SUSE-IU-2026:4606-1: Security update of suse/sl-micro/6.0/base-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jun 16 07:08:59 UTC 2026
SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:4606-1
Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.158 , suse/sl-micro/6.0/base-os-container:latest
Image Release : 7.158
Severity : important
Type : security
References : 1248235 1255416 1258538 1260502 1260584 1261619 1261791 1262606
1262615 1262619 1262622 1262624 1262634 1262649 1262656 1262663
1262668 1262755 1263006 1263068 1263115 1263143 1263152 1263169
1263319 1263562 1263724 1263769 1263774 1263790 1263883 1263932
1263945 1264000 1264011 1264063 1264091 1264093 1264124 1264184
1264243 1264245 1264255 1264300 1264409 1264430 1264449 1264476
1264484 1264551 1264669 1264671 1264672 1264716 1264719 1264720
1264722 1264726 1264765 1264805 1264989 1265020 1265044 1265073
1265110 1265128 1265170 1265240 1265579 1265928 1265960 1266001
1266009 1266214 1266238 1266307 1266394 1266395 1266400 1266402
1266414 1266452 1266696 1266697 1266711 1266720 1266759 1266765
1266767 1266810 1266816 1266826 1266827 1266889 1266901 1266927
1266969 1266972 1267205 1267214 1267218 1267220 1267222 1267531
1267626 1267652 1267663 1267726 1267732 CVE-2025-38549 CVE-2025-68324
CVE-2026-23303 CVE-2026-23327 CVE-2026-23359 CVE-2026-23438 CVE-2026-23444
CVE-2026-31396 CVE-2026-31446 CVE-2026-31448 CVE-2026-31454 CVE-2026-31455
CVE-2026-31464 CVE-2026-31473 CVE-2026-31480 CVE-2026-31493 CVE-2026-3150
CVE-2026-31516 CVE-2026-31518 CVE-2026-31546 CVE-2026-31590 CVE-2026-31596
CVE-2026-31613 CVE-2026-31614 CVE-2026-31629 CVE-2026-31655 CVE-2026-31671
CVE-2026-31673 CVE-2026-31678 CVE-2026-31703 CVE-2026-31758 CVE-2026-31767
CVE-2026-43013 CVE-2026-43026 CVE-2026-43030 CVE-2026-43040 CVE-2026-43052
CVE-2026-43054 CVE-2026-43059 CVE-2026-43065 CVE-2026-43066 CVE-2026-43068
CVE-2026-43109 CVE-2026-43206 CVE-2026-43234 CVE-2026-43249 CVE-2026-43252
CVE-2026-43261 CVE-2026-43284 CVE-2026-43296 CVE-2026-43325 CVE-2026-43333
CVE-2026-43338 CVE-2026-43341 CVE-2026-43359 CVE-2026-43360 CVE-2026-43361
CVE-2026-43362 CVE-2026-43406 CVE-2026-43407 CVE-2026-43411 CVE-2026-43413
CVE-2026-43414 CVE-2026-43455 CVE-2026-43470 CVE-2026-43483 CVE-2026-43499
CVE-2026-43501 CVE-2026-43503 CVE-2026-45842 CVE-2026-45843 CVE-2026-45846
CVE-2026-45852 CVE-2026-45856 CVE-2026-45878 CVE-2026-45886 CVE-2026-45910
CVE-2026-45932 CVE-2026-45970 CVE-2026-45983 CVE-2026-45984 CVE-2026-46004
CVE-2026-46021 CVE-2026-46024 CVE-2026-46043 CVE-2026-46079 CVE-2026-46083
CVE-2026-46090 CVE-2026-46094 CVE-2026-46110 CVE-2026-46111 CVE-2026-46113
CVE-2026-46114 CVE-2026-46157 CVE-2026-46159 CVE-2026-46176 CVE-2026-46181
CVE-2026-46209
-----------------------------------------------------------------
The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: kernel-464
