190 1255193 1255197 1255199
1255202 1255203 1255206 1255209 1255216 1255218 1255221 1255224
1255227 1255230 1255233 1255241 1255245 1255246 1255251 1255252
1255253 1255255 1255259 1255260 1255261 1255262 1255266 1255268
1255269 1255272 1255273 1255274 1255276 1255279 1255280 1255281
1255297 1255318 1255325 1255327 1255329 1255351 1255377 1255380
1255395 1255401 1255403 1255415 1255417 1255428 1255480 1255482
1255483 1255488 1255489 1255493 1255495 1255505 1255507 1255537
1255538 1255539 1255540 1255544 1255545 1255547 1255548 1255549
1255550 1255552 1255553 1255557 1255558 1255563 1255564 1255567
1255568 1255569 1255570 1255578 1255579 1255580 1255583 1255591
1255601 1255603 1255605 1255611 1255614 1255615 1255616 1255617
1255618 1255621 1255622 1255628 1255629 1255630 1255632 1255636
1255688 1255691 1255695 1255702 1255704 1255706 1255707 1255709
1255722 1255758 1255759 1255760 1255763 1255769 1255770 1255772
1255774 1255775 1255776 1255780 1255785 1255786 1255789 1255790
1255792 1255793 1255795 1255798 1255800 1255801 1255806 1255807
1255809 1255810 1255812 1255814 1255820 1255838 1255842 1255843
1255872 1255875 1255879 1255883 1255884 1255886 1255888 1255890
1255891 1255892 1255899 1255902 1255907 1255911 1255915 1255918
1255921 1255924 1255925 1255930 1255931 1255932 1255934 1255943
1255944 1255949 1255951 1255952 1255955 1255957 1255961 1255963
1255964 1255967 1255974 1255978 1255984 1255988 1255990 1255992
1255993 1255994 1255996 1256033 1256034 1256045 1256050 1256058
1256071 1256074 1256081 1256082 1256083 1256084 1256085 1256090
1256093 1256094 1256095 1256096 1256099 1256100 1256104 1256106
1256107 1256117 1256119 1256121 1256145 1256153 1256178 1256197
1256231 1256233 1256234 1256238 1256263 1256267 1256268 1256271
1256273 1256274 1256279 1256280 1256285 1256291 1256292 1256300
1256301 1256302 1256335 1256348 1256351 1256354 1256358 1256361
1256364 1256366 1256367 1256368 1256369 1256370 1256371 1256373
1256375 1256379 1256387 1256394 1256395 1256396 1256528 1256579
1256582 1256584 1256586 1256591 1256593 1256597 1256605 1256606
1256607 1256609 1256610 1256611 1256612 1256613 1256616 1256617
1256619 1256622 1256623 1256625 1256628 1256630 1256638 1256641
1256645 1256646 1256650 1256651 1256653 1256654 1256655 1256659
1256660 1256664 1256665 1256674 1256680 1256682 1256688 1256689
1256726 1256728 1256730 1256733 1256737 1256741 1256742 1256744
1256752 1256754 1256757 1256759 1256760 1256761 1256763 1256770
1256773 1256774 1256777 1256779 1256781 1256785 1256792 1256861
1256863 1257035 1257053 1257154 1257155 1257158 1257163 1257164
1257180 1257202 1257204 1257207 1257208 1257215 1257217 1257218
1257220 1257221 1257227 1257232 1257234 1257236 1257245 1257277
1257282 1257296 1257332 1257473 1257603 CVE-2022-50253 CVE-2023-42752
CVE-2023-53676 CVE-2023-53714 CVE-2023-53743 CVE-2023-53750 CVE-2023-53752
CVE-2023-53759 CVE-2023-53762 CVE-2023-53766 CVE-2023-53768 CVE-2023-53777
CVE-2023-53778 CVE-2023-53782 CVE-2023-53784 CVE-2023-53785 CVE-2023-53787
CVE-2023-53791 CVE-2023-53792 CVE-2023-53793 CVE-2023-53794 CVE-2023-53795
CVE-2023-53797 CVE-2023-53799 CVE-2023-53807 CVE-2023-53808 CVE-2023-53813
CVE-2023-53815 CVE-2023-53819 CVE-2023-53821 CVE-2023-53823 CVE-2023-53825
CVE-2023-53828 CVE-2023-53831 CVE-2023-53834 CVE-2023-53836 CVE-2023-53839
CVE-2023-53841 CVE-2023-53842 CVE-2023-53843 CVE-2023-53844 CVE-2023-53846
CVE-2023-53847 CVE-2023-53848 CVE-2023-53850 CVE-2023-53851 CVE-2023-53852
CVE-2023-53855 CVE-2023-53856 CVE-2023-53857 CVE-2023-53858 CVE-2023-53860
CVE-2023-53861 CVE-2023-53863 CVE-2023-53864 CVE-2023-53865 CVE-2023-53989
CVE-2023-53992 CVE-2023-53994 CVE-2023-53995 CVE-2023-53996 CVE-2023-53997
CVE-2023-53998 CVE-2023-53999 CVE-2023-54000 CVE-2023-54001 CVE-2023-54005
CVE-2023-54006 CVE-2023-54008 CVE-2023-54013 CVE-2023-54014 CVE-2023-54016
CVE-2023-54017 CVE-2023-54019 CVE-2023-54022 CVE-2023-54023 CVE-2023-54025
CVE-2023-54026 CVE-2023-54027 CVE-2023-54030 CVE-2023-54031 CVE-2023-54032
CVE-2023-54035 CVE-2023-54037 CVE-2023-54038 CVE-2023-54042 CVE-2023-54045
CVE-2023-54048 CVE-2023-54049 CVE-2023-54051 CVE-2023-54052 CVE-2023-54060
CVE-2023-54064 CVE-2023-54066 CVE-2023-54067 CVE-2023-54069 CVE-2023-54070
CVE-2023-54072 CVE-2023-54076 CVE-2023-54080 CVE-2023-54081 CVE-2023-54083
CVE-2023-54088 CVE-2023-54089 CVE-2023-54091 CVE-2023-54092 CVE-2023-54093
CVE-2023-54094 CVE-2023-54095 CVE-2023-54096 CVE-2023-54099 CVE-2023-54101
CVE-2023-54104 CVE-2023-54106 CVE-2023-54112 CVE-2023-54113 CVE-2023-54115
CVE-2023-54117 CVE-2023-54121 CVE-2023-54125 CVE-2023-54127 CVE-2023-54133
CVE-2023-54134 CVE-2023-54135 CVE-2023-54136 CVE-2023-54137 CVE-2023-54140
CVE-2023-54141 CVE-2023-54142 CVE-2023-54143 CVE-2023-54145 CVE-2023-54148
CVE-2023-54149 CVE-2023-54153 CVE-2023-54154 CVE-2023-54155 CVE-2023-54156
CVE-2023-54164 CVE-2023-54166 CVE-2023-54169 CVE-2023-54170 CVE-2023-54171
CVE-2023-54172 CVE-2023-54173 CVE-2023-54177 CVE-2023-54178 CVE-2023-54179
CVE-2023-54181 CVE-2023-54183 CVE-2023-54185 CVE-2023-54189 CVE-2023-54194
CVE-2023-54201 CVE-2023-54204 CVE-2023-54207 CVE-2023-54209 CVE-2023-54210
CVE-2023-54211 CVE-2023-54215 CVE-2023-54219 CVE-2023-54220 CVE-2023-54221
