SUSE-IU-2026:5511-1: Security update of suse/sl-micro/6.0/rt-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jul 7 07:11:49 UTC 2026


SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:5511-1
Image Tags        : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.197 , suse/sl-micro/6.0/rt-os-container:latest
Image Release     : 7.197
Severity          : important
Type              : security
References        : 1255029 1261604 1262618 1262655 1263072 1263560 1263573 1263656
                        1263658 1263998 1264001 1264015 1264228 1264230 1264236 1264241
                        1264254 1264258 1264261 1264286 1264294 1264320 1264337 1264562
                        1264612 1264734 1264748 1264814 1264974 1265113 1265421 1265629
                        1266008 1266396 1266700 1266717 1266734 1266830 1266847 1266899
                        1266928 1266929 1267228 1267365 1267369 1267427 1267430 1267437
                        1267458 1267567 1267582 1267591 1267635 1267637 1267684 1267717
                        1267722 1267825 1267918 1267937 1267966 1267993 1268022 1268037
                        1268237 1268335 1268428 1268660 1268661 1269022 1269033 1269090
                        1269100 1269103 1269135 1269136 1269137 1269184 1269195 1269281
                        1269310 1269314 1269397 1269398 1269418 1269493 1269506 1269519
                        1269574 1269678 1269681 1269798 1269821 1269884 1270059 CVE-2025-40341
                        CVE-2025-71294 CVE-2026-23451 CVE-2026-31450 CVE-2026-31462 CVE-2026-31466
                        CVE-2026-31502 CVE-2026-31670 CVE-2026-31677 CVE-2026-43010 CVE-2026-43022
                        CVE-2026-43034 CVE-2026-43079 CVE-2026-43080 CVE-2026-43081 CVE-2026-43085
                        CVE-2026-43086 CVE-2026-43089 CVE-2026-43093 CVE-2026-43107 CVE-2026-43128
                        CVE-2026-43139 CVE-2026-43233 CVE-2026-43238 CVE-2026-43303 CVE-2026-43336
                        CVE-2026-43420 CVE-2026-43456 CVE-2026-43472 CVE-2026-43492 CVE-2026-43502
                        CVE-2026-45838 CVE-2026-45848 CVE-2026-45891 CVE-2026-45912 CVE-2026-45948
                        CVE-2026-45985 CVE-2026-46028 CVE-2026-46053 CVE-2026-46063 CVE-2026-46065
                        CVE-2026-46069 CVE-2026-46071 CVE-2026-46076 CVE-2026-46112 CVE-2026-46116
                        CVE-2026-46124 CVE-2026-46133 CVE-2026-46173 CVE-2026-46185 CVE-2026-46214
                        CVE-2026-46229 CVE-2026-46253 CVE-2026-46254 CVE-2026-46266 CVE-2026-46274
                        CVE-2026-46289 CVE-2026-46291 CVE-2026-46319 CVE-2026-46320 CVE-2026-46328
                        CVE-2026-46331 CVE-2026-52908 CVE-2026-52909 CVE-2026-52918 CVE-2026-52923
                        CVE-2026-52943 CVE-2026-52954 CVE-2026-52957 CVE-2026-52962 CVE-2026-52969
                        CVE-2026-52972 CVE-2026-53016 CVE-2026-53040 CVE-2026-53041 CVE-2026-53052
                        CVE-2026-53053 CVE-2026-53071 CVE-2026-53072 CVE-2026-53122 CVE-2026-53133
                        CVE-2026-53138 CVE-2026-53182 CVE-2026-53253 CVE-2026-53266 CVE-2026-53281
                        CVE-2026-53287 CVE-2026-53359 CVE-2026-53362 CVE-2026-5435 CVE-2026-6238
-----------------------------------------------------------------

The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 782
Released:    Mon Jul  6 11:55:13 2026
Summary:     Recommended update for kmod
Type:        recommended
Severity:    moderate
References:  
This update for kmod fixes the following issues:

- Use in-kernel decompression if available (jsc#PED-16303):
    * libkmod:
        + Add a separate function to load the file contents when it's needed.
