Marcus Updateinfo to OVAL Converter5.52026-04-14T07:00:24Security update for grub2 (Important)SUSE Linux Micro 6.2
This update for grub2 fixes the following issues:
Changes in grub2:
- CVE-2025-54771: Fixed grub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- Bump upstream SBAT generation to 6
- Fix "sparse file not allowed" error after grub2-reboot (bsc#1245738)
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
- turn off page flipping for i386-pc using VBE video backend (bsc#1245636)
- Fix boot hangs in setting up serial console when ACPI SPCR table is present
and redirection is disabled (bsc#1249088)
- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
- Skip mount point in grub_find_device function (bsc#1246231)
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
ImportantSUSE bug 1234959SUSE bug 1245636SUSE bug 1245738SUSE bug 1245953SUSE bug 1246231SUSE bug 1247242SUSE bug 1249088SUSE bug 1249385SUSE bug 1252930SUSE bug 1252931SUSE bug 1252932SUSE bug 1252933SUSE bug 1252934SUSE bug 1252935CVE-2024-56738 at SUSECVE-2024-56738 at NVDCVE-2025-54770 at SUSECVE-2025-54770 at NVDCVE-2025-54771 at SUSECVE-2025-54771 at NVDCVE-2025-61661 at SUSECVE-2025-61661 at NVDCVE-2025-61662 at SUSECVE-2025-61662 at NVDCVE-2025-61663 at SUSECVE-2025-61663 at NVDCVE-2025-61664 at SUSECVE-2025-61664 at NVDcpe:/o:suse:sl-micro:6.2Security update for openssl-3 (Important)SUSE Linux Micro 6.2
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232)
- CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233)
- CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234)
ImportantSUSE bug 1250232SUSE bug 1250233SUSE bug 1250234CVE-2025-9230 at SUSECVE-2025-9230 at NVDCVE-2025-9231 at SUSECVE-2025-9231 at NVDCVE-2025-9232 at SUSECVE-2025-9232 at NVDcpe:/o:suse:sl-micro:6.2Security update for qemu (Important)SUSE Linux Micro 6.2
This update for qemu fixes the following issues:
Update to version 10.0.7.
Security issues fixed:
- CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious
guest user to crash the QEMU process on the host (bsc#1253002).
- CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network
access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984).
Other updates and bugfixes:
- Version 10.0.7:
* kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value
* docs/devel: Update URL for make-pullreq script
* target/arm: Fix assert on BRA.
* hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN
* hw/core/machine: Provide a description for aux-ram-share property
* hw/pci: Make msix_init take a uint32_t for nentries
* block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit()
* block-backend: Fix race when resuming queued requests
* ui/vnc: Fix qemu abort when query vnc info
* chardev/char-pty: Do not ignore chr_write() failures
* hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section()
* hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs
* hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure
* migration: Fix transition to COLO state from precopy
* Full backport list: https://lore.kernel.org/qemu-devel/1765037524.347582.2700543.nullmailer@tls.msk.ru/
- Version 10.0.6:
* linux-user/microblaze: Fix little-endianness binary
* target/hppa: correct size bit parity for fmpyadd
* target/i386: user: do not set up a valid LDT on reset
* async: access bottom half flags with qatomic_read
* target/i386: fix x86_64 pushw op
* i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit
* i386/cpu: Prevent delivering SIPI during SMM in TCG mode
* i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS
* target/i386: Fix CR2 handling for non-canonical addresses
* block/curl.c: Use explicit long constants in curl_easy_setopt calls
* pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs
* target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN2 and SEWd
* target/riscv: Fix ssamoswap error handling
* Full backport list: https://lore.kernel.org/qemu-devel/1761022287.744330.6357.nullmailer@tls.msk.ru/
- Version 10.0.5:
* tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image
* tests/functional/test_ppc_bamboo: Replace broken link with working assets
* physmem: Destroy all CPU AddressSpaces on unrealize
* memory: New AS helper to serialize destroy+free
* include/system/memory.h: Clarify address_space_destroy() behaviour
* migration: Fix state transition in postcopy_start() error handling
* target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions
* target/riscv: rvv: Replace checking V by checking Zve32x
* target/riscv: Fix endianness swap on compressed instructions
* hw/riscv/riscv-iommu: Fixup PDT Nested Walk
* Full backport list: https://lore.kernel.org/qemu-devel/1759986125.676506.643525.nullmailer@tls.msk.ru/
- [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).
- [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494).
ImportantSUSE bug 1230042SUSE bug 1250984SUSE bug 1253002SUSE bug 1254286SUSE bug 1254494CVE-2025-11234 at SUSECVE-2025-11234 at NVDCVE-2025-12464 at SUSECVE-2025-12464 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Important)SUSE Linux Micro 6.2
The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
- CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431 bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431 bsc#1245499).
- CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).
- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
- CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982).
- CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
- CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034).
- CVE-2025-39831: fbnic: Move phylink resume out of service_task and into open/close (bsc#1249977).
- CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252).
- CVE-2025-39897: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval (bsc#1250746).
- CVE-2025-39917: bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (bsc#1250723).
- CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120).
- CVE-2025-39961: iommu/amd/pgtbl: Fix possible race while increase page table level (bsc#1251817).
- CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
- CVE-2025-39990: bpf: Check the helper function is valid in get_helper_proto (bsc#1252054).
- CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
- CVE-2025-40003: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (bsc#1252301).
- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
- CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
- CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
- CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
- CVE-2025-40031: tee: fix register_shm_helper() (bsc#1252779).
- CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).
- CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
- CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790).
- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
- CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
- CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
- CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
- CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
- CVE-2025-40074: tcp: convert to dev_net_rcu() (bsc#1252794).
- CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
- CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
- CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923).
- CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917).
- CVE-2025-40101: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (bsc#1252901).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
- CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928).
- CVE-2025-40133: mptcp: Call dst_release() in mptcp_active_enable() (bsc#1253328).
- CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).
- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
- CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
- CVE-2025-40157: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (bsc#1253423).
- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
- CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
- CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
- CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
- CVE-2025-40175: idpf: cleanup remaining SKBs in PTP flows (bsc#1253426).
- CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425).
- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
- CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394).
- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455).
- CVE-2025-40203: listmount: don't call path_put() under namespace semaphore (bsc#1253457).
The following non security issues were fixed:
- ACPI: scan: Update honor list for RPMI System MSI (stable-fixes).
- ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
- Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a
proper watchdog interface and has many code issues. It only handles
obscure and obsolete hardware. Stop building and supporting this driver
(jsc#PED-14062).
- Fix "drm/xe: Don't allow evicting of BOs in same VM in array of VM binds" (bsc#1252923)
- KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes).
- KVM: s390: improve interrupt cpu for wakeup (bsc#1235463).
- KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352).
- KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (git-fixes).
- PCI/ERR: Update device error_state already after reset (stable-fixes).
- PM: EM: Slightly reduce em_check_capacity_update() overhead (stable-fixes).
- Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" (git-fixes).
- Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" (git-fixes).
- Update config files: enable zstd module decompression (jsc#PED-14115).
- bpf/selftests: Fix test_tcpnotify_user (bsc#1253635).
- btrfs: do not clear read-only when adding sprout device (bsc#1253238).
- btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes).
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
- drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes).
- drm/amd/display: update color on atomic commit time (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).
- hwmon: (lenovo-ec-sensors) Update P8 supprt (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
- mount: handle NULL values in mnt_ns_release() (bsc#1254308)
- net/smc: Remove validation of reserved bits in CLC Decline (bsc#1252357).
- net: phy: move realtek PHY driver to its own subdirectory (jsc#PED-14353).
- net: phy: realtek: add defines for shadowed c45 standard registers (jsc#PED-14353).
- net: phy: realtek: add helper RTL822X_VND2_C22_REG (jsc#PED-14353).
- net: phy: realtek: change order of calls in C22 read_status() (jsc#PED-14353).
- net: phy: realtek: clear 1000Base-T link partner advertisement (jsc#PED-14353).
- net: phy: realtek: improve mmd register access for internal PHY's (jsc#PED-14353).
- net: phy: realtek: read duplex and gbit master from PHYSR register (jsc#PED-14353).
- net: phy: realtek: switch from paged to MMD ops in rtl822x functions (jsc#PED-14353).
- net: phy: realtek: use string choices helpers (jsc#PED-14353).
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow (bsc#1250746)
- net: xilinx: axienet: Fix RX skb ring management in DMAengine mode (bsc#1250746)
- net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit (bsc#1250746)
- nvmet-auth: update sc_c in host response (git-fixes bsc#1249397).
- nvmet-auth: update sc_c in target host hash calculation (git-fixes).
- perf list: Add IBM z17 event descriptions (jsc#PED-13611).
- platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (git-fixes).
- powercap: intel_rapl: Add support for Panther Lake platform (jsc#PED-13949).
- pwm: pca9685: Use bulk write to atomicially update registers (stable-fixes).
- r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers (jsc#PED-14353).
- r8169: add support for Intel Killer E5000 (jsc#PED-14353).
- r8169: add support for RTL8125BP rev.b (jsc#PED-14353).
- r8169: add support for RTL8125D rev.b (jsc#PED-14353).
- r8169: adjust version numbering for RTL8126 (jsc#PED-14353).
- r8169: align RTL8125 EEE config with vendor driver (jsc#PED-14353).
- r8169: align RTL8125/RTL8126 PHY config with vendor driver (jsc#PED-14353).
- r8169: align RTL8126 EEE config with vendor driver (jsc#PED-14353).
- r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers (jsc#PED-14353).
- r8169: avoid duplicated messages if loading firmware fails and switch to warn level (jsc#PED-14353).
- r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353).
- r8169: enable EEE at 2.5G per default on RTL8125B (jsc#PED-14353).
- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (jsc#PED-14353).
- r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats (jsc#PED-14353).
- r8169: implement additional ethtool stats ops (jsc#PED-14353).
- r8169: improve __rtl8169_set_wol (jsc#PED-14353).
- r8169: improve initialization of RSS registers on RTL8125/RTL8126 (jsc#PED-14353).
- r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).
- r8169: increase max jumbo packet size on RTL8125/RTL8126 (jsc#PED-14353).
- r8169: remove leftover locks after reverted change (jsc#PED-14353).
- r8169: remove original workaround for RTL8125 broken rx issue (jsc#PED-14353).
- r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).
- r8169: remove support for chip version 11 (jsc#PED-14353).
- r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE (jsc#PED-14353).
- r8169: replace custom flag with disable_work() et al (jsc#PED-14353).
- r8169: switch away from deprecated pcim_iomap_table (jsc#PED-14353).
- r8169: use helper r8169_mod_reg8_cond to simplify rtl_jumbo_config (jsc#PED-14353).
- ring-buffer: Update pages_touched to reflect persistent buffer content (git-fixes).
- s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253643).
- sched/fair: Get rid of sched_domains_curr_level hack for tl->cpumask() (bsc#1246843).
- sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1248792).
- sched/fair: Proportional newidle balance (bsc#1248792).
- sched/fair: Proportional newidle balance -KABI (bsc#1248792).
- sched/fair: Revert max_newidle_lb_cost bump (bsc#1248792).
- sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1248792).
- sched/fair: Small cleanup to sched_balance_newidle() (bsc#1248792).
- sched/fair: Small cleanup to update_newidle_cost() (bsc#1248792).
- scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
- selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221).
- smpboot: introduce SDTL_INIT() helper to tidy sched topology setup (bsc#1246843).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
- spi: tegra210-quad: Fix timeout handling (bsc#1253155)
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705).
- wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181).
- wifi: mt76: do not add wcid entries to sta poll list during MCU reset (bsc#1254315).
- wifi: mt76: introduce mt792x_config_mac_addr_list routine (bsc#1254315).
- wifi: mt76: mt7925: Fix logical vs bitwise typo (bsc#1254315).
- wifi: mt76: mt7925: Remove unnecessary if-check (bsc#1254315).
- wifi: mt76: mt7925: Simplify HIF suspend handling to avoid suspend fail (bsc#1254315).
- wifi: mt76: mt7925: add EHT control support based on the CLC data (bsc#1254315).
- wifi: mt76: mt7925: add handler to hif suspend/resume event (bsc#1254315).
- wifi: mt76: mt7925: add pci restore for hibernate (bsc#1254315).
- wifi: mt76: mt7925: config the dwell time by firmware (bsc#1254315).
- wifi: mt76: mt7925: extend MCU support for testmode (bsc#1254315).
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (bsc#1254315).
- wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl (bsc#1254315).
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (bsc#1254315).
- wifi: mt76: mt7925: refine the txpower initialization flow (bsc#1254315).
- wifi: mt76: mt7925: replace zero-length array with flexible-array member (bsc#1254315).
- wifi: mt76: mt7925: update the channel usage when the regd domain changed (bsc#1254315).
- wifi: mt76: mt7925e: fix too long of wifi resume time (bsc#1254315).
- x86/smpboot: avoid SMT domain attach/destroy if SMT is not enabled (bsc#1246843).
- x86/smpboot: moves x86_topology to static initialize and truncate (bsc#1246843).
- x86/smpboot: remove redundant CONFIG_SCHED_SMT (bsc#1246843).
ImportantSUSE bug 1235463SUSE bug 1243474SUSE bug 1245193SUSE bug 1245431SUSE bug 1245498SUSE bug 1245499SUSE bug 1246328SUSE bug 1246843SUSE bug 1247500SUSE bug 1248792SUSE bug 1249256SUSE bug 1249397SUSE bug 1249912SUSE bug 1249977SUSE bug 1249982SUSE bug 1250034SUSE bug 1250176SUSE bug 1250237SUSE bug 1250252SUSE bug 1250705SUSE bug 1250723SUSE bug 1250746SUSE bug 1251120SUSE bug 1251817SUSE bug 1252054SUSE bug 1252063SUSE bug 1252301SUSE bug 1252303SUSE bug 1252342SUSE bug 1252352SUSE bug 1252357SUSE bug 1252681SUSE bug 1252686SUSE bug 1252763SUSE bug 1252776SUSE bug 1252779SUSE bug 1252790SUSE bug 1252794SUSE bug 1252795SUSE bug 1252808SUSE bug 1252809SUSE bug 1252817SUSE bug 1252821SUSE bug 1252824SUSE bug 1252836SUSE bug 1252845SUSE bug 1252901SUSE bug 1252912SUSE bug 1252917SUSE bug 1252919SUSE bug 1252923SUSE bug 1252928SUSE bug 1253018SUSE bug 1253155SUSE bug 1253176SUSE bug 1253238SUSE bug 1253275SUSE bug 1253318SUSE bug 1253324SUSE bug 1253328SUSE bug 1253330SUSE bug 1253342SUSE bug 1253348SUSE bug 1253349SUSE bug 1253352SUSE bug 1253355SUSE bug 1253360SUSE bug 1253362SUSE bug 1253363SUSE bug 1253367SUSE bug 1253369SUSE bug 1253386SUSE bug 1253394SUSE bug 1253395SUSE bug 1253402SUSE bug 1253403SUSE bug 1253405SUSE bug 1253407SUSE bug 1253408SUSE bug 1253409SUSE bug 1253410SUSE bug 1253412SUSE bug 1253416SUSE bug 1253421SUSE bug 1253422SUSE bug 1253423SUSE bug 1253424SUSE bug 1253425SUSE bug 1253426SUSE bug 1253427SUSE bug 1253428SUSE bug 1253431SUSE bug 1253433SUSE bug 1253436SUSE bug 1253438SUSE bug 1253440SUSE bug 1253441SUSE bug 1253443SUSE bug 1253445SUSE bug 1253448SUSE bug 1253449SUSE bug 1253450SUSE bug 1253451SUSE bug 1253453SUSE bug 1253455SUSE bug 1253456SUSE bug 1253457SUSE bug 1253463SUSE bug 1253472SUSE bug 1253622SUSE bug 1253624SUSE bug 1253635SUSE bug 1253643SUSE bug 1253647SUSE bug 1254119SUSE bug 1254181SUSE bug 1254221SUSE bug 1254308SUSE bug 1254315CVE-2022-50253 at SUSECVE-2022-50253 at NVDCVE-2025-37916 at SUSECVE-2025-37916 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38321 at SUSECVE-2025-38321 at NVDCVE-2025-38728 at SUSECVE-2025-38728 at NVDCVE-2025-39805 at SUSECVE-2025-39805 at NVDCVE-2025-39819 at SUSECVE-2025-39819 at NVDCVE-2025-39822 at SUSECVE-2025-39822 at NVDCVE-2025-39831 at SUSECVE-2025-39831 at NVDCVE-2025-39859 at SUSECVE-2025-39859 at NVDCVE-2025-39897 at SUSECVE-2025-39897 at NVDCVE-2025-39917 at SUSECVE-2025-39917 at NVDCVE-2025-39944 at SUSECVE-2025-39944 at NVDCVE-2025-39961 at SUSECVE-2025-39961 at NVDCVE-2025-39980 at SUSECVE-2025-39980 at NVDCVE-2025-39990 at SUSECVE-2025-39990 at NVDCVE-2025-40001 at SUSECVE-2025-40001 at NVDCVE-2025-40003 at SUSECVE-2025-40003 at NVDCVE-2025-40006 at SUSECVE-2025-40006 at NVDCVE-2025-40021 at SUSECVE-2025-40021 at NVDCVE-2025-40024 at SUSECVE-2025-40024 at NVDCVE-2025-40027 at SUSECVE-2025-40027 at NVDCVE-2025-40031 at SUSECVE-2025-40031 at NVDCVE-2025-40033 at SUSECVE-2025-40033 at NVDCVE-2025-40038 at SUSECVE-2025-40038 at NVDCVE-2025-40047 at SUSECVE-2025-40047 at NVDCVE-2025-40053 at SUSECVE-2025-40053 at NVDCVE-2025-40055 at SUSECVE-2025-40055 at NVDCVE-2025-40059 at SUSECVE-2025-40059 at NVDCVE-2025-40064 at SUSECVE-2025-40064 at NVDCVE-2025-40070 at SUSECVE-2025-40070 at NVDCVE-2025-40074 at SUSECVE-2025-40074 at NVDCVE-2025-40075 at SUSECVE-2025-40075 at NVDCVE-2025-40081 at SUSECVE-2025-40081 at NVDCVE-2025-40083 at SUSECVE-2025-40083 at NVDCVE-2025-40086 at SUSECVE-2025-40086 at NVDCVE-2025-40098 at SUSECVE-2025-40098 at NVDCVE-2025-40101 at SUSECVE-2025-40101 at NVDCVE-2025-40102 at SUSECVE-2025-40102 at NVDCVE-2025-40105 at SUSECVE-2025-40105 at NVDCVE-2025-40107 at SUSECVE-2025-40107 at NVDCVE-2025-40109 at SUSECVE-2025-40109 at NVDCVE-2025-40110 at SUSECVE-2025-40110 at NVDCVE-2025-40111 at SUSECVE-2025-40111 at NVDCVE-2025-40115 at SUSECVE-2025-40115 at NVDCVE-2025-40116 at SUSECVE-2025-40116 at NVDCVE-2025-40118 at SUSECVE-2025-40118 at NVDCVE-2025-40120 at SUSECVE-2025-40120 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40127 at SUSECVE-2025-40127 at NVDCVE-2025-40129 at SUSECVE-2025-40129 at NVDCVE-2025-40132 at SUSECVE-2025-40132 at NVDCVE-2025-40133 at SUSECVE-2025-40133 at NVDCVE-2025-40134 at SUSECVE-2025-40134 at NVDCVE-2025-40135 at SUSECVE-2025-40135 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40140 at SUSECVE-2025-40140 at NVDCVE-2025-40141 at SUSECVE-2025-40141 at NVDCVE-2025-40142 at SUSECVE-2025-40142 at NVDCVE-2025-40149 at SUSECVE-2025-40149 at NVDCVE-2025-40153 at SUSECVE-2025-40153 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40156 at SUSECVE-2025-40156 at NVDCVE-2025-40157 at SUSECVE-2025-40157 at NVDCVE-2025-40158 at SUSECVE-2025-40158 at NVDCVE-2025-40159 at SUSECVE-2025-40159 at NVDCVE-2025-40161 at SUSECVE-2025-40161 at NVDCVE-2025-40162 at SUSECVE-2025-40162 at NVDCVE-2025-40164 at SUSECVE-2025-40164 at NVDCVE-2025-40165 at SUSECVE-2025-40165 at NVDCVE-2025-40166 at SUSECVE-2025-40166 at NVDCVE-2025-40168 at SUSECVE-2025-40168 at NVDCVE-2025-40169 at SUSECVE-2025-40169 at NVDCVE-2025-40171 at SUSECVE-2025-40171 at NVDCVE-2025-40172 at SUSECVE-2025-40172 at NVDCVE-2025-40173 at SUSECVE-2025-40173 at NVDCVE-2025-40175 at SUSECVE-2025-40175 at NVDCVE-2025-40176 at SUSECVE-2025-40176 at NVDCVE-2025-40177 at SUSECVE-2025-40177 at NVDCVE-2025-40178 at SUSECVE-2025-40178 at NVDCVE-2025-40180 at SUSECVE-2025-40180 at NVDCVE-2025-40183 at SUSECVE-2025-40183 at NVDCVE-2025-40185 at SUSECVE-2025-40185 at NVDCVE-2025-40186 at SUSECVE-2025-40186 at NVDCVE-2025-40187 at SUSECVE-2025-40187 at NVDCVE-2025-40188 at SUSECVE-2025-40188 at NVDCVE-2025-40192 at SUSECVE-2025-40192 at NVDCVE-2025-40194 at SUSECVE-2025-40194 at NVDCVE-2025-40196 at SUSECVE-2025-40196 at NVDCVE-2025-40197 at SUSECVE-2025-40197 at NVDCVE-2025-40198 at SUSECVE-2025-40198 at NVDCVE-2025-40200 at SUSECVE-2025-40200 at NVDCVE-2025-40201 at SUSECVE-2025-40201 at NVDCVE-2025-40202 at SUSECVE-2025-40202 at NVDCVE-2025-40203 at SUSECVE-2025-40203 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDCVE-2025-40205 at SUSECVE-2025-40205 at NVDCVE-2025-40206 at SUSECVE-2025-40206 at NVDCVE-2025-40207 at SUSECVE-2025-40207 at NVDcpe:/o:suse:sl-micro:6.2Security update for sssd (Important)SUSE Linux Micro 6.2
This update for sssd fixes the following issues:
- CVE-2025-11561: Fixed default Kerberos configuration allowing privilege
escalation on AD-joined Linux systems (bsc#1244325)
ImportantSUSE bug 1244325SUSE bug 1251827CVE-2025-11561 at SUSECVE-2025-11561 at NVDcpe:/o:suse:sl-micro:6.2Security update for avahi (Moderate)SUSE Linux Micro 6.2
This update for avahi fixes the following issues:
- CVE-2024-52615: Fixed DNS spoofing (bsc#1233421)
ModerateSUSE bug 1233421CVE-2024-52615 at SUSECVE-2024-52615 at NVDcpe:/o:suse:sl-micro:6.2Security update for python-tornado6 (Important)SUSE Linux Micro 6.2
This update for python-tornado6 fixes the following issues:
- CVE-2025-67724: unescaped `reason` argument used in HTTP headers and in HTML default error pages can be used by
attackers to launch header injection or XSS attacks (bsc#1254903).