Released: Mon Jun 15 20:32:29 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1248235,1255416,1258538,1260502,1260584,1261619,1261791,1262606,1262615,1262619,1262622,1262624,1262634,1262649,1262656,1262663,1262668,1262755,1263006,1263068,1263115,1263143,1263152,1263169,1263319,1263562,1263724,1263769,1263774,1263790,1263883,1263932,1263945,1264000,1264011,1264063,1264091,1264093,1264124,1264184,1264243,1264245,1264255,1264300,1264409,1264430,1264449,1264476,1264484,1264551,1264669,1264671,1264672,1264716,1264719,1264720,1264722,1264726,1264765,1264805,1264989,1265020,1265044,1265073,1265110,1265128,1265170,1265240,1265579,1265928,1265960,1266001,1266009,1266214,1266238,1266307,1266394,1266395,1266400,1266402,1266414,1266452,1266696,1266697,1266711,1266720,1266759,1266765,1266767,1266810,1266816,1266826,1266827,1266889,1266901,1266927,1266969,1266972,1267205,1267214,1267218,1267220,1267222,1267531,1267626,1267652,1267663,1267726,1267732,CVE-2025-38549,CVE-2025-68324,CVE-2026-23303,CVE-2026-23327,CVE-2026-23359,CVE-2026-23438,CVE-2026-23444,CVE-2026
-31396,CVE-2026-31446,CVE-2026-31448,CVE-2026-31454,CVE-2026-31455,CVE-2026-31464,CVE-2026-31473,CVE-2026-31480,CVE-2026-31493,CVE-2026-3150,CVE-2026-31516,CVE-2026-31518,CVE-2026-31546,CVE-2026-31590,CVE-2026-31596,CVE-2026-31613,CVE-2026-31614,CVE-2026-31629,CVE-2026-31655,CVE-2026-31671,CVE-2026-31673,CVE-2026-31678,CVE-2026-31703,CVE-2026-31758,CVE-2026-31767,CVE-2026-43013,CVE-2026-43026,CVE-2026-43030,CVE-2026-43040,CVE-2026-43052,CVE-2026-43054,CVE-2026-43059,CVE-2026-43065,CVE-2026-43066,CVE-2026-43068,CVE-2026-43109,CVE-2026-43206,CVE-2026-43234,CVE-2026-43249,CVE-2026-43252,CVE-2026-43261,CVE-2026-43284,CVE-2026-43296,CVE-2026-43325,CVE-2026-43333,CVE-2026-43338,CVE-2026-43341,CVE-2026-43359,CVE-2026-43360,CVE-2026-43361,CVE-2026-43362,CVE-2026-43406,CVE-2026-43407,CVE-2026-43411,CVE-2026-43413,CVE-2026-43414,CVE-2026-43455,CVE-2026-43470,CVE-2026-43483,CVE-2026-43499,CVE-2026-43501,CVE-2026-43503,CVE-2026-45842,CVE-2026-45843,CVE-2026-45846,CVE-2026-45852,CVE-2026-45856,C
VE-2026-45878,CVE-2026-45886,CVE-2026-45910,CVE-2026-45932,CVE-2026-45970,CVE-2026-45983,CVE-2026-45984,CVE-2026-46004,CVE-2026-46021,CVE-2026-46024,CVE-2026-46043,CVE-2026-46079,CVE-2026-46083,CVE-2026-46090,CVE-2026-46094,CVE-2026-46110,CVE-2026-46111,CVE-2026-46113,CVE-2026-46114,CVE-2026-46157,CVE-2026-46159,CVE-2026-46176,CVE-2026-46181,CVE-2026-46209
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).
- CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work (bsc#1255416).
- CVE-2026-23303: smb: client: Don't log plaintext credentials in cifs_set_cifscreds (bsc#1260502).
- CVE-2026-23327: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()
- CVE-2026-23359: bpf: Fix stack-out-of-bounds write in devmap (bsc#1260584).
- CVE-2026-23438: net: mvpp2: guard flow control update with global_tx_fc in buffer switching (bsc#1261619).
- CVE-2026-23444: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure (bsc#1266307).
- CVE-2026-31396: net: macb: fix use-after-free access to PTP clock (bsc#1261791).