          When it's not needed on the path of loading modules via finit_module(),
          there is no need to mmap the file.
        + Extract 2 functions to handle finit_module vs init_modules differences,
          with a fallback from the former to the latter.
        + Don't only set the type as direct, but also keep track of the compression being used.
        + When creating the context, read /sys/kernel/compression to check
          what's the compression type supported by the kernel.
        + Use kernel decompression when available
        + add fallback MODULE_INIT_COMPRESSED_FILE define

-----------------------------------------------------------------
Advisory ID: kernel-502
Released:    Mon Jul  6 15:11:38 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1255029,1261604,1262618,1262655,1263072,1263560,1263573,1263998,1264001,1264015,1264228,1264230,1264236,1264241,1264254,1264258,1264261,1264286,1264294,1264320,1264337,1264562,1264612,1264734,1264748,1264814,1264974,1265113,1265421,1265629,1266008,1266396,1266700,1266717,1266734,1266830,1266847,1266899,1266928,1266929,1267228,1267365,1267369,1267427,1267430,1267437,1267458,1267567,1267582,1267591,1267635,1267637,1267684,1267717,1267722,1267825,1267918,1267937,1267966,1267993,1268022,1268037,1268237,1268335,1268428,1268660,1268661,1269022,1269033,1269090,1269100,1269103,1269135,1269136,1269137,1269184,1269195,1269281,1269310,1269314,1269397,1269398,1269418,1269493,1269506,1269519,1269574,1269678,1269681,1269798,1269821,1269884,1270059,CVE-2025-40341,CVE-2025-71294,CVE-2026-23451,CVE-2026-31450,CVE-2026-31462,CVE-2026-31466,CVE-2026-31502,CVE-2026-31670,CVE-2026-31677,CVE-2026-43010,CVE-2026-43022,CVE-2026-43034,CVE-2026-43079,CVE-2026-43080,CVE-2026-43081,CVE-2026-43085,C
 VE-2026-43086,CVE-2026-43089,CVE-2026-43093,CVE-2026-43107,CVE-2026-43128,CVE-2026-43139,CVE-2026-43233,CVE-2026-43238,CVE-2026-43303,CVE-2026-43336,CVE-2026-43420,CVE-2026-43456,CVE-2026-43472,CVE-2026-43492,CVE-2026-43502,CVE-2026-45838,CVE-2026-45848,CVE-2026-45891,CVE-2026-45912,CVE-2026-45948,CVE-2026-45985,CVE-2026-46028,CVE-2026-46053,CVE-2026-46063,CVE-2026-46065,CVE-2026-46069,CVE-2026-46071,CVE-2026-46076,CVE-2026-46112,CVE-2026-46116,CVE-2026-46124,CVE-2026-46133,CVE-2026-46173,CVE-2026-46185,CVE-2026-46214,CVE-2026-46229,CVE-2026-46253,CVE-2026-46254,CVE-2026-46266,CVE-2026-46274,CVE-2026-46289,CVE-2026-46291,CVE-2026-46319,CVE-2026-46320,CVE-2026-46328,CVE-2026-46331,CVE-2026-52908,CVE-2026-52909,CVE-2026-52918,CVE-2026-52923,CVE-2026-52943,CVE-2026-52954,CVE-2026-52957,CVE-2026-52962,CVE-2026-52969,CVE-2026-52972,CVE-2026-53016,CVE-2026-53040,CVE-2026-53041,CVE-2026-53052,CVE-2026-53053,CVE-2026-53071,CVE-2026-53072,CVE-2026-53122,CVE-2026-53133,CVE-2026-53138,CVE-2026
 -53182,CVE-2026-53253,CVE-2026-53266,CVE-2026-53281,CVE-2026-53287,CVE-2026-53359,CVE-2026-53362

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 RT kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-40341: futex: Don't leak robust_list pointer on exec race (bsc#1255029).