- CVE-2025-67725: quadratic complexity of string concatenation operations used by the `HTTPHeaders.add` method can lead
o DoS when processing a maliciously crafted HTTP request (bsc#1254905).
- CVE-2025-67726: quadratic complexity algorithm used in the `_parseparam` function of `httputil.py` can lead to DoS
when processing maliciously crafted parameters in a `Content-Disposition` header (bsc#1254904).
ImportantSUSE bug 1254903SUSE bug 1254904SUSE bug 1254905CVE-2025-67724 at SUSECVE-2025-67724 at NVDCVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sl-micro:6.2Security update for libmicrohttpd (Important)SUSE Linux Micro 6.2
This update for libmicrohttpd fixes the following issues:
- CVE-2025-62689: Fixed heap-based buffer overflow through
a specially crafted packet (bsc#1253178)
- CVE-2025-59777: Fixed NULL pointer dereference through
a specially crafted packet (bsc#1253177)
ImportantSUSE bug 1253177SUSE bug 1253178CVE-2025-59777 at SUSECVE-2025-59777 at NVDCVE-2025-62689 at SUSECVE-2025-62689 at NVDcpe:/o:suse:sl-micro:6.2Security update for libpng16 (Important)SUSE Linux Micro 6.2
This update for libpng16 fixes the following issues:
- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices
(bsc#1254157).
- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`
enabled (bsc#1254158).
- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with
`PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).
- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced
PNGs with 8-bit output format (bsc#1254160).
- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial
transparency and gamma correction (bsc#1254480).
ImportantSUSE bug 1254157SUSE bug 1254158SUSE bug 1254159SUSE bug 1254160SUSE bug 1254480CVE-2025-64505 at SUSECVE-2025-64505 at NVDCVE-2025-64506 at SUSECVE-2025-64506 at NVDCVE-2025-64720 at SUSECVE-2025-64720 at NVDCVE-2025-65018 at SUSECVE-2025-65018 at NVDCVE-2025-66293 at SUSECVE-2025-66293 at NVDcpe:/o:suse:sl-micro:6.2Security update for glib2 (Important)SUSE Linux Micro 6.2
This update for glib2 fixes the following issues:
Update to version 2.84.4.
Security issues fixed:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
- CVE-2025-7039: integer overflow when creating temporary files may lead to an out-of-bounds memory access that can be
used for path traversal or exposure of sensitive content in a temporary file (bsc#1249055).
Other issues fixed and changes:
- Fix GFile leak in `g_local_file_set_display_name` during error handling.
- Fix incorrect output parameter handling in closure helper of `g_settings_bind_with_mapping_closures`.
- `gfileutils`: fix computation of temporary file name.
- Fix GFile leak in `g_local_file_set_display_name()`.
- `gthreadpool`: catch `pool_spawner` creation failure.
- `gio/filenamecompleter`: fix leaks.
- `gfilenamecompleter`: fix `g_object_unref()` of undefined value.
ImportantSUSE bug 1249055SUSE bug 1254297SUSE bug 1254662SUSE bug 1254878CVE-2025-13601 at SUSECVE-2025-13601 at NVDCVE-2025-14087 at SUSECVE-2025-14087 at NVDCVE-2025-14512 at SUSECVE-2025-14512 at NVDCVE-2025-7039 at SUSECVE-2025-7039 at NVDcpe:/o:suse:sl-micro:6.2Security update for gpg2 (Important)SUSE Linux Micro 6.2
This update for gpg2 fixes the following issues:
- CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption (bsc#1255715).
Other security fixes:
- gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (bsc#1256246).
- gpg: Error out on unverified output for non-detached signatures (bsc#1256244).
- gpg: Deprecate the option --not-dash-escaped (bsc#1256390).
ImportantSUSE bug 1255715SUSE bug 1256244SUSE bug 1256246SUSE bug 1256390CVE-2025-68973 at SUSECVE-2025-68973 at NVDcpe:/o:suse:sl-micro:6.2Security update for curl (Moderate)SUSE Linux Micro 6.2
This update for curl fixes the following issues:
This update for curl fixes the following issues:
- CVE-2025-14017: broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
ModerateSUSE bug 1255731SUSE bug 1255732SUSE bug 1255733SUSE bug 1255734SUSE bug 1256105CVE-2025-14017 at SUSECVE-2025-14017 at NVDCVE-2025-14524 at SUSECVE-2025-14524 at NVDCVE-2025-14819 at SUSECVE-2025-14819 at NVDCVE-2025-15079 at SUSECVE-2025-15079 at NVDCVE-2025-15224 at SUSECVE-2025-15224 at NVDcpe:/o:suse:sl-micro:6.2Security update for haproxy (Moderate)SUSE Linux Micro 6.2
This update for haproxy fixes the following issues:
- CVE-2025-11230: issue in the mjson JSON decoder leads to excessive resource consumption when processing numbers with
large exponents (bsc#1250983).
ModerateSUSE bug 1250983CVE-2025-11230 at SUSECVE-2025-11230 at NVDcpe:/o:suse:sl-micro:6.2Security update for docker (Critical)SUSE Linux Micro 6.2
This update for docker fixes the following issues:
Changes in docker:
- Update to Docker 28.5.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2851>
- Update to Docker 28.5.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2850>
- Update to docker-buildx v0.29.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.29.0>
- Remove git-core recommends on SLE. Most SLE systems have
installRecommends=yes by default and thus end up installing git with Docker.
bsc#1250508
This feature is mostly intended for developers ("docker build git://") so
most users already have the dependency installed, and the error when git is
missing is fairly straightforward (so they can easily figure out what they
need to install).
- Update to docker-buildx v0.28.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.28.0>
- Update to Docker 28.4.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2840>
* Fixes a nil pointer panic in "docker push". bsc#1248373
- Update warnings and errors related to "docker buildx ..." so that they
reference our openSUSE docker-buildx packages.
- Enable building docker-buildx for SLE15 systems with SUSEConnect secret
injection enabled. PED-12534 PED-8905 bsc#1247594
As docker-buildx does not support our SUSEConnect secret injection (and some
users depend "docker build" working transparently), patch the docker CLI so
that "docker build" will no longer automatically call "docker buildx build",
effectively making DOCKER_BUILDKIT=0 the default configuration. Users can
manually use "docker buildx ..." commands or set DOCKER_BUILDKIT=1 in order
to opt-in to using docker-buildx.
Users can silence the "docker build" warning by setting DOCKER_BUILDKIT=0
explicitly.
In order to inject SCC credentials with docker-buildx, users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
- Update to Docker 28.3.3-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2833>
CVE-2025-54388 bsc#1247367
- Update to docker-buildx v0.26.1. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.26.1>
- Update to docker-buildx v0.26.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.26.0>
CriticalSUSE bug 1247367SUSE bug 1247594SUSE bug 1248373SUSE bug 1250508CVE-2025-54388 at SUSECVE-2025-54388 at NVDcpe:/o:suse:sl-micro:6.2Security update of open-vm-tools (Important)SUSE Linux Micro 6.2
This update for open-vm-tools fixes the following issues:
Update to open-vm-tools 13.0.5 based on build 24915695. (boo#1250692):
Please refer to the Release Notes at
https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md.
The granular changes that have gone into the open-vm-tools 13.0.5 release
are in the ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog.
There are no new features in the open-vm-tools 13.0.5 release. This is
primarily a maintenance release that addresses a security issue.
This release resolves and includes the patch for CVE-2025-41244. For more
information on this vulnerability and its impact on Broadcom products,
see VMSA-2025-0015.
A minor enhancement has been made for Guest OS Customization. The
DeployPkg plugin has been updated to use "systemctl reboot", if available.
For a more complete list of issues addressed in this release, see the
What's New and Resolved Issues section of the Release Notes.
ImportantSUSE bug 1250373SUSE bug 1250692CVE-2025-41244 at SUSECVE-2025-41244 at NVDcpe:/o:suse:sl-micro:6.2Security update for podman (Important)SUSE Linux Micro 6.2
This update for podman fixes the following issues:
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376).
- CVE-2025-9566: kube play command may overwrite host files (bsc#1249154).
ImportantSUSE bug 1249154SUSE bug 1252376CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDCVE-2025-9566 at SUSECVE-2025-9566 at NVDcpe:/o:suse:sl-micro:6.2Security update for libpcap (Low)SUSE Linux Micro 6.2
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
LowSUSE bug 1255765CVE-2025-11961 at SUSECVE-2025-11961 at NVDcpe:/o:suse:sl-micro:6.2Security update for python313 (Moderate)SUSE Linux Micro 6.2
This update for python313 fixes the following issues:
- Update to 3.13.11:
- Security
- CVE-2025-12084: cpython: Fixed quadratic algorithm in
xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount
from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
- CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory
(EOCD) not checked by the 'zipfile' module (bsc#1251305)
- gh-137836: Add support of the “plaintext” element, RAWTEXT
elements “xmp”, “iframe”, “noembed” and “noframes”, and
optionally RAWTEXT element “noscript” in
html.parser.HTMLParser.
- gh-136063: email.message: ensure linear complexity for
legacy HTTP parameters parsing. Patch by B?n?dikt Tran.
- CVE-2025-6075: Fixed performance issues caused by user-controller
os.path.expandvars() (bsc#1252974)
- Library
- gh-140797: Revert changes to the undocumented re.Scanner
class. Capturing groups are still allowed for backward
compatibility, although using them can lead to incorrect
result. They will be forbidden in future Python versions.
- gh-142206: The resource tracker in the multiprocessing
module now uses the original communication protocol, as in
Python 3.14.0 and below, by default. This avoids issues
with upgrading Python while it is running. (Note that such
‘in-place’ upgrades are not tested.) The tracker remains
compatible with subprocesses that use new protocol (that
is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).
- Core and Builtins
- gh-142218: Fix crash when inserting into a split table
dictionary with a non str key that matches an existing key.
- Update to 3.13.10:
- Tools/Demos
- gh-141442: The iOS testbed now correctly handles test
arguments that contain spaces.
- Tests
- gh-140482: Preserve and restore the state of stty echo as
part of the test environment.
- gh-140082: Update python -m test to set FORCE_COLOR=1 when
being run with color enabled so that unittest which is run
by it with redirected output will output in color.
- gh-136442: Use exitcode 1 instead of 5 if
unittest.TestCase.setUpClass() raises an exception
- Library
- gh-74389: When the stdin being used by a subprocess.Popen
instance is closed, this is now ignored in
subprocess.Popen.communicate() instead of leaving the class
in an inconsistent state.
- gh-87512: Fix subprocess.Popen.communicate() timeout
handling on Windows when writing large input. Previously,
the timeout was ignored during stdin writing, causing the
method to block indefinitely if the child process did not
consume input quickly. The stdin write is now performed in
a background thread, allowing the timeout to be properly
enforced.
- gh-141473: When subprocess.Popen.communicate() was called
with input and a timeout and is called for a second time
after a TimeoutExpired exception before the process has
died, it should no longer hang.
- gh-59000: Fix pdb breakpoint resolution for class methods
when the module defining the class is not imported.
- gh-141570: Support file-like object raising OSError from
fileno() in color detection (_colorize.can_colorize()).
This can occur when sys.stdout is redirected.
- gh-141659: Fix bad file descriptor errors from
_posixsubprocess on AIX.
- gh-141497: ipaddress: ensure that the methods
IPv4Network.hosts() and IPv6Network.hosts() always return
an iterator.
- gh-140938: The statistics.stdev() and statistics.pstdev()
functions now raise a ValueError when the input contains an
infinity or a NaN.
- gh-124111: Updated Tcl threading configuration in _tkinter
to assume that threads are always available in Tcl 9 and
later.
- gh-137109: The os.fork and related forking APIs will no
longer warn in the common case where Linux or macOS
platform APIs return the number of threads in a process and
find the answer to be 1 even when a os.register_at_fork()
after_in_parent= callback (re)starts a thread.
- gh-141314: Fix assertion failure in io.TextIOWrapper.tell()
when reading files with standalone carriage return (\r)
line endings.
- gh-141311: Fix assertion failure in io.BytesIO.readinto()
and undefined behavior arising when read position is above
capcity in io.BytesIO.
- gh-141141: Fix a thread safety issue with
base64.b85decode(). Contributed by Benel Tayar.
- gh-140911: collections: Ensure that the methods
UserString.rindex() and UserString.index() accept
collections.UserString instances as the sub argument.
- gh-140797: The undocumented re.Scanner class now forbids
regular expressions containing capturing groups in its
lexicon patterns. Patterns using capturing groups could
previously lead to crashes with segmentation fault. Use
non-capturing groups (?:…) instead.
- gh-140815: faulthandler now detects if a frame or a code
object is invalid or freed. Patch by Victor Stinner.
- gh-100218: Correctly set errno when socket.if_nametoindex()
or socket.if_indextoname() raise an OSError. Patch by
B?n?dikt Tran.
- gh-140875: Fix handling of unclosed character references
(named and numerical) followed by the end of file in
html.parser.HTMLParser with convert_charrefs=False.
- gh-140734: multiprocessing: fix off-by-one error when
checking the length of a temporary socket file path. Patch
by B?n?dikt Tran.
- gh-140874: Bump the version of pip bundled in ensurepip to
version 25.3
- gh-140691: In urllib.request, when opening a FTP URL fails
because a data connection cannot be made, the control
connection’s socket is now closed to avoid
a ResourceWarning.
- gh-103847: Fix hang when cancelling process created by
asyncio.create_subprocess_exec() or
asyncio.create_subprocess_shell(). Patch by Kumar Aditya.
- gh-140590: Fix arguments checking for the
functools.partial.__setstate__() that may lead to internal
state corruption and crash. Patch by Sergey Miryanov.