CVE-2023-54223 CVE-2023-54224 CVE-2023-54225 CVE-2023-54227 CVE-2023-54229
CVE-2023-54230 CVE-2023-54235 CVE-2023-54240 CVE-2023-54241 CVE-2023-54246
CVE-2023-54247 CVE-2023-54251 CVE-2023-54253 CVE-2023-54254 CVE-2023-54255
CVE-2023-54258 CVE-2023-54261 CVE-2023-54263 CVE-2023-54264 CVE-2023-54266
CVE-2023-54267 CVE-2023-54271 CVE-2023-54276 CVE-2023-54278 CVE-2023-54281
CVE-2023-54282 CVE-2023-54283 CVE-2023-54285 CVE-2023-54289 CVE-2023-54291
CVE-2023-54292 CVE-2023-54293 CVE-2023-54296 CVE-2023-54297 CVE-2023-54299
CVE-2023-54300 CVE-2023-54302 CVE-2023-54303 CVE-2023-54304 CVE-2023-54309
CVE-2023-54312 CVE-2023-54313 CVE-2023-54314 CVE-2023-54315 CVE-2023-54316
CVE-2023-54318 CVE-2023-54319 CVE-2023-54322 CVE-2023-54324 CVE-2023-54326
CVE-2024-26944 CVE-2024-27005 CVE-2024-42103 CVE-2024-53070 CVE-2024-53149
CVE-2025-21710 CVE-2025-22047 CVE-2025-37813 CVE-2025-37916 CVE-2025-38243
CVE-2025-38321 CVE-2025-38322 CVE-2025-38359 CVE-2025-38361 CVE-2025-38379
CVE-2025-38539 CVE-2025-38728 CVE-2025-39689 CVE-2025-39788 CVE-2025-39805
CVE-2025-39813 CVE-2025-39819 CVE-2025-39829 CVE-2025-39859 CVE-2025-39880
CVE-2025-39890 CVE-2025-39913 CVE-2025-39944 CVE-2025-39977 CVE-2025-39980
CVE-2025-40001 CVE-2025-40006 CVE-2025-40021 CVE-2025-40024 CVE-2025-40027
CVE-2025-40030 CVE-2025-40033 CVE-2025-40038 CVE-2025-40040 CVE-2025-40042
CVE-2025-40048 CVE-2025-40053 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064
CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40081 CVE-2025-40083
CVE-2025-40097 CVE-2025-40098 CVE-2025-40102 CVE-2025-40105 CVE-2025-40106
CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115
CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40123
CVE-2025-40127 CVE-2025-40129 CVE-2025-40134 CVE-2025-40135 CVE-2025-40139
CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40153 CVE-2025-40154
CVE-2025-40156 CVE-2025-40157 CVE-2025-40158 CVE-2025-40159 CVE-2025-40160
CVE-2025-40164 CVE-2025-40167 CVE-2025-40168 CVE-2025-40169 CVE-2025-40170
CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40178
CVE-2025-40179 CVE-2025-40180 CVE-2025-40183 CVE-2025-40186 CVE-2025-40187
CVE-2025-40188 CVE-2025-40190 CVE-2025-40194 CVE-2025-40198 CVE-2025-40200
CVE-2025-40202 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207
CVE-2025-40211 CVE-2025-40215 CVE-2025-40219 CVE-2025-40220 CVE-2025-40223
CVE-2025-40231 CVE-2025-40233 CVE-2025-40238 CVE-2025-40240 CVE-2025-40242
CVE-2025-40244 CVE-2025-40248 CVE-2025-40250 CVE-2025-40251 CVE-2025-40252
CVE-2025-40254 CVE-2025-40256 CVE-2025-40257 CVE-2025-40258 CVE-2025-40259
CVE-2025-40261 CVE-2025-40262 CVE-2025-40263 CVE-2025-40264 CVE-2025-40268
CVE-2025-40269 CVE-2025-40271 CVE-2025-40272 CVE-2025-40273 CVE-2025-40274
CVE-2025-40275 CVE-2025-40277 CVE-2025-40278 CVE-2025-40279 CVE-2025-40280
CVE-2025-40282 CVE-2025-40283 CVE-2025-40284 CVE-2025-40287 CVE-2025-40288
CVE-2025-40289 CVE-2025-40292 CVE-2025-40293 CVE-2025-40297 CVE-2025-40301
CVE-2025-40304 CVE-2025-40306 CVE-2025-40307 CVE-2025-40308 CVE-2025-40309
CVE-2025-40310 CVE-2025-40311 CVE-2025-40312 CVE-2025-40314 CVE-2025-40315
CVE-2025-40316 CVE-2025-40317 CVE-2025-40318 CVE-2025-40319 CVE-2025-40320
CVE-2025-40321 CVE-2025-40322 CVE-2025-40323 CVE-2025-40324 CVE-2025-40328
CVE-2025-40329 CVE-2025-40331 CVE-2025-40337 CVE-2025-40338 CVE-2025-40339
CVE-2025-40342 CVE-2025-40343 CVE-2025-40345 CVE-2025-40346 CVE-2025-40347
CVE-2025-40349 CVE-2025-40350 CVE-2025-40351 CVE-2025-40355 CVE-2025-40360
CVE-2025-40363 CVE-2025-68168 CVE-2025-68171 CVE-2025-68172 CVE-2025-68174
CVE-2025-68176 CVE-2025-68178 CVE-2025-68180 CVE-2025-68183 CVE-2025-68185
CVE-2025-68188 CVE-2025-68190 CVE-2025-68192 CVE-2025-68194 CVE-2025-68195
CVE-2025-68200 CVE-2025-68201 CVE-2025-68204 CVE-2025-68206 CVE-2025-68208
CVE-2025-68209 CVE-2025-68217 CVE-2025-68218 CVE-2025-68222 CVE-2025-68227
CVE-2025-68230 CVE-2025-68233 CVE-2025-68235 CVE-2025-68237 CVE-2025-68238
CVE-2025-68239 CVE-2025-68241 CVE-2025-68244 CVE-2025-68245 CVE-2025-68249
CVE-2025-68252 CVE-2025-68254 CVE-2025-68255 CVE-2025-68256 CVE-2025-68257
CVE-2025-68258 CVE-2025-68259 CVE-2025-68261 CVE-2025-68264 CVE-2025-68284
CVE-2025-68285 CVE-2025-68286 CVE-2025-68287 CVE-2025-68289 CVE-2025-68290
CVE-2025-68296 CVE-2025-68297 CVE-2025-68301 CVE-2025-68303 CVE-2025-68305
CVE-2025-68307 CVE-2025-68308 CVE-2025-68312 CVE-2025-68313 CVE-2025-68320
CVE-2025-68325 CVE-2025-68327 CVE-2025-68328 CVE-2025-68330 CVE-2025-68331
CVE-2025-68332 CVE-2025-68335 CVE-2025-68337 CVE-2025-68339 CVE-2025-68340
CVE-2025-68345 CVE-2025-68346 CVE-2025-68347 CVE-2025-68349 CVE-2025-68351
CVE-2025-68354 CVE-2025-68362 CVE-2025-68363 CVE-2025-68365 CVE-2025-68366
CVE-2025-68367 CVE-2025-68372 CVE-2025-68378 CVE-2025-68379 CVE-2025-68380
CVE-2025-68724 CVE-2025-68725 CVE-2025-68727 CVE-2025-68728 CVE-2025-68732
CVE-2025-68733 CVE-2025-68734 CVE-2025-68740 CVE-2025-68742 CVE-2025-68744
CVE-2025-68746 CVE-2025-68750 CVE-2025-68753 CVE-2025-68757 CVE-2025-68758
CVE-2025-68759 CVE-2025-68764 CVE-2025-68765 CVE-2025-68766 CVE-2025-68768
CVE-2025-68770 CVE-2025-68771 CVE-2025-68773 CVE-2025-68775 CVE-2025-68776