- CVE-2025-71294: drm/amdgpu: fix NULL pointer issue buffer funcs (bsc#1264562).
- CVE-2026-23451: bonding: prevent potential infinite loop in bond_header_parse() (bsc#1261604).
- CVE-2026-31450: ext4: publish jinode after initialization (bsc#1262618).
- CVE-2026-31462: drm/amdgpu: prevent immediate PASID reuse case (bsc#1262655).
- CVE-2026-31466: mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (bsc#1267825).
- CVE-2026-31502: team: fix header_ops type confusion with non-Ethernet ports (bsc#1263072).
- CVE-2026-31670: net: rfkill: prevent unlimited numbers of rfkill events from being created (bsc#1263573).
- CVE-2026-31677: crypto: af_alg - limit RX SG extraction by receive buffer budget (bsc#1263560).
- CVE-2026-43010: bpf: Reject sleepable kprobe_multi programs at attach time (bsc#1264015).
- CVE-2026-43022: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists (bsc#1264001).
- CVE-2026-43034: bnxt_en: set backing store type from query type (bsc#1263998).
- CVE-2026-43079: perf/x86/intel/uncore: Skip discovery table for offline dies (bsc#1264228).
- CVE-2026-43080: l2tp: Drop large packets with UDP encap (bsc#1264236).
- CVE-2026-43081: net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+ (bsc#1264241).
- CVE-2026-43085: netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator (bsc#1264230).
- CVE-2026-43086: ipvs: fix NULL deref in ip_vs_add_service error path (bsc#1264286).
- CVE-2026-43089: xfrm_user: fix info leak in build_mapping() (bsc#1264261).
- CVE-2026-43093: xsk: tighten UMEM headroom validation to account for tailroom and min frame (bsc#1264254).
- CVE-2026-43107: xfrm: account XFRMA_IF_ID in aevent size calculation (bsc#1264258).
- CVE-2026-43128: RDMA/umem: Fix double dma_buf_unpin in failure path (bsc#1264612).
- CVE-2026-43139: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() (bsc#1264294).
- CVE-2026-43233: netfilter: nf_conntrack_h323: fix OOB read in decode_choice() (bsc#1264337).
- CVE-2026-43238: net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() (bsc#1264320).
- CVE-2026-43303: mm/page_alloc: clear page->private in free_pages_prepare() (bsc#1264974).
- CVE-2026-43336: lib/crypto: chacha: Zeroize permuted_state before it leaves scope (bsc#1265113).
- CVE-2026-43420: ceph: fix i_nlink underrun during async unlink (bsc#1264814).
- CVE-2026-43456: bonding: fix type confusion in bond_setup_by_slave() (bsc#1264734).
- CVE-2026-43472: unshare: fix unshare_fs() handling (bsc#1264748).
- CVE-2026-43492: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (bsc#1265629).
- CVE-2026-43502: net/rds: handle zerocopy send cleanup before the message is queued (bsc#1266008).
- CVE-2026-45838: bpf: fix end-of-list detection in cgroup_storage_get_next_key() (bsc#1266396).
- CVE-2026-45848: apparmor: fix NULL sock in aa_sock_file_perm (bsc#1266734).
- CVE-2026-45891: net: hns3: fix double free issue for tx spare buffer (bsc#1266717).
- CVE-2026-45912: ext4: don't cache extent during splitting extent (bsc#1266899).
- CVE-2026-45948: ext4: fix memory leak in ext4_ext_shift_extents() (bsc#1266929).
- CVE-2026-45985: ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O (bsc#1266700).
- CVE-2026-46028: crypto: algif_aead - snapshot IV for async AEAD requests (bsc#1267430).
- CVE-2026-46053: net: rds: fix MR cleanup on copy error (bsc#1267427).
- CVE-2026-46063: x86/shstk: Prevent deadlock during shstk sigreturn (bsc#1267228).
