SUSE-SU-2026:1573-1: important: Security update for the Linux Kernel
SLE-UPDATES
null at suse.de
Thu Apr 23 20:31:27 UTC 2026
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2026:1573-1
Release Date: 2026-04-23T15:52:41Z
Rating: important
References:
* bsc#1226591
* bsc#1243208
* bsc#1245728
* bsc#1251135
* bsc#1251971
* bsc#1252073
* bsc#1252266
* bsc#1252803
* bsc#1253049
* bsc#1253129
* bsc#1255687
* bsc#1256504
* bsc#1256647
* bsc#1256690
* bsc#1257466
* bsc#1257472
* bsc#1257506
* bsc#1257561
* bsc#1257682
* bsc#1257773
* bsc#1257777
* bsc#1258280
* bsc#1258303
* bsc#1258305
* bsc#1258330
* bsc#1258337
* bsc#1258414
* bsc#1258424
* bsc#1258447
* bsc#1258476
* bsc#1259188
* bsc#1259580
* bsc#1259707
* bsc#1259795
* bsc#1259797
* bsc#1259865
* bsc#1259866
* bsc#1259886
* bsc#1259889
* bsc#1259891
* bsc#1259997
* bsc#1259998
* bsc#1260005
* bsc#1260009
* bsc#1260347
* bsc#1260464
* bsc#1260471
* bsc#1260481
* bsc#1260486
* bsc#1260500
* bsc#1260562
* bsc#1260730
* bsc#1260732
* bsc#1260735
* bsc#1260799
* bsc#1261496
* bsc#1261498
* jsc#PED-15582
Cross-References:
* CVE-2024-38542
* CVE-2025-39998
* CVE-2025-68794
* CVE-2025-71231
* CVE-2025-71268
* CVE-2025-71269
* CVE-2026-23030
* CVE-2026-23047
* CVE-2026-23103
* CVE-2026-23120
* CVE-2026-23136
* CVE-2026-23140
* CVE-2026-23187
* CVE-2026-23193
* CVE-2026-23201
* CVE-2026-23215
* CVE-2026-23216
* CVE-2026-23231
* CVE-2026-23242
* CVE-2026-23243
* CVE-2026-23255
* CVE-2026-23259
* CVE-2026-23270
* CVE-2026-23272
* CVE-2026-23274
* CVE-2026-23277
* CVE-2026-23278
* CVE-2026-23281
* CVE-2026-23292
* CVE-2026-23293
* CVE-2026-23317
* CVE-2026-23319
* CVE-2026-23361
* CVE-2026-23379
* CVE-2026-23381
* CVE-2026-23386
* CVE-2026-23398
* CVE-2026-23413
* CVE-2026-23414
* CVE-2026-31788
CVSS scores:
* CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-39998 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-68794 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-71231 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-71268 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71269 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23030 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23047 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23120 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23136 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23140 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23187 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23201 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23215 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23216 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23242 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23255 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23259 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23259 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23277 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23278 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23281 ( SUSE ): 5.4
CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23292 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23293 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23317 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23319 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23361 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23386 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23398 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23413 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23414 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Real Time Module 15-SP7
An update that solves 40 vulnerabilities, contains one feature and has 17
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
* CVE-2025-39998: scsi: target: target_core_configfs: Add length check to
avoid buffer overflow (bsc#1252073).
* CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned
positions (bsc#1256647).
* CVE-2025-71268: btrfs: fix reservation leak in some error paths when
inserting inline extent (bsc#1259865).
* CVE-2025-71269: btrfs: do not free data reservation in fallback from inline
due to -ENOSPC (bsc#1259889).
* CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in
rockchip_usb2phy_probe() (bsc#1257561).
* CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it
(bsc#1257682).
* CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
* CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work()
(bsc#1258280).
* CVE-2026-23136: libceph: reset sparse-read state in osd_fault()
(bsc#1258303).
* CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed
metadata size (bsc#1258305).
* CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of
bc->domains (bsc#1258330).
* CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count() (bsc#1258414).
* CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in
parse_longname() (bsc#1258337).
* CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
* CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in
iscsit_dec_conn_usage_count() (bsc#1258447).
* CVE-2026-23231: netfilter: nf_tables: fix use-after-free in
nf_tables_addchain() (bsc#1259188).
* CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header
processing (bsc#1259795).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259797).
* CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype
(bsc#1259891).
* CVE-2026-23259: io_uring/rw: free potentially allocated iovec on cache put
failure (bsc#1259866).
* CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress
qdiscs and shared blocks (bsc#1259886).
* CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems
before insertion (bsc#1260009).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260005).
* CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in
iptunnel_xmit on TEQL slave xmit (bsc#1259997).
* CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall
elements (bsc#1259998).
* CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter()
(bsc#1260464).
* CVE-2026-23292: scsi: target: Fix recursive locking in
__configfs_open_file() (bsc#1260500).
* CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is
disabled (bsc#1260486).
* CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (bsc#1260562).
* CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
(bsc#1260735).
* CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU
entry (bsc#1260732).
* CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path
(bsc#1260481).
* CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is
disabled (bsc#1260471).
* CVE-2026-23386: gve: fix incorrect buffer cleanup in
gve_tx_clean_pending_packets for QPL (bsc#1260799).
* CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation()
(bsc#1260730).
* CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback
asymmetry (bsc#1261498).
* CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait()
(bsc#1261496).
* CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU
(bsc#1259707).
The following non-security bugs were fixed:
* ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes).
* ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).
* ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).
* ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes).
* ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).
* ALSA: firewire-lib: fix uninitialized local variable (git-fixes).
* ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).
* ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-
fixes).
* ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).
* ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).
* ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-
fixes).
* ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).
* ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()
(git-fixes).
* ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer
interfaces (stable-fixes).
* ASoC: Intel: boards: fix unmet dependency on PINCTRL (git-fixes).
* ASoC: Intel: catpt: Fix the device initialization (git-fixes).
* ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-
fixes).
* ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).
* ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes).
* ASoC: amd: acp-mach-common: Add missing error check for clock acquisition
(git-fixes).
* ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock
acquisition (git-fixes).
* ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).
* ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).
* ASoC: cs42l43: Report insert for exotic peripherals (stable-fixes).
* ASoC: detect empty DMI strings (git-fixes).
* ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure
(git-fixes).
* ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits()
(stable-fixes).
* ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-
fixes).
* ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start
(git-fixes).
* ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes).
* ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-
fixes).
* Bluetooth: HIDP: Fix possible UAF (git-fixes).
* Bluetooth: ISO: Fix defer tests being unstable (git-fixes).
* Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-
fixes).
* Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (git-fixes).
* Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes).
* Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).
* Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req (git-
fixes).
* Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-
fixes).
* Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes).
* Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-
fixes).
* Bluetooth: L2CAP: Validate PDU length before reading SDU length in
l2cap_ecred_data_rcv() (git-fixes).
* Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git-
fixes).
* Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-
fixes).
* Bluetooth: MGMT: Fix dangling pointer on
mgmt_add_adv_patterns_monitor_complete (git-fixes).
* Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers
(git-fixes).
* Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).
* Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).
* Bluetooth: Remove 3 repeated macro definitions (stable-fixes).
* Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing
sock_hold (git-fixes).
* Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes).
* Bluetooth: SMP: derive legacy responder STK authentication from MITM state
(git-fixes).
* Bluetooth: SMP: force responder MITM requirements before building the
pairing response (git-fixes).
* Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).
* Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
(git-fixes).
* Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).
* Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (git-fixes).
* Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt
(git-fixes).
* Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).
* Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).
* Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-
fixes).
* Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-
fixes).
* Bluetooth: qca: fix ROM version reading on WCN3998 chips (git-fixes).
* Drivers: hv: fix missing kernel-doc description for 'size' in
request_arr_init() (git-fixes).
* Drivers: hv: remove stale comment (git-fixes).
* Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store()
(git-fixes).
* Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-
fixes).
* Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
* HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
(stable-fixes).
* HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes).
* HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes).
* HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-
fixes).
