SUSE-IU-2026:5214-1: Security update of suse/sl-micro/6.1/rt-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Jul 1 08:13:27 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:5214-1
Image Tags        : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.143 , suse/sl-micro/6.1/rt-os-container:latest
Image Release     : 5.143
Severity          : important
Type              : security
References        : 1240751 1244485 1248235 1252555 1253904 1255416 1256668 1256818
                        1257692 1258120 1258170 1258508 1258538 1260502 1260584 1261256
                        1261619 1261791 1262085 1262392 1262606 1262615 1262617 1262619
                        1262620 1262622 1262624 1262634 1262649 1262656 1262663 1262668
                        1262674 1262748 1262755 1262798 1262993 1263006 1263068 1263115
                        1263123 1263137 1263143 1263152 1263178 1263319 1263562 1263563
                        1263568 1263578 1263656 1263658 1263724 1263769 1263774 1263790
                        1263879 1263880 1263883 1263930 1263932 1263934 1263945 1263993
                        1263996 1264000 1264011 1264045 1264063 1264076 1264080 1264084
                        1264093 1264116 1264124 1264137 1264145 1264184 1264239 1264243
                        1264245 1264255 1264263 1264266 1264300 1264409 1264430 1264437
                        1264444 1264449 1264470 1264476 1264484 1264549 1264551 1264561
                        1264595 1264603 1264610 1264669 1264671 1264672 1264716 1264719
                        1264720 1264722 1264726 1264741 1264763 1264765 1264805 1264989
                        1265020 1265044 1265073 1265103 1265110 1265128 1265143 1265170
                        1265240 1265579 1265628 1265928 1265960 1266001 1266009 1266214
                        1266238 1266290 1266307 1266350 1266390 1266394 1266395 1266397
                        1266400 1266402 1266414 1266452 1266696 1266697 1266698 1266704
                        1266705 1266711 1266720 1266759 1266765 1266767 1266810 1266816
                        1266826 1266827 1266878 1266889 1266895 1266901 1266903 1266916
                        1266922 1266927 1266933 1266969 1266972 1267205 1267208 1267214
                        1267218 1267220 1267222 1267361 1267381 1267387 1267431 1267531
                        1267621 1267624 1267626 1267628 1267640 1267651 1267652 1267654
                        1267663 1267682 1267685 1267697 1267726 1267732 1267744 1268131
                        1268307 CVE-2025-10263 CVE-2025-12105 CVE-2025-32049 CVE-2025-38549
                        CVE-2025-58181 CVE-2025-61732 CVE-2025-68121 CVE-2025-68324 CVE-2025-68822
                        CVE-2026-11850 CVE-2026-23303 CVE-2026-23327 CVE-2026-23359 CVE-2026-23438
                        CVE-2026-23444 CVE-2026-2369 CVE-2026-2443 CVE-2026-2708 CVE-2026-31396
                        CVE-2026-31414 CVE-2026-31429 CVE-2026-31446 CVE-2026-31448 CVE-2026-31452
                        CVE-2026-31453 CVE-2026-31454 CVE-2026-31455 CVE-2026-31464 CVE-2026-31469
                        CVE-2026-31473 CVE-2026-31480 CVE-2026-31492 CVE-2026-31493 CVE-2026-31495
                        CVE-2026-31499 CVE-2026-31500 CVE-2026-31516 CVE-2026-31518 CVE-2026-31546
                        CVE-2026-31555 CVE-2026-31580 CVE-2026-31590 CVE-2026-31592 CVE-2026-31596
                        CVE-2026-31613 CVE-2026-31614 CVE-2026-31629 CVE-2026-31655 CVE-2026-31664
                        CVE-2026-31665 CVE-2026-31671 CVE-2026-31673 CVE-2026-31674 CVE-2026-31678
                        CVE-2026-31680 CVE-2026-31693 CVE-2026-31697 CVE-2026-31698 CVE-2026-31699
                        CVE-2026-31703 CVE-2026-31752 CVE-2026-31758 CVE-2026-31759 CVE-2026-31767
                        CVE-2026-31771 CVE-2026-42767 CVE-2026-43013 CVE-2026-43023 CVE-2026-43024
                        CVE-2026-43026 CVE-2026-43028 CVE-2026-43030 CVE-2026-43035 CVE-2026-43036
                        CVE-2026-43040 CVE-2026-43049 CVE-2026-43052 CVE-2026-43053 CVE-2026-43054
                        CVE-2026-43059 CVE-2026-43065 CVE-2026-43066 CVE-2026-43068 CVE-2026-43074
                        CVE-2026-43077 CVE-2026-43083 CVE-2026-43101 CVE-2026-43109 CVE-2026-43112
                        CVE-2026-43119 CVE-2026-43158 CVE-2026-43171 CVE-2026-43187 CVE-2026-43198
                        CVE-2026-43206 CVE-2026-43234 CVE-2026-43239 CVE-2026-43249 CVE-2026-43252
                        CVE-2026-43261 CVE-2026-43284 CVE-2026-43296 CVE-2026-43325 CVE-2026-43333
                        CVE-2026-43338 CVE-2026-43339 CVE-2026-43341 CVE-2026-43345 CVE-2026-43359
                        CVE-2026-43360 CVE-2026-43361 CVE-2026-43362 CVE-2026-43405 CVE-2026-43406
                        CVE-2026-43407 CVE-2026-43411 CVE-2026-43413 CVE-2026-43414 CVE-2026-43455
                        CVE-2026-43469 CVE-2026-43470 CVE-2026-43483 CVE-2026-43491 CVE-2026-43499
                        CVE-2026-43501 CVE-2026-43503 CVE-2026-45840 CVE-2026-45841 CVE-2026-45842
                        CVE-2026-45843 CVE-2026-45846 CVE-2026-45852 CVE-2026-45856 CVE-2026-45862
                        CVE-2026-45870 CVE-2026-45878 CVE-2026-45886 CVE-2026-45894 CVE-2026-45910
                        CVE-2026-45932 CVE-2026-45940 CVE-2026-45961 CVE-2026-45964 CVE-2026-45965
                        CVE-2026-45970 CVE-2026-45974 CVE-2026-45983 CVE-2026-45984 CVE-2026-46004
                        CVE-2026-46005 CVE-2026-46021 CVE-2026-46024 CVE-2026-46037 CVE-2026-46043
                        CVE-2026-46079 CVE-2026-46083 CVE-2026-46090 CVE-2026-46094 CVE-2026-46101
                        CVE-2026-46110 CVE-2026-46111 CVE-2026-46113 CVE-2026-46114 CVE-2026-46119
                        CVE-2026-46120 CVE-2026-46123 CVE-2026-46150 CVE-2026-46157 CVE-2026-46159
                        CVE-2026-46160 CVE-2026-46172 CVE-2026-46176 CVE-2026-46181 CVE-2026-46197
                        CVE-2026-46209 CVE-2026-46227 CVE-2026-46244 CVE-2026-46259 CVE-2026-46273
                        CVE-2026-5435 CVE-2026-6238 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 599
Released:    Tue Jun 30 10:42:14 2026
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1244485,1256818,1257692,1266350,CVE-2025-61732,CVE-2025-68121,CVE-2026-42767
This update for openssl-3 fixes the following issue

- CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption (bsc#1266350).

-----------------------------------------------------------------
Advisory ID: 602
Released:    Tue Jun 30 11:20:36 2026
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1253904,1268131,CVE-2025-58181,CVE-2026-11850
This update for krb5 fixes the following issue

- CVE-2026-11850: integer underflow in berval2tl_data() leads to heap out-of-bounds read (bsc#1268131).

-----------------------------------------------------------------
Advisory ID: 601
Released:    Tue Jun 30 11:54:13 2026
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1240751,1252555,1258120,1258170,1258508,1263656,1263658,CVE-2025-12105,CVE-2025-32049,CVE-2026-2369,CVE-2026-2443,CVE-2026-2708,CVE-2026-5435,CVE-2026-6238
This update for glibc fixes the following issues

- CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write (bsc#1263656).
- CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure
  (bsc#1263658).

-----------------------------------------------------------------
Advisory ID: kernel-498
Released:    Tue Jun 30 19:41:36 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1248235,1255416,1256668,1258538,1260502,1260584,1261256,1261619,1261791,1262085,1262392,1262606,1262615,1262617,1262619,1262620,1262622,1262624,1262634,1262649,1262656,1262663,1262668,1262674,1262748,1262755,1262798,1262993,1263006,1263068,1263115,1263123,1263137,1263143,1263152,1263178,1263319,1263562,1263563,1263568,1263578,1263724,1263769,1263774,1263790,1263879,1263880,1263883,1263930,1263932,1263934,1263945,1263993,1263996,1264000,1264011,1264045,1264063,1264076,1264080,1264084,1264093,1264116,1264124,1264137,1264145,1264184,1264239,1264243,1264245,1264255,1264263,1264266,1264300,1264409,1264430,1264437,1264444,1264449,1264470,1264476,1264484,1264549,1264551,1264561,1264595,1264603,1264610,1264669,1264671,1264672,1264716,1264719,1264720,1264722,1264726,1264741,1264763,1264765,1264805,1264989,1265020,1265044,1265073,1265103,1265110,1265128,1265143,1265170,1265240,1265579,1265628,1265928,1265960,1266001,1266009,1266214,1266238,1266290,1266307,1266390,1266394,1266395,1
 266397,1266400,1266402,1266414,1266452,1266696,1266697,1266698,1266704,1266705,1266711,1266720,1266759,1266765,1266767,1266810,1266816,1266826,1266827,1266878,1266889,1266895,1266901,1266903,1266916,1266922,1266927,1266933,1266969,1266972,1267205,1267208,1267214,1267218,1267220,1267222,1267361,1267381,1267387,1267431,1267531,1267621,1267624,1267626,1267628,1267640,1267651,1267652,1267654,1267663,1267682,1267685,1267697,1267726,1267732,1267744,1268307,CVE-2025-10263,CVE-2025-38549,CVE-2025-68324,CVE-2025-68822,CVE-2026-23303,CVE-2026-23327,CVE-2026-23359,CVE-2026-23438,CVE-2026-23444,CVE-2026-31396,CVE-2026-31414,CVE-2026-31429,CVE-2026-31446,CVE-2026-31448,CVE-2026-31452,CVE-2026-31453,CVE-2026-31454,CVE-2026-31455,CVE-2026-31464,CVE-2026-31469,CVE-2026-31473,CVE-2026-31480,CVE-2026-31492,CVE-2026-31493,CVE-2026-31495,CVE-2026-31499,CVE-2026-31500,CVE-2026-31516,CVE-2026-31518,CVE-2026-31546,CVE-2026-31555,CVE-2026-31580,CVE-2026-31590,CVE-2026-31592,CVE-2026-31596,CVE-2026-31613,CV
 E-2026-31614,CVE-2026-31629,CVE-2026-31655,CVE-2026-31664,CVE-2026-31665,CVE-2026-31671,CVE-2026-31673,CVE-2026-31674,CVE-2026-31678,CVE-2026-31680,CVE-2026-31693,CVE-2026-31697,CVE-2026-31698,CVE-2026-31699,CVE-2026-31703,CVE-2026-31752,CVE-2026-31758,CVE-2026-31759,CVE-2026-31767,CVE-2026-31771,CVE-2026-43013,CVE-2026-43023,CVE-2026-43024,CVE-2026-43026,CVE-2026-43028,CVE-2026-43030,CVE-2026-43035,CVE-2026-43036,CVE-2026-43040,CVE-2026-43049,CVE-2026-43052,CVE-2026-43053,CVE-2026-43054,CVE-2026-43059,CVE-2026-43065,CVE-2026-43066,CVE-2026-43068,CVE-2026-43074,CVE-2026-43077,CVE-2026-43083,CVE-2026-43101,CVE-2026-43109,CVE-2026-43112,CVE-2026-43119,CVE-2026-43158,CVE-2026-43171,CVE-2026-43187,CVE-2026-43198,CVE-2026-43206,CVE-2026-43234,CVE-2026-43239,CVE-2026-43249,CVE-2026-43252,CVE-2026-43261,CVE-2026-43284,CVE-2026-43296,CVE-2026-43325,CVE-2026-43333,CVE-2026-43338,CVE-2026-43339,CVE-2026-43341,CVE-2026-43345,CVE-2026-43359,CVE-2026-43360,CVE-2026-43361,CVE-2026-43362,CVE-2026-
 43405,CVE-2026-43406,CVE-2026-43407,CVE-2026-43411,CVE-2026-43413,CVE-2026-43414,CVE-2026-43455,CVE-2026-43469,CVE-2026-43470,CVE-2026-43483,CVE-2026-43491,CVE-2026-43499,CVE-2026-43501,CVE-2026-43503,CVE-2026-45840,CVE-2026-45841,CVE-2026-45842,CVE-2026-45843,CVE-2026-45846,CVE-2026-45852,CVE-2026-45856,CVE-2026-45862,CVE-2026-45870,CVE-2026-45878,CVE-2026-45886,CVE-2026-45894,CVE-2026-45910,CVE-2026-45932,CVE-2026-45940,CVE-2026-45961,CVE-2026-45964,CVE-2026-45965,CVE-2026-45970,CVE-2026-45974,CVE-2026-45983,CVE-2026-45984,CVE-2026-46004,CVE-2026-46005,CVE-2026-46021,CVE-2026-46024,CVE-2026-46037,CVE-2026-46043,CVE-2026-46079,CVE-2026-46083,CVE-2026-46090,CVE-2026-46094,CVE-2026-46101,CVE-2026-46110,CVE-2026-46111,CVE-2026-46113,CVE-2026-46114,CVE-2026-46119,CVE-2026-46120,CVE-2026-46123,CVE-2026-46150,CVE-2026-46157,CVE-2026-46159,CVE-2026-46160,CVE-2026-46172,CVE-2026-46176,CVE-2026-46181,CVE-2026-46197,CVE-2026-46209,CVE-2026-46227,CVE-2026-46244,CVE-2026-46259,CVE-2026-46273

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs (bsc#1266290).
- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).
- CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work (bsc#1255416).
- CVE-2025-68822: Input: alps - fix use-after-free bugs caused by dev3_register_work (bsc#1256668).
- CVE-2026-23303: smb: client: Don't log plaintext credentials in cifs_set_cifscreds (bsc#1260502).
- CVE-2026-23327: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
- CVE-2026-23359: bpf: Fix stack-out-of-bounds write in devmap (bsc#1260584).
- CVE-2026-23438: net: mvpp2: guard flow control update with global_tx_fc in buffer switching (bsc#1261619).
- CVE-2026-23444: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure (bsc#1266307).
- CVE-2026-31396: net: macb: fix use-after-free access to PTP clock (bsc#1261791).
- CVE-2026-31414: netfilter: nf_conntrack_expect: use expect->helper (bsc#1262085).
- CVE-2026-31429: net: skb: fix cross-cache free of KFENCE-allocated skb head (bsc#1262392).
- CVE-2026-31446: ext4: fix use-after-free in update_super_work when racing with umount (bsc#1262619).
- CVE-2026-31448: ext4: avoid infinite loops caused by residual data (bsc#1262622).
- CVE-2026-31452: ext4: convert inline data to extents when truncate exceeds inline size (bsc#1262620).
- CVE-2026-31454: xfs: save ailp before dropping the AIL lock in push callbacks (bsc#1262624).
- CVE-2026-31455: xfs: stop reclaim before pushing AIL during unmount (bsc#1262615).
- CVE-2026-31464: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (bsc#1262656).