- CVE-2026-46065: fbdev: defio: Disconnect deferred I/O from the lifetime of struct (bsc#1267458).
- CVE-2026-46069: wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() (bsc#1267437).
- CVE-2026-46071: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 (bsc#1267591).
- CVE-2026-46076: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 (bsc#1267365).
- CVE-2026-46112: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() (bsc#1267582).
- CVE-2026-46116: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (bsc#1267369).
- CVE-2026-46124: isofs: validate block number from NFS file handle in isofs_export_iget (bsc#1266847).
- CVE-2026-46133: RDMA/rxe: Reject unknown opcodes before ICRC processing (bsc#1266928).
- CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task (bsc#1267722).
- CVE-2026-46185: smb/client: fix out-of-bounds read in symlink_data() (bsc#1266830).
- CVE-2026-46214: vsock/virtio: fix accept queue count leak on transport mismatch (bsc#1267717).
- CVE-2026-46229: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure (bsc#1267567).
- CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old() (bsc#1267635).
- CVE-2026-46254: AppArmor: Allow apparmor to handle unaligned dfa tables (bsc#1267637).
- CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (bsc#1267684).
- CVE-2026-46289: lib/scatterlist: fix length calculations in extract_kvec_to_sg (bsc#1267966).
- CVE-2026-46291: crypto: caam - guard HMAC key hex dumps in hash_digest_key (bsc#1267937).
- CVE-2026-46319: net/sched: act_ct: Only release RCU read lock after ct_ft (bsc#1268022).
- CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp() (bsc#1267993).
- CVE-2026-46328: apparmor: fix rlimit for posix cpu timers (bsc#1268037).
- CVE-2026-52908: RDMA: During rereg_mr ensure that REREG_ACCESS is compatible (bsc#1268661).
- CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device (bsc#1268660).
- CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100).
- CVE-2026-52923: ipc: limit next_id allocation to the valid ID range (bsc#1269033).
- CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers (bsc#1269022).
- CVE-2026-52954: libceph: handle rbtree insertion error in decode_choose_args() (bsc#1269137).
- CVE-2026-52957: libceph: Fix potential null-ptr-deref in decode_choose_args() (bsc#1269103).
- CVE-2026-52962: ceph: fix a buffer leak in __ceph_setxattr() (bsc#1269135).
- CVE-2026-52969: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (bsc#1269184).
- CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000 (bsc#1269195).
- CVE-2026-53016: crypto: ccp - copy IV using skcipher ivsize (bsc#1269090).
- CVE-2026-53040: ocfs2: validate bg_bits during freefrag scan (bsc#1269397).
- CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full (bsc#1269398).
- CVE-2026-53052: ASoC: qcom: qdsp6: topology: check widget type before accessing data (bsc#1269314).
- CVE-2026-53053: iommu/amd: Fix clone_alias() to use the original device's devid (bsc#1269310).
- CVE-2026-53071: Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (bsc#1269678).
- CVE-2026-53072: Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (bsc#1269681).
- CVE-2026-53122: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit (bsc#1269418).
- CVE-2026-53133: RDMA/umem: Fix truncation for block sizes >= 4G (bsc#1269821).
- CVE-2026-53138: drm/amd/display: Bound VBIOS record-chain walk loops (bsc#1269281).
- CVE-2026-53182: wifi: nl80211: reject oversized EMA RNR lists (bsc#1269884).
- CVE-2026-53253: Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (bsc#1269574).
- CVE-2026-53266: netfilter: bridge: make ebt_snat ARP rewrite writable (bsc#1269136).
- CVE-2026-53281: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption (bsc#1269519).
- CVE-2026-53287: audit: fix incorrect inheritable capability in CAPSET records (bsc#1269506).
- CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected role (bsc#1270059).
- CVE-2026-53362: ipv6: account for fraggap on the paged allocation path (bsc#1269493).