CVE-2025-68777 CVE-2025-68783 CVE-2025-68788 CVE-2025-68789 CVE-2025-68795
CVE-2025-68797 CVE-2025-68798 CVE-2025-68800 CVE-2025-68801 CVE-2025-68803
CVE-2025-68804 CVE-2025-68808 CVE-2025-68813 CVE-2025-68814 CVE-2025-68815
CVE-2025-68816 CVE-2025-68819 CVE-2025-68820 CVE-2025-71064 CVE-2025-71066
CVE-2025-71077 CVE-2025-71078 CVE-2025-71079 CVE-2025-71081 CVE-2025-71082
CVE-2025-71083 CVE-2025-71084 CVE-2025-71085 CVE-2025-71086 CVE-2025-71087
CVE-2025-71088 CVE-2025-71089 CVE-2025-71091 CVE-2025-71093 CVE-2025-71094
CVE-2025-71095 CVE-2025-71096 CVE-2025-71097 CVE-2025-71098 CVE-2025-71100
CVE-2025-71108 CVE-2025-71111 CVE-2025-71112 CVE-2025-71114 CVE-2025-71116
CVE-2025-71118 CVE-2025-71119 CVE-2025-71120 CVE-2025-71123 CVE-2025-71130
CVE-2025-71131 CVE-2025-71132 CVE-2025-71133 CVE-2025-71135 CVE-2025-71136
CVE-2025-71137 CVE-2025-71138 CVE-2025-71145 CVE-2025-71147 CVE-2025-71149
CVE-2025-71154 CVE-2025-71162 CVE-2025-71163 CVE-2026-22976 CVE-2026-22977
CVE-2026-22978 CVE-2026-22984 CVE-2026-22985 CVE-2026-22988 CVE-2026-22990
CVE-2026-22991 CVE-2026-22992 CVE-2026-22993 CVE-2026-22996 CVE-2026-22997
CVE-2026-22999 CVE-2026-23000 CVE-2026-23001 CVE-2026-23005 CVE-2026-23006
CVE-2026-23010 CVE-2026-23011
-----------------------------------------------------------------
The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: kernel-260
Released: Thu Feb 19 17:55:02 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1232223,1237888,1243474,1245193,1247076,1247079,1247500,1247509,1249547,1249912,1249982,1250176,1250237,1250252,1250705,1251120,1251786,1252063,1252267,1252303,1252353,1252681,1252763,1252773,1252780,1252794,1252795,1252809,1252817,1252821,1252836,1252845,1252862,1252912,1252917,1252928,1253018,1253176,1253275,1253318,1253324,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253393,1253395,1253403,1253407,1253409,1253412,1253416,1253421,1253423,1253424,1253425,1253427,1253428,1253431,1253436,1253438,1253440,1253441,1253445,1253448,1253449,1253453,1253456,1253472,1253779,CVE-2022-50253,CVE-2023-53676,CVE-2025-21710,CVE-2025-37916,CVE-2025-38359,CVE-2025-38361,CVE-2025-39788,CVE-2025-39805,CVE-2025-39819,CVE-2025-39859,CVE-2025-39944,CVE-2025-39980,CVE-2025-40001,CVE-2025-40021,CVE-2025-40027,CVE-2025-40030,CVE-2025-40038,CVE-2025-40040,CVE-2025-40048,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40083,CVE
-2025-40098,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40149,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40159,CVE-2025-40164,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40176,CVE-2025-40180,CVE-2025-40183,CVE-2025-40186,CVE-2025-40188,CVE-2025-40194,CVE-2025-40198,CVE-2025-40200,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888).
- CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474).
- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
- CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079).
- CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547).
- CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982).
- CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
- CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252).
- CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120).
- CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
- CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
- CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
- CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
- CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773).
- CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
- CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
- CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
- CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
- CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794).
- CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
- CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
- CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917).
- CVE-2025-40105: vfs: Do not leak disconnected dentries on umount (bsc#1252928).
- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
- CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
- CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
- CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
- CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
- CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
- CVE-2025-40206: Add missing bugzilla reference to net fix (bsc#1253393).
The following non-security bugs were fixed:
- ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes).
- ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes).
- ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes).
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes).
- ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
- ACPI: property: Return present device nodes only on fwnode interface (stable-fixes).
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes).
- ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes).
- ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes).
- ALSA: serial-generic: remove shared static buffer (stable-fixes).