- CVE-2026-31469: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
- CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (bsc#1262663).
- CVE-2026-31480: tracing: Fix potential deadlock in cpu hotplug with osnoise (bsc#1262634).
- CVE-2026-31492: RDMA/irdma: Initialize free_qp completion before using it (bsc#1262748).
- CVE-2026-31493: RDMA/efa: Fix use of completion ctx after free (bsc#1262668).
- CVE-2026-31495: netfilter: ctnetlink: use netlink policy range checks (bsc#1262798).
- CVE-2026-31499: Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() (bsc#1262674).
- CVE-2026-31500: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (bsc#1262993).
- CVE-2026-31516: xfrm: prevent policy_hthresh.work from racing with netns teardown (bsc#1262755).
- CVE-2026-31518: esp: fix skb leak with espintcp and async crypto (bsc#1262606).
- CVE-2026-31546: net: bonding: fix NULL deref in bond_debug_rlb_hash_show (bsc#1263006).
- CVE-2026-31555: futex: Clear stale exiting pointer in futex_lock_pi() retry path (bsc#1263178).
- CVE-2026-31590: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (bsc#1263152).
- CVE-2026-31592: KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock (bsc#1263123).
- CVE-2026-31596: ocfs2: handle invalid dinode in ocfs2_group_extend (bsc#1263319).
- CVE-2026-31613: smb: client: fix OOB reads parsing symlink error response (bsc#1263769).
- CVE-2026-31614: smb: client: fix off-by-8 bounds check in check_wsl_eas() (bsc#1263774).
- CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).
- CVE-2026-31655: pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (bsc#1263724).
- CVE-2026-31664: string.h: Introduce memset_after() for wiping trailing members/padding (bsc#1263578).
- CVE-2026-31665: kABI: netfilter: nft_ct: fix use-after-free in timeout object destroy (bsc#1263137).
- CVE-2026-31671: xfrm_user: fix info leak in build_report() (bsc#1263115).
- CVE-2026-31673: af_unix: read UNIX_DIAG_VFS data under unix_state_lock (bsc#1263143).
- CVE-2026-31674: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (bsc#1263568).
- CVE-2026-31678: openvswitch: defer tunnel netdev_put to RCU release (bsc#1263562).
- CVE-2026-31680: net: ipv6: flowlabel: defer exclusive option free until RCU teardown (bsc#1263563).
- CVE-2026-31693: cifs: some missing initializations on replay (bsc#1267744).
- CVE-2026-31697: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (bsc#1264116).
- CVE-2026-31698: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (bsc#1263880).
- CVE-2026-31699: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (bsc#1263879).
- CVE-2026-31703: writeback: Fix use after free in inode_switch_wbs_work_fn() (bsc#1263883).
- CVE-2026-31752: bridge: br_nd_send: validate ND option lengths (bsc#1264045).
- CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release (bsc#1264093).
- CVE-2026-31759: usb: ulpi: fix double free in ulpi_register_interface() error path (bsc#1264076).
- CVE-2026-31767: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (bsc#1264124).
- CVE-2026-31771: Bluetooth: hci_event: move wake reason storage into validated event handlers (bsc#1264145).
- CVE-2026-43013: net/mlx5: lag: Check for LAG device before creating debugfs (bsc#1264011).
- CVE-2026-43023: Bluetooth: SCO: fix race conditions in sco_sock_connect() (bsc#1264137).
- CVE-2026-43024: netfilter: nf_tables: reject immediate NF_QUEUE verdict (bsc#1263930).
- CVE-2026-43026: netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (bsc#1263932).
- CVE-2026-43028: netfilter: x_tables: ensure names are nul-terminated (bsc#1263934).
- CVE-2026-43030: bpf: Fix regsafe() for pointers to packet (bsc#1264000).
- CVE-2026-43035: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (bsc#1263996).
- CVE-2026-43036: net: use skb_header_pointer() for TCPv4 GSO frag_off check (bsc#1263993).
- CVE-2026-43040: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-
- CVE-2026-43049: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure (bsc#1264080).
- CVE-2026-43052: wifi: mac80211: check tdls flag in ieee80211_tdls_oper (bsc#1263945).
- CVE-2026-43053: xfs: close crash window in attr dabtree inactivation (bsc#1264084).
- CVE-2026-43054: scsi: target: tcm_loop: Drain commands in target_reset handler (bsc#1264063).
- CVE-2026-43059: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (bsc#1264184).
- CVE-2026-43065: ext4: always drain queued discard work in ext4_mb_release() (bsc#1264243).
- CVE-2026-43066: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (bsc#1264245).
- CVE-2026-43068: ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (bsc#1264255).
- CVE-2026-43074: eventpoll: defer struct eventpoll free to RCU grace period (bsc#1264263).
- CVE-2026-43077: crypto: algif_aead - Fix minimum RX size check for decryption (bsc#1264470).
- CVE-2026-43083: net: ioam6: fix OOB and missing lock (bsc#1264266).
- CVE-2026-43101: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() (bsc#1264239).
- CVE-2026-43109: x86: shadow stacks: proper error handling for mmap lock (bsc#1264484).
- CVE-2026-43112: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (bsc#1264437).
- CVE-2026-43119: Bluetooth: hci_sync: annotate data-races around hdev->req_status (bsc#1264561).
- CVE-2026-43158: xfs: fix freemap adjustments when adding xattrs to leaf blocks (bsc#1264595).
- CVE-2026-43171: EFI/CPER: do not dump the entire memory region (bsc#1264549).
- CVE-2026-43187: xfs: delete attr leaf freemap entries when empty (bsc#1264603).
- CVE-2026-43198: tcp: fix potential race in tcp_v6_syn_recv_sock() (bsc#1264610).
- CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).
- CVE-2026-43234: team: avoid NETDEV_CHANGEMTU event when unregistering slave (bsc#1264409).
- CVE-2026-43239: smb: client: prevent races in ->query_interfaces() (bsc#1264444).
- CVE-2026-43249: 9p/xen: protect xen_9pfs_front_free against concurrent calls (bsc#1264476).
- CVE-2026-43252: mptcp: pm: in-kernel: always set ID as avail when rm endp (bsc#1264300).
- CVE-2026-43261: arm64: Add support for TSV110 Spectre-BHB mitigation (bsc#1264430).
- CVE-2026-43296: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky (bsc#1264805).
- CVE-2026-43325: wifi: iwlwifi: mvm: don't send a 6E related command when not supported (bsc#1265110).
- CVE-2026-43333: bpf: reject direct access to nullable PTR_TO_BUF pointers (bsc#1264726).
- CVE-2026-43338: btrfs: reserve enough transaction items for qgroup ioctls (bsc#1264716).
- CVE-2026-43339: ipv6: prevent possible UaF in addrconf_permanent_addr() (bsc#1264763).
- CVE-2026-43341: net/ipv6: ioam6: prevent schema length wraparound in trace fill (bsc#1265044).
- CVE-2026-43345: net: ipa: fix event ring index not programmed for IPA v5.0+ (bsc#1265103).
- CVE-2026-43359: btrfs: fix transaction abort on set received ioctl due to item overflow (bsc#1264719).
- CVE-2026-43360: btrfs: fix transaction abort on file creation due to name hash collision (bsc#1264720).
- CVE-2026-43361: btrfs: fix transaction abort when snapshotting received subvolumes (bsc#1264722).
- CVE-2026-43362: smb: client: fix in-place encryption corruption in SMB2_write() (bsc#1264989).
- CVE-2026-43405: libceph: Use u32 for non-negative values in ceph_monmap_decode() (bsc#1264741).
- CVE-2026-43406: libceph: prevent potential out-of-bounds reads in process_message_header() (bsc#1265073).
- CVE-2026-43407: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (bsc#1265020).
- CVE-2026-43411: tipc: fix divide-by-zero in tipc_sk_filter_connect() (bsc#1264672).
- CVE-2026-43413: scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1264671).