The following non security issues were fixed:

- ACPI: IPMI: Fix inverted interface check in ipmi_bmc_gone() (git-fixes).
- ACPI: resource: Amend kernel-doc style (git-fixes).
- ALSA: caiaq: fix out-of-bounds read in the Traktor Kontrol S4 input parser (git-fixes).
- ALSA: firewire: isight: bound the sample count to the packet payload (git-fixes).
- ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6 (stable-fixes).
- ALSA: seq: Fix uninitialised heap leak in snd_seq_event_dup() (git-fixes).
- ALSA: timer: Fix UAF at snd_timer_user_params() (stable-fixes).
- ALSA: usb-audio: avoid kobject path lookup in DualSense match (git-fixes).
- ALSA: usb-audio: Kill MIDI 2.0 URBs before freeing endpoints (git-fixes).
- ASoC: fsl_asrc_dma: fix eDMA maxburst misalignment with channel count (git-fixes).
- ASoC: qcom: q6apm: fix NULL pointer dereference in graph_callback (git-fixes).
- ASoC: tlv320aic3x: restrict CLKDIV bypass Q values in dual-rate mode (git-fixes).
- Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig (stable-fixes).
- bus: mhi: ep: Add missing state_lock protection for mhi_state access (git-fixes).
- bus: mhi: ep: Fix potential deadlock in mhi_ep_reset_worker() (git-fixes).
- bus: mhi: ep: Protect mhi_ep_handle_syserr() in the error path (git-fixes).
- char: tlclk: fix use-after-free in tlclk_cleanup() (git-fixes).
- dmaengine: dw-edma: Add spinlock to protect DONE_INT_MASK and ABORT_INT_MASK (git-fixes).
- dmaengine: Fix possible use after free (git-fixes).
- dmaengine: imx-sdma: Refine spba bus searching in probe (git-fixes).
- dmaengine: qcom: gpi: set DMA_PRIVATE capability (git-fixes).
- dmaengine: tegra: Fix burst size calculation (git-fixes).
- drm/amd/display: Clamp VBIOS HDMI retimer register count to array size (stable-fixes).
- drm/amdgpu: Fix amdgpu_bo_move() when old_mem and new_mem are both GTT (git-fixes).
- drm/amdgpu: initialize irq.lock spinlock earlier (git-fixes).
- drm/amdgpu: restart the CS if some parts of the VM are still invalidated (stable-fixes).
- drm/amdgpu: skip already suspended IP blocks in ip_suspend_phase2 (git-fixes).
- drm/amdgpu: validate CP_GFX_SHADOW chunk size in CS pass1 (git-fixes).
- drm/amdkfd: Avoid double-unpin of DOORBELL/MMIO BOs on free (git-fixes).
- drm/amdkfd: Check for pdd drm file first in CRIU restore path (stable-fixes).
- drm/amdkfd: fix list_del corruption in kfd_criu_resume_svm (git-fixes).
- drm/amdkfd: fix NULL pointer bug in svm_range_set_attr (stable-fixes).
- drm/dp: Add eDP 1.5 bit definition (stable-fixes).
- drm/edid: fix OOB read in drm_parse_tiled_block() (git-fixes).
- drm/i915/gem: Add missing nospec on parallel submit slot (git-fixes).
- drm/i915/psr: Add defininitions for INTEL_WA_REGISTER_CAPS DPCD register (stable-fixes).
- drm/nouveau/acr: fix missing nvkm_done() in error path of nvkm_acr_oneinit() (git-fixes).
- drm/nouveau: fix reversed error cleanup order in ucopy functions (git-fixes).
- fpga: dfl: add bounds check in dfh_get_param_size() (git-fixes).
- fpga: microchip-spi: fix zero header_size OOB read in mpf_ops_parse_header() (git-fixes).
- fpga: region: fix use-after-free in child_regions_with_firmware() (git-fixes).
- HID: logitech-hidpp: remove excess kernel-doc member in hidpp_scroll_counter (git-fixes).