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes).
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes).
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes).
- ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
- ALSA: usb-audio: do not log messages meant for 1810c when initializing 1824c (git-fixes).
- ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes).
- ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes).
- ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes).
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes).
- ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes).
- ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes).
- ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes).
- Bluetooth: 6lowpan: Do not hold spin lock over sleeping functions (git-fixes).
- Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes).
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes).
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes).
- Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes).
- Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
- Bluetooth: bcsp: receive data only if registered (stable-fixes).
- Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes).
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes).
- Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes).
- Documentation: ACPI: i2c-muxes: fix I2C device references (git-fixes).
- Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
- HID: amd_sfh: Stop sensor before starting (git-fixes).
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes).
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes).
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes).
- HID: uclogic: Fix potential memory leak in error path (git-fixes).
- Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
- Input: imx_sc_key - fix memory corruption on unload (git-fixes).
- Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes).
- KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes).
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes).
- KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes).
- KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes).
- KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes).
- KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes) (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes).
- KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes).
- KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes).
- KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes).
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
- KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes).
- KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- KVM: x86: Do not treat ENTER and LEAVE as branches, because they are not (git-fixes).
- KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes).
- NFS4: Fix state renewals missing after boot (git-fixes).
- NFS: check if suid/sgid was cleared after a write as needed (git-fixes).
- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes).
- NFSD: Skip close replay processing if XDR encoding fails (git-fixes).
- NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes).
- NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes).
- NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes).
- PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes).
- PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
- PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes).
- PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
- RDMA/bnxt_re: Do not fail destroy QP and cleanup debugfs earlier (git-fixes)
- RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes)
- RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes)
- RDMA/hns: Fix the modification of max_send_sge (git-fixes)
- RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes)
- RDMA/irdma: Fix SD index calculation (git-fixes)
- RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes)
- accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes).
- accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes).
- accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes).
- accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes).
- acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes).
- amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes).
- block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes).
- block: fix kobject double initialization in add_disk (git-fixes).
- btrfs: abort transaction on failure to add link to inode (git-fixes).
- btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix).
- btrfs: avoid using fixed char array size for tree names (git-fix).
- btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes).
- btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
- btrfs: fix inode leak on failure to add link to inode (git-fixes).
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix).
- btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes).
- btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix).
- btrfs: rename err to ret in btrfs_link() (git-fixes).
- btrfs: run btrfs_error_commit_super() early (git-fix).
- btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix).
- btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes).
- btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes).
- btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes).
- btrfs: simplify error handling logic for btrfs_link() (git-fixes).
- btrfs: tree-checker: add dev extent item checks (git-fix).
- btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix).
- btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix).
- btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
- btrfs: tree-checker: validate dref root and objectid (git-fix).
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes).
- char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes).
- char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes).
- char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes).
- cramfs: Verify inode mode when loading from disk (git-fixes).
- crypto: aspeed - fix double free caused by devm (git-fixes).
- crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes).
- crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes).
- crypto: iaa - Do not clobber req->base.data (git-fixes).
- crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes).
- dmaengine: dw-edma: Set status for callback_result (stable-fixes).
- dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
- drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes).
- drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
- drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
- drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes).
- drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
- drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes).
- drm/amd/display: add more cyan skillfish devices (stable-fixes).
- drm/amd/display: ensure committing streams is seamless (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
- drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes).
- drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
- drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (stable-fixes).
- drm/amd: Fix suspend failure with secure display TA (git-fixes).
- drm/amd: add more cyan skillfish PCI ids (stable-fixes).
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes).
- drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes).
- drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes).
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes).
- drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes).
- drm/amdgpu: do not enable SMU on cyan skillfish (stable-fixes).
- drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
- drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes).
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes).
- drm/amdkfd: fix vram allocation failure for a special case (stable-fixes).
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes).
- drm/bridge: cdns-dsi: Do not fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes).
- drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
- drm/bridge: display-connector: do not set OP_DETECT for DisplayPorts (stable-fixes).
- drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes).
- drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes).
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes).
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes).
- drm/msm: make sure to not queue up recovery more than once (stable-fixes).
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes).
- drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes).
- drm/tegra: Add call to put_pid() (git-fixes).
- drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes).
- drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes).
- drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes).
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes).
- exfat: limit log print for IO error (git-fixes).
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes).
- extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes).
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes).
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes).
- fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes).
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes).
- hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes).
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes).
- hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
- hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes).
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes).
- hwmon: sy7636a: add alias (stable-fixes).
- iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes).
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes).
- ima: do not clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes).
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes).
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes).
- jfs: Verify inode mode when loading from disk (git-fixes).
- jfs: fix uninitialized waitqueue in transaction manager (git-fixes).
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes).
- md/raid1: fix data lost for writemostly rdev (git-fixes).
- md: fix mssing blktrace bio split events (git-fixes).
- media: adv7180: Add missing lock in suspend callback (stable-fixes).
- media: adv7180: Do not write format to device in set_fmt (stable-fixes).
- media: adv7180: Only validate format in querystd (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
- media: fix uninitialized symbol warnings (stable-fixes).
- media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes).
- media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes).
- media: imon: make send_packet() more robust (stable-fixes).
- media: ov08x40: Fix the horizontal flip control (stable-fixes).
- media: redrat3: use int type to store negative error codes (stable-fixes).
- media: uvcvideo: Use heuristic to find stream entity (git-fixes).
- memstick: Add timeout to prevent indefinite waiting (stable-fixes).
- mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes).
- mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes).
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
- mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
- minixfs: Verify inode mode when loading from disk (git-fixes).
- mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes).
- mm/secretmem: fix use-after-free race in fault handler (git-fixes).
- mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes).
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes).
- mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes).
- mtdchar: fix integer overflow in read/write ioctls (git-fixes).
- net/mana: fix warning in the writer of client oob (git-fixes).
- net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779).
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes).
- net: phy: clear link parameters on admin link down (stable-fixes).
- net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes).
- net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes).
- net: tcp: send zero-window ACK when no memory (bsc#1253779).
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes).
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes).
- nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223).
- nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223).
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes).
- perf script: add --addr2line option (bsc#1247509).
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes).
- phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes).
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes).
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes).
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes).
- pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes).
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes).
- power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
- power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes).
- power: supply: sbs-charger: Support multiple devices (stable-fixes).
- regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes).
- rtc: rx8025: fix incorrect register reference (git-fixes).
- s390/mm,fault: simplify kfence fault handling (bsc#1247076).