* HID: mcp2221: cancel last I2C command on read error (stable-fixes).
* Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).
* NFC: nxp-nci: allow GPIOs to sleep (git-fixes).
* NFC: pn533: bound the UART receive buffer (git-fixes).
* PCI: Update BAR # and window messages (stable-fixes).
* PCI: hv: Correct a comment (git-fixes).
* PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
* PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
* PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
* PM: runtime: Fix a race condition related to device removal (git-fixes).
* RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
* RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
* RDMA/mana_ib: Add device statistics support (git-fixes).
* RDMA/mana_ib: Add device-memory support (git-fixes).
* RDMA/mana_ib: Add port statistics support (git-fixes).
* RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
* RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
* RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
* RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
* RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
* RDMA/mana_ib: Create and destroy RC QP (git-fixes).
* RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
* RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
* RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
* RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
* RDMA/mana_ib: Extend modify QP (git-fixes).
* RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
* RDMA/mana_ib: Fix error code in probe() (git-fixes).
* RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
* RDMA/mana_ib: Fix missing ret value (git-fixes).
* RDMA/mana_ib: Handle net event for pointing to the current netdev
(bsc#1256690).
* RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
* RDMA/mana_ib: Implement port parameters (git-fixes).
* RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
* RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-
fixes).
* RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
* RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
* RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
* RDMA/mana_ib: Modify QP state (git-fixes).
* RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
* RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
* RDMA/mana_ib: Set correct device into ib (git-fixes).
* RDMA/mana_ib: Take CQ type from the device type (git-fixes).
* RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
* RDMA/mana_ib: UD/GSI work requests (git-fixes).
* RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
* RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
* RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
* RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
* RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
* RDMA/mana_ib: add additional port counters (bsc#1251135).
* RDMA/mana_ib: add support of multiple ports (bsc#1251135).
* RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
* RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
* RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
* RDMA/mana_ib: create kernel-level CQs (git-fixes).
* RDMA/mana_ib: create/destroy AH (git-fixes).
* RDMA/mana_ib: extend mana QP table (git-fixes).
* RDMA/mana_ib: extend query device (git-fixes).
* RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
* RDMA/mana_ib: implement get_dma_mr (git-fixes).
* RDMA/mana_ib: implement req_notify_cq (git-fixes).
* RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
* RDMA/mana_ib: indicate CM support (git-fixes).
* RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
* RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
* RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
* RDMA/mana_ib: request error CQEs when supported (git-fixes).
* RDMA/mana_ib: set node_guid (git-fixes).
* RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
* RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-
fixes).
* Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel
scans)" changes (bsc#1257506).
* Revert "drm/i915/display: Add quirk to skip retraining of dp link"
(bsc#1253129).
* Revert "drm: Fix use-after-free on framebuffers and property blobs when
calling drm_dev_unplug" (git-fixes).
* USB: add QUIRK_NO_BOS for video capture several devices (stable-fixes).
* USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).
* USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).
* USB: dummy-hcd: Fix locking/synchronization error (git-fixes).
* USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-
fixes).
* USB: serial: f81232: fix incomplete serial port generation (stable-fixes).
* USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).
* USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-
fixes).
* accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).
* bonding: do not set usable_slaves for broadcast mode (git-fixes).
* btrfs: fix zero size inode with non-zero size after log replay (git-fixes).
* btrfs: log new dentries when logging parent dir of a conflicting inode (git-
fixes).
* btrfs: tracepoints: get correct superblock from dentry in event
btrfs_sync_file() (bsc#1257777).
* can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).
* can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).
* cifs: Fix locking usage for tcon fields (git-fixes).
* cifs: force interface update before a fresh session setup (git-fixes).
* cifs: make default value of retrans as zero (git-fixes).
* cifs: some missing initializations on replay (git-fixes).
* comedi: Reinit dev->spinlock between attachments to low-level drivers (git-
fixes).
* comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).
* comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).
* comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).
* cpufreq/amd-pstate: Remove the redundant verify() function (bsc#1252803).