- HID: quirks: Add ALWAYS_POLL quirk for SIGMACHIP USB mouse (stable-fixes).
- HID: wacom: stop hardware after post-start probe failures (git-fixes).
- HID: wiimote: Fix table layout and whitespace errors (git-fixes).
- hv_balloon: Simplify data output in hv_balloon_debug_show() (git-fixes).
- i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl (stable-fixes).
- i2c: mpc: Fix timeout calculations (git-fixes).
- i2c: stm32f7: truncate clock period instead of rounding it (git-fixes).
- i3c: master: Prevent reuse of dynamic address on device add failure (git-fixes).
- iio: accel: mma8452: handle I2C read error(s) in mma8452_read() (git-fixes).
- iio: adc: npcm: Convert to platform remove callback returning void (stable-fixes).
- iio: adc: xilinx-ams: fix out-of-bounds channel lookup in event handling (git-fixes).
- iio: chemical: scd30: Cleanup initializations and fix sign-extension bug (git-fixes).
- iio: chemical: scd30: fix division by zero in write_raw (git-fixes).
- iio: chemical: scd30: Use guard(mutex) to allow early returns (stable-fixes).
- iio: gyro: bmg160: bail out when bandwidth/filter is not in table (git-fixes).
- iio: gyro: bmg160: wait full startup time after mode change at probe (git-fixes).
- iio: light: opt3001: fix missing state reset on timeout (git-fixes).
- iio: light: si1133: prevent race condition on timeout (git-fixes).
- iio: light: si1133: reset counter to prevent race condition (git-fixes).
- iio: light: veml6030: fix channel type when pushing events (git-fixes).
- iio: magnetometer: ak8975: Add missed pm_runtime_put_autosuspend() call (git-fixes).
- iio: magnetometer: ak8975: fix potential kernel stack memory leak (git-fixes).
- iio: tcs3472: power down chip on probe failure (git-fixes).
- iio: temperature: ltc2983: Fix reinit_completion() called after conversion start (git-fixes).
- Input: atkbd - add DMI quirk for Lenovo Yoga Air 14 (83QK) (stable-fixes).
- Input: elan_i2c - validate firmware size before use (stable-fixes).
- Input: synaptics - add LEN2058 to SMBus passlist for ThinkPad E490 (stable-fixes).
- Input: synaptics-rmi4 - bound the F3A keymap to the GPIO count (git-fixes).
- Input: synaptics-rmi4 - bound the F30 keymap to the GPIO/LED count (git-fixes).
- Input: xpad - add 'Nova 2 Lite' from GameSir (stable-fixes).
- Input: xpad - add support for ASUS ROG RAIKIRI II (stable-fixes).
- KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path (git-fixes).
- KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (git-fixes).
- KVM: SVM: Truncate INVLPGA address in compatibility mode (git-fixes).
- KVM: VMX: Grab vmcs12 on CR8 interception update iff vCPU is in guest mode (git-fixes).
- KVM: x86/mmu: Ensure hugepage is in by slot before checking max mapping level (git-fixes).
- KVM: x86/mmu: Recursively zap orphaned nested TDP shadow pages on emulated writes (git-fixes).
- KVM: x86: hyper-v: Bound the bank index when querying sparse banks (git-fixes).
- KVM: x86: ioapic: Use old_dest_mode consistently in ioapic_write_indirect() (git-fixes).
- KVM: x86: Move update_cr8_intercept() to lapic.c (git-fixes).
- KVM: x86: Unconditionally recompute CR8 intercept on PPR update (git-fixes).
- leds: uleds: Fix potential buffer overread (git-fixes).
- loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression (jsc#PED-16303).
- loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported (jsc#PED-16303).
- mailbox: mtk-adsp: fix UAF during device teardown (git-fixes).
- media: aspeed: fix missing of_reserved_mem_device_release() on probe failure (git-fixes).
- media: cec: seco: unregister adapter on IR probe failure (git-fixes).