- CVE-2026-31446: ext4: fix use-after-free in update_super_work when racing with umount (bsc#1262619).
- CVE-2026-31448: ext4: avoid infinite loops caused by residual data (bsc#1262622).
- CVE-2026-31454: xfs: save ailp before dropping the AIL lock in push callbacks (bsc#1262624).
- CVE-2026-31455: xfs: stop reclaim before pushing AIL during unmount (bsc#1262615).
- CVE-2026-31464: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (bsc#1262656).
- CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (bsc#1262663).
- CVE-2026-31480: tracing: Fix potential deadlock in cpu hotplug with osnoise (bsc#1262634).
- CVE-2026-31493: RDMA/efa: Fix use of completion ctx after free (bsc#1262668).
- CVE-2026-3150: bcache: fix cached_dev.sb_bio use-after-free and crash (bsc#1263169).
- CVE-2026-31516: xfrm: prevent policy_hthresh.work from racing with netns teardown (bsc#1262755).
- CVE-2026-31518: esp: fix skb leak with espintcp and async crypto (bsc#1262606).
- CVE-2026-31546: net: bonding: fix NULL deref in bond_debug_rlb_hash_show (bsc#1263006).
- CVE-2026-31590: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (bsc#1263152).
- CVE-2026-31596: ocfs2: handle invalid dinode in ocfs2_group_extend (bsc#1263319).
- CVE-2026-31613: smb: client: fix OOB reads parsing symlink error response (bsc#1263769).
- CVE-2026-31614: smb: client: fix off-by-8 bounds check in check_wsl_eas() (bsc#1263774).
- CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).
- CVE-2026-31655: pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (bsc#1263724).
- CVE-2026-31671: xfrm_user: fix info leak in build_report() (bsc#1263115).
- CVE-2026-31673: af_unix: read UNIX_DIAG_VFS data under unix_state_lock (bsc#1263143).
- CVE-2026-31678: openvswitch: defer tunnel netdev_put to RCU release (bsc#1263562).
- CVE-2026-31703: writeback: Fix use after free in inode_switch_wbs_work_fn() (bsc#1263883).
- CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release (bsc#1264093).
- CVE-2026-31767: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (bsc#1264124).
- CVE-2026-43013: net/mlx5: lag: Check for LAG device before creating debugfs (bsc#1264011).
- CVE-2026-43026: netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (bsc#1263932).
- CVE-2026-43030: bpf: Fix regsafe() for pointers to packet (bsc#1264000).
- CVE-2026-43040: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero (bsc#1264091).
- CVE-2026-43052: wifi: mac80211: check tdls flag in ieee80211_tdls_oper (bsc#1263945).
- CVE-2026-43054: scsi: target: tcm_loop: Drain commands in target_reset handler (bsc#1264063).
- CVE-2026-43059: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (bsc#1264184).
- CVE-2026-43065: ext4: always drain queued discard work in ext4_mb_release() (bsc#1264243).
- CVE-2026-43066: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (bsc#1264245).
- CVE-2026-43068: ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (bsc#1264255).
- CVE-2026-43109: x86: shadow stacks: proper error handling for mmap lock (bsc#1264484).
- CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).
- CVE-2026-43234: team: avoid NETDEV_CHANGEMTU event when unregistering slave (bsc#1264409).
- CVE-2026-43249: 9p/xen: protect xen_9pfs_front_free against concurrent calls (bsc#1264476).
- CVE-2026-43252: mptcp: pm: in-kernel: always set ID as avail when rm endp (bsc#1264300).
- CVE-2026-43261: arm64: Add support for TSV110 Spectre-BHB mitigation (bsc#1264430).
- CVE-2026-43296: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky (bsc#1264805).
- CVE-2026-43325: wifi: iwlwifi: mvm: don't send a 6E related command when not supported (bsc#1265110).
- CVE-2026-43333: bpf: reject direct access to nullable PTR_TO_BUF pointers (bsc#1264726).
- CVE-2026-43338: btrfs: reserve enough transaction items for qgroup ioctls (bsc#1264716).