* cpufreq/amd-pstate: Set the initial min_freq to lowest_nonlinear_freq
(bsc#1252803).
* crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).
* crypto: caam - fix DMA corruption on long hmac keys (git-fixes).
* crypto: caam - fix overflow on long hmac keys (git-fixes).
* dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).
* dmaengine: idxd: Fix leaking event log memory (git-fixes).
* dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).
* dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).
* dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-
fixes).
* dmaengine: idxd: fix possible wrong descriptor completion in
llist_abort_desc() (git-fixes).
* dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
* dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).
* dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).
* dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes).
* dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-
fixes).
* dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).
* drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-
fixes).
* drm/amd/display: Do not skip unrelated mode changes in DSC validation (git-
fixes).
* drm/amd/display: Fallback to boot snapshot for dispclk (stable-fixes).
* drm/amd/display: Fix DisplayID not-found handling in
parse_edid_displayid_vrr() (git-fixes).
* drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END}
(git-fixes).
* drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14
(git-fixes).
* drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x
(stable-fixes).
* drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).
* drm/amd: fix dcn 2.01 check (git-fixes).
* drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).
* drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).
* drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).
* drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).
* drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).
* drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).
* drm/amdgpu/mmhub4.1.0: add bounds checking for cid (stable-fixes).
* drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes).
* drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB (git-fixes).
* drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-
fixes).
* drm/amdgpu: Fix kernel-doc comments for some LUT properties (git-fixes).
* drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).
* drm/amdgpu: apply state adjust rules to some additional HAINAN vairants
(stable-fixes).
* drm/amdgpu: fix gpu idle power consumption issue for gfx v12 (stable-fixes).
* drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-
fixes).
* drm/amdgpu: prevent immediate PASID reuse case (stable-fixes).
* drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
* drm/ast: dp501: Fix initialization of SCU2C (git-fixes).
* drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes).
* drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-
fixes).
* drm/exynos/vidi: Remove redundant error handling in vidi_get_modes()
(stable-fixes).
* drm/exynos: vidi: fix to avoid directly dereferencing user pointer (stable-
fixes).
* drm/exynos: vidi: use ctx->lock to protect struct vidi_context member
variables related to memory alloc/free (stable-fixes).
* drm/i915/display: Add module param to skip retraining of dp link
(bsc#1253129).
* drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP
(git-fixes).
* drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic
state (git-fixes).
* drm/i915/dsc: Add Selective Update register definitions (stable-fixes).
* drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters
(stable-fixes).
* drm/i915/dsi: Do not do DSC horizontal timing adjustments in command mode
(git-fixes).
* drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).
* drm/i915/gt: Check set_default_submission() before deferencing (git-fixes).
* drm/imagination: Fix deadlock in soft reset sequence (git-fixes).
* drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes).
* drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations
(stable-fixes).
* drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-
fixes).
* drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).
* drm/msm: Fix dma_free_attrs() buffer size (git-fixes).
* drm/radeon: apply state adjust rules to some additional HAINAN vairants
(stable-fixes).
* drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes).
* drm/xe/oa: Allow reading after disabling OA stream (git-fixes).
* drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes).
* drm/xe: Do not preempt fence signaling CS instructions (git-fixes).
* drm/xe: Open-code GGTT MMIO access protection (git-fixes).
* drm: Fix use-after-free on framebuffers and property blobs when calling
drm_dev_unplug (git-fixes).
* firmware: arm_scpi: Fix device_node reference leak in probe path (git-
fixes).
* gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).
* hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-
fixes).
* hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
* hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-
fixes).
* hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes).
* hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).
* hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes).
* hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes).
* hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute
temperature (git-fixes).
* hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes).
* hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes
(git-fixes).
* hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit()
(git-fixes).
* hwmon: (pxe1610) Check return value of page-select write in probe (git-
fixes).
* hwmon: (tps53679) Fix device ID comparison and printing in
tps53676_identify() (git-fixes).
* hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes).
* i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).
* i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).
* i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).
* i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).