- gh-140634: Fix a reference counting bug in
os.sched_param.__reduce__().
- gh-140633: Ignore AttributeError when setting a module’s
__file__ attribute when loading an extension module
packaged as Apple Framework.
- gh-140593: xml.parsers.expat: Fix a memory leak that could
affect users with ElementDeclHandler() set to a custom
element declaration handler. Patch by Sebastian Pipping.
- gh-140607: Inside io.RawIOBase.read(), validate that the
count of bytes returned by io.RawIOBase.readinto() is valid
(inside the provided buffer).
- gh-138162: Fix logging.LoggerAdapter with merge_extra=True
and without the extra argument.
- gh-140474: Fix memory leak in array.array when creating
arrays from an empty str and the u type code.
- gh-140272: Fix memory leak in the clear() method of the
dbm.gnu database.
- gh-140041: Fix import of ctypes on Android and Cygwin when
ABI flags are present.
- gh-139905: Add suggestion to error message for
typing.Generic subclasses when cls.__parameters__ is
missing due to a parent class failing to call
super().__init_subclass__() in its __init_subclass__.
- gh-139845: Fix to not print KeyboardInterrupt twice in
default asyncio REPL.
- gh-139783: Fix inspect.getsourcelines() for the case when
a decorator is followed by a comment or an empty line.
- gh-70765: http.server: fix default handling of HTTP/0.9
requests in BaseHTTPRequestHandler. Previously,
BaseHTTPRequestHandler.parse_request() incorrectly waited
for headers in the request although those are not supported
in HTTP/0.9. Patch by B?n?dikt Tran.
- gh-139391: Fix an issue when, on non-Windows platforms, it
was not possible to gracefully exit a python -m asyncio
process suspended by Ctrl+Z and later resumed by fg other
than with kill.
- gh-101828: Fix 'shift_jisx0213', 'shift_jis_2004',
'euc_jisx0213' and 'euc_jis_2004' codecs truncating null
chars as they were treated as part of multi-character
sequences.
- gh-139246: fix: paste zero-width in default repl width is
wrong.
- gh-90949: Add SetAllocTrackerActivationThreshold() and
SetAllocTrackerMaximumAmplification() to xmlparser objects
to prevent use of disproportional amounts of dynamic memory
from within an Expat parser. Patch by B?n?dikt Tran.
- gh-139065: Fix trailing space before a wrapped long word if
the line length is exactly width in textwrap.
- gh-138993: Dedent credits text.
- gh-138859: Fix generic type parameterization raising
a TypeError when omitting a ParamSpec that has a default
which is not a list of types.
- gh-138775: Use of python -m with base64 has been fixed to
detect input from a terminal so that it properly notices
EOF.
- gh-98896: Fix a failure in multiprocessing resource_tracker
when SharedMemory names contain colons. Patch by Rani
Pinchuk.
- gh-75989: tarfile.TarFile.extractall() and
tarfile.TarFile.extract() now overwrite symlinks when
extracting hardlinks. (Contributed by Alexander Enrique
Urieles Nieto in gh-75989.)
- gh-83424: Allows creating a ctypes.CDLL without name when
passing a handle as an argument.
- gh-136234: Fix asyncio.WriteTransport.writelines() to be
robust to connection failure, by using the same behavior as
write().
- gh-136057: Fixed the bug in pdb and bdb where next and step
can’t go over the line if a loop exists in the line.
- gh-135307: email: Fix exception in set_content() when
encoding text and max_line_length is set to 0 or None
(unlimited).
- gh-134453: Fixed subprocess.Popen.communicate() input=
handling of memoryview instances that were non-byte shaped
on POSIX platforms. Those are now properly cast to a byte
shaped view instead of truncating the input. Windows
platforms did not have this bug.
- gh-102431: Clarify constraints for “logical” arguments in
methods of decimal.Context.
- IDLE
- gh-96491: Deduplicate version number in IDLE shell title
bar after saving to a file.
- Documentation
- gh-141994: xml.sax.handler: Make Documentation of
xml.sax.handler.feature_external_ges warn of opening up to
external entity attacks. Patch by Sebastian Pipping.
- gh-140578: Remove outdated sencence in the documentation
for multiprocessing, that implied that
concurrent.futures.ThreadPoolExecutor did not exist.
- Core and Builtins
- gh-142048: Fix quadratically increasing garbage collection
delays in free-threaded build.
- gh-141930: When importing a module, use Python’s regular
file object to ensure that writes to .pyc files are
complete or an appropriate error is raised.
- gh-120158: Fix inconsistent state when enabling or
disabling monitoring events too many times.
- gh-141579: Fix sys.activate_stack_trampoline() to properly
support the perf_jit backend. Patch by Pablo Galindo.
- gh-141312: Fix the assertion failure in the __setstate__
method of the range iterator when a non-integer argument is
passed. Patch by Sergey Miryanov.
- gh-140939: Fix memory leak when bytearray or bytes is
formated with the
%*b format with a large width that results in
%a MemoryError.
- gh-140530: Fix a reference leak when raise exc from cause
fails. Patch by B?n?dikt Tran.
- gh-140576: Fixed crash in tokenize.generate_tokens() in
case of specific incorrect input. Patch by Mikhail Efimov.
- gh-140551: Fixed crash in dict if dict.clear() is called at
the lookup stage. Patch by Mikhail Efimov and Inada Naoki.
- gh-140471: Fix potential buffer overflow in ast.AST node
initialization when encountering malformed _fields
containing non-str.
- gh-140406: Fix memory leak when an object’s __hash__()
method returns an object that isn’t an int.
- gh-140306: Fix memory leaks in cross-interpreter channel
operations and shared namespace handling.
- gh-140301: Fix memory leak of PyConfig in subinterpreters.
- gh-140000: Fix potential memory leak when a reference cycle
exists between an instance of typing.TypeAliasType,
typing.TypeVar, typing.ParamSpec, or typing.TypeVarTuple
and its __name__ attribute. Patch by Mikhail Efimov.
- gh-139748: Fix reference leaks in error branches of
functions accepting path strings or bytes such as compile()
and os.system(). Patch by B?n?dikt Tran.
- gh-139516: Fix lambda colon erroneously start format spec
in f-string in tokenizer.
- gh-139640: Fix swallowing some syntax warnings in different
modules if they accidentally have the same message and are
emitted from the same line. Fix duplicated warnings in the
finally block.
- gh-137400: Fix a crash in the free threading build when
disabling profiling or tracing across all threads with
PyEval_SetProfileAllThreads() or
PyEval_SetTraceAllThreads() or their Python equivalents
threading.settrace_all_threads() and
threading.setprofile_all_threads().
- gh-133400: Fixed Ctrl+D (^D) behavior in _pyrepl module to
match old pre-3.13 REPL behavior.
- C API
- gh-140042: Removed the sqlite3_shutdown call that could
cause closing connections for sqlite when used with
multiple sub interpreters.
- gh-140487: Fix Py_RETURN_NOTIMPLEMENTED in limited C API
3.11 and older: don’t treat Py_NotImplemented as immortal.
Patch by Victor Stinner.
- Update to 3.13.9:
- Library
- gh-139783: Fix inspect.getsourcelines() for the case when a
decorator is followed by a comment or an empty line.
- Update to 3.13.8:
- Tools/Demos
- gh-139330: SBOM generation tool didn’t cross-check the version
and checksum values against the Modules/expat/refresh.sh script,
leading to the values becoming out-of-date during routine
updates.
- gh-137873: The iOS test runner has been simplified, resolving
some issues that have been observed using the runner in GitHub
Actions and Azure Pipelines test environments.
- Tests
- gh-139208: Fix regrtest --fast-ci --verbose: don’t ignore the
--verbose option anymore. Patch by Victor Stinner.
- Security
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-139283: sqlite3: correctly handle maximum number of rows to
fetch in Cursor.fetchmany and reject negative values for
Cursor.arraysize. Patch by B?n?dikt Tran.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- Library
- gh-139312: Upgrade bundled libexpat to 2.7.3
- gh-139289: Do a real lazy-import on rlcompleter in pdb and
restore the existing completer after importing rlcompleter.
- gh-139210: Fix use-after-free when reporting unknown event in
xml.etree.ElementTree.iterparse(). Patch by Ken Jin.
- gh-138860: Lazy import rlcompleter in pdb to avoid deadlock in
subprocess.
- gh-112729: Fix crash when calling _interpreters.create when the
process is out of memory.
- gh-139076: Fix a bug in the pydoc module that was hiding
functions in a Python module if they were implemented in an
extension module and the module did not have __all__.
- gh-138998: Update bundled libexpat to 2.7.2
- gh-130567: Fix possible crash in locale.strxfrm() due to a
platform bug on macOS.
- gh-138779: Support device numbers larger than 2**63-1 for the
st_rdev field of the os.stat_result structure.
- gh-128636: Fix crash in PyREPL when os.environ is overwritten
with an invalid value for mac
- gh-88375: Fix normalization of the robots.txt rules and URLs in
the urllib.robotparser module. No longer ignore trailing ?.
Distinguish raw special characters ?, = and & from the
percent-encoded ones.
- gh-138515: email is added to Emscripten build.
- gh-111788: Fix parsing errors in the urllib.robotparser module.
Don’t fail trying to parse weird paths. Don’t fail trying to
decode non-UTF-8 robots.txt files.
- gh-138432: zoneinfo.reset_tzpath() will now convert any
os.PathLike objects it receives into strings before adding them
to TZPATH. It will raise TypeError if anything other than a
string is found after this conversion. If given an os.PathLike
object that represents a relative path, it will now raise
ValueError instead of TypeError, and present a more informative
error message.
- gh-138008: Fix segmentation faults in the ctypes module due to
invalid argtypes. Patch by Dung Nguyen.
- gh-60462: Fix locale.strxfrm() on Solaris (and possibly other
platforms).
- gh-138204: Forbid expansion of shared anonymous memory maps on
Linux, which caused a bus error.
- gh-138010: Fix an issue where defining a class with a
@warnings.deprecated-decorated base class may not invoke the
correct __init_subclass__() method in cases involving multiple
inheritance. Patch by Brian Schubert.
- gh-138133: Prevent infinite traceback loop when sending CTRL^C
to Python through strace.
- gh-134869: Fix an issue where pressing Ctrl+C during tab
completion in the REPL would leave the autocompletion menu in a
corrupted state.
- gh-137317: inspect.signature() now correctly handles classes
that use a descriptor on a wrapped __init__() or __new__()
method. Contributed by Yongyu Yan.
- gh-137754: Fix import of the zoneinfo module if the C
implementation of the datetime module is not available.
- gh-137490: Handle ECANCELED in the same way as EINTR in
signal.sigwaitinfo() on NetBSD.
- gh-137477: Fix inspect.getblock(), inspect.getsourcelines() and
inspect.getsource() for generator expressions.
- gh-137017: Fix threading.Thread.is_alive to remain True until
the underlying OS thread is fully cleaned up. This avoids false
negatives in edge cases involving thread monitoring or premature
threading.Thread.is_alive calls.
- gh-136134: SMTP.auth_cram_md5() now raises an SMTPException
instead of a ValueError if Python has been built without MD5
support. In particular, SMTP clients will not attempt to use
this method even if the remote server is assumed to support it.
Patch by B?n?dikt Tran.
- gh-136134: IMAP4.login_cram_md5 now raises an IMAP4.error if
CRAM-MD5 authentication is not supported. Patch by B?n?dikt
Tran.
- gh-135386: Fix opening a dbm.sqlite3 database for reading from
read-only file or directory.
- gh-126631: Fix multiprocessing forkserver bug which prevented
__main__ from being preloaded.
- gh-123085: In a bare call to importlib.resources.files(), ensure
the caller’s frame is properly detected when importlib.resources
is itself available as a compiled module only (no source).
- gh-118981: Fix potential hang in
multiprocessing.popen_spawn_posix that can happen when the child
proc dies early by closing the child fds right away.
- gh-78319: UTF8 support for the IMAP APPEND command has been made
RFC compliant.
- bpo-38735: Fix failure when importing a module from the root
directory on unix-like platforms with sys.pycache_prefix set.
- bpo-41839: Allow negative priority values from
os.sched_get_priority_min() and os.sched_get_priority_max()
functions.
- Core and Builtins
- gh-134466: Don’t run PyREPL in a degraded environment where
setting termios attributes is not allowed.
- gh-71810: Raise OverflowError for (-1).to_bytes() for signed
conversions when bytes count is zero. Patch by Sergey B
Kirpichev.
- gh-105487: Remove non-existent __copy__(), __deepcopy__(), and
__bases__ from the __dir__() entries of types.GenericAlias.
- gh-134163: Fix a hang when the process is out of memory inside
an exception handler.
- gh-138479: Fix a crash when a generic object’s __typing_subst__
returns an object that isn’t a tuple.
- gh-137576: Fix for incorrect source code being shown in
tracebacks from the Basic REPL when PYTHONSTARTUP is given.
Patch by Adam Hartz.
- gh-132744: Certain calls now check for runaway recursion and
respect the system recursion limit.
- C API
- gh-87135: Attempting to acquire the GIL after runtime
finalization has begun in a different thread now causes the
thread to hang rather than terminate, which avoids potential
crashes or memory corruption caused by attempting to terminate a
thread that is running code not specifically designed to support
termination. In most cases this hanging is harmless since the
process will soon exit anyway.
While not officially marked deprecated until 3.14,
PyThread_exit_thread is no longer called internally and remains
solely for interface compatibility. Its behavior is inconsistent
across platforms, and it can only be used safely in the unlikely
case that every function in the entire call stack has been
designed to support the platform-dependent termination
mechanism. It is recommended that users of this function change
their design to not require thread termination. In the unlikely
case that thread termination is needed and can be done safely,
users may migrate to calling platform-specific APIs such as
pthread_exit (POSIX) or _endthreadex (Windows) directly.
- Build
- gh-135734: Python can correctly be configured and built with
./configure --enable-optimizations --disable-test-modules.
Previously, the profile data generation step failed due to PGO
tests where immortalization couldn’t be properly suppressed.
- Update to 3.13.7:
- gh-137583: Fix a deadlock introduced in 3.13.6 when a call
to ssl.SSLSocket.recv was blocked in one thread, and then
another method on the object (such as ssl.SSLSocket.send) was
subsequently called in another thread.
- gh-137044: Return large limit values as positive integers
instead of negative integers in resource.getrlimit().
Accept large values and reject negative values (except
RLIM_INFINITY) for limits in resource.setrlimit().
- gh-136914: Fix retrieval of doctest.DocTest.lineno
for objects decorated with functools.cache() or
functools.cached_property.
- gh-131788: Make ResourceTracker.send from multiprocessing
re-entrant safe
- gh-136155: We are now checking for fatal errors in EPUB
builds in CI.
- gh-137400: Fix a crash in the free threading build when
disabling profiling or tracing across all threads with
PyEval_SetProfileAllThreads() or PyEval_SetTraceAllThreads()
or their Python equivalents threading.settrace_all_threads()
and threading.setprofile_all_threads().
- Update to 3.13.6:
- Security
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
- gh-102555: Fix comment parsing in html.parser.HTMLParser
according to the HTML5 standard.
- CVE-2025-6069: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors
are now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored
(gh-135462, bsc#1244705).
- CVE-2025-8194: tarfile now validates archives to ensure member
offsets are non-negative. (gh-130577, bsc#1247249).
- gh-118350: Fix support of escapable raw text mode (elements
“textarea” and “title”) in html.parser.HTMLParser.
- Core and Builtins
- gh-58124: Fix name of the Python encoding in Unicode errors
of the code page codec: use “cp65000” and “cp65001” instead
of “CP_UTF7” and “CP_UTF8” which are not valid Python code
names. Patch by Victor Stinner.
- gh-137314: Fixed a regression where raw f-strings
incorrectly interpreted escape sequences in format
specifications. Raw f-strings now properly preserve literal
backslashes in format specs, matching the behavior from
Python 3.11. For example, rf"{obj:\xFF}" now correctly
produces '\\xFF' instead of '?'. Patch by Pablo Galindo.
- gh-136541: Fix some issues with the perf trampolines
on x86-64 and aarch64. The trampolines were not being
generated correctly for some cases, which could lead to
the perf integration not working correctly. Patch by Pablo
Galindo.
- gh-109700: Fix memory error handling in
PyDict_SetDefault().
- gh-78465: Fix error message for cls.__new__(cls, ...) where
cls is not instantiable builtin or extension type (with
tp_new set to NULL).
- gh-135871: Non-blocking mutex lock attempts now return
immediately when the lock is busy instead of briefly
spinning in the free threading build.
- gh-135607: Fix potential weakref races in an object’s
destructor on the free threaded build.
- gh-135496: Fix typo in the f-string conversion type error
(“exclamanation” -> “exclamation”).
- gh-130077: Properly raise custom syntax errors when
incorrect syntax containing names that are prefixes of soft
keywords is encountered. Patch by Pablo Galindo.
- gh-135148: Fixed a bug where f-string debug expressions
(using =) would incorrectly strip out parts of strings
containing escaped quotes and # characters. Patch by Pablo
Galindo.
- gh-133136: Limit excess memory usage in the free threading
build when a large dictionary or list is resized and
accessed by multiple threads.
- gh-132617: Fix dict.update() modification check that could
incorrectly raise a “dict mutated during update” error when
a different dictionary was modified that happens to share
the same underlying keys object.
- gh-91153: Fix a crash when a bytearray is concurrently
mutated during item assignment.
- gh-127971: Fix off-by-one read beyond the end of a string
in string search.
- gh-125723: Fix crash with gi_frame.f_locals when generator
frames outlive their generator. Patch by Mikhail Efimov.
- Library
- gh-132710: If possible, ensure that uuid.getnode()
returns the same result even across different processes.
Previously, the result was constant only within the same
process. Patch by B?n?dikt Tran.
- gh-137273: Fix debug assertion failure in
locale.setlocale() on Windows.
- gh-137257: Bump the version of pip bundled in ensurepip to
version 25.2
- gh-81325: tarfile.TarFile now accepts a path-like when
working on a tar archive. (Contributed by Alexander Enrique
Urieles Nieto in gh-81325.)
- gh-130522: Fix unraisable TypeError raised during
interpreter shutdown in the threading module.
- gh-136549: Fix signature of threading.excepthook().
- gh-136523: Fix wave.Wave_write emitting an unraisable when
open raises.
- gh-52876: Add missing keepends (default True)
parameter to codecs.StreamReaderWriter.readline() and
codecs.StreamReaderWriter.readlines().