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes).
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
- scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes).
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes).
- scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes).
- scsi: mpi3mr: Correctly handle ATA device errors (git-fixes).
- scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes).
- scsi: mpt3sas: Correctly handle ATA device errors (git-fixes).
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes).
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes).
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes).
- selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes).
- selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes).
- selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes).
- selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes).
- selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
- selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes).
- selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes).
- selftests/bpf: fix signedness bug in redir_partial() (git-fixes).
- serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes).
- serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes).
- soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes).
- soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
- soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes).
- spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
- spi: loopback-test: Do not use %pK through printk (stable-fixes).
- spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
- strparser: Fix signed/unsigned mismatch bug (git-fixes).
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705).
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes).
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes).
- tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes).
- tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes).
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes).
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes).
- tools: lib: thermal: do not preserve owner in install (stable-fixes).
- tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes).
- uio_hv_generic: Query the ringbuffer size for device (git-fixes).
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
- usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes).
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes).
- usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes).
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes).
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes).
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes).
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes).
- watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes).
- wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
- wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes).
- wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes).
- wifi: mac80211: Fix HE capabilities element check (stable-fixes).
- wifi: mac80211: reject address change while connecting (git-fixes).
- wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes).
- wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes).
- wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes).
- wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
- wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes).
- wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes).
- wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes).
- x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
- x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
- x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
- x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
- x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
- x86/bugs: Report correct retbleed mitigation status (git-fixes).
- x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
- xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes).
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes).
- xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes).
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes).
- xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes).
-----------------------------------------------------------------
Advisory ID: kernel-281
Released: Tue Feb 24 11:42:46 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1065729,1194869,1205462,1214285,1214635,1214847,1215146,1215199,1215211,1215344,1216062,1216436,1219165,1220419,1223731,1223800,1228490,1233563,1234163,1234842,1241437,1242909,1243677,1243678,1245193,1245449,1246184,1246328,1246447,1247030,1247500,1247712,1248211,1248886,1249256,1249307,1250032,1250082,1250334,1250388,1250705,1250748,1252046,1252342,1252511,1252686,1252712,1252776,1252808,1252824,1252861,1252891,1252900,1252919,1252973,1253087,1253155,1253262,1253342,1253365,1253386,1253400,1253402,1253408,1253413,1253442,1253451,1253458,1253463,1253623,1253647,1253739,1254119,1254126,1254244,1254373,1254378,1254447,1254465,1254510,1254518,1254520,1254599,1254606,1254611,1254613,1254615,1254621,1254623,1254624,1254626,1254648,1254649,1254653,1254655,1254657,1254660,1254661,1254663,1254669,1254677,1254678,1254688,1254690,1254691,1254693,1254695,1254698,1254701,1254704,1254705,1254707,1254712,1254715,1254717,1254723,1254724,1254732,1254733,1254737,1254739,1254742,1