* idpf: nullify pointers after they are freed (git-fixes).
* iio: accel: fix ADXL355 temperature signature value (git-fixes).
* iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).
* iio: chemical: bme680: Fix measurement wait duration calculation (git-
fixes).
* iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-
fixes).
* iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas()
(git-fixes).
* iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes).
* iio: dac: ds4424: reject -128 RAW value (git-fixes).
* iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).
* iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).
* iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).
* iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).
* iio: gyro: mpu3050: Fix irq resource leak (git-fixes).
* iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).
* iio: gyro: mpu3050: Move iio_device_register() to correct location (git-
fixes).
* iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin()
(git-fixes).
* iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes).
* iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).
* iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only
(git-fixes).
* iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).
* iio: potentiometer: mcp4131: fix double application of wiper shift (git-
fixes).
* irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment (git-fixes).
* mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations
(stable-fixes).
* media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-
fixes).
* media: tegra-video: Use accessors for pad config 'try_*' fields (stable-
fixes).
* mfd: omap-usb-host: Convert to platform remove callback returning void
(stable-fixes).
* mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).
* mfd: qcom-pm8xxx: Convert to platform remove callback returning void
(stable-fixes).
* mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).
* misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes).
* mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).
* mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).
* mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).
* mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).
* mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in
cadence_nand_init() (git-fixes).
* mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).
* mtd: rawnand: serialize lock/unlock against other NAND operations (git-
fixes).
* mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-
fixes).
* mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode
(stable-fixes).
* net/mana: Null service_wq on setup error to prevent double destroy (git-
fix).
* net/mana: Null service_wq on setup error to prevent double destroy (git-
fixes).
* net/mlx5: Fix crash when moving to switchdev mode (git-fixes).
* net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
(git-fixes).
* net/x25: Fix overflow when accumulating packets (git-fixes).
* net/x25: Fix potential double free of skb (git-fixes).
* net: mana: Add metadata support for xdp mode (git-fixes).
* net: mana: Add standard counter rx_missed_errors (git-fixes).
* net: mana: Add support for auxiliary device servicing events (bsc#1251971).
* net: mana: Change the function signature of mana_get_primary_netdev_rcu
(bsc#1256690).
* net: mana: Drop TX skb on post_work_request failure and unmap resources
(git-fixes).
* net: mana: Fix double destroy_workqueue on service rescan PCI path (git-
fixes).
* net: mana: Fix use-after-free in reset service rescan path (git-fixes).
* net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
* net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
* net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
* net: mana: Handle hardware recovery events when probing the device
(bsc#1257466).
* net: mana: Handle unsupported HWC commands (git-fixes).
* net: mana: Implement ndo_tx_timeout and serialize queue resets per port
(bsc#1257472).
* net: mana: Move hardware counter stats from per-port to per-VF context (git-
fixes).
* net: mana: Probe rdma device in mana driver (git-fixes).
* net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
* net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
* net: mana: Support HW link state events (bsc#1253049).
* net: mana: Trigger VF reset/recovery on health check failure due to HWC
timeout (bsc#1259580).
* net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
* net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
* net: mana: fix use-after-free in add_adev() error path (git-fixes).
* net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering
teardown (git-fixes).
* net: mana: use ethtool string helpers (git-fixes).
* net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).
* net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).
* net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).
* net: usb: pegasus: validate USB endpoints (stable-fixes).
* nfc: nci: fix circular locking dependency in nci_close_device (git-fixes).
* nvme: add support for dynamic quirk configuration via module parameter
(bsc#1243208).
* nvme: expose active quirks in sysfs (bsc#1243208). Refresh:
* nvme: fix memory leak in quirks_param_set() (bsc#1243208).
* phy: ti: j721e-wiz: Fix device node reference leak in
wiz_get_lane_phy_types() (git-fixes).
* pinctrl: equilibrium: fix warning trace on load (git-fixes).
* pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).
* pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-
fixes).
* pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).
* platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen
(git-fixes).
* platform/x86: ISST: Correct locked bit width (git-fixes).
* platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).
* platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list
(stable-fixes).
* platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1
(stable-fixes).
* platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen
on SUPI S10 (stable-fixes).
* regmap: Synchronize cache for the page selector (git-fixes).
* regulator: pca9450: Correct interrupt type (git-fixes).
* regulator: pca9450: Make IRQ optional (stable-fixes).
* s390/debug: Pass in and enforce output buffer size for format handlers
(jsc#PED-15582).
* scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).
* scsi: scsi_transport_sas: Fix the maximum channel scanning issue
(bsc#1255687, git-fixes).
* scsi: storvsc: Remove redundant ternary operators (git-fixes).
* serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY
(git-fixes).
* serial: 8250: Fix TX deadlock when using DMA (git-fixes).
* serial: 8250_pci: add support for the AX99100 (stable-fixes).
* serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).
* smb: client: add proper locking around ses->iface_last_update (git-fixes).
* smb: client: fix broken multichannel with krb5+signing (git-fixes).
* smb: client: fix cifs_pick_channel when channels are equally loaded (git-
fixes).
* smb: client: fix in-place encryption corruption in SMB2_write() (git-fixes).
* smb: client: fix krb5 mount with username option (git-fixes).
* smb: client: prevent races in ->query_interfaces() (git-fixes).
* soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-
fixes).
* soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes).
* spi: fix statistics allocation (git-fixes).
* spi: fix use-after-free on controller registration failure (git-fixes).
* spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).
* staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-
fixes).
* thunderbolt: Fix property read in nhi_wake_supported() (git-fixes).
* tools/hv: add a .gitignore file (git-fixes).
* tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
* tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
* tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
* tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
* usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).
* usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).
* usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-
fixes).
* usb: cdns3: fix role switching during resume (git-fixes).
* usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).
* usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-
fixes).
* usb: cdns3: remove redundant if branch (stable-fixes).
* usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).
* usb: core: do not power off roothub PHYs if phy_set_mode() fails (git-
fixes).
* usb: core: new quirk to handle devices with zero configurations (stable-
fixes).
* usb: core: phy: avoid double use of 'usb3-phy' (git-fixes).
* usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()
(git-fixes).
* usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).
* usb: ehci-brcm: fix sleep during atomic (git-fixes).
* usb: gadget: f_mass_storage: Fix potential integer overflow in
check_command_size_in_blocks() (git-fixes).
* usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).
* usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes).
* usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-
fixes).
* usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-
fixes).
* usb: image: mdc800: kill download URB on timeout (stable-fixes).
* usb: mdc800: handle signal and read racing (stable-fixes).
* usb: misc: uss720: properly clean up reference in uss720_probe() (stable-
fixes).
* usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-
fixes).
* usb: roles: get usb role switch from parent only for usb-b-connector (git-
fixes).
* usb: ulpi: fix double free in ulpi_register_interface() error path (git-
fixes).
* usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).
* usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).
* usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-
fixes).
* usb: yurex: fix race in probe (stable-fixes).
* vhost: fix caching attributes of MMIO regions by setting them explicitly
(git-fixes).
* vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 (git-fixes).
* watchdog/perf: properly initialize the turbo mode timestamp and rearm
counter (bsc#1256504).
* wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session
(git-fixes).
* wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes).
* wifi: iwlwifi: mvm: fix potential out-of-bounds read in
iwl_mvm_nd_match_info_handler() (git-fixes).
* wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-
fixes).
* wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes).
* wifi: mac80211: set default WMM parameters on all links (stable-fixes).
* wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-
fixes).
* wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough
headroom (git-fixes).
* x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
* xen/privcmd: unregister xenstore notifier on module exit (git-fixes).
* xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1573=1
* SUSE Real Time Module 15-SP7
zypper in -t patch SUSE-SLE-Module-RT-15-SP7-2026-1573=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP7 (x86_64)
* kernel-livepatch-SLE15-SP7-RT_Update_11-debugsource-1-150700.1.3.1
* kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1
* kernel-livepatch-6_4_0-150700_7_37-rt-debuginfo-1-150700.1.3.1
* SUSE Real Time Module 15-SP7 (x86_64)
* dlm-kmp-rt-6.4.0-150700.7.37.2
* dlm-kmp-rt-debuginfo-6.4.0-150700.7.37.2
* kernel-syms-rt-6.4.0-150700.7.37.1
* cluster-md-kmp-rt-debuginfo-6.4.0-150700.7.37.2
* kernel-rt-devel-debuginfo-6.4.0-150700.7.37.2
* kernel-rt-devel-6.4.0-150700.7.37.2
* ocfs2-kmp-rt-6.4.0-150700.7.37.2
* kernel-rt-debugsource-6.4.0-150700.7.37.2
* ocfs2-kmp-rt-debuginfo-6.4.0-150700.7.37.2
* cluster-md-kmp-rt-6.4.0-150700.7.37.2
* gfs2-kmp-rt-6.4.0-150700.7.37.2
* kernel-rt-debuginfo-6.4.0-150700.7.37.2
* gfs2-kmp-rt-debuginfo-6.4.0-150700.7.37.2
* SUSE Real Time Module 15-SP7 (noarch)
* kernel-devel-rt-6.4.0-150700.7.37.2
* kernel-source-rt-6.4.0-150700.7.37.2
* SUSE Real Time Module 15-SP7 (nosrc x86_64)
* kernel-rt-6.4.0-150700.7.37.2
## References:
* https://www.suse.com/security/cve/CVE-2024-38542.html
* https://www.suse.com/security/cve/CVE-2025-39998.html
* https://www.suse.com/security/cve/CVE-2025-68794.html
* https://www.suse.com/security/cve/CVE-2025-71231.html
* https://www.suse.com/security/cve/CVE-2025-71268.html
* https://www.suse.com/security/cve/CVE-2025-71269.html
* https://www.suse.com/security/cve/CVE-2026-23030.html
* https://www.suse.com/security/cve/CVE-2026-23047.html
* https://www.suse.com/security/cve/CVE-2026-23103.html
* https://www.suse.com/security/cve/CVE-2026-23120.html
* https://www.suse.com/security/cve/CVE-2026-23136.html
* https://www.suse.com/security/cve/CVE-2026-23140.html
* https://www.suse.com/security/cve/CVE-2026-23187.html
* https://www.suse.com/security/cve/CVE-2026-23193.html
* https://www.suse.com/security/cve/CVE-2026-23201.html
* https://www.suse.com/security/cve/CVE-2026-23215.html
* https://www.suse.com/security/cve/CVE-2026-23216.html
* https://www.suse.com/security/cve/CVE-2026-23231.html
* https://www.suse.com/security/cve/CVE-2026-23242.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23255.html
* https://www.suse.com/security/cve/CVE-2026-23259.html
* https://www.suse.com/security/cve/CVE-2026-23270.html
* https://www.suse.com/security/cve/CVE-2026-23272.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23277.html
* https://www.suse.com/security/cve/CVE-2026-23278.html
* https://www.suse.com/security/cve/CVE-2026-23281.html
* https://www.suse.com/security/cve/CVE-2026-23292.html
* https://www.suse.com/security/cve/CVE-2026-23293.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://www.suse.com/security/cve/CVE-2026-23319.html
* https://www.suse.com/security/cve/CVE-2026-23361.html
* https://www.suse.com/security/cve/CVE-2026-23379.html
* https://www.suse.com/security/cve/CVE-2026-23381.html
* https://www.suse.com/security/cve/CVE-2026-23386.html
* https://www.suse.com/security/cve/CVE-2026-23398.html
* https://www.suse.com/security/cve/CVE-2026-23413.html
* https://www.suse.com/security/cve/CVE-2026-23414.html