- gh-85702: If zoneinfo._common.load_tzdata is given a
package without a resource a zoneinfo.ZoneInfoNotFoundError
is raised rather than a PermissionError. Patch by Victor
Stinner.
- gh-134759: Fix UnboundLocalError in
email.message.Message.get_payload() when the payload to
decode is a bytes object. Patch by Kliment Lamonov.
- gh-136028: Fix parsing month names containing “İ” (U+0130,
LATIN CAPITAL LETTER I WITH DOT ABOVE) in time.strptime().
This affects locales az_AZ, ber_DZ, ber_MA and crh_UA.
- gh-135995: In the palmos encoding, make byte 0x9b decode to
› (U+203A - SINGLE RIGHT-POINTING ANGLE QUOTATION MARK).
- gh-53203: Fix time.strptime() for %c and %x formats on
locales byn_ER, wal_ET and lzh_TW, and for %X format on
locales ar_SA, bg_BG and lzh_TW.
- gh-91555: An earlier change, which was introduced in
3.13.4, has been reverted. It disabled logging for a logger
during handling of log messages for that logger. Since the
reversion, the behaviour should be as it was before 3.13.4.
- gh-135878: Fixes a crash of types.SimpleNamespace on free
threading builds, when several threads were calling its
__repr__() method at the same time.
- gh-135836: Fix IndexError in
asyncio.loop.create_connection() that could occur when
non-OSError exception is raised during connection and
socket’s close() raises OSError.
- gh-135836: Fix IndexError in
asyncio.loop.create_connection() that could occur when the
Happy Eyeballs algorithm resulted in an empty exceptions
list during connection attempts.
- gh-135855: Raise TypeError instead of SystemError when
_interpreters.set___main___attrs() is passed a non-dict
object. Patch by Brian Schubert.
- gh-135815: netrc: skip security checks if os.getuid() is
missing. Patch by B?n?dikt Tran.
- gh-135640: Address bug where it was possible to call
xml.etree.ElementTree.ElementTree.write() on an ElementTree
object with an invalid root element. This behavior blanked
the file passed to write if it already existed.
- gh-135444: Fix asyncio.DatagramTransport.sendto() to
account for datagram header size when data cannot be sent.
- gh-135497: Fix os.getlogin() failing for longer usernames
on BSD-based platforms.
- gh-135487: Fix reprlib.Repr.repr_int() when given integers
with more than sys.get_int_max_str_digits() digits. Patch
by B?n?dikt Tran.
- gh-135335: multiprocessing: Flush stdout and stderr after
preloading modules in the forkserver.
- gh-135244: uuid: when the MAC address cannot be
determined, the 48-bit node ID is now generated with a
cryptographically-secure pseudo-random number generator
(CSPRNG) as per RFC 9562, ?6.10.3. This affects uuid1().
- gh-135069: Fix the “Invalid error handling” exception in
encodings.idna.IncrementalDecoder to correctly replace the
‘errors’ parameter.
- gh-134698: Fix a crash when calling methods of
ssl.SSLContext or ssl.SSLSocket across multiple threads.
- gh-132124: On POSIX-compliant systems,
multiprocessing.util.get_temp_dir() now ignores TMPDIR
(and similar environment variables) if the path length of
AF_UNIX socket files exceeds the platform-specific maximum
length when using the forkserver start method. Patch by
B?n?dikt Tran.
- gh-133439: Fix dot commands with trailing spaces are
mistaken for multi-line SQL statements in the sqlite3
command-line interface.
- gh-132969: Prevent the ProcessPoolExecutor executor thread,
which remains running when shutdown(wait=False), from
attempting to adjust the pool’s worker processes after
the object state has already been reset during shutdown.
A combination of conditions, including a worker process
having terminated abormally, resulted in an exception and
a potential hang when the still-running executor thread
attempted to replace dead workers within the pool.
- gh-130664: Support the '_' digit separator in formatting
of the integral part of Decimal’s. Patch by Sergey B
Kirpichev.
- gh-85702: If zoneinfo._common.load_tzdata is given a
package without a resource a ZoneInfoNotFoundError is
raised rather than a IsADirectoryError.
- gh-130664: Handle corner-case for Fraction’s formatting:
treat zero-padding (preceding the width field by a zero
('0') character) as an equivalent to a fill character of
'0' with an alignment type of '=', just as in case of
float’s.
- Tools/Demos
- gh-135968: Stubs for strip are now provided as part of an
iOS install.
- Tests
- gh-135966: The iOS testbed now handles the app_packages
folder as a site directory.
- gh-135494: Fix regrtest to support excluding tests from
--pgo tests. Patch by Victor Stinner.
- gh-135489: Show verbose output for failing tests during PGO
profiling step with –enable-optimizations.
- Documentation
- gh-135171: Document that the iterator for the leftmost for
clause in the generator expression is created immediately.
- Build
- gh-135497: Fix the detection of MAXLOGNAME in the
configure.ac script.
ModerateSUSE bug 1244680SUSE bug 1244705SUSE bug 1247249SUSE bug 1251305SUSE bug 1252974SUSE bug 1254400SUSE bug 1254401SUSE bug 1254997CVE-2025-12084 at SUSECVE-2025-12084 at NVDCVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-13837 at SUSECVE-2025-13837 at NVDCVE-2025-6069 at SUSECVE-2025-6069 at NVDCVE-2025-6075 at SUSECVE-2025-6075 at NVDCVE-2025-8194 at SUSECVE-2025-8194 at NVDCVE-2025-8291 at SUSECVE-2025-8291 at NVDcpe:/o:suse:sl-micro:6.2Security update for libpng16 (Moderate)SUSE Linux Micro 6.2
This update for libpng16 fixes the following issues:
- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
ModerateSUSE bug 1256525SUSE bug 1256526CVE-2026-22695 at SUSECVE-2026-22695 at NVDCVE-2026-22801 at SUSECVE-2026-22801 at NVDcpe:/o:suse:sl-micro:6.2Security update for gdk-pixbuf (Important)SUSE Linux Micro 6.2
This update for gdk-pixbuf fixes the following issues:
- CVE-2025-7345: heap buffer overflow in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment function
(io-jpeg.c) and in glib g_base64_encode_step (bsc#1246114).
- CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents (bsc#1245227).
ImportantSUSE bug 1245227SUSE bug 1246114CVE-2025-6199 at SUSECVE-2025-6199 at NVDCVE-2025-7345 at SUSECVE-2025-7345 at NVDcpe:/o:suse:sl-micro:6.2Security update for python-urllib3 (Moderate)SUSE Linux Micro 6.2
This update for python-urllib3 fixes the following issues:
- CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
ModerateSUSE bug 1256331CVE-2026-21441 at SUSECVE-2026-21441 at NVDcpe:/o:suse:sl-micro:6.2Security update for python-pyasn1 (Important)SUSE Linux Micro 6.2
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed Denial-of-Service issue that may lead to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets (bsc#1256902)
ImportantSUSE bug 1256902CVE-2026-23490 at SUSECVE-2026-23490 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.7.1 fixes one security issue
The following security issue was fixed:
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).
ImportantSUSE bug 1254196CVE-2025-40212 at SUSECVE-2025-40212 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues
The following security issues were fixed:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672).
- CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248301).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248400).
- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1249241).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248670).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1250192).
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).
The following non security issue was fixed:
- Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270).
ImportantSUSE bug 1246019SUSE bug 1248301SUSE bug 1248400SUSE bug 1248631SUSE bug 1248670SUSE bug 1248672SUSE bug 1249207SUSE bug 1249208SUSE bug 1249241SUSE bug 1249537SUSE bug 1250192SUSE bug 1251982SUSE bug 1252270SUSE bug 1253437SUSE bug 1254196CVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2025-38500 at SUSECVE-2025-38500 at NVDCVE-2025-38554 at SUSECVE-2025-38554 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38588 at SUSECVE-2025-38588 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38616 at SUSECVE-2025-38616 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-39682 at SUSECVE-2025-39682 at NVDCVE-2025-39963 at SUSECVE-2025-39963 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDCVE-2025-40212 at SUSECVE-2025-40212 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.7.1 fixes one security issue
The following security issue was fixed:
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).
ImportantSUSE bug 1254196CVE-2025-40212 at SUSECVE-2025-40212 at NVDcpe:/o:suse:sl-micro:6.2Security update for avahi (Moderate)SUSE Linux Micro 6.2
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
ModerateSUSE bug 1256498SUSE bug 1256499SUSE bug 1256500CVE-2025-68276 at SUSECVE-2025-68276 at NVDCVE-2025-68468 at SUSECVE-2025-68468 at NVDCVE-2025-68471 at SUSECVE-2025-68471 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).
ImportantSUSE bug 1251982SUSE bug 1253437SUSE bug 1254196CVE-2025-39963 at SUSECVE-2025-39963 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDCVE-2025-40212 at SUSECVE-2025-40212 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues
The following security issues were fixed:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672).
- CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248301).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248400).
- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1249241).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248670).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1250192).
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).
The following non security issues were fixed:
- Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270).
- powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (bsc#1251956).
- fix addr_bit_set() issue on big-endian machines (bsc#1256928).
ImportantSUSE bug 1246019SUSE bug 1248301SUSE bug 1248400SUSE bug 1248631SUSE bug 1248670SUSE bug 1248672SUSE bug 1249207SUSE bug 1249208SUSE bug 1249241SUSE bug 1249537SUSE bug 1250192SUSE bug 1251956SUSE bug 1251982SUSE bug 1252270SUSE bug 1253437SUSE bug 1254196SUSE bug 1256928CVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2025-38500 at SUSECVE-2025-38500 at NVDCVE-2025-38554 at SUSECVE-2025-38554 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38588 at SUSECVE-2025-38588 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38616 at SUSECVE-2025-38616 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-39682 at SUSECVE-2025-39682 at NVDCVE-2025-39963 at SUSECVE-2025-39963 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDCVE-2025-40212 at SUSECVE-2025-40212 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit-subscriptions (Moderate)SUSE Linux Micro 6.2
This update for cockpit-subscriptions fixes the following issues:
Update to version 12.1:
- CVE-2025-64718: js-yaml: fixed prototype pollution in merge (bsc#1255425).
ModerateSUSE bug 1255425CVE-2025-64718 at SUSECVE-2025-64718 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).
The following non security issues was fixed:
- Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270).
ImportantSUSE bug 1251982SUSE bug 1252270SUSE bug 1253437SUSE bug 1254196CVE-2025-39963 at SUSECVE-2025-39963 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDCVE-2025-40212 at SUSECVE-2025-40212 at NVDcpe:/o:suse:sl-micro:6.2Security update for ucode-amd (Important)SUSE Linux Micro 6.2
This update for ucode-amd fixes the following issues:
Changes in ucode-amd:
- Update to version 20251203 (git commit a0f0e52138e5):
* linux-firmware: Update amd-ucode copyright information
* linux-firmware: Update AMD cpu microcode
- Update to version 20251113 (git commit fb0dbcd30118):
* linux-firmware: Update AMD cpu microcode
- Update to version 20251031 (git commit 04b323bb64f9):
* linux-firmware: Update AMD cpu microcode
- Update to version 20251028 (git commit 4f72031fc195):
* linux-firmware: Update AMD cpu microcode
- Update to version 20251024 (git commit 9b899c779b8a):
* amd-ucode: Fix minimum revisions in README
- Update to version 20250730 (git commit 910c19074091):
* linux-firmware: Update AMD cpu microcode
Importantcpe:/o:suse:sl-micro:6.2Security update for python-urllib3 (Important)SUSE Linux Micro 6.2
This update for python-urllib3 fixes the following issues:
- CVE-2025-66471: Fixed excessive resource consumption via decompression
of highly compressed data in Streaming API (bsc#1254867)
- CVE-2025-66418: Fixed resource exhaustion via unbounded number of links
in the decompression chain (bsc#1254866)
ImportantSUSE bug 1254866SUSE bug 1254867CVE-2025-66418 at SUSECVE-2025-66418 at NVDCVE-2025-66471 at SUSECVE-2025-66471 at NVDcpe:/o:suse:sl-micro:6.2Recommended update for cloud-init (Important)SUSE Linux Micro 6.2
This update for cloud-init fixes the following issues:
Changes in cloud-init:
- Fix dependency replace -serial with -pyserial
- Drop unneeded test dependency on httpretty, fixed long ago
* https://github.com/canonical/cloud-init/pull/1720
- Update to version 25.1.3 (bsc#1245401 , CVE-2024-6174, bsc#1245403, CVE-2024-11584)
ImportantSUSE bug 1245401SUSE bug 1245403CVE-2024-11584 at SUSECVE-2024-11584 at NVDCVE-2024-6174 at SUSECVE-2024-6174 at NVDcpe:/o:suse:sl-micro:6.2Security update for elemental-register, elemental-toolkit (Important)SUSE Linux Micro 6.2
This update for elemental-register, elemental-toolkit fixes the following issues:
elemental-register was updated to 1.8.1:
Changes on top of v1.8.1:
* Update headers to 2026
* Update questions to include SL Micro 6.2
Update to v1.8.1:
* Install yip config files in before-install step
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
elemental-toolkit was updated to v2.3.2:
* Bump golang.org/x/crypto library
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
ImportantSUSE bug 1241826SUSE bug 1241857SUSE bug 1251511SUSE bug 1251679SUSE bug 1253581SUSE bug 1253901SUSE bug 1254079CVE-2025-22872 at SUSECVE-2025-22872 at NVDCVE-2025-47911 at SUSECVE-2025-47911 at NVDCVE-2025-47913 at SUSECVE-2025-47913 at NVDCVE-2025-47914 at SUSECVE-2025-47914 at NVDCVE-2025-58181 at SUSECVE-2025-58181 at NVDCVE-2025-58190 at SUSECVE-2025-58190 at NVDcpe:/o:suse:sl-micro:6.2Security update for glibc (Important)SUSE Linux Micro 6.2
This update for glibc fixes the following issues:
Security fixes:
- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256436)
ImportantSUSE bug 1236282SUSE bug 1256436SUSE bug 1256766SUSE bug 1256822SUSE bug 1257005CVE-2025-0395 at SUSECVE-2025-0395 at NVDCVE-2025-15281 at SUSECVE-2025-15281 at NVDCVE-2026-0861 at SUSECVE-2026-0861 at NVDCVE-2026-0915 at SUSECVE-2026-0915 at NVDcpe:/o:suse:sl-micro:6.2Security update for samba (Critical)SUSE Linux Micro 6.2
This update for samba fixes the following issues:
Update to 4.22.5:
* CVE-2025-10230: Command injection via WINS server hook script (bsc#1251280).
* CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- Relax samba-gpupdate requirement for cepces, certmonger, and sscep
to a recommends. They are only required if utilizing certificate
auto enrollment (bsc#1249087).
- Disable timeouts for smb.service so that possibly slow running
ExecStartPre script 'update-samba-security-profile' doesn't
cause service start to fail due to timeouts (bsc#1249181).
- Ensure semanage is pulled in as a requirement when samba in
installed when selinux security access mechanism that is used
(bsc#1249180).
- don't attempt to label paths that don't exist, also remove
unecessary evaluation of semange & restorecon cmds (bsc#1249179).
Update to 4.22.4:
* netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0
* getpwuid does not shift to new DC when current DC is down
* Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName-
* Unresponsive second DC can cause idmapping failure when using
idmap_ad-
* kinit command is failing with Missing cache Error.
* Figuring out the DC name from IP address fails and breaks
fork_domain_child().
* vfs_streams_depot fstatat broken.
* Delayed leader broadcast can block ctdb forever.
* Apparently there is a conflict between shadow_copy2 module
and virusfilter (action quarantine).
* Fix handling of empty GPO link.
* SMB ACL inheritance doesn't work for files created.
- adjust gpgme build dependency for future-proofing
CriticalSUSE bug 1249087SUSE bug 1249179SUSE bug 1249180SUSE bug 1249181SUSE bug 1251279SUSE bug 1251280CVE-2025-10230 at SUSECVE-2025-10230 at NVDCVE-2025-9640 at SUSECVE-2025-9640 at NVDcpe:/o:suse:sl-micro:6.2Security update for gpg2 (Important)SUSE Linux Micro 6.2
This update for gpg2 fixes the following issues:
- CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396).
- CVE-2026-24883: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value (bsc#1257395).
- gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field (bsc#1256389).
ImportantSUSE bug 1256389SUSE bug 1257395SUSE bug 1257396CVE-2026-24882 at SUSECVE-2026-24882 at NVDCVE-2026-24883 at SUSECVE-2026-24883 at NVDcpe:/o:suse:sl-micro:6.2Security update for unbound (Moderate)SUSE Linux Micro 6.2
This update for unbound fixes the following issues:
Update to 1.24.1:
- CVE-2025-11411: Fixed possible domain hijacking attack (bsc#1252525).
ModerateSUSE bug 1252525CVE-2025-11411 at SUSECVE-2025-11411 at NVDcpe:/o:suse:sl-micro:6.2Security update for udisks2 (Moderate)SUSE Linux Micro 6.2
This update for udisks2 fixes the following issues:
- CVE-2025-8067: Fixed a missing bounds check that could lead to out-of-bounds
read in udisks daemon (bsc#1248502).
ModerateSUSE bug 1248502CVE-2025-8067 at SUSECVE-2025-8067 at NVDcpe:/o:suse:sl-micro:6.2Security update for libsoup (Important)SUSE Linux Micro 6.2
This update for libsoup fixes the following issues:
- CVE-2025-11021: Fixed out-of-bounds read in Cookie Date Handling of libsoup HTTP Library (bsc#1250562).
- CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399).
- CVE-2026-0716: Fixed improper bounds handling may allow out-of-bounds read (bsc#1256418).
ImportantSUSE bug 1250562SUSE bug 1256399SUSE bug 1256418CVE-2025-11021 at SUSECVE-2025-11021 at NVDCVE-2026-0716 at SUSECVE-2026-0716 at NVDCVE-2026-0719 at SUSECVE-2026-0719 at NVDcpe:/o:suse:sl-micro:6.2Security update for tiff (Important)SUSE Linux Micro 6.2
This update for tiff fixes the following issues:
tiff was updated to 4.7.1:
* Software configuration changes:
* Define HAVE_JPEGTURBO_DUAL_MODE_8_12 and LERC_STATIC in tif_config.h.