- CVE-2026-43414: scsi: qla2xxx: Completely fix fcport double free (bsc#1264669).
- CVE-2026-43455: net: mctp: Ensure keys maintain only one ref to corresponding dev (bsc#1264765).
- CVE-2026-43469: xprtrdma: Decrement re_receiving on the early exit paths (bsc#1265143).
- CVE-2026-43470: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir (bsc#1265128).
- CVE-2026-43483: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (bsc#1265240).
- CVE-2026-43491: net: qrtr: ns: Limit the maximum server registration per node (bsc#1265628).
- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
- CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266009).
- CVE-2026-45840: openvswitch: cap upcall PID array size and pre-size vport replies (bsc#1266397).
- CVE-2026-45841: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO (bsc#1266390).
- CVE-2026-45842: slip: reject VJ receive packets on instances with no rstate array (bsc#1266400).
- CVE-2026-45843: slip: bound decode() reads against the compressed packet length (bsc#1266395).
- CVE-2026-45846: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() (bsc#1266394).
- CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
- CVE-2026-45856: RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send (bsc#1266720).
- CVE-2026-45862: iommu/vt-d: Flush cache for PASID table before using it (bsc#1266705).
- CVE-2026-45870: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths (bsc#1266704).
- CVE-2026-45878: drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (bsc#1266767).
- CVE-2026-45886: bpf: Fix bpf_xdp_store_bytes proto for read-only arg (bsc#1266810).
- CVE-2026-45894: iommu/vt-d: Clear Present bit before tearing down PASID entry (bsc#1266895).
- CVE-2026-45910: RDMA/rxe: Fix race condition in QP timer handlers (bsc#1266889).
- CVE-2026-45932: bpf: Fix tcx/netkit detach permissions when prog fd isn't given (bsc#1266827).
- CVE-2026-45940: net: stmmac: fix oops when split header is enabled (bsc#1266916).
- CVE-2026-45961: gfs2: fix memory leaks in gfs2_fill_super error path (bsc#1266933).
- CVE-2026-45964: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path (bsc#1266698).
- CVE-2026-45965: apparmor: fix invalid deref of rawdata when export_binary is unset (bsc#1267208).
- CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267205).
- CVE-2026-45974: btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found (bsc#1266922).
- CVE-2026-45983: nfsd: never defer requests during idmap lookup (bsc#1266697).
- CVE-2026-45984: gfs2: Move the inode glock locking to gfs2_file_buffered_write (bsc#1267214).
- CVE-2026-46004: ALSA: caiaq: Handle probe errors properly (bsc#1267222).
- CVE-2026-46005: xfs: fix a resource leak in xfs_alloc_buftarg() (bsc#1267431).
- CVE-2026-46021: thermal: core: Fix thermal zone governor cleanup issues (bsc#1267220).
- CVE-2026-46024: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (bsc#1267218).
- CVE-2026-46037: ipv4: icmp: validate reply type before using icmp_pointers (bsc#1267361).
- CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
- CVE-2026-46079: rbd: fix null-ptr-deref when device_add_disk() fails (bsc#1266452).
- CVE-2026-46083: spi: fix resource leaks on device setup failure (bsc#1266696).
- CVE-2026-46090: ALSA: aloop: Use guard() for spin locks (bsc#1267531).
- CVE-2026-46094: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (bsc#1266927).
- CVE-2026-46101: netfilter: reject zero shift in nft_bitwise (bsc#1266878).
- CVE-2026-46110: net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY() (bsc#1266759).
- CVE-2026-46111: Bluetooth: hci_conn: fix potential UAF in create_big_sync (bsc#1267626).
- CVE-2026-46113: KVM: x86/mmu: Add helper to convert SPTE value to its shadow page (bsc#1266969).
- CVE-2026-46114: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads (bsc#1266972).
- CVE-2026-46119: libceph: Fix slab-out-of-bounds access in auth message processing (bsc#1267628).
- CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink() (bsc#1267640).
- CVE-2026-46123: Bluetooth: virtio_bt: clamp rx length before skb_put (bsc#1267621).
- CVE-2026-46150: fanotify: fix false positive on permission events (bsc#1267387).
- CVE-2026-46157: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger (bsc#1267726).
- CVE-2026-46159: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652).
- CVE-2026-46160: btrfs: fix missing last_unlink_trans update when removing a directory (bsc#1267624).
- CVE-2026-46172: ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() (bsc#1266903).
- CVE-2026-46176: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (bsc#1266816).
- CVE-2026-46181: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (bsc#1266826).
- CVE-2026-46197: drm/amdkfd: validate SVM ioctl nattr against buffer size (bsc#1267381).
- CVE-2026-46209: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (bsc#1267663).
- CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267697).
- CVE-2026-46244: netfilter: nft_inner: Fix IPv6 inner_thoff desync (bsc#1267654).
- CVE-2026-46259: procfs: fix missing RCU protection when reading real_parent in do_task_stat() (bsc#1267685).
- CVE-2026-46273: ibmveth: Disable GSO for packets with small MSS (bsc#1267651).

The following non-security bugs were fixed:

- ACPI: CPPC: Suppress UBSAN warning caused by field misuse (git-fixes).
- ACPI: IPMI: Fix message kref handling on dead device (git-fixes).
- ACPI: NFIT: core: Fix possible NULL pointer dereference (git-fixes).
- ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams (git-fixes).
- ALSA: aloop: Drop superfluous break (git-fixes).
- ALSA: asihpi: Fix potential OOB array access at reading cache (stable-fixes).
- ALSA: cmipci: check snd_ctl_new1() return value (git-fixes).
- ALSA: core: Fix unintuitive behavior of snd_power_ref_and_wait() (git-fixes).
- ALSA: es1938: check snd_ctl_new1() return value (git-fixes).
- ALSA: gus: check snd_ctl_new1() return value (git-fixes).
- ALSA: hda/conexant: Renaming the codec with device ID 0x1f86 and 0x1f87 (stable-fixes).
- ALSA: ice1712: check snd_ctl_new1() return value (git-fixes).
- ALSA: sc6000: Keep the programmed board state in card-private data (git-fixes).
- ALSA: sc6000: Use standard print API (stable-fixes).
- ALSA: seq: Clear variable event pointer on read (git-fixes).
- ALSA: seq: Fix partial userptr event expansion (git-fixes).
- ALSA: seq: midi: Serialize output teardown with event_input (git-fixes).
- ALSA: ua101: Reject too-short USB descriptors (git-fixes).
- ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Bound MIDI endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Propagate US-16x08 write errors in route/mix EQ-switch put callbacks (git-fixes).
- ALSA: usb-audio: Propagate errors in scarlett_ctl_enum_put() (git-fixes).
- ALSA: usb-audio: Roll back quirk control caches on write errors (git-fixes).
- ALSA: usb-audio: Update Babyface Pro control caches only after successful writes (git-fixes).
- ALSA: usb-audio: Update US-16x08 EQ/comp shadow state after successful writes (git-fixes).
- ALSA: virtio: Add missing 384 kHz PCM rate mapping (git-fixes).
- ALSA: ymfpci: check snd_ctl_new1() return value (git-fixes).
- ASoC: SOF: Intel: hda-dai: add support for dspless mode beyond HDAudio (stable-fixes).
- ASoC: SOF: Intel: hda-dai: remove dspless special case (stable-fixes).
- ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes).
- ASoC: SOF: ipc3-control: Fix TOCTOU in bytes_put and bytes_get (git-fixes).
- ASoC: SOF: ipc3-control: Fix heap overflow in bytes_ext put/get (git-fixes).
- ASoC: SOF: ipc3-control: Use overflow checks in control_update size calc (git-fixes).
- ASoC: SOF: ipc3-control: Validate size in snd_sof_update_control (git-fixes).
- ASoC: SOF: ipc4-control: Fix TOCTOU in sof_ipc4_bytes_put (git-fixes).