- CVE-2026-43341: net/ipv6: ioam6: prevent schema length wraparound in trace fill (bsc#1265044).
- CVE-2026-43359: btrfs: fix transaction abort on set received ioctl due to item overflow (bsc#1264719).
- CVE-2026-43360: btrfs: fix transaction abort on file creation due to name hash collision (bsc#1264720).
- CVE-2026-43361: btrfs: fix transaction abort when snapshotting received subvolumes (bsc#1264722).
- CVE-2026-43362: smb: client: fix in-place encryption corruption in SMB2_write() (bsc#1264989).
- CVE-2026-43406: libceph: prevent potential out-of-bounds reads in process_message_header() (bsc#1265073).
- CVE-2026-43407: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (bsc#1265020).
- CVE-2026-43411: tipc: fix divide-by-zero in tipc_sk_filter_connect() (bsc#1264672).
- CVE-2026-43413: scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1264671).
- CVE-2026-43414: scsi: qla2xxx: Completely fix fcport double free (bsc#1264669).
- CVE-2026-43455: net: mctp: Ensure keys maintain only one ref to corresponding dev (bsc#1264765).
- CVE-2026-43470: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir (bsc#1265128).
- CVE-2026-43483: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (bsc#1265240).
- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
- CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266009).
- CVE-2026-45842: slip: reject VJ receive packets on instances with no rstate array (bsc#1266400).
- CVE-2026-45843: slip: bound decode() reads against the compressed packet length (bsc#1266395).
- CVE-2026-45846: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() (bsc#1266394).
- CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
- CVE-2026-45856: RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send (bsc#1266720).
- CVE-2026-45878: drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (bsc#1266767).
- CVE-2026-45886: bpf: Fix bpf_xdp_store_bytes proto for read-only arg (bsc#1266810).
- CVE-2026-45910: RDMA/rxe: Fix race condition in QP timer handlers (bsc#1266889).
- CVE-2026-45932: bpf: Fix tcx/netkit detach permissions when prog fd isn't given (bsc#1266827).
- CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267205).
- CVE-2026-45983: nfsd: never defer requests during idmap lookup (bsc#1266697).
- CVE-2026-45984: gfs2: Add metapath_dibh helper (bsc#1267214).
- CVE-2026-46004: ALSA: caiaq: Handle probe errors properly (bsc#1267222).
- CVE-2026-46021: thermal: core: Fix thermal zone governor cleanup issues (bsc#1267220).
- CVE-2026-46024: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (bsc#1267218).
- CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
- CVE-2026-46079: rbd: fix null-ptr-deref when device_add_disk() fails (bsc#1266452).
- CVE-2026-46083: spi: fix resource leaks on device setup failure (bsc#1266696).
- CVE-2026-46090: ALSA: aloop: Use guard() for spin locks (bsc#1267531).
- CVE-2026-46094: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (bsc#1266927).
- CVE-2026-46110: net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY() (bsc#1266759).
- CVE-2026-46111: Bluetooth: hci_conn: fix potential UAF in create_big_sync (bsc#1267626).
- CVE-2026-46113: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (bsc#1266969).
- CVE-2026-46114: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads (bsc#1266972).
- CVE-2026-46157: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger (bsc#1267726).
- CVE-2026-46159: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652).
- CVE-2026-46176: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (bsc#1266816).
- CVE-2026-46181: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (bsc#1266826).
- CVE-2026-46209: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (bsc#1267663).
The following non-security bugs were fixed:
- ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams (git-fixes).
- ALSA: asihpi: Fix potential OOB array access at reading cache (stable-fixes).
- ALSA: hda/conexant: Renaming the codec with device ID 0x1f86 and 0x1f87 (stable-fixes).
- ALSA: sc6000: Keep the programmed board state in card-private data (git-fixes).
- ALSA: sc6000: Use standard print API (stable-fixes).
- ALSA: ua101: Reject too-short USB descriptors (git-fixes).
- ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Bound MIDI endpoint descriptor scans (git-fixes).