- media: cedrus: Fix failure to clean up hardware on probe failure (git-fixes).
- media: cedrus: Fix missing cleanup in error path (git-fixes).
- media: cedrus: skip invalid H.264 reference list entries (git-fixes).
- media: marvell-cam: fix missing pci_disable_device() on remove (git-fixes).
- media: mtk-jpeg: cancel workqueue on release for supported platforms only (git-fixes).
- media: pci: dm1105: Free allocated workqueue (git-fixes).
- media: ti: vpe: unwind v4l2 device registration on probe error (git-fixes).
- media: v4l2-ctrls: validate HEVC active reference counts (git-fixes).
- media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si (git-fixes).
- media: vidtv: fix reference leak on failed device registration (git-fixes).
- media: vimc: fix reference leak on failed device registration (git-fixes).
- media: vpif_capture: fix OF node reference imbalance (git-fixes).
- module: fix init_module_from_file() error handling (jsc#PED-16303).
- module: make waiting for a concurrent module loader interruptible (jsc#PED-16303).
- module: Split modules_install compression and in-kernel decompression (jsc#PED-16303).
- module: split up 'finit_module()' into init_module_from_file() helper (jsc#PED-16303).
- module: warn about excessively long module waits (jsc#PED-16303).
- modules: catch concurrent module loads, treat them as idempotent (jsc#PED-16303).
- mtd: maps: vmu-flash: fix NULL pointer dereference in initialization (git-fixes).
- mtd: rawnand: fix condition in 'nand_select_target()' (git-fixes).
- mtd: rawnand: pl353: fix probe resource allocation (git-fixes).
- mtd: slram: remove failed entries from the device list (git-fixes).
- mtd: spi-nor: Drop duplicate Kconfig dependency (git-fixes).
- mtd: spi-nor: swp: Improve locking user experience (git-fixes).
- net: aquantia: Add missing descriptor cache invalidation on ATL2 (bsc#1268428).
- net: mana: Add support for PF device 0x00C1 (bsc#1268237).
- net: mana: Allocate interrupt context for each EQ when creating vPort (git-fixes).
- net: mana: Create separate EQs for each vPort (git-fixes).
- net: mana: Fall back to standard MTU when PF reports adapter_mtu of 0 (git-fixes).
- net: mana: guard TX wq object destroy with INVALID_MANA_HANDLE check (git-fixes).
- net: mana: initialize gdma queue id to INVALID_QUEUE_ID (git-fixes).
- net: mana: Introduce GIC context with refcounting for interrupt management (git-fixes).
- net: mana: Optimize irq affinity for low vcpu configs (git-fixes).
- net: mana: Query device capabilities and configure MSI-X sharing for EQs (git-fixes).
- net: mana: Use GIC functions to allocate global EQs (git-fixes).
- nfc: hci: fix out-of-bounds read in HCP header parsing (git-fixes).
- nfc: llcp: Fix use-after-free in llcp_sock_release() (git-fixes).
- nfc: llcp: Fix use-after-free race in nfc_llcp_recv_cc() (git-fixes).
- platform/x86: xo15-ebook: Fix wakeup source and GPE handling (git-fixes).
- power: reset: linkstation-poweroff: fix use-after-free in the linkstation_poweroff_init() (git-fixes).
- power: supply: charger-manager: fix refcount leak in is_full_charged() (git-fixes).
- power: supply: core: fix supplied_from allocations (git-fixes).
- power: supply: cpcap-battery: Fix missing nvmem_device_put() causing reference leak (git-fixes).
- powerpc/boot: Allow text relocations for pseries wrapper with binutils 2.46+ (git-fixes).
- RDMA/mana_ib: Allocate interrupt contexts on EQs (git-fixes).
- RDMA/mana_ib: Use ib_get_eth_speed for reporting port speed (git-fixes).
- rtc: abx80x: fix the RTC_VL_CLR clearing all status flags (git-fixes).