- ASoC: SOF: topology: validate vendor array size before parsing (git-fixes).
- ASoC: adau1372: Clear PLL_EN on failed PLL lock without reset GPIO (git-fixes).
- ASoC: codecs: hdac_hdmi: Validate written enum value (git-fixes).
- ASoC: codecs: simple-mux: Fix enum control bounds check (git-fixes).
- ASoC: cs35l56: Cleanup if component_probe fails (git-fixes).
- ASoC: cs35l56: Do not leave parent IRQ disabled if system_suspend fails (git-fixes).
- ASoC: cs35l56: Fix flushing of IRQ work in cs35l56_sdw_remove() (git-fixes).
- ASoC: cs35l56: Fix missing calls to wm_adsp2_remove() (git-fixes).
- ASoC: fsl: fsl_audmix: Validate written enum values (git-fixes).
- ASoC: meson: aiu: Validate written enum values (git-fixes).
- ASoC: qcom: q6asm-dai: close stream only when running (git-fixes).
- ASoC: qcom: q6asm-dai: do not set stream state in event and trigger callbacks (git-fixes).
- ASoC: qcom: q6asm-dai: fix error handling in prepare and set_params (git-fixes).
- ASoC: tegra: tegra210_ahub: Validate written enum value (git-fixes).
- ASoC: topology: Check PCM and DAI name strings before use (git-fixes).
- ASoC: wm_adsp: Fix NULL dereference when removing firmware controls (git-fixes).
- Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt() (git-fixes).
- Bluetooth: HIDP: fix missing length checks in hidp_input_report() (git-fixes).
- Bluetooth: ISO: drop ISO_END frames received without prior ISO_START (git-fixes).
- Bluetooth: ISO: fix UAF in iso_recv_frame (git-fixes).
- Bluetooth: ISO: serialize iso_sock_clear_timer with socket lock (git-fixes).
- Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp (git-fixes).
- Bluetooth: L2CAP: fix chan ref leak in l2cap_chan_timeout() on !conn (git-fixes).
- Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() (git-fixes).
- Bluetooth: MGMT: Fix backward compatibility with userspace (git-fixes).
- Bluetooth: MGMT: validate Add Extended Advertising Data length (git-fixes).
- Bluetooth: MGMT: validate advertising TLV before type checks (git-fixes).
- Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() (git-fixes).
- Bluetooth: RFCOMM: validate skb length in MCC handlers (git-fixes).
- Bluetooth: bnep: Fix UAF read of dev->name (git-fixes).
- Bluetooth: bnep: reject short frames before parsing (git-fixes).
- Bluetooth: btmtksdio: fix infinite loop in btmtksdio_txrx_work() (git-fixes).
- Bluetooth: btusb: Allow firmware re-download when version matches (git-fixes).
- Bluetooth: btusb: fix use-after-free on marvell probe failure (git-fixes).
- Bluetooth: btusb: fix use-after-free on registration failure (git-fixes).
- Bluetooth: btusb: fix wakeup irq devres lifetime (git-fixes).
- Bluetooth: btusb: fix wakeup source leak on probe failure (git-fixes).
- Bluetooth: eir: Fix stack OOB write when prepending the Flags AD (git-fixes).
- Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() (git-fixes).
- Bluetooth: hci: validate codec capability element length (git-fixes).
- Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close (git-fixes).
- Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend (git-fixes).
- Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths (git-fixes).
- Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success (git-fixes).
- Bluetooth: vhci: validate devcoredump state before side effects (git-fixes).
- Drivers: hv: vmbus: Improve the logic of reserving fb_mmio on Gen2 VMs (git-fixes).
- HID: quirks: really enable the intended work around for appledisplay (git-fixes).
- HID: uclogic: Fix regression of input name assignment (git-fixes).
- HID: wacom: Fix OOB write in wacom_hid_set_device_mode() (git-fixes).
- Improve compatibility with awk 2.4.0 (bsc#1266214). 
- Input: atkbd - skip deactivate for HONOR BCC-N's internal keyboard (git-fixes).
- Input: atmel_mxt_ts - fix boundary check in mxt_prepare_cfg_mem (git-fixes).
- Input: ims-pcu - fix usb_free_coherent() size in ims_pcu_buffers_free() (git-fixes).
- Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB buffer size (git-fixes).
- Input: xpad - fix out-of-bounds access for Share button (git-fixes).
- KVM: SEV: Ignore MMIO requests of length '0' (git-fixes).
- KVM: SEV: Ignore Port I/O requests of length '0' (git-fixes).
- KVM: SVM: Allow KVM_SET_NESTED_STATE to clear GIF when SVME==0 (git-fixes).
- KVM: SVM: Do not set GIF when clearing EFER.SVME (git-fixes).
- KVM: SVM: Flush the current TLB when transitioning from xAVIC => x2AVIC (git-fixes).
- KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC (git-fixes).
- KVM: SVM: check validity of VMCB controls when returning from SMM (git-fixes).
- KVM: X86: Fix array_index_nospec protection in __pv_send_ipi (git-fixes).
- KVM: arm64: Discard PC update state on vcpu reset (git-fixes).
- KVM: arm64: Guard against NULL vcpu on VHE hyp panic path (git-fixes).
- KVM: arm64: PMU: Preserve AArch32 counter low bits (git-fixes).
- KVM: arm64: Treat vCPU with pending SError as runnable (git-fixes).
- KVM: arm64: Wake-up from WFI when iqrchip is in userspace (git-fixes).
- KVM: arm64: vgic-its: Reject restored DTE with out-of-range num_eventid_bits (git-fixes).
- KVM: arm64: vgic: Fix IIDR revision field extracted from wrong value (git-fixes).
- KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation (git-fixes).
- KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode (git-fixes).
- KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state (git-fixes).
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes).
- KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT (git-fixes).
- KVM: x86/mmu: Fix UBSAN warning when reading nx_huge_pages parameter (git-fixes).
- KVM: x86: Fix Xen hypercall tracepoint argument assignment (git-fixes).
- PM: sleep: Use complete() in device_pm_sleep_init() (git-fixes).
- RDMA/efa: Check stored completion CTX command ID with received one (git-fixes)
- RDMA/efa: Extend admin timeout error print (git-fixes)
- RDMA/efa: Fix possible deadlock (git-fixes)
- RDMA/efa: Improve admin completion context state machine (git-fixes)
- RDMA/mana_ib: Report max_msg_sz in mana_ib_query_port (git-fixes).
- wicked test: Added missing locking in backport (bsc#1267732).
- USB: cdc-acm: Fix bit overlap and move quirk definitions to header (git-fixes).
- USB: serial: belkin_sa: validate interrupt status length (git-fixes).
- USB: serial: cypress_m8: validate interrupt packet headers (git-fixes).
- USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() (git-fixes).
- USB: serial: io_ti: fix heap overflow in get_manuf_info() (git-fixes).
- USB: serial: keyspan: fix missing indat transfer sanity check (git-fixes).
- USB: serial: kl5kusb105: fix bulk-out buffer overflow (git-fixes).
- USB: serial: mct_u232: fix missing interrupt-in transfer sanity check (git-fixes).
- USB: serial: mxuport: fix memory corruption with small endpoint (git-fixes).
- USB: serial: omninet: fix memory corruption with small endpoint (git-fixes).
- USB: serial: option: add missing RSVD(5) flag for Rolling RW135R-GL (git-fixes).
- USB: serial: safe_serial: fix memory corruption with small endpoint (git-fixes).
- X.509: Fix validation of ASN.1 certificate header (git-fixes).
- add bugnumber to existing mana_ib change (bsc#1267682)
- agp/amd64: Fix broken error propagation in agp_amd64_probe() (git-fixes).
- arm64: tlb: Allow XZR argument to TLBI ops (git-fixes)
- arm64: tlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI (git-fixes)
- auxdisplay: line-display: fix OOB read on zero-length message_store() (git-fixes).