- ASoC: SOF: Intel: hda-dai: add support for dspless mode beyond HDAudio (stable-fixes).
- ASoC: SOF: Intel: hda-dai: remove dspless special case (stable-fixes).
- ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes).
- ASoC: codecs: simple-mux: Fix enum control bounds check (git-fixes).
- ASoC: cs35l56: Fix flushing of IRQ work in cs35l56_sdw_remove() (git-fixes).
- ASoC: qcom: q6asm-dai: close stream only when running (git-fixes).
- ASoC: qcom: q6asm-dai: do not set stream state in event and trigger callbacks (git-fixes).
- ASoC: qcom: q6asm-dai: fix error handling in prepare and set_params (git-fixes).
- Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt() (git-fixes).
- Bluetooth: HIDP: fix missing length checks in hidp_input_report() (git-fixes).
- Bluetooth: ISO: drop ISO_END frames received without prior ISO_START (git-fixes).
- Bluetooth: ISO: fix UAF in iso_recv_frame (git-fixes).
- Bluetooth: ISO: serialize iso_sock_clear_timer with socket lock (git-fixes).
- Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp (git-fixes).
- Bluetooth: L2CAP: fix chan ref leak in l2cap_chan_timeout() on !conn (git-fixes).
- Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() (git-fixes).
- Bluetooth: MGMT: Fix backward compatibility with userspace (git-fixes).
- Bluetooth: MGMT: validate Add Extended Advertising Data length (git-fixes).
- Bluetooth: MGMT: validate advertising TLV before type checks (git-fixes).
- Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() (git-fixes).
- Bluetooth: RFCOMM: validate skb length in MCC handlers (git-fixes).
- Bluetooth: bnep: Fix UAF read of dev->name (git-fixes).
- Bluetooth: bnep: reject short frames before parsing (git-fixes).
- Bluetooth: btusb: Allow firmware re-download when version matches (git-fixes).
- Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() (git-fixes).
- Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close (git-fixes).
- Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend (git-fixes).
- Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths (git-fixes).
- Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success (git-fixes).
- HID: quirks: really enable the intended work around for appledisplay (git-fixes).
- HID: uclogic: Fix regression of input name assignment (git-fixes).
- HID: wacom: Fix OOB write in wacom_hid_set_device_mode() (git-fixes).
- Input: atkbd - skip deactivate for HONOR BCC-N's internal keyboard (git-fixes).
- Input: atmel_mxt_ts - fix boundary check in mxt_prepare_cfg_mem (git-fixes).
- Input: ims-pcu - fix usb_free_coherent() size in ims_pcu_buffers_free() (git-fixes).
- Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB buffer size (git-fixes).
- Input: xpad - fix out-of-bounds access for Share button (git-fixes).
- KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC (git-fixes).
- KVM: X86: Fix array_index_nospec protection in __pv_send_ipi (git-fixes).
- KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT (git-fixes).
- KVM: x86: Fix Xen hypercall tracepoint argument assignment (git-fixes).
- RDMA/efa: Check stored completion CTX command ID with received one (git-fixes)
- RDMA/efa: Extend admin timeout error print (git-fixes)
- RDMA/efa: Fix possible deadlock (git-fixes)
- RDMA/efa: Improve admin completion context state machine (git-fixes)
- RDMA/mana_ib: Report max_msg_sz in mana_ib_query_port (git-fixes).
- USB: cdc-acm: Fix bit overlap and move quirk definitions to header (git-fixes).
- USB: serial: belkin_sa: validate interrupt status length (git-fixes).
- USB: serial: cypress_m8: validate interrupt packet headers (git-fixes).
- USB: serial: keyspan: fix missing indat transfer sanity check (git-fixes).
- USB: serial: mct_u232: fix missing interrupt-in transfer sanity check (git-fixes).
- USB: serial: mxuport: fix memory corruption with small endpoint (git-fixes).
- USB: serial: omninet: fix memory corruption with small endpoint (git-fixes).
- USB: serial: option: add missing RSVD(5) flag for Rolling RW135R-GL (git-fixes).
- USB: serial: safe_serial: fix memory corruption with small endpoint (git-fixes).