* CMake: define WORDS_BIGENDIAN via tif_config.h
* doc/CMakeLists.txt: remove useless cmake_minimum_required()
* CMake: fix build with LLVM/Clang 17 (fixes issue #651)
* CMake: set CMP0074 new policy
* Set LINKER_LANGUAGE for C targets with C deps
* Export tiffxx cmake target (fixes issue #674)
* autogen.sh: Enable verbose wget.
* configure.ac: Syntax updates for Autoconf 2.71
* autogen.sh: Re-implement based on autoreconf. Failure to update
config.guess/config.sub does not return error (fixes issue #672)
* CMake: fix CMake 4.0 warning when minimum required version is < 3.10.
* CMake: Add build option tiff-static (fixes issue #709)
Library changes:
* Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control
about emitting warnings for unknown tags. No longer emit warnings
about unknown tags by default
* tif_predict.c: speed-up decompression in some cases.
* Bug fixes:
* tif_fax3: For fax group 3 data if no EOL is detected, reading is
retried without synchronisation for EOLs. (fixes issue #54)
* Updating TIFFMergeFieldInfo() with read_count=write_count=0 for
FIELD_IGNORE. Updating TIFFMergeFieldInfo() with read_count=write_count=0 for
FIELD_IGNORE. Improving handling when field_name = NULL. (fixes issue #532)
* tiff.h: add COMPRESSION_JXL_DNG_1_7=52546 as used for JPEGXL compression in
the DNG 1.7 specification
* TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags
defined with FIELD_xxx bits, as it is done for FIELD_CUSTOM tags. (fixes issue #648)
* Do not error out on a tag whose tag count value is zero, just issue a warning.
Fix parsing a private tag 0x80a6 (fixes issue #647)
* TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24
Fixes https://github.com/OSGeo/gdal/issues/10875)
* tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue #175)
* Fix writing a Predictor=3 file with non-native endianness
* _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds
* read / nullptr dereference) in case of out-of-memory situation when dealing with
custom tags (fixes issue #663)
* tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal 1 and
PlanarConfiguration = Contiguous (fixes issue #26)
* tif_fax3.c: error out after a number of times end-of-line or unexpected bad code
words have been reached. (fixes issue #670)
* Fix memory leak in TIFFSetupStrips() (fixes issue #665)
* tif_zip.c: Provide zlib allocation functions. Otherwise for zlib built with
-DZ_SOLO inflating will fail.
* Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676)
* tif_predict.c: Don’t overwrite input buffer of TIFFWriteScanline() if "prediction"
is enabled. Use extra working buffer in PredictorEncodeRow(). (fixes issue #5)
* tif_getimage.c: update some integer overflow checks (fixes issue #79)
* tif_getimage.c: Fix buffer underflow crash for less raster rows at
TIFFReadRGBAImageOriented() (fixes issue #704, bsc#1250413, CVE-2025-9900)
* TIFFReadRGBAImage(): several fixes to avoid buffer overflows.
* Correct passing arguments to TIFFCvtIEEEFloatToNative() and TIFFCvtIEEEDoubleToNative()
if HAVE_IEEEFP is not defined. (fixes issue #699)
* LZWDecode(): avoid nullptr dereference when trying to read again after EOI marker
has been found with remaining output bytes (fixes issue #698)
* TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return.
* TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tif_rawcp when clearing
tif_rawdata (fixes issue #711)
* JPEGEncodeRaw(): error out if a previous scanline failed to be written, to avoid
out-of-bounds access (fixes issue #714)
* tif_jpeg: Fix bug in JPEGDecodeRaw() if JPEG_LIB_MK1_OR_12BIT is defined for 8/12bit
dual mode, introduced in libjpeg-turbo 2.2, which was actually released as 3.0.
Fixes issue #717
* add assert for TIFFReadCustomDirectory infoarray check.
* ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each line
were written wrongly. (fixes issue #467)
* fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d where
TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes issue #649)
* tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650)
* tiff2pdf: check h_samp and v_samp for range 1 to 4 to avoid division by zero.
Fixes issue #654
* tiff2pdf: avoid null pointer dereference. (fixes issue #741)
* Improve non-secure integer overflow check (comparison of division result with
multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and tiff2rgba.
Fixes issue #546
* tiff2rgba: fix some "a partial expression can generate an overflow before it is
assigned to a broader type" warnings. (fixes issue #682)
* tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes issue #703)
* tiffdither: avoid out-of-bounds read identified in issue #733
* tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707)
* tiffmedian: close input file. (fixes issue #735)
* thumbail: avoid potential out of bounds access (fixes issue #715)
* tiffcrop: close open TIFF files and release allocated buffers before exiting in case
of error to avoid memory leaks. (fixes issue #716)
* tiffcrop: fix double-free and memory leak exposed by issue #721
* tiffcrop: avoid buffer overflow. (fixes issue #740)
* tiffcrop: avoid nullptr dereference. (fixes issue #734)
* tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression *datamem
to PrintData, which uses it as a divisor or modulus.
* tiff2ps: check return of TIFFGetFiled() for TIFFTAG_STRIPBYTECOUNTS and
TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718)
* tiffcmp: fix memory leak when second file cannot be opened. (fixes issue #718 and issue #729)
* tiffcp: fix setting compression level for lossless codecs. (fixes issue #730)
* raw2tiff: close input file before exit (fixes issue #742)
Tools changes:
* tiffinfo: add a -W switch to warn about unknown tags.
* tiffdither: process all pages in input TIFF file.
* Documentation:
* TIFFRGBAImage.rst note added for incorrect saving of images with TIFF orientation
from 5 (LeftTop) to 8 (LeftBottom) in the raster.
* TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue #67)
* Update "Defining New TIFF Tags" description. (fixes issue #642)
* Fix return type of TIFFReadEncodedTile()
* Update the documentation to reflect deprecated typedefs.
* TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for image
data and not for IFD data.
* Update documentation on re-entrancy and thread safety.
* Remove dead links to no more existing Awaresystems web-site.
* Updating BigTIFF specification and some miscelaneous editions.
* Replace some last links and remove last todos.
* Added hints for correct allocation of TIFFYCbCrtoRGB structure and its
associated buffers. (fixes issue #681)
* Added chapter to "Using the TIFF Library" with links to handling multi-page TIFF
and custom directories. (fixes issue #43)
* update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes issue #12)
Security issues fixed:
* CVE-2025-8961: Fix segmentation fault via main function of tiffcrop utility [bsc#1248117]
* CVE-2025-8534: Fix null pointer dereference in function PS_Lvl2page [bsc#1247582]
* CVE-2025-9165: Fix local execution manipulation can lead to memory leak [bsc#1248330]
* CVE-2024-13978: Fix null pointer dereference in tiff2pdf [bsc#1247581]
* CVE-2025-8176: Fix heap use-after-free in tools/tiffmedian.c [bsc#1247108]
* CVE-2025-8177: Fix possible buffer overflow in tools/thumbnail.c:setrow() [bsc#1247106]
- Fix TIFFMergeFieldInfo() read_count=write_count=0 (bsc#1243503)
ImportantSUSE bug 1243503SUSE bug 1247106SUSE bug 1247108SUSE bug 1247581SUSE bug 1247582SUSE bug 1248117SUSE bug 1248330SUSE bug 1250413CVE-2024-13978 at SUSECVE-2024-13978 at NVDCVE-2025-8176 at SUSECVE-2025-8176 at NVDCVE-2025-8177 at SUSECVE-2025-8177 at NVDCVE-2025-8534 at SUSECVE-2025-8534 at NVDCVE-2025-8961 at SUSECVE-2025-8961 at NVDCVE-2025-9165 at SUSECVE-2025-9165 at NVDCVE-2025-9900 at SUSECVE-2025-9900 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Important)SUSE Linux Micro 6.2
The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38704: rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408).
- CVE-2025-39880: ceph: fix race condition validating r_parent before applying state (bsc#1250388).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).
- CVE-2025-40123: bpf: Enforce expected_attach_type for tailcall compatibility (bsc#1253365).
- CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling
- CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).
- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).
- CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).
- CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623).
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1254961).
- CVE-2025-40215: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40218: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (bsc#1254964).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40237: fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809).
- CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871).
- CVE-2025-40239: net: phy: micrel: always set shared->phydev for LAN8814 (bsc#1254868).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-40246: xfs: fix out of bounds memory read error in symlink repair (bsc#1254861).
- CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).
- CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854).
- CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856).
- CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (bsc#1254849).
- CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852).
- CVE-2025-40255: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() (bsc#1255156).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
- CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082).
- CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297).
- CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830).
- CVE-2025-40276: drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (bsc#1254824).
- CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825).
- CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175).
- CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).
- CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794).
- CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624).
- CVE-2025-40330: bnxt_en: Shutdown FW DMA in bnxt_shutdown() (bsc#1254616).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273).
- CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318).
- CVE-2025-40347: net: enetc: fix the deadlock of enetc_mdio_lock (bsc#1255262).
- CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260).
- CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261).
- CVE-2025-40357: net/smc: fix general protection fault in __smc_diag_dump (bsc#1255097).
- CVE-2025-40359: perf/x86/intel: Fix KASAN global-out-of-bounds warning (bsc#1255087).
- CVE-2025-40362: ceph: fix multifs mds auth caps issue (bsc#1255103).
- CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255).
- CVE-2025-68197: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (bsc#1255242).
- CVE-2025-68198: crash: fix crashkernel resource shrink (bsc#1255243).
- CVE-2025-68202: sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223).
- CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).
- CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227).
- CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230).
- CVE-2025-68215: ice: fix PTP cleanup on driver removal in error path (bsc#1255226).
- CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272).
- CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).
- CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).
- CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68293: mm/huge_memory: fix NULL pointer deference when splitting folio (bsc#1255150).
- CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120).
- CVE-2025-68302: net: sxgbe: fix potential NULL dereference in sxgbe_rx() (bsc#1255121).
- CVE-2025-68317: io_uring/zctx: check chained notif contexts (bsc#1255354).
- CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507).
- CVE-2025-68353: net: vxlan: prevent NULL deref in vxlan_xmit_one (bsc#1255533).
- CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu (bsc#1255552).
- CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614).
- CVE-2025-68736: landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- CVE-2025-68742: bpf: Fix invalid prog->stats access when update_effective_progs fails (bsc#1255707).
- CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709).
- CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606).
The following non security issues were fixed:
- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it (bsc#1255672).
- Set HZ=1000 for ppc64 default configuration (jsc#PED-14344)
- bpf: Do not limit bpf_cgroup_from_id to current's namespace (bsc#1255433).
- btrfs: handle aligned EOF truncation correctly for subpage cases (bsc#1253238).
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated (bsc#1255434).
- cifs: update dstaddr whenever channel iface is updated (git-fixes).
- cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).
- cpuset: fix warning when disabling remote partition (bsc#1256794).
- ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).
- net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes).
- netdevsim: print human readable IP address (bsc#1255071).
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event
handling (bsc#1253262 ltc#216029).
- powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493
bsc#1254244 ltc#216496).
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- selftests: net: fib-onlink-tests: Set high metric for default IPv6 route (bsc#1255346).
- selftests: net: use slowwait to make sure IPv6 setup finished (bsc#1255349).
- selftests: net: use slowwait to stabilize vrf_route_leaking test (bsc#1255349).
- serial: xilinx_uartps: Use helper function hrtimer_update_function() (stable-fixes).
- supported.conf: Mark lan 743x supported (jsc#PED-14571)
- tick/sched: Limit non-timekeeper CPUs calling jiffies update (bsc#1254477).
- wifi: ath10k: Avoid vdev delete timeout when firmware is already down (stable-fixes).
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256495).
- x86/microcode/AMD: Make __verify_patch_size() return bool (bsc#1256495).
- x86/microcode/AMD: Remove bogus comment from parse_container() (bsc#1256495).
- x86/microcode/AMD: Select which microcode patch to load (bsc#1256495).
- x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256495).