- batman-adv: bla: annotate lasttime access with READ/WRITE_ONCE (git-fixes).
- batman-adv: bla: fix report_work leak on backbone_gw purge (git-fixes).
- batman-adv: clear current gateway during teardown (git-fixes).
- batman-adv: dat: handle forward allocation error (git-fixes).
- batman-adv: fix batadv_skb_is_frag() kernel-doc (git-fixes).
- batman-adv: fix fragment reassembly length accounting (git-fixes).
- batman-adv: fix tp_meter counter underflow during shutdown (git-fixes).
- batman-adv: frag: disallow unicast fragment in fragment (git-fixes).
- batman-adv: tp_meter: add only finished tp_vars to lists (git-fixes).
- batman-adv: tp_meter: avoid divide-by-zero for dec_cwnd (git-fixes).
- batman-adv: tp_meter: avoid use of uninit sender vars (git-fixes).
- batman-adv: tp_meter: avoid window underflow (git-fixes).
- batman-adv: tp_meter: fix fast recovery precondition (git-fixes).
- batman-adv: tp_meter: handle seqno wrap-around for fast recovery detection (git-fixes).
- batman-adv: tp_meter: initialize dec_cwnd explicitly (git-fixes).
- batman-adv: tp_meter: initialize dup_acks explicitly (git-fixes).
- batman-adv: tp_meter: keep unacked list in ascending ordered (git-fixes).
- batman-adv: tt: fix negative last_changeset_len (git-fixes).
- batman-adv: tt: fix negative tt_buff_len (git-fixes).
- bcache: fix uninitialized closure object (git-fixes).
- bnxt_en: Fix NULL pointer dereference (bsc#1268307).
- comedi: comedi_test: Fix limiting of convert_arg in waveform_ai_cmdtest() (git-fixes).
- comedi: comedi_test: fix check for valid scan_begin_src in waveform_ai_cmdtest() (git-fixes).
- crypto: af_alg - Cap AEAD AD length to 0x80000000 (git-fixes).
- crypto: amlogic - avoid double cleanup in meson_crypto_probe() (git-fixes).
- crypto: asymmetric_keys - fix OOB read in pefile_digest_pe_contents (git-fixes).
- crypto: atmel-sha204a - fix blocking and non-blocking rng logic (git-fixes).
- crypto: cavium/cpt - fix DMA cleanup using wrong loop index (git-fixes).
- crypto: ccp - Fix snp_filter_reserved_mem_regions() off-by-one (git-fixes).
- crypto: ccp - Treat zero-length cert chain as query for blob lengths (git-fixes).
- crypto: drbg - Fix drbg_max_addtl() on 64-bit kernels (git-fixes).
- crypto: drbg - Fix returning success on failure in CTR_DRBG (git-fixes).
- crypto: drbg - Fix the fips_enabled priority boost (git-fixes).
- crypto: ecc - Fix carry overflow in vli multiplication (git-fixes).
- crypto: ecrdsa - fix unknown OID check in ecrdsa_param_curve (git-fixes).
- crypto: hisilicon/qm - disable error report before flr (git-fixes).
- crypto: marvell/octeontx - fix DMA cleanup using wrong loop index (git-fixes).
- crypto: pcrypt - restore callback for non-parallel fallback (git-fixes).
- crypto: qat - protect service table iterations with service_lock (git-fixes).
- crypto: qat - validate RSA CRT component lengths (git-fixes).
- crypto: rng - Free default RNG on module exit (git-fixes).
- device property: set fwnode->secondary to NULL in fwnode_init() (git-fixes).
- driver core: reject devices with unregistered buses (git-fixes).
- driver core: use READ_ONCE() for dev->driver in dev_has_sync_state() (git-fixes).
- drivers/base/memory: fix memory block reference leak in poison accounting (git-fixes).
- drm/amd/display: Add missing kdoc for ALLM parameters (git-fixes).
- drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size (git-fixes).
- drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs (git-fixes).
- drm/amd/display: Fix integer overflow in bios_get_image() (stable-fixes).
- drm/amd/display: Reject gpio_bitshift >= 32 in bios_parser_get_gpio_pin_info() (git-fixes).
- drm/amd/display: Use krealloc_array() in dal_vector_reserve() (git-fixes).
- drm/amd/display: Validate GPIO pin LUT table size before iterating (stable-fixes).
- drm/amd/display: Validate payload length and link_index in dc_process_dmub_aux_transfer_async (stable-fixes).
- drm/amd/pm/si: Disregard vblank time when no displays are connected (git-fixes).
- drm/amdgpu/uvd3.1: Do not validate the firmware when already validated (git-fixes).
- drm/amdgpu/vce2: Fix VCE 2 firmware size and offsets (git-fixes).
- drm/amdgpu/vce3: Fix VCE 3 firmware size and offsets (git-fixes).
- drm/amdgpu: fix integer overflow in amdgpu_gem_align_pitch() (git-fixes).
- drm/amdgpu: fix spelling typos (stable-fixes).
- drm/amdgpu: set sub_block_index for mca ras sub-blocks (git-fixes).
- drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 (git-fixes).
- drm/amdkfd: Validate CRIU-restored IDs before idr_alloc (git-fixes).
- drm/amdkfd: fix NULL dereference in get_queue_ids() (git-fixes).
- drm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS() (git-fixes).
- drm/bridge: chipone-icn6211: use devm_drm_bridge_add in i2c probe (git-fixes).
- drm/bridge: it66121: acquire reset GPIO in probe (git-fixes).
- drm/bridge: megachips: remove bridge when irq request fails (git-fixes).
- drm/dp/mst: fix OOB reads in remote DPCD/I2C sideband reply parsers (git-fixes).
- drm/dp/mst: fix OOB reads on 2-byte fields in sideband reply parsers (git-fixes).
- drm/dp/mst: fix buffer overflows in sideband chunk accumulation (git-fixes).
- drm/hisilicon/hibmc: move display contrl config to hibmc_probe() (git-fixes).
- drm/hisilicon/hibmc: use clock to look up the PLL value (git-fixes).
- drm/hyperv: use VMBUS_RING_SIZE() (git-fixes).
- drm/hyperv: validate VMBus packet size in receive callback (git-fixes).
- drm/hyperv: validate resolution_count and fix WIN8 fallback (git-fixes).
- drm/i915/gem: Fix phys BO pread/pwrite with offset (git-fixes).
- drm/i915: Extract intel_dbuf_mdclk_cdclk_ratio_update() (stable-fixes).
- drm/i915: Fix potential UAF in TTM object purge (git-fixes).
- drm/i915: Loop over all active pipes in intel_mbus_dbox_update (stable-fixes).
- drm/imx: Fix three kernel-doc warnings in dcss-scaler.c (git-fixes).
- drm/msm/dp: Fix the ISR_* enum values (git-fixes).
- drm/msm/dp: fix HPD state status bit shift value (git-fixes).
- drm/msm/dsi: do not dump registers past the mapped region (git-fixes).
- drm/msm/snapshot: fix dumping of the unaligned regions (git-fixes).
- drm/nouveau/bios: specify correct display fuse register for Ampere and Ada (git-fixes).
- drm/radeon/evergreen_cs: Add missing NULL prefix check in surface check (git-fixes).
- drm/radeon: fix integer overflow in radeon_align_pitch() (git-fixes).
- drm/radeon: fix memory leak in radeon_ring_restore() on lock failure (git-fixes).
- drm/rockchip: cdn-dp: add missing check in cdn_dp_config_video() (git-fixes).
- drm/tegra: Fix iommu_map_sgtable() return value check (git-fixes).
- drm/tegra: dc: Fix device node reference leak in tegra_dc_has_output() (git-fixes).
- drm/tidss: Drop extra drm_mode_config_reset() call (git-fixes).
- drm/tidss: Fix missing drm_bridge_add() call (git-fixes).