254743,1254749,1254750,1254753,1254754,1254758,1254761,1254762,1254765,1254767,1254782,1254791,1254793,1254794,1254795,1254796,1254797,1254798,1254813,1254815,1254825,1254828,1254829,1254830,1254832,1254835,1254839,1254840,1254842,1254843,1254845,1254846,1254847,1254849,1254850,1254851,1254852,1254854,1254856,1254858,1254860,1254864,1254869,1254871,1254894,1254918,1254957,1254959,1254983,1255005,1255009,1255025,1255026,1255030,1255033,1255034,1255035,1255039,1255041,1255042,1255046,1255057,1255062,1255064,1255065,1255068,1255072,1255075,1255077,1255081,1255082,1255083,1255092,1255094,1255095,1255100,1255102,1255120,1255122,1255128,1255131,1255134,1255135,1255136,1255138,1255140,1255142,1255146,1255149,1255152,1255154,1255155,1255157,1255163,1255164,1255167,1255169,1255171,1255172,1255175,1255179,1255182,1255187,1255190,1255193,1255197,1255199,1255202,1255203,1255206,1255209,1255216,1255218,1255221,1255224,1255227,1255230,1255233,1255241,1255245,1255246,1255251,1255252,1255253,125525
5,1255259,1255260,1255261,1255262,1255266,1255268,1255269,1255272,1255273,1255274,1255276,1255279,1255280,1255281,1255297,1255318,1255325,1255327,1255329,1255351,1255377,1255380,1255395,1255401,1255403,1255415,1255417,1255428,1255480,1255482,1255483,1255488,1255489,1255493,1255495,1255505,1255507,1255537,1255538,1255539,1255540,1255544,1255545,1255547,1255548,1255549,1255550,1255552,1255553,1255557,1255558,1255563,1255564,1255567,1255568,1255569,1255570,1255578,1255579,1255580,1255583,1255591,1255601,1255603,1255605,1255611,1255614,1255615,1255616,1255617,1255618,1255621,1255622,1255628,1255629,1255630,1255632,1255636,1255688,1255691,1255695,1255702,1255704,1255706,1255707,1255709,1255722,1255758,1255759,1255760,1255763,1255769,1255770,1255772,1255774,1255775,1255776,1255780,1255785,1255786,1255789,1255790,1255792,1255793,1255795,1255798,1255800,1255801,1255806,1255807,1255809,1255810,1255812,1255814,1255820,1255838,1255842,1255843,1255872,1255875,1255879,1255883,1255884,1255886,125
5888,1255890,1255891,1255892,1255899,1255902,1255907,1255911,1255915,1255918,1255921,1255924,1255925,1255930,1255931,1255932,1255934,1255943,1255944,1255949,1255951,1255952,1255955,1255957,1255961,1255963,1255964,1255967,1255974,1255978,1255984,1255988,1255990,1255992,1255993,1255994,1255996,1256033,1256034,1256045,1256050,1256058,1256071,1256074,1256081,1256082,1256083,1256084,1256085,1256090,1256093,1256094,1256095,1256096,1256099,1256100,1256104,1256106,1256107,1256117,1256119,1256121,1256145,1256153,1256178,1256197,1256231,1256233,1256234,1256238,1256263,1256267,1256268,1256271,1256273,1256274,1256279,1256280,1256285,1256291,1256292,1256300,1256301,1256302,1256335,1256348,1256351,1256354,1256358,1256361,1256364,1256366,1256367,1256368,1256369,1256370,1256371,1256373,1256375,1256379,1256387,1256394,1256395,1256396,1256528,1256579,1256582,1256584,1256586,1256591,1256593,1256597,1256605,1256606,1256607,1256609,1256610,1256611,1256612,1256613,1256616,1256617,1256619,1256622,1256623,
1256625,1256628,1256630,1256638,1256641,1256645,1256646,1256650,1256651,1256653,1256654,1256655,1256659,1256660,1256664,1256665,1256674,1256680,1256682,1256688,1256689,1256726,1256728,1256730,1256733,1256737,1256741,1256742,1256744,1256752,1256754,1256757,1256759,1256760,1256761,1256763,1256770,1256773,1256774,1256777,1256779,1256781,1256785,1256792,1256861,1256863,1257035,1257053,1257154,1257155,1257158,1257163,1257164,1257180,1257202,1257204,1257207,1257208,1257215,1257217,1257218,1257220,1257221,1257227,1257232,1257234,1257236,1257245,1257277,1257282,1257296,1257332,1257473,1257603,CVE-2023-42752,CVE-2023-53714,CVE-2023-53743,CVE-2023-53750,CVE-2023-53752,CVE-2023-53759,CVE-2023-53762,CVE-2023-53766,CVE-2023-53768,CVE-2023-53777,CVE-2023-53778,CVE-2023-53782,CVE-2023-53784,CVE-2023-53785,CVE-2023-53787,CVE-2023-53791,CVE-2023-53792,CVE-2023-53793,CVE-2023-53794,CVE-2023-53795,CVE-2023-53797,CVE-2023-53799,CVE-2023-53807,CVE-2023-53808,CVE-2023-53813,CVE-2023-53815,CVE-2023-53819,
CVE-2023-53821,CVE-2023-53823,CVE-2023-53825,CVE-2023-53828,CVE-2023-53831,CVE-2023-53834,CVE-2023-53836,CVE-2023-53839,CVE-2023-53841,CVE-2023-53842,CVE-2023-53843,CVE-2023-53844,CVE-2023-53846,CVE-2023-53847,CVE-2023-53848,CVE-2023-53850,CVE-2023-53851,CVE-2023-53852,CVE-2023-53855,CVE-2023-53856,CVE-2023-53857,CVE-2023-53858,CVE-2023-53860,CVE-2023-53861,CVE-2023-53863,CVE-2023-53864,CVE-2023-53865,CVE-2023-53989,CVE-2023-53992,CVE-2023-53994,CVE-2023-53995,CVE-2023-53996,CVE-2023-53997,CVE-2023-53998,CVE-2023-53999,CVE-2023-54000,CVE-2023-54001,CVE-2023-54005,CVE-2023-54006,CVE-2023-54008,CVE-2023-54013,CVE-2023-54014,CVE-2023-54016,CVE-2023-54017,CVE-2023-54019,CVE-2023-54022,CVE-2023-54023,CVE-2023-54025,CVE-2023-54026,CVE-2023-54027,CVE-2023-54030,CVE-2023-54031,CVE-2023-54032,CVE-2023-54035,CVE-2023-54037,CVE-2023-54038,CVE-2023-54042,CVE-2023-54045,CVE-2023-54048,CVE-2023-54049,CVE-2023-54051,CVE-2023-54052,CVE-2023-54060,CVE-2023-54064,CVE-2023-54066,CVE-2023-54067,CVE-202
3-54069,CVE-2023-54070,CVE-2023-54072,CVE-2023-54076,CVE-2023-54080,CVE-2023-54081,CVE-2023-54083,CVE-2023-54088,CVE-2023-54089,CVE-2023-54091,CVE-2023-54092,CVE-2023-54093,CVE-2023-54094,CVE-2023-54095,CVE-2023-54096,CVE-2023-54099,CVE-2023-54101,CVE-2023-54104,CVE-2023-54106,CVE-2023-54112,CVE-2023-54113,CVE-2023-54115,CVE-2023-54117,CVE-2023-54121,CVE-2023-54125,CVE-2023-54127,CVE-2023-54133,CVE-2023-54134,CVE-2023-54135,CVE-2023-54136,CVE-2023-54137,CVE-2023-54140,CVE-2023-54141,CVE-2023-54142,CVE-2023-54143,CVE-2023-54145,CVE-2023-54148,CVE-2023-54149,CVE-2023-54153,CVE-2023-54154,CVE-2023-54155,CVE-2023-54156,CVE-2023-54164,CVE-2023-54166,CVE-2023-54169,CVE-2023-54170,CVE-2023-54171,CVE-2023-54172,CVE-2023-54173,CVE-2023-54177,CVE-2023-54178,CVE-2023-54179,CVE-2023-54181,CVE-2023-54183,CVE-2023-54185,CVE-2023-54189,CVE-2023-54194,CVE-2023-54201,CVE-2023-54204,CVE-2023-54207,CVE-2023-54209,CVE-2023-54210,CVE-2023-54211,CVE-2023-54215,CVE-2023-54219,CVE-2023-54220,CVE-2023-54221