ImportantSUSE bug 1205462SUSE bug 1214285SUSE bug 1243112SUSE bug 1245193SUSE bug 1247500SUSE bug 1250388SUSE bug 1252046SUSE bug 1252861SUSE bug 1253155SUSE bug 1253238SUSE bug 1253262SUSE bug 1253365SUSE bug 1253400SUSE bug 1253413SUSE bug 1253414SUSE bug 1253442SUSE bug 1253458SUSE bug 1253623SUSE bug 1253674SUSE bug 1253739SUSE bug 1254126SUSE bug 1254128SUSE bug 1254195SUSE bug 1254244SUSE bug 1254363SUSE bug 1254378SUSE bug 1254408SUSE bug 1254477SUSE bug 1254510SUSE bug 1254518SUSE bug 1254519SUSE bug 1254520SUSE bug 1254615SUSE bug 1254616SUSE bug 1254618SUSE bug 1254621SUSE bug 1254624SUSE bug 1254791SUSE bug 1254793SUSE bug 1254794SUSE bug 1254795SUSE bug 1254796SUSE bug 1254797SUSE bug 1254798SUSE bug 1254808SUSE bug 1254809SUSE bug 1254813SUSE bug 1254815SUSE bug 1254821SUSE bug 1254824SUSE bug 1254825SUSE bug 1254827SUSE bug 1254828SUSE bug 1254829SUSE bug 1254830SUSE bug 1254832SUSE bug 1254835SUSE bug 1254840SUSE bug 1254843SUSE bug 1254846SUSE bug 1254847SUSE bug 1254849SUSE bug 1254850SUSE bug 1254851SUSE bug 1254852SUSE bug 1254854SUSE bug 1254856SUSE bug 1254858SUSE bug 1254860SUSE bug 1254861SUSE bug 1254864SUSE bug 1254868SUSE bug 1254869SUSE bug 1254871SUSE bug 1254894SUSE bug 1254957SUSE bug 1254959SUSE bug 1254961SUSE bug 1254964SUSE bug 1254996SUSE bug 1255026SUSE bug 1255030SUSE bug 1255034SUSE bug 1255035SUSE bug 1255039SUSE bug 1255040SUSE bug 1255041SUSE bug 1255042SUSE bug 1255057SUSE bug 1255058SUSE bug 1255064SUSE bug 1255065SUSE bug 1255068SUSE bug 1255071SUSE bug 1255072SUSE bug 1255075SUSE bug 1255077SUSE bug 1255081SUSE bug 1255082SUSE bug 1255083SUSE bug 1255087SUSE bug 1255092SUSE bug 1255094SUSE bug 1255095SUSE bug 1255097SUSE bug 1255099SUSE bug 1255103SUSE bug 1255116SUSE bug 1255120SUSE bug 1255121SUSE bug 1255122SUSE bug 1255124SUSE bug 1255131SUSE bug 1255134SUSE bug 1255135SUSE bug 1255136SUSE bug 1255138SUSE bug 1255140SUSE bug 1255142SUSE bug 1255145SUSE bug 1255146SUSE bug 1255149SUSE bug 1255150SUSE bug 1255152SUSE bug 1255154SUSE bug 1255155SUSE bug 1255156SUSE bug 1255161SUSE bug 1255167SUSE bug 1255169SUSE bug 1255171SUSE bug 1255175SUSE bug 1255179SUSE bug 1255181SUSE bug 1255182SUSE bug 1255186SUSE bug 1255187SUSE bug 1255190SUSE bug 1255193SUSE bug 1255196SUSE bug 1255197SUSE bug 1255199SUSE bug 1255202SUSE bug 1255203SUSE bug 1255206SUSE bug 1255209SUSE bug 1255218SUSE bug 1255220SUSE bug 1255221SUSE bug 1255223SUSE bug 1255226SUSE bug 1255227SUSE bug 1255228SUSE bug 1255230SUSE bug 1255231SUSE bug 1255233SUSE bug 1255234SUSE bug 1255242SUSE bug 1255243SUSE bug 1255246SUSE bug 1255247SUSE bug 1255251SUSE bug 1255252SUSE bug 1255253SUSE bug 1255255SUSE bug 1255256SUSE bug 1255259SUSE bug 1255260SUSE bug 1255261SUSE bug 1255262SUSE bug 1255272SUSE bug 1255273SUSE bug 1255274SUSE bug 1255276SUSE bug 1255279SUSE bug 1255297SUSE bug 1255312SUSE bug 1255316SUSE bug 1255318SUSE bug 1255325SUSE bug 1255329SUSE bug 1255346SUSE bug 1255349SUSE bug 1255351SUSE bug 1255354SUSE bug 1255357SUSE bug 1255377SUSE bug 1255379SUSE bug 1255380SUSE bug 1255395SUSE bug 1255401SUSE bug 1255415SUSE bug 1255428SUSE bug 1255433SUSE bug 1255434SUSE bug 1255480SUSE bug 1255483SUSE bug 1255488SUSE bug 1255489SUSE bug 1255493SUSE bug 1255495SUSE bug 1255505SUSE bug 1255507SUSE bug 1255508SUSE bug 1255509SUSE bug 1255533SUSE bug 1255541SUSE bug 1255550SUSE bug 1255552SUSE bug 1255553SUSE bug 1255567SUSE bug 1255580SUSE bug 1255601SUSE bug 1255603SUSE bug 1255611SUSE bug 1255614SUSE bug 1255672SUSE bug 1255688SUSE bug 1255698SUSE bug 1255706SUSE bug 1255707SUSE bug 1255709SUSE bug 1255722SUSE bug 1255723SUSE bug 1255724SUSE bug 1255812SUSE bug 1255813SUSE bug 1255814SUSE bug 1255816SUSE bug 1255931SUSE bug 1255932SUSE bug 1255934SUSE bug 1255943SUSE bug 1255944SUSE bug 1256238SUSE bug 1256495SUSE bug 1256606SUSE bug 1256794CVE-2025-38704 at SUSECVE-2025-38704 at NVDCVE-2025-39880 at SUSECVE-2025-39880 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40042 at SUSECVE-2025-40042 at NVDCVE-2025-40123 at SUSECVE-2025-40123 at NVDCVE-2025-40130 at SUSECVE-2025-40130 at NVDCVE-2025-40160 at SUSECVE-2025-40160 at NVDCVE-2025-40167 at SUSECVE-2025-40167 at NVDCVE-2025-40170 at SUSECVE-2025-40170 at NVDCVE-2025-40179 at SUSECVE-2025-40179 at NVDCVE-2025-40190 at SUSECVE-2025-40190 at NVDCVE-2025-40209 at SUSECVE-2025-40209 at NVDCVE-2025-40211 at SUSECVE-2025-40211 at NVDCVE-2025-40212 at SUSECVE-2025-40212 at NVDCVE-2025-40213 at SUSECVE-2025-40213 at NVDCVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40218 at SUSECVE-2025-40218 at NVDCVE-2025-40219 at SUSECVE-2025-40219 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40221 at SUSECVE-2025-40221 at NVDCVE-2025-40223 at SUSECVE-2025-40223 at NVDCVE-2025-40225 at SUSECVE-2025-40225 at NVDCVE-2025-40226 at SUSECVE-2025-40226 at NVDCVE-2025-40231 at SUSECVE-2025-40231 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40235 at SUSECVE-2025-40235 at NVDCVE-2025-40237 at SUSECVE-2025-40237 at NVDCVE-2025-40238 at SUSECVE-2025-40238 at NVDCVE-2025-40239 at SUSECVE-2025-40239 at NVDCVE-2025-40240 at SUSECVE-2025-40240 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-40246 at SUSECVE-2025-40246 at NVDCVE-2025-40248 at SUSECVE-2025-40248 at NVDCVE-2025-40250 at SUSECVE-2025-40250 at NVDCVE-2025-40251 at SUSECVE-2025-40251 at NVDCVE-2025-40252 at SUSECVE-2025-40252 at NVDCVE-2025-40254 at SUSECVE-2025-40254 at NVDCVE-2025-40255 at SUSECVE-2025-40255 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40262 at SUSECVE-2025-40262 at NVDCVE-2025-40263 at SUSECVE-2025-40263 at NVDCVE-2025-40264 at SUSECVE-2025-40264 at NVDCVE-2025-40266 at SUSECVE-2025-40266 at NVDCVE-2025-40268 at SUSECVE-2025-40268 at NVDCVE-2025-40269 at SUSECVE-2025-40269 at NVDCVE-2025-40271 at SUSECVE-2025-40271 at NVDCVE-2025-40272 at SUSECVE-2025-40272 at NVDCVE-2025-40273 at SUSECVE-2025-40273 at NVDCVE-2025-40274 at SUSECVE-2025-40274 at NVDCVE-2025-40275 at SUSECVE-2025-40275 at NVDCVE-2025-40276 at SUSECVE-2025-40276 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40278 at SUSECVE-2025-40278 at NVDCVE-2025-40279 at SUSECVE-2025-40279 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40282 at SUSECVE-2025-40282 at NVDCVE-2025-40283 at SUSECVE-2025-40283 at NVDCVE-2025-40284 at SUSECVE-2025-40284 at NVDCVE-2025-40287 at SUSECVE-2025-40287 at NVDCVE-2025-40288 at SUSECVE-2025-40288 at NVDCVE-2025-40289 at SUSECVE-2025-40289 at NVDCVE-2025-40292 at SUSECVE-2025-40292 at NVDCVE-2025-40293 at SUSECVE-2025-40293 at NVDCVE-2025-40294 at SUSECVE-2025-40294 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-40301 at SUSECVE-2025-40301 at NVDCVE-2025-40302 at SUSECVE-2025-40302 at NVDCVE-2025-40303 at SUSECVE-2025-40303 at NVDCVE-2025-40304 at SUSECVE-2025-40304 at NVDCVE-2025-40307 at SUSECVE-2025-40307 at NVDCVE-2025-40308 at SUSECVE-2025-40308 at NVDCVE-2025-40309 at SUSECVE-2025-40309 at NVDCVE-2025-40310 at SUSECVE-2025-40310 at NVDCVE-2025-40311 at SUSECVE-2025-40311 at NVDCVE-2025-40314 at SUSECVE-2025-40314 at NVDCVE-2025-40315 at SUSECVE-2025-40315 at NVDCVE-2025-40316 at SUSECVE-2025-40316 at NVDCVE-2025-40317 at SUSECVE-2025-40317 at NVDCVE-2025-40318 at SUSECVE-2025-40318 at NVDCVE-2025-40319 at SUSECVE-2025-40319 at NVDCVE-2025-40320 at SUSECVE-2025-40320 at NVDCVE-2025-40321 at SUSECVE-2025-40321 at NVDCVE-2025-40322 at SUSECVE-2025-40322 at NVDCVE-2025-40323 at SUSECVE-2025-40323 at NVDCVE-2025-40324 at SUSECVE-2025-40324 at NVDCVE-2025-40328 at SUSECVE-2025-40328 at NVDCVE-2025-40329 at SUSECVE-2025-40329 at NVDCVE-2025-40330 at SUSECVE-2025-40330 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-40332 at SUSECVE-2025-40332 at NVDCVE-2025-40337 at SUSECVE-2025-40337 at NVDCVE-2025-40338 at SUSECVE-2025-40338 at NVDCVE-2025-40339 at SUSECVE-2025-40339 at NVDCVE-2025-40340 at SUSECVE-2025-40340 at NVDCVE-2025-40342 at SUSECVE-2025-40342 at NVDCVE-2025-40343 at SUSECVE-2025-40343 at NVDCVE-2025-40344 at SUSECVE-2025-40344 at NVDCVE-2025-40345 at SUSECVE-2025-40345 at NVDCVE-2025-40346 at SUSECVE-2025-40346 at NVDCVE-2025-40347 at SUSECVE-2025-40347 at NVDCVE-2025-40350 at SUSECVE-2025-40350 at NVDCVE-2025-40353 at SUSECVE-2025-40353 at NVDCVE-2025-40354 at SUSECVE-2025-40354 at NVDCVE-2025-40355 at SUSECVE-2025-40355 at NVDCVE-2025-40357 at SUSECVE-2025-40357 at NVDCVE-2025-40359 at SUSECVE-2025-40359 at NVDCVE-2025-40360 at SUSECVE-2025-40360 at NVDCVE-2025-40362 at SUSECVE-2025-40362 at NVDCVE-2025-68167 at SUSECVE-2025-68167 at NVDCVE-2025-68170 at SUSECVE-2025-68170 at NVDCVE-2025-68171 at SUSECVE-2025-68171 at NVDCVE-2025-68172 at SUSECVE-2025-68172 at NVDCVE-2025-68176 at SUSECVE-2025-68176 at NVDCVE-2025-68180 at SUSECVE-2025-68180 at NVDCVE-2025-68181 at SUSECVE-2025-68181 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68184 at SUSECVE-2025-68184 at NVDCVE-2025-68185 at SUSECVE-2025-68185 at NVDCVE-2025-68190 at SUSECVE-2025-68190 at NVDCVE-2025-68192 at SUSECVE-2025-68192 at NVDCVE-2025-68194 at SUSECVE-2025-68194 at NVDCVE-2025-68195 at SUSECVE-2025-68195 at NVDCVE-2025-68197 at SUSECVE-2025-68197 at NVDCVE-2025-68198 at SUSECVE-2025-68198 at NVDCVE-2025-68201 at SUSECVE-2025-68201 at NVDCVE-2025-68202 at SUSECVE-2025-68202 at NVDCVE-2025-68206 at SUSECVE-2025-68206 at NVDCVE-2025-68207 at SUSECVE-2025-68207 at NVDCVE-2025-68208 at SUSECVE-2025-68208 at NVDCVE-2025-68209 at SUSECVE-2025-68209 at NVDCVE-2025-68210 at SUSECVE-2025-68210 at NVDCVE-2025-68213 at SUSECVE-2025-68213 at NVDCVE-2025-68215 at SUSECVE-2025-68215 at NVDCVE-2025-68217 at SUSECVE-2025-68217 at NVDCVE-2025-68222 at SUSECVE-2025-68222 at NVDCVE-2025-68223 at SUSECVE-2025-68223 at NVDCVE-2025-68230 at SUSECVE-2025-68230 at NVDCVE-2025-68233 at SUSECVE-2025-68233 at NVDCVE-2025-68235 at SUSECVE-2025-68235 at NVDCVE-2025-68237 at SUSECVE-2025-68237 at NVDCVE-2025-68238 at SUSECVE-2025-68238 at NVDCVE-2025-68239 at SUSECVE-2025-68239 at NVDCVE-2025-68242 at SUSECVE-2025-68242 at NVDCVE-2025-68244 at SUSECVE-2025-68244 at NVDCVE-2025-68249 at SUSECVE-2025-68249 at NVDCVE-2025-68252 at SUSECVE-2025-68252 at NVDCVE-2025-68254 at SUSECVE-2025-68254 at NVDCVE-2025-68255 at SUSECVE-2025-68255 at NVDCVE-2025-68256 at SUSECVE-2025-68256 at NVDCVE-2025-68257 at SUSECVE-2025-68257 at NVDCVE-2025-68258 at SUSECVE-2025-68258 at NVDCVE-2025-68259 at SUSECVE-2025-68259 at NVDCVE-2025-68264 at SUSECVE-2025-68264 at NVDCVE-2025-68283 at SUSECVE-2025-68283 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68286 at SUSECVE-2025-68286 at NVDCVE-2025-68287 at SUSECVE-2025-68287 at NVDCVE-2025-68289 at SUSECVE-2025-68289 at NVDCVE-2025-68290 at SUSECVE-2025-68290 at NVDCVE-2025-68293 at SUSECVE-2025-68293 at NVDCVE-2025-68298 at SUSECVE-2025-68298 at NVDCVE-2025-68301 at SUSECVE-2025-68301 at NVDCVE-2025-68302 at SUSECVE-2025-68302 at NVDCVE-2025-68303 at SUSECVE-2025-68303 at NVDCVE-2025-68305 at SUSECVE-2025-68305 at NVDCVE-2025-68306 at SUSECVE-2025-68306 at NVDCVE-2025-68307 at SUSECVE-2025-68307 at NVDCVE-2025-68308 at SUSECVE-2025-68308 at NVDCVE-2025-68311 at SUSECVE-2025-68311 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-68313 at SUSECVE-2025-68313 at NVDCVE-2025-68317 at SUSECVE-2025-68317 at NVDCVE-2025-68327 at SUSECVE-2025-68327 at NVDCVE-2025-68328 at SUSECVE-2025-68328 at NVDCVE-2025-68330 at SUSECVE-2025-68330 at NVDCVE-2025-68331 at SUSECVE-2025-68331 at NVDCVE-2025-68332 at SUSECVE-2025-68332 at NVDCVE-2025-68335 at SUSECVE-2025-68335 at NVDCVE-2025-68339 at SUSECVE-2025-68339 at NVDCVE-2025-68340 at SUSECVE-2025-68340 at NVDCVE-2025-68342 at SUSECVE-2025-68342 at NVDCVE-2025-68343 at SUSECVE-2025-68343 at NVDCVE-2025-68344 at SUSECVE-2025-68344 at NVDCVE-2025-68345 at SUSECVE-2025-68345 at NVDCVE-2025-68346 at SUSECVE-2025-68346 at NVDCVE-2025-68347 at SUSECVE-2025-68347 at NVDCVE-2025-68351 at SUSECVE-2025-68351 at NVDCVE-2025-68352 at SUSECVE-2025-68352 at NVDCVE-2025-68353 at SUSECVE-2025-68353 at NVDCVE-2025-68354 at SUSECVE-2025-68354 at NVDCVE-2025-68362 at SUSECVE-2025-68362 at NVDCVE-2025-68363 at SUSECVE-2025-68363 at NVDCVE-2025-68378 at SUSECVE-2025-68378 at NVDCVE-2025-68380 at SUSECVE-2025-68380 at NVDCVE-2025-68724 at SUSECVE-2025-68724 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDCVE-2025-68736 at SUSECVE-2025-68736 at NVDCVE-2025-68740 at SUSECVE-2025-68740 at NVDCVE-2025-68742 at SUSECVE-2025-68742 at NVDCVE-2025-68744 at SUSECVE-2025-68744 at NVDCVE-2025-68746 at SUSECVE-2025-68746 at NVDCVE-2025-68747 at SUSECVE-2025-68747 at NVDCVE-2025-68748 at SUSECVE-2025-68748 at NVDCVE-2025-68749 at SUSECVE-2025-68749 at NVDCVE-2025-68750 at SUSECVE-2025-68750 at NVDCVE-2025-68753 at SUSECVE-2025-68753 at NVDCVE-2025-68757 at SUSECVE-2025-68757 at NVDCVE-2025-68758 at SUSECVE-2025-68758 at NVDCVE-2025-68759 at SUSECVE-2025-68759 at NVDCVE-2025-68765 at SUSECVE-2025-68765 at NVDCVE-2025-68766 at SUSECVE-2025-68766 at NVDCVE-2025-71096 at SUSECVE-2025-71096 at NVDcpe:/o:suse:sl-micro:6.2Security update for dpdk (Moderate)SUSE Linux Micro 6.2
This update for dpdk fixes the following issues:
Update to version 24.11.4.
Security issues fixed:
- CVE-2025-23259: issue in the Poll Mode Driver (PMD) allows an attacker on a VM in the system to leak information and
cause a denial of service on the network interface (bsc#1254161).
Other issues fixed:
- Remove obsolete build option -Denable_kmods.
- Add "which" as a build requirement.
- Drop pesign and needssslcertforbuild because we don't build a kmp anymore (bsc#1247389).
ModerateSUSE bug 1247389SUSE bug 1254161CVE-2025-23259 at SUSECVE-2025-23259 at NVDcpe:/o:suse:sl-micro:6.2Security update for glib2 (Important)SUSE Linux Micro 6.2
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
ImportantSUSE bug 1257049SUSE bug 1257353SUSE bug 1257354SUSE bug 1257355CVE-2026-0988 at SUSECVE-2026-0988 at NVDCVE-2026-1484 at SUSECVE-2026-1484 at NVDCVE-2026-1485 at SUSECVE-2026-1485 at NVDCVE-2026-1489 at SUSECVE-2026-1489 at NVDcpe:/o:suse:sl-micro:6.2Security update for openssl-3 (Important)SUSE Linux Micro 6.2
This update for openssl-3 fixes the following issues:
Security fixes:
- CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256829).
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256831).
- CVE-2025-15469: "openssl dgst" one-shot codepath silently truncates inputs >16MB (bsc#1256832).
- CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation (bsc#1256833).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
Other fixes:
- Enable livepatching support for ppc64le (bsc#1257274).
ImportantSUSE bug 1256829SUSE bug 1256830SUSE bug 1256831SUSE bug 1256832SUSE bug 1256833SUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840SUSE bug 1257274CVE-2025-11187 at SUSECVE-2025-11187 at NVDCVE-2025-15467 at SUSECVE-2025-15467 at NVDCVE-2025-15468 at SUSECVE-2025-15468 at NVDCVE-2025-15469 at SUSECVE-2025-15469 at NVDCVE-2025-66199 at SUSECVE-2025-66199 at NVDCVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:sl-micro:6.2Security update for libxslt (Important)SUSE Linux Micro 6.2
This update for libxslt fixes the following issues:
Changes in libxslt:
- CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service (bsc#1251979)
- CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT (bsc#1250553)
ImportantSUSE bug 1250553SUSE bug 1251979CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2025-11731 at SUSECVE-2025-11731 at NVDcpe:/o:suse:sl-micro:6.2Security update for cups (Critical)SUSE Linux Micro 6.2
This update for cups fixes the following issues:
Update to version 2.4.16.
Security issues fixed:
- CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783).
- CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128).
- CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049).
Other updates and bugfixes:
- Version upgrade to 2.4.16:
* 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences,
potentially reading past the end of the source string
(Issue #1438)
* The web interface did not support domain usernames fully
(Issue #1441)
* Fixed an infinite loop issue in the GTK+ print dialog
(Issue #1439 boo#1254353)
* Fixed stopping scheduler on unknown directive in
configuration (Issue #1443)
* Fixed packages for Immutable Mode (jsc#PED-14775
from epic jsc#PED-14688)
- Version upgrade to 2.4.15:
* Fixed potential crash in 'cups-driverd' when there are
duplicate PPDs (Issue #1355)
* Fixed error recovery when scanning for PPDs
in 'cups-driverd' (Issue #1416)
- Version upgrade to 2.4.14.
- Version upgrade to 2.4.13:
* Added 'print-as-raster' printer and job attributes
for forcing rasterization (Issue #1282)
* Updated documentation (Issue #1086)
* Updated IPP backend to try a sanitized user name if the
printer/server does not like the value (Issue #1145)
* Updated the scheduler to send the "printer-added"
or "printer-modified" events whenever an IPP Everywhere PPD
is installed (Issue #1244)
* Updated the scheduler to send the "printer-modified" event
whenever the system default printer is changed (Issue #1246)
* Fixed a memory leak in 'httpClose' (Issue #1223)
* Fixed missing commas in 'ippCreateRequestedArray'
(Issue #1234)
* Fixed subscription issues in the scheduler and D-Bus notifier
(Issue #1235)
* Fixed media-default reporting for custom sizes (Issue #1238)
* Fixed support for IPP/PPD options with periods or underscores
(Issue #1249)
* Fixed parsing of real numbers in PPD compiler source files
(Issue #1263)
* Fixed scheduler freezing with zombie clients (Issue #1264)
* Fixed support for the server name in the ErrorLog filename
(Issue #1277)
* Fixed job cleanup after daemon restart (Issue #1315)
* Fixed handling of buggy DYMO USB printer serial numbers
(Issue #1338)
* Fixed unreachable block in IPP backend (Issue #1351)
* Fixed memory leak in _cupsConvertOptions (Issue #1354)
- Version upgrade to 2.4.12:
* GnuTLS follows system crypto policies now (Issue #1105)
* Added `NoSystem` SSLOptions value (Issue #1130)
* Now we raise alert for certificate issues (Issue #1194)
* Added Kyocera USB quirk (Issue #1198)
* The scheduler now logs a job's debugging history
if the backend fails (Issue #1205)
* Fixed a potential timing issue with `cupsEnumDests`
(Issue #1084)
* Fixed a potential "lost PPD" condition in the scheduler
(Issue #1109)
* Fixed a compressed file error handling bug (Issue #1070)
* Fixed a bug in the make-and-model whitespace trimming
code (Issue #1096)
* Fixed a removal of IPP Everywhere permanent queue
if installation failed (Issue #1102)
* Fixed `ServerToken None` in scheduler (Issue #1111)
* Fixed invalid IPP keyword values created from PPD
option names (Issue #1118)
* Fixed handling of "media" and "PageSize" in the same
print request (Issue #1125)
* Fixed client raster printing from macOS (Issue #1143)
* Fixed the default User-Agent string.
* Fixed a recursion issue in `ippReadIO`.