- drm/vc4: fix krealloc() memory leak (git-fixes).
- drm/virtio: Fix driver removal with disabled KMS (git-fixes).
- drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait() (git-fixes).
- drm/virtio: use uninterruptible resv lock for plane updates (git-fixes).
- efi: Allocate runtime workqueue before ACPI init (git-fixes).
- ethtool: provide customized dim profile management (bsc#1261256).
- fbdev: broadsheetfb: fix potential memory leak in broadsheetfb_probe() (git-fixes).
- fbdev: hecubafb: fix potential memory leak in hecubafb_probe() (git-fixes).
- fbdev: i740fb: fix potential memory leak in i740fb_probe() (git-fixes).
- fbdev: metronomefb: fix potential memory leak in metronomefb_probe() (git-fixes).
- fbdev: modedb: Fix misaligned fields in the 1920x1080-60 mode (git-fixes).
- fbdev: nvidia: fix potential memory leak in nvidiafb_probe() (git-fixes).
- fbdev: radeon: fix potential memory leak in radeonfb_pci_register() (git-fixes).
- fbdev: s3fb: fix potential memory leak in s3_pci_probe() (git-fixes).
- fbdev: sm501fb: Fix buffer errors in OF binding code (git-fixes).
- fbdev: sm712: Fix operator precedence in big_swap macro (git-fixes).
- fbdev: tdfxfb: fix potential memory leak in tdfxfb_probe() (git-fixes).
- fbdev: tridentfb: fix potential memory leak in trident_pci_probe() (git-fixes).
- fbdev: uvesafb: fix potential memory leak in uvesafb_probe() (git-fixes).
- fbdev: vesafb: fix memory leak in vesafb_probe() (git-fixes).
- firmware: arm_ffa: Check for NULL FF-A ID table while driver registration (git-fixes).
- firmware: arm_ffa: Skip free_pages on RX buffer alloc failure (git-fixes).
- firmware: arm_scmi: Fix OOB in scmi_power_name_get() (git-fixes).
- firmware: arm_scmi: Read sensor config as 32-bit value (git-fixes).
- firmware_loader: Fix recursive lock in device_cache_fw_images() (git-fixes).
- firmware_loader: fix device reference leak in firmware_upload_register() (git-fixes).
- gpio: mvebu: fix NULL pointer dereference in suspend/resume (git-fixes).
- gpu: host1x: Allow entries in BO caches to be freed (git-fixes).
- gpu: host1x: Fix iommu_map_sgtable() return value check (git-fixes).
- hv: utils: handle and propagate errors in kvp_register (git-fixes).
- hwmon: (it87) Clamp negative values to zero in set_fan() (git-fixes).
- hwmon: (pmbus/adm1266) bounce blackbox records through a protocol-sized buffer (git-fixes).
- hwmon: (pmbus/adm1266) cap PDIO scan in get_multiple at ADM1266_PDIO_NR (git-fixes).
- hwmon: (pmbus/adm1266) do not clobber GPIO bits before PDIO read in get_multiple (git-fixes).
- hwmon: (pmbus/adm1266) include PEC byte in pmbus_block_xfer read buffer (git-fixes).
- hwmon: (pmbus/adm1266) include adapter number in GPIO line label (git-fixes).
- hwmon: (pmbus/adm1266) register the gpio_chip after pmbus_do_probe() (git-fixes).
- hwmon: (pmbus/adm1266) register the nvmem device after pmbus_do_probe() (git-fixes).
- hwmon: (pmbus/adm1266) reject implausible blackbox record_count (git-fixes).
- hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors (git-fixes).
- hwmon: (pmbus/adm1266) seed timestamp from the real-time clock (git-fixes).
- hwmon: (pmbus/adm1266) widen blackbox-info buffer to I2C_SMBUS_BLOCK_MAX (git-fixes).
- hwrng: jh7110 - fix refcount leak in starfive_trng_read() (git-fixes).
- hwrng: virtio: clamp device-reported used.len at copy_data() (git-fixes).
- hyperv: Clean up and fix the guest ID comment in hvgdk.h (git-fixes).
- i2c: core: fix irq domain leak on adapter registration failure (git-fixes).
- i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() (git-fixes).
- i2c: stm32f7: fix timing computation ignoring i2c-analog-filter (git-fixes).
- i2c: tegra: Fix NOIRQ suspend/resume (git-fixes).
- iio: adc: viperboard: Fix error handling in vprbrd_iio_read_raw (git-fixes).
- iio: adc: xilinx-xadc: Fix sequencer mode in postdisable for dual mux (git-fixes).
- iio: buffer: hw-consumer: fix use-after-free in error path (git-fixes).
- iio: dac: ad5686: acquire lock when doing powerdown control (git-fixes).
- iio: dac: ad5686: fix input raw value check (git-fixes).
- iio: dac: max5821: fix return value check in powerdown sync (git-fixes).
- iio: gyro: itg3200: fix i2c read into the wrong stack location (git-fixes).
- iio: imu: st_lsm6dsx: fix stack leak in tagged FIFO buffer (git-fixes).
- iio: light: cm3323: fix reg_conf not being initialized correctly (git-fixes).
- iio: magnetometer: st_magn: fix default DRDY pin selection for LIS2MDL (git-fixes).
- iio: ssp_sensors: cancel delayed work_refresh on remove (git-fixes).
- iio: temperature: tsys01: fix broken PROM checksum validation (git-fixes).
- kabi: arm64: module: Update missing .init.text.ftrace_trampoline section message (bsc#1265579 bsc#1265170).
- linux/dim: move useful macros to .h file (bsc#1261256).
- misc: fastrpc: Fix NULL pointer dereference in rpmsg callback (git-fixes).
- misc: fastrpc: fix DMA address corruption due to find_vma misuse (git-fixes).
- misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context (git-fixes).
- misc: fastrpc: fix use-after-free race in fastrpc_map_create (git-fixes).
- mmc: core: Fix host controller programming for fixed driver type (git-fixes).
- mmc: litex_mmc: Set mandatory idle clocks before CMD0 (git-fixes).
- mmc: litex_mmc: Use DIV_ROUND_UP for more accurate clock calculation (git-fixes).
- mmc: renesas_sdhi: Add OF entry for RZ/G2H SoC (git-fixes).
- mmc: sdhci: add signal voltage switch in sdhci_resume_host (git-fixes).
- net: ethtool: add ethtool COALESCE_RX_CQE_FRAMES/NSECS (bsc#1261256).
- net: gro: do not merge zcopy skbs (git-fixes).
- net: mana: Add NULL guards in teardown path to prevent panic on attach failure (git-fixes).
- net: mana: Add ethtool counters for RX CQEs in coalesced type (bsc#1261256).
- net: mana: Add support for RX CQE Coalescing (bsc#1261256).
- net: mana: Expose hardware diagnostic info via debugfs (bsc#1266414).
- net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer (bsc#1265928).
- net: mana: Skip redundant detach on already-detached port (git-fixes).
- net: mana: Use kvmalloc for large RX queue and buffer allocations (bsc#1266765).
- net: mana: Use per-queue allocation for tx_qp to reduce allocation size (bsc#1266765).
- net: mana: hardening: Reject zero max_num_queues from GDMA_QUERY_MAX_RESOURCES (git-fixes).
- net: mana: validate rx_req_idx to prevent out-of-bounds array access (bsc#1266402).
- net: wwan: iosm: fix potential memory leaks in ipc_imem_init() (git-fixes).
- phy: marvell: mvebu-a3700-utmi: fix incorrect USB2_PHY_CTRL register access (git-fixes).
- platform/x86: adv_swbutton: Check ACPI_HANDLE() against NULL (git-fixes).
- platform/x86: hp_accel: Check ACPI_COMPANION() against NULL (git-fixes).
- platform/x86: intel-hid: Check ACPI_HANDLE() against NULL (git-fixes).