- arm64: tlb: Allow XZR argument to TLBI ops (git-fixes)
- arm64: tlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI (git-fixes)
- auxdisplay: line-display: fix OOB read on zero-length message_store() (git-fixes).
- batman-adv: bla: fix report_work leak on backbone_gw purge (git-fixes).
- batman-adv: clear current gateway during teardown (git-fixes).
- batman-adv: dat: handle forward allocation error (git-fixes).
- batman-adv: fix batadv_skb_is_frag() kernel-doc (git-fixes).
- batman-adv: fix fragment reassembly length accounting (git-fixes).
- batman-adv: fix tp_meter counter underflow during shutdown (git-fixes).
- batman-adv: frag: disallow unicast fragment in fragment (git-fixes).
- batman-adv: tp_meter: avoid use of uninit sender vars (git-fixes).
- batman-adv: tt: fix negative last_changeset_len (git-fixes).
- batman-adv: tt: fix negative tt_buff_len (git-fixes).
- bcache: fix uninitialized closure object (git-fixes).
- comedi: comedi_test: Fix limiting of convert_arg in waveform_ai_cmdtest() (git-fixes).
- comedi: comedi_test: fix check for valid scan_begin_src in waveform_ai_cmdtest() (git-fixes).
- device property: set fwnode->secondary to NULL in fwnode_init() (git-fixes).
- drivers/base/memory: fix memory block reference leak in poison accounting (git-fixes).
- drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size (git-fixes).
- drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs (git-fixes).
- drm/amd/display: Fix integer overflow in bios_get_image() (stable-fixes).
- drm/amd/display: Reject gpio_bitshift >= 32 in bios_parser_get_gpio_pin_info() (git-fixes).
- drm/amd/display: Use krealloc_array() in dal_vector_reserve() (git-fixes).
- drm/amd/display: Validate GPIO pin LUT table size before iterating (stable-fixes).
- drm/amd/display: Validate payload length and link_index in dc_process_dmub_aux_transfer_async (stable-fixes).
- drm/amd/pm/si: Disregard vblank time when no displays are connected (git-fixes).
- drm/amdgpu/uvd3.1: Do not validate the firmware when already validated (git-fixes).
- drm/amdgpu/vce2: Fix VCE 2 firmware size and offsets (git-fixes).
- drm/amdgpu/vce3: Fix VCE 3 firmware size and offsets (git-fixes).
- drm/amdgpu: fix spelling typos (stable-fixes).
- drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 (git-fixes).
- drm/amdkfd: fix NULL dereference in get_queue_ids() (git-fixes).
- drm/bridge: chipone-icn6211: use devm_drm_bridge_add in i2c probe (git-fixes).
- drm/bridge: it66121: acquire reset GPIO in probe (git-fixes).
- drm/bridge: megachips: remove bridge when irq request fails (git-fixes).
- drm/hyperv: validate VMBus packet size in receive callback (git-fixes).
- drm/hyperv: validate resolution_count and fix WIN8 fallback (git-fixes).
- drm/i915: Extract intel_dbuf_mdclk_cdclk_ratio_update() (stable-fixes).
- drm/i915: Fix potential UAF in TTM object purge (git-fixes).
- drm/i915: Loop over all active pipes in intel_mbus_dbox_update (stable-fixes).
- drm/imx: Fix three kernel-doc warnings in dcss-scaler.c (git-fixes).
- drm/msm/dsi: do not dump registers past the mapped region (git-fixes).
- drm/msm/snapshot: fix dumping of the unaligned regions (git-fixes).
- drm/radeon/evergreen_cs: Add missing NULL prefix check in surface check (git-fixes).
- drm/virtio: use uninterruptible resv lock for plane updates (git-fixes).
- efi: Allocate runtime workqueue before ACPI init (git-fixes).
- firmware: arm_ffa: Check for NULL FF-A ID table while driver registration (git-fixes).
- firmware: arm_ffa: Skip free_pages on RX buffer alloc failure (git-fixes).