* Fixed handling incorrect radix in `scan_ps()` (Issue #1188)
* Fixed validation of dateTime values with time zones
more than UTC+11 (Issue #1201)
* Fixed attributes returned by the Create-Xxx-Subscriptions
requests (Issue #1204)
* Fixed `ippDateToTime` when using a non GMT/UTC timezone
(Issue #1208)
* Fixed `job-completed` event notifications for jobs that are
cancelled before started (Issue #1209)
* Fixed DNS-SD discovery with `ippfind` (Issue #1211)
CriticalSUSE bug 1244057SUSE bug 1249049SUSE bug 1249128SUSE bug 1253783SUSE bug 1254353CVE-2025-58060 at SUSECVE-2025-58060 at NVDCVE-2025-58364 at SUSECVE-2025-58364 at NVDCVE-2025-58436 at SUSECVE-2025-58436 at NVDCVE-2025-61915 at SUSECVE-2025-61915 at NVDcpe:/o:suse:sl-micro:6.2Security update for libxml2 (Moderate)SUSE Linux Micro 6.2
This update for libxml2 fixes the following issues:
- CVE-2026-0989: Fixed call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256805).
ModerateSUSE bug 1256805CVE-2026-0989 at SUSECVE-2026-0989 at NVDcpe:/o:suse:sl-micro:6.2Security update for python-maturin (Moderate)SUSE Linux Micro 6.2
This update for python-maturin fixes the following issues:
- CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249011)
ModerateSUSE bug 1249011CVE-2025-58160 at SUSECVE-2025-58160 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit-subscriptions (Important)SUSE Linux Micro 6.2
This update for cockpit-subscriptions fixes the following issues:
- CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global
prototypes (bsc#1257324).
ImportantSUSE bug 1257324CVE-2025-13465 at SUSECVE-2025-13465 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit (Important)SUSE Linux Micro 6.2
This update for cockpit fixes the following issues:
- CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global
prototypes (bsc#1257324).
ImportantSUSE bug 1257324CVE-2025-13465 at SUSECVE-2025-13465 at NVDcpe:/o:suse:sl-micro:6.2Security update for libsoup (Important)SUSE Linux Micro 6.2
This update for libsoup fixes the following issues:
- CVE-2026-1536: HTTP header injection or response splitting via CRLF injection in the Content-Disposition header
(bsc#1257440).
- CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based
buffer overflow (bsc#1257598).
ImportantSUSE bug 1257440SUSE bug 1257598CVE-2026-1536 at SUSECVE-2026-1536 at NVDCVE-2026-1761 at SUSECVE-2026-1761 at NVDcpe:/o:suse:sl-micro:6.2Security update for patch (Low)SUSE Linux Micro 6.2
This update for patch fixes the following issues:
- CVE-2021-45261: invalid pointer via another_hunk function can cause a denial-of-service (bsc#1194037).
LowSUSE bug 1194037CVE-2021-45261 at SUSECVE-2021-45261 at NVDcpe:/o:suse:sl-micro:6.2Security update for openCryptoki (Moderate)SUSE Linux Micro 6.2
This update for openCryptoki fixes the following issues:
Upgrade openCryptoki to 3.26 (jsc#PED-14609)
Security fixes:
- CVE-2026-22791: supplying malformed compressed EC public key can lead to heap corruption or denial-of-service (bsc#1256673).
- CVE-2026-23893: Privilege Escalation or Data Exposure via Symlink Following (bsc#1257116).
Other fixes:
* Soft: Add support for RSA keys up to 16K bits.
* CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later).
* p11sak: Add support for generating RSA keys up to 16K bits.
* Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION).
* Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN.
* p11sak: Add support for SHA-HMAC key types and key generation.
* p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping
with various key wrapping mechanism.
* p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider.
* p11sak: Add support for exporting non-sensitive private keys to password protected PEM files.
* Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0).
* EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE.
* p11sak: Add support for generating BLS12-381 EC keys.
* EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and
a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16).
* CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later).
* Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured).
* p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types.
* Bug fixes.
ModerateSUSE bug 1256673SUSE bug 1257116CVE-2026-22791 at SUSECVE-2026-22791 at NVDCVE-2026-23893 at SUSECVE-2026-23893 at NVDcpe:/o:suse:sl-micro:6.2Security update for expat (Important)SUSE Linux Micro 6.2
This update for expat fixes the following issues:
- CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)
ImportantSUSE bug 1249584CVE-2025-59375 at SUSECVE-2025-59375 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit-machines, cockpit (Important)SUSE Linux Micro 6.2
This update for cockpit-machines, cockpit fixes the following issues:
- CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324)
Changes in cockpit-machines:
- Update to 346
* 346
- Performance improvements
- Translation updates
* 345
- New virtual machines don't get SPICE graphics anymore
- Support for network port forwarding
- Bug fixes and translation updates
- Update to 344
* 344
- Port forwarding for user session VMs
- "Shutdown and restart" action
- Faster startup
* 343
- Memory usage now shows numbers reported by the guest (RHEL-116731)
- Update to 342
* 342
- Bug fixes and translation updates
* 341
- Improved UX for Disks and Network interface tables
- Bug fixes and translation updates
* 340
- Use exclusive VNC connections with "Remote resizing"
- Update to 339
* 339
- Serial consoles now keep their content and stay alive
- No longer copies qemu.conf values into VM definitions
* 338
- Translation and dependency updates
- Detachable VNC console
- Update to 337
* 337
- Bug fixes and translation updates
* 336
- Graphical VNC and serial consoles improvements
- Control VNC console resizing and scaling
- Bug fixes and translation updates
* 335
- Bug fixes and translation updates
* 334
- Bug fixes and translation updates
Changes in cockpit:
- Update to 354
* changes since 351
- 354
* Convert documentation to AsciiDoc
* Work around Firefox 146/147 bug (rhbz#2422331)
* Bug fixes
- 353
* Networking: Suggest prefix length and gateway address
* Bug fixes and translation updates
- 352
* Shown a warning if the last shutdown/reboot was unclean
* Bug fixes and translation updates
- Update to 351
* Changes since 349
- 351
* Firewall ports can be deleted individually
- 350
* networking: fix renaming of bridges and other groups (RHEL-117883)
* bridge: fix OpenSSH_10.2p1 host key detection
- Update to 349
* Changes since 346
- 349
* Package manifests: add any test
* Bug fixes and translation updates
- 348
* Bug fixes and translation updates
- 347
* Site-specific branding support
- Update to 346
* Changes since 344
- 346
* Support branding Cockpit pages
* Storage: Support for Stratis "V2" pools
- 345
* Translation and dependency updates
* Shorter IPv6 addresses
* IPv6 addresses for WireGuard
- Update to 344
* Changes since 340
- 344
* Bug fixes and translation updates
- 343
* login: Improve error message for unsupported shells
* cockpit: Handle file access issues with files in machines.d
* Translation updates
- 342
* systemd: ensure update() is called at least once for tuned-dialog
* Translation updates
- 341
* services: show link to podman page for quadlets
* Bug fixes and translation updates
ImportantSUSE bug 1221342SUSE bug 1236149SUSE bug 1239759SUSE bug 1248250SUSE bug 1249828SUSE bug 1249830SUSE bug 1257324SUSE bug 1257325CVE-2025-13465 at SUSECVE-2025-13465 at NVDcpe:/o:suse:sl-micro:6.2Security update for docker (Moderate)SUSE Linux Micro 6.2
This update for docker fixes the following issues:
- CVE-2025-58181: not validating the number of mechanisms can cause unlimited memory consumption (bsc#1253904).
ModerateSUSE bug 1253904CVE-2025-58181 at SUSECVE-2025-58181 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit-repos (Important)SUSE Linux Micro 6.2
This update for cockpit-repos fixes the following issues:
Update to version 4.7.
Security issues fixed:
- CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global
(bsc#1257325).
- CVE-2025-64718: js-yaml prototype pollution in merge (bsc#1255425).
Other updates and bugfixes:
- version update to 4.7
* Translation updates
- version update to 4.6:
* Translation updates
* Dependency updates
* Fix translations pot file not being update
- version update to 4.5:
* Dependency updates
- version update to 4.4:
* Translation updates
* Dependency updates
ImportantSUSE bug 1255425SUSE bug 1257325CVE-2025-13465 at SUSECVE-2025-13465 at NVDCVE-2025-64718 at SUSECVE-2025-64718 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes one security issue
The following security issue was fixed:
- CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439).
ImportantSUSE bug 1253439CVE-2025-40186 at SUSECVE-2025-40186 at NVDcpe:/o:suse:sl-micro:6.2Security update for openssl-3-livepatches (Critical)SUSE Linux Micro 6.2
This update for openssl-3-livepatches fixes the following issues:
- CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878).
- CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).
- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).
- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK Unwrap (bsc#1250410).
CriticalSUSE bug 1250410SUSE bug 1256876SUSE bug 1256878SUSE bug 1256880CVE-2025-11187 at SUSECVE-2025-11187 at NVDCVE-2025-15467 at SUSECVE-2025-15467 at NVDCVE-2025-15468 at SUSECVE-2025-15468 at NVDCVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:sl-micro:6.2Security update for python313 (Important)SUSE Linux Micro 6.2
This update for python313 fixes the following issues:
Update to version 3.13.12.
Security issues fixed:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in `BytesGenerator`
(bsc#1257181).
Other updates and bugfixes:
- Update to version 3.13.12.
- Library
- gh-144380: Improve performance of io.BufferedReader line
iteration by ~49%.
- gh-144169: Fix three crashes when non-string keyword
arguments are supplied to objects in the ast module.
- gh-144100: Fixed a crash in ctypes when using a deprecated
POINTER(str) type in argtypes. Instead of aborting, ctypes
now raises a proper Python exception when the pointer
target type is unresolved.
- gh-144050: Fix stat.filemode() in the pure-Python
implementation to avoid misclassifying invalid mode values
as block devices.
- gh-144023: Fixed validation of file descriptor 0 in posix
functions when used with follow_symlinks parameter.
- gh-143999: Fix an issue where inspect.getgeneratorstate()
and inspect.getcoroutinestate() could fail for generators
wrapped by types.coroutine() in the suspended state.
- gh-143706: Fix multiprocessing forkserver so that sys.argv
is correctly set before __main__ is preloaded. Previously,
sys.argv was empty during main module import in forkserver
child processes. This fixes a regression introduced in
3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test
provided by Thomas Watson, thanks!
- gh-143638: Forbid reentrant calls of the pickle.Pickler and
pickle.Unpickler methods for the C implementation.
Previously, this could cause crash or data corruption, now
concurrent calls of methods of the same object raise
RuntimeError.
- gh-78724: Raise RuntimeError's when user attempts to call
methods on half-initialized Struct objects, For example,
created by Struct.__new__(Struct). Patch by Sergey
B Kirpichev.
- gh-143602: Fix a inconsistency issue in write() that leads
to unexpected buffer overwrite by deduplicating the buffer
exports.
- gh-143547: Fix sys.unraisablehook() when the hook raises an
exception and changes sys.unraisablehook(): hold a strong
reference to the old hook. Patch by Victor Stinner.
- gh-143378: Fix use-after-free crashes when a BytesIO object
is concurrently mutated during write() or writelines().
- gh-143346: Fix incorrect wrapping of the Base64 data in
plistlib._PlistWriter when the indent contains a mix of
tabs and spaces.
- gh-143310: tkinter: fix a crash when a Python list is
mutated during the conversion to a Tcl object (e.g., when
setting a Tcl variable). Patch by Benedikt Tran.
- gh-143309: Fix a crash in os.execve() on non-Windows
platforms when given a custom environment mapping which is
then mutated during parsing. Patch by Benedikt Tran.
- gh-143308: pickle: fix use-after-free crashes when
a PickleBuffer is concurrently mutated by a custom buffer
callback during pickling. Patch by Benedikt Tran and Aaron
Wieczorek.
- gh-143237: Fix support of named pipes in the rotating
logging handlers.
- gh-143249: Fix possible buffer leaks in Windows overlapped
I/O on error handling.
- gh-143241: zoneinfo: fix infinite loop in
ZoneInfo.from_file when parsing a malformed TZif file.
Patch by Fatih Celik.
- gh-142830: sqlite3: fix use-after-free crashes when the
connection's callbacks are mutated during a callback
execution. Patch by Benedikt Tran.
- gh-143200: xml.etree.ElementTree: fix use-after-free
crashes in __getitem__() and __setitem__() methods of
Element when the element is concurrently mutated. Patch by
Benedikt Tran.
- gh-142195: Updated timeout evaluation logic in subprocess
to be compatible with deterministic environments like
Shadow where time moves exactly as requested.
- gh-143145: Fixed a possible reference leak in ctypes when
constructing results with multiple output parameters on
error.
- gh-122431: Corrected the error message in
readline.append_history_file() to state that nelements must
be non-negative instead of positive.
- gh-143004: Fix a potential use-after-free in
collections.Counter.update() when user code mutates the
Counter during an update.
- gh-143046: The asyncio REPL no longer prints copyright and
version messages in the quiet mode (-q). Patch by Bartosz
Slawecki.
- gh-140648: The asyncio REPL now respects the -I flag
(isolated mode). Previously, it would load and execute
PYTHONSTARTUP even if the flag was set. Contributed by
Bartosz Slawecki.
- gh-142991: Fixed socket operations such as recvfrom() and
sendto() for FreeBSD divert(4) socket.
- gh-143010: Fixed a bug in mailbox where the precise timing
of an external event could result in the library opening an
existing file instead of a file it expected to create.
- gh-142881: Fix concurrent and reentrant call of
atexit.unregister().
- gh-112127: Fix possible use-after-free in
atexit.unregister() when the callback is unregistered
during comparison.
- gh-142783: Fix zoneinfo use-after-free with descriptor
_weak_cache. a descriptor as _weak_cache could cause
crashes during object creation. The fix ensures proper
reference counting for descriptor-provided objects.
- gh-142754: Add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead.
- gh-142784: The asyncio REPL now properly closes the loop
upon the end of interactive session. Previously, it could
cause surprising warnings. Contributed by Bartosz Slawecki.
- gh-142555: array: fix a crash in a[i] = v when converting
i to an index via i.__index__ or i.__float__ mutates the
array.
- gh-142594: Fix crash in TextIOWrapper.close() when the
underlying buffer's closed property calls detach().
- gh-142451: hmac: Ensure that the HMAC.block_size attribute
is correctly copied by HMAC.copy. Patch by Benedikt Tran.
- gh-142495: collections.defaultdict now prioritizes
__setitem__() when inserting default values from
default_factory. This prevents race conditions where
a default value would overwrite a value set before
default_factory returns.
- gh-142651: unittest.mock: fix a thread safety issue where
Mock.call_count may return inaccurate values when the mock
is called concurrently from multiple threads.
- gh-142595: Added type check during initialization of the
decimal module to prevent a crash in case of broken stdlib.
Patch by Sergey B Kirpichev.
- gh-142517: The non-compat32 email policies now correctly
handle refolding encoded words that contain bytes that can
not be decoded in their specified character set. Previously
this resulted in an encoding exception during folding.
- gh-112527: The help text for required options in argparse
no longer extended with "(default: None)".
- gh-142315: Pdb can now run scripts from anonymous pipes
used in process substitution. Patch by Bartosz Slawecki.
- gh-142282: Fix winreg.QueryValueEx() to not accidentally
read garbage buffer under race condition.
- gh-75949: Fix argparse to preserve | separators in mutually
exclusive groups when the usage line wraps due to length.
- gh-68552: MisplacedEnvelopeHeaderDefect and Missing header
name defects are now correctly passed to the handle_defect
method of policy in FeedParser.
- gh-142006: Fix a bug in the email.policy.default folding
algorithm which incorrectly resulted in a doubled newline
when a line ending at exactly max_line_length was followed
by an unfoldable token.
- gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving
underlying cancelled asyncio task running.
- gh-139971: pydoc: Ensure that the link to the online
documentation of a stdlib module is correct.
- gh-139262: Some keystrokes can be swallowed in the new
PyREPL on Windows, especially when used together with the
ALT key. Fix by Chris Eibl.
- gh-138897: Improved license/copyright/credits display in
the REPL: now uses a pager.
- gh-79986: Add parsing for References and In-Reply-To
headers to the email library that parses the header content
as lists of message id tokens. This prevents them from
being folded incorrectly.
- gh-109263: Starting a process from spawn context in
multiprocessing no longer sets the start method globally.
- gh-90871: Fixed an off by one error concerning the backlog
parameter in create_unix_server(). Contributed by Christian
Harries.
- gh-133253: Fix thread-safety issues in linecache.
- gh-132715: Skip writing objects during marshalling once
a failure has occurred.
- gh-127529: Correct behavior of
asyncio.selector_events.BaseSelectorEventLoop._accept_connection()
in handling ConnectionAbortedError in a loop. This improves
performance on OpenBSD.
- IDLE
- gh-143774: Better explain the operation of Format / Format
Paragraph.
- Core and Builtins
- gh-144307: Prevent a reference leak in module teardown at
interpreter finalization.
- gh-144194: Fix error handling in perf jitdump
initialization on memory allocation failure.
- gh-141805: Fix crash in set when objects with the same hash
are concurrently added to the set after removing an element
with the same hash while the set still contains elements
with the same hash.
- gh-143670: Fixes a crash in ga_repr_items_list function.
- gh-143377: Fix a crash in _interpreters.capture_exception()
when the exception is incorrectly formatted. Patch by
Benedikt Tran.
- gh-143189: Fix crash when inserting a non-str key into
a split table dictionary when the key matches an existing
key in the split table but has no corresponding value in
the dict.
- gh-143228: Fix use-after-free in perf trampoline when
toggling profiling while threads are running or during
interpreter finalization with daemon threads active. The
fix uses reference counting to ensure trampolines are not
freed while any code object could still reference them.
Pach by Pablo Galindo
- gh-142664: Fix a use-after-free crash in
memoryview.__hash__ when the __hash__ method of the
referenced object mutates that object or the view. Patch by
Benedikt Tran.
- gh-142557: Fix a use-after-free crash in bytearray.__mod__
when the bytearray is mutated while formatting the %-style
arguments. Patch by Benedikt Tran.
- gh-143195: Fix use-after-free crashes in bytearray.hex()
and memoryview.hex() when the separator's __len__() mutates
the original object. Patch by Benedikt Tran.
- gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is
0. Previously, it was set to 0 in this case.
- gh-143003: Fix an overflow of the shared empty buffer in
bytearray.extend() when __length_hint__() returns 0 for
non-empty iterator.
- gh-143006: Fix a possible assertion error when comparing
negative non-integer float and int with the same number of
bits in the integer part.
- gh-142776: Fix a file descriptor leak in import.c
- gh-142829: Fix a use-after-free crash in
contextvars.Context comparison when a custom __eq__ method
modifies the context via set().