- platform/x86: intel-vbtn: Check ACPI_HANDLE() against NULL (git-fixes).
- r8152: fix incorrect register write to USB_UPHY_XTAL (git-fixes).
- rpm/check-for-config-changes: ignore Rust-related configs (bsc#1258538).
- rpm/mkspec: Conditionally set Rust BuildReqs (bsc#1258538).
- rpm: Add BuildRequires for Rust enablement (bsc#1258538).
- s390/barrier: Make array_index_mask_nospec() __always_inline (bsc#1263068).
- s390/entry: Scrub r12 register on kernel entry (bsc#1263068).
- s390/syscalls: Add spectre boundary for syscall dispatch table (bsc#1263068).
- sched/rt: Skip currently executing CPU in rto_next_cpu() (bsc#1262649).
- security/keys: fix missed RCU read section on lookup (stable-fixes).
- serial: fsl_lpuart: fix rx buffer and DMA map leaks in start_rx_dma (git-fixes).
- serial: qcom-geni: fix UART_RX_PAR_EN bit position (git-fixes).
- slimbus: qcom-ngd-ctrl: fix OF node refcount (git-fixes).
- smb: client: correctly handle ErrorContextData as a flexible array (git-fixes)
- smb: client: reject userspace cifs.spnego descriptions (bsc#1266238).
- soc: fsl: qe: panic on ioremap() failure in qe_reset() (git-fixes).
- soc: ti: k3-ringacc: Fix access mode for k3_ringacc_ring_pop_tail_io/proxy (git-fixes).
- spi: at91-usart: drop dead runtime pm support (git-fixes).
- spi: ep93xx: fix double-free of zeropage on DMA setup failure (git-fixes).
- spi: fsl-lpspi: replace dmaengine_terminate_all() with dmaengine_terminate_sync() (git-fixes).
- spi: fsl-lpspi: terminate the RX channel on TX prepare failure path (git-fixes).
- spi: meson-spifc: fix runtime PM leak on remove (git-fixes).
- spi: mtk-snfi: Fix resource leak in mtk_snand_read_page_cache() (git-fixes).
- spi: sprd: fix error pointer deref after DMA setup failure (git-fixes).
- spi: st-ssc4: switch to use modern name (stable-fixes).
- spi: ti-qspi: fix use-after-free after DMA setup failure (git-fixes).
- spi: xilinx: use FIFO occupancy register to determine buffer size (git-fixes).
- string: add mem_is_zero() helper to check if memory area is all zeros (stable-fixes).
- thermal: hwmon: Fix critical temperature attribute removal (git-fixes).
- thunderbolt: Bound root directory content to block size (git-fixes).
- thunderbolt: Clamp XDomain response data copy to allocation size (git-fixes).
- thunderbolt: Limit XDomain response copy to actual frame size (git-fixes).
- thunderbolt: Reject zero-length property entries in validator (git-fixes).
- thunderbolt: Validate XDomain request packet size before type cast (git-fixes).
- thunderbolt: property: Reject dir_len < 4 to prevent size_t underflow (git-fixes).
- thunderbolt: property: Reject u32 wrap in tb_property_entry_valid() (git-fixes).
- tracing: Switch trace_osnoise.c code over to use guard() and __free() (bsc#1262634).
- tty: serial: pch_uart: add check for dma_alloc_coherent() (git-fixes).
- usb: cdns3: gadget: fix request skipping after clearing halt (git-fixes).
- usb: cdns3: plat: fix unbalanced pm_runtime_forbid() call permanently leaks the runtime PM usage counter across bind/unbind cycles (git-fixes).
- usb: chipidea: core: convert ci_role_switch to local variable (git-fixes).
- usb: dwc2: Fix use after free in debug code (git-fixes).
- usb: gadget: composite: fix integer underflow in WebUSB GET_URL handling (git-fixes).
- usb: gadget: dummy_hcd: Reject hub port requests for non-existent ports (git-fixes).
- usb: gadget: f_fs: copy only received bytes on short ep0 read (git-fixes).
- usb: gadget: f_hid: fix device reference leak in hidg_alloc() (git-fixes).
- usb: gadget: net2280: Fix double free in probe error path (git-fixes).
- usb: usbtmc: check URB actual_length for interrupt-IN notifications (git-fixes).
- usb: usbtmc: reject interrupt endpoints with small wMaxPacketSize (git-fixes).
- usbip: vudc: Fix use after free bug in vudc_remove due to race condition (git-fixes).
- watchdog: apple: Add 'apple,t8103-wdt' compatible (git-fixes).
- watchdog: sp5100_tco: Use EFCH MMIO for newer Hygon FCH (git-fixes).
- watchdog: sprd_wdt: Remove redundant sprd_wdt_disable() on register failure (git-fixes).
- watchdog: unregister PM notifier on watchdog unregister (git-fixes).
- wifi: ath10k: skip WMI and beacon transmission when device is wedged (git-fixes).
- wifi: ath11k: clear shared SRNG pointer state on restart (git-fixes).
- wifi: ath11k: fix error path leak in ath11k_tm_cmd_wmi_ftm() (git-fixes).
- wifi: ath11k: fix error path leaks in some WMI WOW calls (git-fixes).
- wifi: ath11k: fix error path leaks in some WMI calls (git-fixes).
- wifi: ath11k: fix peer resolution on rx path when peer_id=0 (git-fixes).
- wifi: ath11k: fix use after free in ath11k_dp_rx_msdu_coalesce() (git-fixes).
- wifi: ath11k: fix warning when unbinding (git-fixes).
- wifi: ath9k: fix OOB access from firmware tx status queue ID (git-fixes).
- wifi: cfg80211: advance loop vars in cfg80211_merge_profile() (git-fixes).
- wifi: cfg80211: fix grammar in MLO group key error message (git-fixes).
- wifi: mac80211: consume only present negotiated TTLM maps (git-fixes).
- wifi: mac80211: fix monitor mode frame capture for real chanctx drivers (git-fixes).
- wifi: mac80211: limit injected antenna index in ieee80211_parse_tx_radiotap (git-fixes).
- wifi: mt76: fix argument to ieee80211_is_first_frag() (git-fixes).
- wifi: mt76: mt7915: fix potential tx_retries underflow (git-fixes).
- wifi: mt76: mt7921: fix potential tx_retries underflow (git-fixes).
- wifi: mt76: mt7925: clean up DMA on probe failure (git-fixes).
- wifi: mt76: mt7925: fix potential tx_retries underflow (git-fixes).
- wifi: mt76: mt7996: fix potential tx_retries underflow (git-fixes).
- wifi: nl80211: reject oversized EMA RNR lists (git-fixes).
- wifi: rtlwifi: rtl8821ae: Fix C2H bit location in RX descriptor (git-fixes).
- wifi: rtw88: fix OOB read from firmware RX descriptor exceeding DMA buffer (git-fixes).
- wifi: rtw88: increase TX report timeout to fix race condition (git-fixes).
- wifi: rtw88: usb: fix memory leaks on USB write failures (git-fixes).
- wifi: rtw89: Correct data type for scan index to avoid infinite loop (git-fixes).
- wifi: wcn36xx: fix OOB read from firmware count in PRINT_REG_INFO indication (git-fixes).
- wifi: wcn36xx: fix OOB read from short trigger BA firmware response (git-fixes).
- wifi: wcn36xx: fix heap overflow from oversized firmware HAL response (git-fixes).


The following package changes have been done:

- glibc-2.38-slfo.1.1_9.1 updated
- libopenssl3-3.1.4-slfo.1.1_11.1 updated
- SL-Micro-release-6.1-slfo.1.12.49 updated
- krb5-1.21.3-slfo.1.1_5.1 updated
- glibc-locale-base-2.38-slfo.1.1_9.1 updated
- kernel-rt-6.4.0-48.1 updated
- container:SL-Micro-container-2.2.1-7.129 updated


More information about the sle-container-updates mailing list