- rtc: cmos: unregister HPET IRQ handler on probe failure (git-fixes).
- rtc: ds1307: Fix off-by-one issue with wday for rx8130 (git-fixes).
- rtc: ds1307: handle oscillator stop flag for ds1337/ds1339/ds3231 (git-fixes).
- rtc: mpfs: fix counter upload completion condition (git-fixes).
- rtc: msc313: fix NULL deref in shared IRQ handler at probe (git-fixes).
- scsi: storvsc: Replace symbolic permissions with octal (git-fixes).
- scsi: target: Fix hexadecimal CHAP_I handling (git-fixes).
- serdev: make serdev_bus_type const (stable-fixes).
- spi: dw: fix wrong BAUDR setting after resume (git-fixes).
- spi: rpc-if: Use correct device for hardware reinitialization on resume (git-fixes).
- spi: uniphier: Fix completion initialization order before devm_request_irq() (git-fixes).
- Split off kABI workaround for bsc#1267458 (bsc#1267458).
- staging: most: video: avoid double free on video register failure (git-fixes).
- staging: nvec: fix use-after-free in nvec_rx_completed() (git-fixes).
- thermal: intel: Fix dangling resources on thermal_throttle_online() failure (git-fixes).
- tpm: fix event_size output in tpm1_binary_bios_measurements_show (git-fixes).
- tpm: tpm_tis_spi: Use wait_woken() in wait_for_tmp_stat() (git-fixes).
- usb: core: Fix SuperSpeed root hub wMaxPacketSize (stable-fixes).
- usb: core: Fix up Interrupt IN endpoints with bogus wBytesPerInterval (stable-fixes).
- usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo (git-fixes).
- usb: host: max3421: Fix shift-out-of-bounds in max3421_hub_control() (git-fixes).
- usb: host: max3421: Reject hub port requests for non-existent ports (git-fixes).
- USB: quirks: add NO_LPM for Lenovo ThinkPad USB-C Dock Gen2 hub controllers (stable-fixes).
- USB: serial: option: add MeiG SRM813Q (stable-fixes).
- USB: serial: option: add usb-id for Dell Wireless DW5826e-m (stable-fixes).
- usb: storage: Add quirks for PNY Elite Portable SSD (stable-fixes).
- usb: typec: altmodes/displayport: validate count before reading Status Update VDO (stable-fixes).
- usb: typec: tcpm/tcpci_maxim: validate header NDO against RX_BYTE_CNT (stable-fixes).
- usb: typec: ucsi: ccg: reject firmware images without a ':' record header (stable-fixes).
- usb: typec: ucsi: displayport: NAK DP_CMD_CONFIGURE without a payload VDO (stable-fixes).
- usb: typec: ucsi: validate connector number in ucsi_connector_change() (stable-fixes).
- usb: typec: wcove: don't write past struct pd_message in wcove_read_rx_buffer() (stable-fixes).
- vc_screen: fix null-ptr-deref in vcs_notifier() during concurrent vcs_write (git-fixes).
- x86/platform/uv: Expose the uv_hub_type() interface (jsc#PED-16305).
- x86/tsc: Disable clocksource watchdog checking on recent and future UV platforms (jsc#PED-16305).

-----------------------------------------------------------------
Advisory ID: 784
Released:    Mon Jul  6 15:38:37 2026
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1263656,1263658,CVE-2026-5435,CVE-2026-6238
This update for glibc fixes the following issues

- CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write (bsc#1263656).
- CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure
  (bsc#1263658).


The following package changes have been done:

- glibc-2.38-14.1 updated
- libkmod2-30-12.1 updated
- SL-Micro-release-6.0-25.106 updated
- kmod-30-12.1 updated
- glibc-locale-base-2.38-14.1 updated
- kernel-rt-6.4.0-49.1 updated
- container:SL-Micro-container-2.1.3-6.201 updated


More information about the sle-container-updates mailing list