- hwmon: (pmbus/adm1266) bounce blackbox records through a protocol-sized buffer (git-fixes).
- hwmon: (pmbus/adm1266) cap PDIO scan in get_multiple at ADM1266_PDIO_NR (git-fixes).
- hwmon: (pmbus/adm1266) do not clobber GPIO bits before PDIO read in get_multiple (git-fixes).
- hwmon: (pmbus/adm1266) include PEC byte in pmbus_block_xfer read buffer (git-fixes).
- hwmon: (pmbus/adm1266) include adapter number in GPIO line label (git-fixes).
- hwmon: (pmbus/adm1266) register the gpio_chip after pmbus_do_probe() (git-fixes).
- hwmon: (pmbus/adm1266) register the nvmem device after pmbus_do_probe() (git-fixes).
- hwmon: (pmbus/adm1266) reject implausible blackbox record_count (git-fixes).
- hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors (git-fixes).
- hwmon: (pmbus/adm1266) seed timestamp from the real-time clock (git-fixes).
- hwmon: (pmbus/adm1266) widen blackbox-info buffer to I2C_SMBUS_BLOCK_MAX (git-fixes).
- iio: adc: viperboard: Fix error handling in vprbrd_iio_read_raw (git-fixes).
- iio: adc: xilinx-xadc: Fix sequencer mode in postdisable for dual mux (git-fixes).
- iio: buffer: hw-consumer: fix use-after-free in error path (git-fixes).
- iio: dac: ad5686: acquire lock when doing powerdown control (git-fixes).
- iio: dac: ad5686: fix input raw value check (git-fixes).
- iio: dac: max5821: fix return value check in powerdown sync (git-fixes).
- iio: gyro: itg3200: fix i2c read into the wrong stack location (git-fixes).
- iio: imu: st_lsm6dsx: fix stack leak in tagged FIFO buffer (git-fixes).
- iio: light: cm3323: fix reg_conf not being initialized correctly (git-fixes).
- iio: magnetometer: st_magn: fix default DRDY pin selection for LIS2MDL (git-fixes).
- iio: ssp_sensors: cancel delayed work_refresh on remove (git-fixes).
- iio: temperature: tsys01: fix broken PROM checksum validation (git-fixes).
- mmc: core: Fix host controller programming for fixed driver type (git-fixes).
- mmc: litex_mmc: Set mandatory idle clocks before CMD0 (git-fixes).
- mmc: litex_mmc: Use DIV_ROUND_UP for more accurate clock calculation (git-fixes).
- mmc: renesas_sdhi: Add OF entry for RZ/G2H SoC (git-fixes).
- mmc: sdhci: add signal voltage switch in sdhci_resume_host (git-fixes).
- net: gro: do not merge zcopy skbs (git-fixes).
- net: mana: Add NULL guards in teardown path to prevent panic on attach failure (git-fixes).
- net: mana: Expose hardware diagnostic info via debugfs (bsc#1266414).
- net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer (bsc#1265928).
- net: mana: Skip redundant detach on already-detached port (git-fixes).
- net: mana: Use kvmalloc for large RX queue and buffer allocations (bsc#1266765).
- net: mana: Use per-queue allocation for tx_qp to reduce allocation size (bsc#1266765).
- net: mana: hardening: Reject zero max_num_queues from GDMA_QUERY_MAX_RESOURCES (git-fixes).
- net: mana: validate rx_req_idx to prevent out-of-bounds array access (bsc#1266402).
- net: wwan: iosm: fix potential memory leaks in ipc_imem_init() (git-fixes).
- parport: Fix race between port and client registration (git-fixes).
- phy: marvell: mvebu-a3700-utmi: fix incorrect USB2_PHY_CTRL register access (git-fixes).
- platform/x86: adv_swbutton: Check ACPI_HANDLE() against NULL (git-fixes).
- platform/x86: hp_accel: Check ACPI_COMPANION() against NULL (git-fixes).
- platform/x86: intel-hid: Check ACPI_HANDLE() against NULL (git-fixes).
- platform/x86: intel-vbtn: Check ACPI_HANDLE() against NULL (git-fixes).