,CVE-2023-54223,CVE-2023-54224,CVE-2023-54225,CVE-2023-54227,CVE-2023-54229,CVE-2023-54230,CVE-2023-54235,CVE-2023-54240,CVE-2023-54241,CVE-2023-54246,CVE-2023-54247,CVE-2023-54251,CVE-2023-54253,CVE-2023-54254,CVE-2023-54255,CVE-2023-54258,CVE-2023-54261,CVE-2023-54263,CVE-2023-54264,CVE-2023-54266,CVE-2023-54267,CVE-2023-54271,CVE-2023-54276,CVE-2023-54278,CVE-2023-54281,CVE-2023-54282,CVE-2023-54283,CVE-2023-54285,CVE-2023-54289,CVE-2023-54291,CVE-2023-54292,CVE-2023-54293,CVE-2023-54296,CVE-2023-54297,CVE-2023-54299,CVE-2023-54300,CVE-2023-54302,CVE-2023-54303,CVE-2023-54304,CVE-2023-54309,CVE-2023-54312,CVE-2023-54313,CVE-2023-54314,CVE-2023-54315,CVE-2023-54316,CVE-2023-54318,CVE-2023-54319,CVE-2023-54322,CVE-2023-54324,CVE-2023-54326,CVE-2024-26944,CVE-2024-27005,CVE-2024-42103,CVE-2024-53070,CVE-2024-53149,CVE-2025-22047,CVE-2025-37813,CVE-2025-38243,CVE-2025-38321,CVE-2025-38322,CVE-2025-38379,CVE-2025-38539,CVE-2025-38728,CVE-2025-39689,CVE-2025-39813,CVE-2025-39829,CVE-20
25-39880,CVE-2025-39890,CVE-2025-39913,CVE-2025-39977,CVE-2025-40006,CVE-2025-40024,CVE-2025-40033,CVE-2025-40042,CVE-2025-40053,CVE-2025-40081,CVE-2025-40097,CVE-2025-40102,CVE-2025-40106,CVE-2025-40123,CVE-2025-40134,CVE-2025-40135,CVE-2025-40153,CVE-2025-40158,CVE-2025-40160,CVE-2025-40167,CVE-2025-40170,CVE-2025-40178,CVE-2025-40179,CVE-2025-40187,CVE-2025-40190,CVE-2025-40202,CVE-2025-40211,CVE-2025-40215,CVE-2025-40219,CVE-2025-40220,CVE-2025-40223,CVE-2025-40231,CVE-2025-40233,CVE-2025-40238,CVE-2025-40240,CVE-2025-40242,CVE-2025-40244,CVE-2025-40248,CVE-2025-40250,CVE-2025-40251,CVE-2025-40252,CVE-2025-40254,CVE-2025-40256,CVE-2025-40257,CVE-2025-40258,CVE-2025-40259,CVE-2025-40261,CVE-2025-40262,CVE-2025-40263,CVE-2025-40264,CVE-2025-40268,CVE-2025-40269,CVE-2025-40271,CVE-2025-40272,CVE-2025-40273,CVE-2025-40274,CVE-2025-40275,CVE-2025-40277,CVE-2025-40278,CVE-2025-40279,CVE-2025-40280,CVE-2025-40282,CVE-2025-40283,CVE-2025-40284,CVE-2025-40287,CVE-2025-40288,CVE-2025-4028
9,CVE-2025-40292,CVE-2025-40293,CVE-2025-40297,CVE-2025-40301,CVE-2025-40304,CVE-2025-40306,CVE-2025-40307,CVE-2025-40308,CVE-2025-40309,CVE-2025-40310,CVE-2025-40311,CVE-2025-40312,CVE-2025-40314,CVE-2025-40315,CVE-2025-40316,CVE-2025-40317,CVE-2025-40318,CVE-2025-40319,CVE-2025-40320,CVE-2025-40321,CVE-2025-40322,CVE-2025-40323,CVE-2025-40324,CVE-2025-40328,CVE-2025-40329,CVE-2025-40331,CVE-2025-40337,CVE-2025-40338,CVE-2025-40339,CVE-2025-40342,CVE-2025-40343,CVE-2025-40345,CVE-2025-40346,CVE-2025-40347,CVE-2025-40349,CVE-2025-40350,CVE-2025-40351,CVE-2025-40355,CVE-2025-40360,CVE-2025-40363,CVE-2025-68168,CVE-2025-68171,CVE-2025-68172,CVE-2025-68174,CVE-2025-68176,CVE-2025-68178,CVE-2025-68180,CVE-2025-68183,CVE-2025-68185,CVE-2025-68188,CVE-2025-68190,CVE-2025-68192,CVE-2025-68194,CVE-2025-68195,CVE-2025-68200,CVE-2025-68201,CVE-2025-68204,CVE-2025-68206,CVE-2025-68208,CVE-2025-68209,CVE-2025-68217,CVE-2025-68218,CVE-2025-68222,CVE-2025-68227,CVE-2025-68230,CVE-2025-68233,CVE-2
025-68235,CVE-2025-68237,CVE-2025-68238,CVE-2025-68239,CVE-2025-68241,CVE-2025-68244,CVE-2025-68245,CVE-2025-68249,CVE-2025-68252,CVE-2025-68254,CVE-2025-68255,CVE-2025-68256,CVE-2025-68257,CVE-2025-68258,CVE-2025-68259,CVE-2025-68261,CVE-2025-68264,CVE-2025-68284,CVE-2025-68285,CVE-2025-68286,CVE-2025-68287,CVE-2025-68289,CVE-2025-68290,CVE-2025-68296,CVE-2025-68297,CVE-2025-68301,CVE-2025-68303,CVE-2025-68305,CVE-2025-68307,CVE-2025-68308,CVE-2025-68312,CVE-2025-68313,CVE-2025-68320,CVE-2025-68325,CVE-2025-68327,CVE-2025-68328,CVE-2025-68330,CVE-2025-68331,CVE-2025-68332,CVE-2025-68335,CVE-2025-68337,CVE-2025-68339,CVE-2025-68340,CVE-2025-68345,CVE-2025-68346,CVE-2025-68347,CVE-2025-68349,CVE-2025-68351,CVE-2025-68354,CVE-2025-68362,CVE-2025-68363,CVE-2025-68365,CVE-2025-68366,CVE-2025-68367,CVE-2025-68372,CVE-2025-68378,CVE-2025-68379,CVE-2025-68380,CVE-2025-68724,CVE-2025-68725,CVE-2025-68727,CVE-2025-68728,CVE-2025-68732,CVE-2025-68733,CVE-2025-68734,CVE-2025-68740,CVE-2025-687
42,CVE-2025-68744,CVE-2025-68746,CVE-2025-68750,CVE-2025-68753,CVE-2025-68757,CVE-2025-68758,CVE-2025-68759,CVE-2025-68764,CVE-2025-68765,CVE-2025-68766,CVE-2025-68768,CVE-2025-68770,CVE-2025-68771,CVE-2025-68773,CVE-2025-68775,CVE-2025-68776,CVE-2025-68777,CVE-2025-68783,CVE-2025-68788,CVE-2025-68789,CVE-2025-68795,CVE-2025-68797,CVE-2025-68798,CVE-2025-68800,CVE-2025-68801,CVE-2025-68803,CVE-2025-68804,CVE-2025-68808,CVE-2025-68813,CVE-2025-68814,CVE-2025-68815,CVE-2025-68816,CVE-2025-68819,CVE-2025-68820,CVE-2025-71064,CVE-2025-71066,CVE-2025-71077,CVE-2025-71078,CVE-2025-71079,CVE-2025-71081,CVE-2025-71082,CVE-2025-71083,CVE-2025-71084,CVE-2025-71085,CVE-2025-71086,CVE-2025-71087,CVE-2025-71088,CVE-2025-71089,CVE-2025-71091,CVE-2025-71093,CVE-2025-71094,CVE-2025-71095,CVE-2025-71096,CVE-2025-71097,CVE-2025-71098,CVE-2025-71100,CVE-2025-71108,CVE-2025-71111,CVE-2025-71112,CVE-2025-71114,CVE-2025-71116,CVE-2025-71118,CVE-2025-71119,CVE-2025-71120,CVE-2025-71123,CVE-2025-71130,CVE-
2025-71131,CVE-2025-71132,CVE-2025-71133,CVE-2025-71135,CVE-2025-71136,CVE-2025-71137,CVE-2025-71138,CVE-2025-71145,CVE-2025-71147,CVE-2025-71149,CVE-2025-71154,CVE-2025-71162,CVE-2025-71163,CVE-2026-22976,CVE-2026-22977,CVE-2026-22978,CVE-2026-22984,CVE-2026-22985,CVE-2026-22988,CVE-2026-22990,CVE-2026-22991,CVE-2026-22992,CVE-2026-22993,CVE-2026-22996,CVE-2026-22997,CVE-2026-22999,CVE-2026-23000,CVE-2026-23001,CVE-2026-23005,CVE-2026-23006,CVE-2026-23010,CVE-2026-23011
The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim (bsc#1256280).
- CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).
- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
- CVE-2025-39880: libceph: fix invalid accesses to ceph_connection_v1_info (bsc#1250388).
- CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (bsc#1250334).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
- CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
- CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).
- CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).
- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
- CVE-2025-40123: bpf: Enforce expected_attach_type for tailcall compatibility (bsc#1253365).
- CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).
- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
- CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).
- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).
- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
- CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).
- CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647).
- CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871).
- CVE-2025-40240: sctp: avoid NULL dereference when chunk data buffer is missing (bsc#1254869).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).
- CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854).
- CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856).
- CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (bsc#1254849).
- CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
- CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839).
- CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
- CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082).
- CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297).
- CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830).
- CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825).
- CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40287: exfat: fix improper check of dentry.stream.valid_size (bsc#1255030).
- CVE-2025-40289: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (bsc#1255042).
- CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175).
- CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).
- CVE-2025-40307: exfat: validate cluster allocation bits of the allocation bitmap (bsc#1255039).
- CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794).
- CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors (bsc#1255081).
- CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273).
- CVE-2025-40339: drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428).
- CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318).
- CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260).
- CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261).
- CVE-2025-40360: drm/sysfb: Do not dereference NULL pointer in plane reset (bsc#1255095).
- CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
- CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255).
- CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327).
- CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266).
- CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269).
- CVE-2025-68190: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() (bsc#1255131).
- CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241).
- CVE-2025-68201: drm/amdgpu: remove two invalid BUG_ON()s (bsc#1255136).
- CVE-2025-68204: pmdomain: arm: scmi: Fix genpd leak on provider registration failure (bsc#1255224).
- CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).
- CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227).
- CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230).
- CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216).
- CVE-2025-68230: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (bsc#1255134).
- CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272).
- CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157).
- CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
- CVE-2025-68255: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (bsc#1255395).
- CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).
- CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164).
- CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
- CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403).
- CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120).
- CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172).
- CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417).
- CVE-2025-68327: usb: renesas_usbhs: Fix synchronous external abort on unbind (bsc#1255488).
- CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482).
- CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507).
- CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (bsc#1255544).
- CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu (bsc#1255552).
- CVE-2025-68365: fs/ntfs3: Initialize allocated memory before use (bsc#1255548).
- CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622).
- CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547).
- CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
- CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614).
- CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
- CVE-2025-68727: ntfs3: Fix uninit buffer allocated by __getname() (bsc#1255568).
- CVE-2025-68728: ntfs3: fix uninit memory after failed mi_read in mi_format_new (bsc#1255539).
- CVE-2025-68733: smack: fix bug: unprivileged task can create labels (bsc#1255615).
- CVE-2025-68742: bpf: Improve program stats run-time calculation (bsc#1255707).
- CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709).
- CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930).
- CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579).
- CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
- CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659).
- CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
- CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
- CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689).
- CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646).
- CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653).
- CVE-2025-68803: nfsd: set security label during create operations (bsc#1256770).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651).
- CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680).
- CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
- CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754).
- CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613).
- CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628).
- CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed() (bsc#1256773).
- CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777).
- CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597).
- CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605).
- CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606).
- CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607).
- CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757).
- CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733).
- CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (bsc#1256761).
- CVE-2025-71137: octeontx2-pf: fix 'UBSAN: shift-out-of-bounds error' (bsc#1256760).
- CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164).
- CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (bsc#1257035).
- CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053).
- CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217).
- CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221).
- CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220).
- CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218).
- CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180).
- CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv.
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245).
- CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332).
- CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207).
The following non security issues were fixed:
- ALSA: usb-audio: Update for native DSD support quirks (stable-fixes).
- Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a
proper watchdog interface and has many code issues. It only handles
obscure and obsolete hardware. Stop building and supporting this driver
(jsc#PED-14062).
- Update config files (jsc#PED-12554 jsc#PED-6996
bsc#1243677 ltc#213602 bsc#1243678 ltc#213596)
CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603).
- bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569).
- cifs: Fix copy offload to flush destination region (bsc#1252511).
- cifs: Fix flushing, invalidation and file size with copy_file_range() (bsc#1252511).
- cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449).
- cifs: make cifs_chan_update_iface() a void function (git-fixes).
- cifs: update dstaddr whenever channel iface is updated (git-fixes).
- cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
- drm/amdgpu: update mappings not managed by KFD (bsc#1255428)
- ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).
- ext4: wait for ongoing I/O to complete before freeing blocks (bsc#1256366).
- fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025).
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- media: atomisp: Prefix firmware paths with 'intel/ipu/' (bsc#1252973).
- media: atomisp: Remove firmware_name module parameter (bsc#1252973).
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes).
- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event
handling (bsc#1253262 ltc#216029).
- powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493
bsc#1254244 ltc#216496).
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
- scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256861).
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861).
- scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
- scsi: qla2xxx: Add Speed in SFP print information (bsc#1256863).
- scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256863).
- scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256863).
- scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863).
- scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863).
- scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256863).
- scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256863).
- scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256863).
- scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256863).
- scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863).
- scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256863).
- scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256863).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154).
- smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes).
- smb: improve directory cache reuse for readdir operations (bsc#1252712).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
- spi: tegra210-quad: Fix timeout handling (bsc#1253155)
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
- supported.conf: Mark lan 743x supported (jsc#PED-14571)
- tracing: Fix access to trace_event_file (bsc#1254373).
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes).
- x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).
- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528).
- x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528).
- x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528).
- x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528).
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any
unreleased standalone Zen5 microcode patches (bsc#1256528).
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528).
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528).
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528).
- x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528).
- x86/microcode/AMD: Select which microcode patch to load (bsc#1256528).
- x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528).
- x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528).
The following package changes have been done:
- kernel-default-6.4.0-39.1 updated
More information about the sle-container-updates
mailing list