* https://www.suse.com/security/cve/CVE-2026-31788.html
* https://bugzilla.suse.com/show_bug.cgi?id=1226591
* https://bugzilla.suse.com/show_bug.cgi?id=1243208
* https://bugzilla.suse.com/show_bug.cgi?id=1245728
* https://bugzilla.suse.com/show_bug.cgi?id=1251135
* https://bugzilla.suse.com/show_bug.cgi?id=1251971
* https://bugzilla.suse.com/show_bug.cgi?id=1252073
* https://bugzilla.suse.com/show_bug.cgi?id=1252266
* https://bugzilla.suse.com/show_bug.cgi?id=1252803
* https://bugzilla.suse.com/show_bug.cgi?id=1253049
* https://bugzilla.suse.com/show_bug.cgi?id=1253129
* https://bugzilla.suse.com/show_bug.cgi?id=1255687
* https://bugzilla.suse.com/show_bug.cgi?id=1256504
* https://bugzilla.suse.com/show_bug.cgi?id=1256647
* https://bugzilla.suse.com/show_bug.cgi?id=1256690
* https://bugzilla.suse.com/show_bug.cgi?id=1257466
* https://bugzilla.suse.com/show_bug.cgi?id=1257472
* https://bugzilla.suse.com/show_bug.cgi?id=1257506
* https://bugzilla.suse.com/show_bug.cgi?id=1257561
* https://bugzilla.suse.com/show_bug.cgi?id=1257682
* https://bugzilla.suse.com/show_bug.cgi?id=1257773
* https://bugzilla.suse.com/show_bug.cgi?id=1257777
* https://bugzilla.suse.com/show_bug.cgi?id=1258280
* https://bugzilla.suse.com/show_bug.cgi?id=1258303
* https://bugzilla.suse.com/show_bug.cgi?id=1258305
* https://bugzilla.suse.com/show_bug.cgi?id=1258330
* https://bugzilla.suse.com/show_bug.cgi?id=1258337
* https://bugzilla.suse.com/show_bug.cgi?id=1258414
* https://bugzilla.suse.com/show_bug.cgi?id=1258424
* https://bugzilla.suse.com/show_bug.cgi?id=1258447
* https://bugzilla.suse.com/show_bug.cgi?id=1258476
* https://bugzilla.suse.com/show_bug.cgi?id=1259188
* https://bugzilla.suse.com/show_bug.cgi?id=1259580
* https://bugzilla.suse.com/show_bug.cgi?id=1259707
* https://bugzilla.suse.com/show_bug.cgi?id=1259795
* https://bugzilla.suse.com/show_bug.cgi?id=1259797
* https://bugzilla.suse.com/show_bug.cgi?id=1259865
* https://bugzilla.suse.com/show_bug.cgi?id=1259866
* https://bugzilla.suse.com/show_bug.cgi?id=1259886
* https://bugzilla.suse.com/show_bug.cgi?id=1259889
* https://bugzilla.suse.com/show_bug.cgi?id=1259891
* https://bugzilla.suse.com/show_bug.cgi?id=1259997
* https://bugzilla.suse.com/show_bug.cgi?id=1259998
* https://bugzilla.suse.com/show_bug.cgi?id=1260005
* https://bugzilla.suse.com/show_bug.cgi?id=1260009
* https://bugzilla.suse.com/show_bug.cgi?id=1260347
* https://bugzilla.suse.com/show_bug.cgi?id=1260464
* https://bugzilla.suse.com/show_bug.cgi?id=1260471
* https://bugzilla.suse.com/show_bug.cgi?id=1260481
* https://bugzilla.suse.com/show_bug.cgi?id=1260486
* https://bugzilla.suse.com/show_bug.cgi?id=1260500
* https://bugzilla.suse.com/show_bug.cgi?id=1260562
* https://bugzilla.suse.com/show_bug.cgi?id=1260730
* https://bugzilla.suse.com/show_bug.cgi?id=1260732
* https://bugzilla.suse.com/show_bug.cgi?id=1260735
* https://bugzilla.suse.com/show_bug.cgi?id=1260799
* https://bugzilla.suse.com/show_bug.cgi?id=1261496
* https://bugzilla.suse.com/show_bug.cgi?id=1261498
* https://jira.suse.com/browse/PED-15582
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260423/86ec7872/attachment.htm>
More information about the sle-updates
mailing list