- r8152: fix incorrect register write to USB_UPHY_XTAL (git-fixes).
- rpm/check-for-config-changes: ignore Rust-related configs (bsc#1258538).
- rpm/mkspec: Conditionally set Rust BuildReqs (bsc#1258538).
- rpm: Add BuildRequires for Rust enablement (bsc#1258538).
- s390/barrier: Make array_index_mask_nospec() __always_inline (bsc#1263068).
- s390/entry: Scrub r12 register on kernel entry (bsc#1263068).
- s390/syscalls: Add spectre boundary for syscall dispatch table (bsc#1263068).
- sched/rt: Skip currently executing CPU in rto_next_cpu() (bsc#1262649).
- security/keys: fix missed RCU read section on lookup (stable-fixes).
- serial: fsl_lpuart: fix rx buffer and DMA map leaks in start_rx_dma (git-fixes).
- serial: qcom-geni: fix UART_RX_PAR_EN bit position (git-fixes).
- smb: client: correctly handle ErrorContextData as a flexible array (git-fixes)
- smb: client: reject userspace cifs.spnego descriptions (bsc#1266238).
- spi: mtk-snfi: Fix resource leak in mtk_snand_read_page_cache() (git-fixes).
- spi: sprd: fix error pointer deref after DMA setup failure (git-fixes).
- spi: st-ssc4: switch to use modern name (stable-fixes).
- spi: ti-qspi: fix use-after-free after DMA setup failure (git-fixes).
- string: add mem_is_zero() helper to check if memory area is all zeros (stable-fixes).
- thunderbolt: property: Reject dir_len < 4 to prevent size_t underflow (git-fixes).
- thunderbolt: property: Reject u32 wrap in tb_property_entry_valid() (git-fixes).
- tracing: Switch trace_osnoise.c code over to use guard() and __free() (bsc#1262634).
- tty: serial: pch_uart: add check for dma_alloc_coherent() (git-fixes).
- usb: cdns3: gadget: fix request skipping after clearing halt (git-fixes).
- usb: chipidea: core: convert ci_role_switch to local variable (git-fixes).
- usb: dwc2: Fix use after free in debug code (git-fixes).
- usb: gadget: composite: fix integer underflow in WebUSB GET_URL handling (git-fixes).
- usb: gadget: dummy_hcd: Reject hub port requests for non-existent ports (git-fixes).
- usb: gadget: f_fs: copy only received bytes on short ep0 read (git-fixes).
- usb: gadget: f_hid: fix device reference leak in hidg_alloc() (git-fixes).
- usb: gadget: net2280: Fix double free in probe error path (git-fixes).
- usb: usbtmc: check URB actual_length for interrupt-IN notifications (git-fixes).
- usb: usbtmc: reject interrupt endpoints with small wMaxPacketSize (git-fixes).
- usbip: vudc: Fix use after free bug in vudc_remove due to race condition (git-fixes).
- wifi: ath10k: skip WMI and beacon transmission when device is wedged (git-fixes).
- wifi: ath11k: clear shared SRNG pointer state on restart (git-fixes).
- wifi: ath11k: fix error path leak in ath11k_tm_cmd_wmi_ftm() (git-fixes).
- wifi: ath11k: fix error path leaks in some WMI WOW calls (git-fixes).
- wifi: ath11k: fix error path leaks in some WMI calls (git-fixes).
- wifi: ath11k: fix peer resolution on rx path when peer_id=0 (git-fixes).
- wifi: ath11k: fix use after free in ath11k_dp_rx_msdu_coalesce() (git-fixes).
- wifi: cfg80211: advance loop vars in cfg80211_merge_profile() (git-fixes).
- wifi: mac80211: consume only present negotiated TTLM maps (git-fixes).
- wifi: mac80211: limit injected antenna index in ieee80211_parse_tx_radiotap (git-fixes).
- wifi: nl80211: reject oversized EMA RNR lists (git-fixes).
The following package changes have been done:
- kernel-default-6.4.0-47.1 updated
More information about the sle-container-updates
mailing list