- gh-142766: Clear the frame of a generator when
generator.close() is called.
- gh-142737: Tracebacks will be displayed in fallback mode
even if io.open() is lost. Previously, this would crash the
interpreter. Patch by Bartosz Slawecki.
- gh-142554: Fix a crash in divmod() when
_pylong.int_divmod() does not return a tuple of length two
exactly. Patch by Benedikt Tran.
- gh-142560: Fix use-after-free in bytearray search-like
methods (find(), count(), index(), rindex(), and rfind())
by marking the storage as exported which causes
reallocation attempts to raise BufferError. For contains(),
split(), and rsplit() the buffer protocol is used for this.
- gh-142343: Fix SIGILL crash on m68k due to incorrect
assembly constraint.
- gh-141732: Ensure the __repr__() for ExceptionGroup and
BaseExceptionGroup does not change when the exception
sequence that was original passed in to its constructor is
subsequently mutated.
- gh-100964: Fix reference cycle in exhausted generator
frames. Patch by Savannah Ostrowski.
- gh-140373: Correctly emit PY_UNWIND event when generator
object is closed. Patch by Mikhail Efimov.
- gh-138568: Adjusted the built-in help() function so that
empty inputs are ignored in interactive mode.
- gh-127773: Do not use the type attribute cache for types
with incompatible MRO.
- C API
- gh-142571: PyUnstable_CopyPerfMapFile() now checks that
opening the file succeeded before flushing.
- Build
- gh-142454: When calculating the digest of the JIT stencils
input, sort the hashed files by filenames before adding
their content to the hasher. This ensures deterministic
hash input and hence deterministic hash, independent on
filesystem order.
- gh-141808: When running make clean-retain-profile, keep the
generated JIT stencils. That way, the stencils are not
generated twice when Profile-guided optimization (PGO) is
used. It also allows distributors to supply their own
pre-built JIT stencils.
- gh-138061: Ensure reproducible builds by making JIT stencil
header generation deterministic.
ImportantSUSE bug 1257029SUSE bug 1257031SUSE bug 1257042SUSE bug 1257046SUSE bug 1257181CVE-2025-11468 at SUSECVE-2025-11468 at NVDCVE-2025-15282 at SUSECVE-2025-15282 at NVDCVE-2026-0672 at SUSECVE-2026-0672 at NVDCVE-2026-0865 at SUSECVE-2026-0865 at NVDCVE-2026-1299 at SUSECVE-2026-1299 at NVDcpe:/o:suse:sl-micro:6.2Security update for glibc-livepatches (Important)SUSE Linux Micro 6.2
This update for glibc-livepatches fixes the following issues:
Changes in glibc-livepatches:
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256913)
ImportantSUSE bug 1226501SUSE bug 1228879SUSE bug 1256913CVE-2026-0861 at SUSECVE-2026-0861 at NVDcpe:/o:suse:sl-micro:6.2Security update for containerized-data-importer (Important)SUSE Linux Micro 6.2
This update for containerized-data-importer fixes the following issues:
Update to version 1.64.0.
Security issues fixed:
- CVE-2024-28180: improper handling of highly compressed data (bsc#1235204).
- CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content (bsc#1235365).
- CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239205).
ImportantSUSE bug 1235204SUSE bug 1235365SUSE bug 1239205CVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-45338 at SUSECVE-2024-45338 at NVDCVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:sl-micro:6.2Security update for kubevirt (Important)SUSE Linux Micro 6.2
This update for kubevirt fixes the following issues:
Update to version 1.7.0 (bsc#1257128).
Security issues fixed:
- CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS
(bsc#1253189).
- CVE-2024-45310: kubevirt vendored github.com/opencontainers/runc/libcontainer/utils: runc can be tricked into
creating empty files/directories on host (bsc#1257422).
- CVE-2025-22872: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction
(bsc#1241772).
- CVE-2025-64432: fail to correctly validate certain fields in the client TLS certificate may allow an attacker to
bypass existing RBAC controls (bsc#1253181).
- CVE-2025-64433: improper symlink handling can allow to read arbitrary files (bsc#1253185).
- CVE-2025-64434: compromising virt-handler instance can lead to impersonate virt-api and execute privileged operations
(bsc#1253186).
- CVE-2025-64437: mishandling of symlinks can lead to compromising the CIA (bsc#1253194).
- CVE-2025-64324: a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users
(bsc#1253748).
Other updates and bugfixes:
- Upstream now uses stateless firmware for CoCo VMs.
ImportantSUSE bug 1241772SUSE bug 1253181SUSE bug 1253185SUSE bug 1253186SUSE bug 1253189SUSE bug 1253194SUSE bug 1253748SUSE bug 1257128SUSE bug 1257422CVE-2024-45310 at SUSECVE-2024-45310 at NVDCVE-2025-22872 at SUSECVE-2025-22872 at NVDCVE-2025-64324 at SUSECVE-2025-64324 at NVDCVE-2025-64432 at SUSECVE-2025-64432 at NVDCVE-2025-64433 at SUSECVE-2025-64433 at NVDCVE-2025-64434 at SUSECVE-2025-64434 at NVDCVE-2025-64435 at SUSECVE-2025-64435 at NVDCVE-2025-64437 at SUSECVE-2025-64437 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Important)SUSE Linux Micro 6.2
The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-40147: blk-throttle: fix access race during throttle policy activation (bsc#1253344).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
- CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839).
- CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
- CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327).
- CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266).
- CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269).
- CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241).
- CVE-2025-68211: ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (bsc#1255319).
- CVE-2025-68218: nvme-multipath: fix lockdep WARN due to partition scan work (bsc#1255245).
- CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216).
- CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157).
- CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
- CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164).
- CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
- CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403).
- CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172).
- CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417).
- CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482).
- CVE-2025-68341: veth: reduce XDP no_direct return section to fix race (bsc#1255506).
- CVE-2025-68348: block: fix memory leak in __blkdev_issue_zero_pages (bsc#1255694).
- CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (bsc#1255544).
- CVE-2025-68356: gfs2: Prevent recursive memory reclaim (bsc#1255593).
- CVE-2025-68359: btrfs: fix double free of qgroup record after failure to add delayed ref head (bsc#1255542).
- CVE-2025-68360: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks (bsc#1255536).
- CVE-2025-68361: erofs: limit the level of fs stacking for file-backed mounts (bsc#1255526).
- CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622).
- CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547).
- CVE-2025-68368: md: init bioset in mddev_init (bsc#1255527).
- CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
- CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).
- CVE-2025-68376: coresight: ETR: Fix ETR buffer use-after-free issue (bsc#1255529).
- CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
- CVE-2025-68735: drm/panthor: Prevent potential UAF in group creation (bsc#1255811).
- CVE-2025-68741: scsi: qla2xxx: Fix improper freeing of purex item (bsc#1255703).
- CVE-2025-68743: mshv: Fix create memory region overlap check (bsc#1255708).
- CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930).
- CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579).
- CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
- CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659).
- CVE-2025-68784: xfs: fix a UAF problem in xattr repair (bsc#1256793).
- CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
- CVE-2025-68792: tpm2-sessions: Fix out of range indexing in name_size (bsc#1256656).
- CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
- CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689).
- CVE-2025-68799: caif: fix integer underflow in cffrml_receive() (bsc#1256643).
- CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646).
- CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653).
- CVE-2025-68803: NFSD: NFSv4 file creation neglects setting ACL (bsc#1256770).
- CVE-2025-68811: svcrdma: use rc_pageoff for memcpy byte offset (bsc#1256677).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651).
- CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680).
- CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
- CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754).
- CVE-2025-68821: fuse: fix readahead reclaim deadlock (bsc#1256667).
- CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613).
- CVE-2025-71080: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (bsc#1256608).
- CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628).
- CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed() (bsc#1256773).
- CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777).
- CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597).
- CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605).
- CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607).
- CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757).
- CVE-2025-71126: mptcp: avoid deadlock on fallback while reinjecting (bsc#1256755).
- CVE-2025-71132: smc91x: fix broken irq-context in PREEMPT_RT (bsc#1256737).
- CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733).
- CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (bsc#1256761).
- CVE-2025-71137: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (bsc#1256760).
- CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).
- CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164).
- CVE-2025-71156: gve: defer interrupt enabling until NAPI registration (bsc#1257167).
- CVE-2025-71157: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (bsc#1257168).
- CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (bsc#1257035).
- CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053).
- CVE-2026-22981: idpf: detach and close netdevs while handling a reset (bsc#1257225).
- CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).
- CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217).
- CVE-2026-22986: gpiolib: fix race condition for gdev->srcu (bsc#1257276).
- CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221).
- CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220).
- CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218).
- CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180).
- CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv.
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245).
- CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207).
The following non security issues were fixed:
- ALSA: usb-audio: Update for native DSD support quirks (stable-fixes).
- Add bugnumber to an existing hv_netvsc change (bsc#1257473).
- Fix locking issue introduced by a CVE backport (bsc#1256975 bsc#1254977).
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- arm64: Update config files. Disable DEVPORT (bsc#1256792)
- bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603).
- bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569).
- btrfs: pass fs_info to btrfs_delete_ref_head() (git-fixes).
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
- bus: fsl-mc: Constify fsl_mc_device_match() (jsc#PED-10906 git-fixes).
- drm/imagination: Wait for FW trace update command completion (git-fixes).
- drm/msm/a6xx: fix bogus hwcg register updates (git-fixes).
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- libbpf: Fix -Wdiscarded-qualifiers under C23 (bsc#1257309).
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087).
- net: mana: Fix incorrect speed reported by debugfs (bsc#1255232).
- net: mana: Support HW link state events (bsc#1253049).
- nfsd: adjust WARN_ON_ONCE in revoke_delegation (bsc#1257015).
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes).
- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
- sched/fair: Disable scheduler feature NEXT_BUDDY (bsc#1255459).
- scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256864).
- scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256864).
- scsi: qla2xxx: Add Speed in SFP print information (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Allow recovery for tape devices (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256865 bsc#1256867 jsc#PED-14156).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346).
- slimbus: core: Constify slim_eaddr_equal() (jsc#PED-10906 git-fixes).
- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154).
- smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes).
- smb: improve directory cache reuse for readdir operations (bsc#1252712).
- tsm-mr: Add TVM Measurement Register support (bsc#1257504).
- tsm-mr: Add tsm-mr sample code (bsc#1257504).
- virt: tdx-guest: Expose TDX MRs as sysfs attributes (bsc#1257504).
- virt: tdx-guest: Refactor and streamline TDREPORT generation (bsc#1257504).
- virt: tdx-guest: Transition to scoped_cond_guard for mutex operations (bsc#1257504).
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes).
- x86/tdx: Add tdx_mcall_extend_rtmr() interface (bsc#1257504).
- x86/tdx: tdx_mcall_get_report0: Return -EBUSY on TDCALL_OPERAND_BUSY error (bsc#1257504).
ImportantSUSE bug 1205462SUSE bug 1214285SUSE bug 1215199SUSE bug 1235905SUSE bug 1242505SUSE bug 1242974SUSE bug 1242986SUSE bug 1243452SUSE bug 1243507SUSE bug 1243662SUSE bug 1246184SUSE bug 1246282SUSE bug 1247030SUSE bug 1247292SUSE bug 1247712SUSE bug 1248166SUSE bug 1248175SUSE bug 1248178SUSE bug 1248179SUSE bug 1248185SUSE bug 1248188SUSE bug 1248196SUSE bug 1248206SUSE bug 1248208SUSE bug 1248209SUSE bug 1248211SUSE bug 1248212SUSE bug 1248213SUSE bug 1248214SUSE bug 1248216SUSE bug 1248217SUSE bug 1248222SUSE bug 1248227SUSE bug 1248228SUSE bug 1248229SUSE bug 1248232SUSE bug 1248234SUSE bug 1248240SUSE bug 1248360SUSE bug 1248366SUSE bug 1248384SUSE bug 1248626SUSE bug 1249307SUSE bug 1249609SUSE bug 1249895SUSE bug 1249998SUSE bug 1250032SUSE bug 1250082SUSE bug 1250388SUSE bug 1250705SUSE bug 1250738SUSE bug 1250748SUSE bug 1252712SUSE bug 1252773SUSE bug 1252784SUSE bug 1252891SUSE bug 1252900SUSE bug 1253049SUSE bug 1253078SUSE bug 1253079SUSE bug 1253087SUSE bug 1253344SUSE bug 1253500SUSE bug 1253739SUSE bug 1254244SUSE bug 1254308SUSE bug 1254447SUSE bug 1254839SUSE bug 1254842SUSE bug 1254845SUSE bug 1254977SUSE bug 1255102SUSE bug 1255128SUSE bug 1255157SUSE bug 1255164SUSE bug 1255172SUSE bug 1255216SUSE bug 1255232SUSE bug 1255241SUSE bug 1255245SUSE bug 1255266SUSE bug 1255268SUSE bug 1255269SUSE bug 1255319SUSE bug 1255327SUSE bug 1255346SUSE bug 1255403SUSE bug 1255417SUSE bug 1255459SUSE bug 1255482SUSE bug 1255506SUSE bug 1255526SUSE bug 1255527SUSE bug 1255529SUSE bug 1255530SUSE bug 1255536SUSE bug 1255537SUSE bug 1255542SUSE bug 1255544SUSE bug 1255547SUSE bug 1255569SUSE bug 1255593SUSE bug 1255622SUSE bug 1255694SUSE bug 1255695SUSE bug 1255703SUSE bug 1255708SUSE bug 1255811SUSE bug 1255930SUSE bug 1256579SUSE bug 1256582SUSE bug 1256584SUSE bug 1256586SUSE bug 1256591SUSE bug 1256592SUSE bug 1256593SUSE bug 1256594SUSE bug 1256597SUSE bug 1256605SUSE bug 1256607SUSE bug 1256608SUSE bug 1256609SUSE bug 1256610SUSE bug 1256611SUSE bug 1256612SUSE bug 1256613SUSE bug 1256616SUSE bug 1256617SUSE bug 1256619SUSE bug 1256622SUSE bug 1256623SUSE bug 1256625SUSE bug 1256627SUSE bug 1256628SUSE bug 1256630SUSE bug 1256632SUSE bug 1256638SUSE bug 1256641SUSE bug 1256643SUSE bug 1256645SUSE bug 1256646SUSE bug 1256650SUSE bug 1256651SUSE bug 1256653SUSE bug 1256654SUSE bug 1256655SUSE bug 1256656SUSE bug 1256659SUSE bug 1256660SUSE bug 1256661SUSE bug 1256664SUSE bug 1256665SUSE bug 1256667SUSE bug 1256668SUSE bug 1256674SUSE bug 1256677SUSE bug 1256680SUSE bug 1256682SUSE bug 1256683SUSE bug 1256688SUSE bug 1256689SUSE bug 1256716SUSE bug 1256726SUSE bug 1256728SUSE bug 1256730SUSE bug 1256733SUSE bug 1256737SUSE bug 1256741SUSE bug 1256742SUSE bug 1256744SUSE bug 1256748SUSE bug 1256749SUSE bug 1256752SUSE bug 1256754SUSE bug 1256755SUSE bug 1256756SUSE bug 1256757SUSE bug 1256759SUSE bug 1256760SUSE bug 1256761SUSE bug 1256763SUSE bug 1256770SUSE bug 1256773SUSE bug 1256774SUSE bug 1256777SUSE bug 1256779SUSE bug 1256781SUSE bug 1256785SUSE bug 1256792SUSE bug 1256793SUSE bug 1256794SUSE bug 1256864SUSE bug 1256865SUSE bug 1256867SUSE bug 1256975SUSE bug 1257015SUSE bug 1257035SUSE bug 1257053SUSE bug 1257154SUSE bug 1257155SUSE bug 1257158SUSE bug 1257159SUSE bug 1257163SUSE bug 1257164SUSE bug 1257167SUSE bug 1257168SUSE bug 1257179SUSE bug 1257180SUSE bug 1257202SUSE bug 1257204SUSE bug 1257207SUSE bug 1257208SUSE bug 1257215SUSE bug 1257217SUSE bug 1257218SUSE bug 1257220SUSE bug 1257221SUSE bug 1257225SUSE bug 1257227SUSE bug 1257232SUSE bug 1257234SUSE bug 1257236SUSE bug 1257243SUSE bug 1257245SUSE bug 1257276SUSE bug 1257277SUSE bug 1257279SUSE bug 1257282SUSE bug 1257296SUSE bug 1257309SUSE bug 1257473SUSE bug 1257504SUSE bug 1257603CVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-37744 at SUSECVE-2025-37744 at NVDCVE-2025-37751 at SUSECVE-2025-37751 at NVDCVE-2025-37841 at SUSECVE-2025-37841 at NVDCVE-2025-37845 at SUSECVE-2025-37845 at NVDCVE-2025-37904 at SUSECVE-2025-37904 at NVDCVE-2025-37955 at SUSECVE-2025-37955 at NVDCVE-2025-38243 at SUSECVE-2025-38243 at NVDCVE-2025-38262 at SUSECVE-2025-38262 at NVDCVE-2025-38297 at SUSECVE-2025-38297 at NVDCVE-2025-38298 at SUSECVE-2025-38298 at NVDCVE-2025-38379 at SUSECVE-2025-38379 at NVDCVE-2025-38423 at SUSECVE-2025-38423 at NVDCVE-2025-38505 at SUSECVE-2025-38505 at NVDCVE-2025-38507 at SUSECVE-2025-38507 at NVDCVE-2025-38510 at SUSECVE-2025-38510 at NVDCVE-2025-38511 at SUSECVE-2025-38511 at NVDCVE-2025-38512 at SUSECVE-2025-38512 at NVDCVE-2025-38513 at SUSECVE-2025-38513 at NVDCVE-2025-38515 at SUSECVE-2025-38515 at NVDCVE-2025-38516 at SUSECVE-2025-38516 at NVDCVE-2025-38520 at SUSECVE-2025-38520 at NVDCVE-2025-38521 at SUSECVE-2025-38521 at NVDCVE-2025-38529 at SUSECVE-2025-38529 at NVDCVE-2025-38530 at SUSECVE-2025-38530 at NVDCVE-2025-38535 at SUSECVE-2025-38535 at NVDCVE-2025-38537 at SUSECVE-2025-38537 at NVDCVE-2025-38538 at SUSECVE-2025-38538 at NVDCVE-2025-38539 at SUSECVE-2025-38539 at NVDCVE-2025-38540 at SUSECVE-2025-38540 at NVDCVE-2025-38541 at SUSECVE-2025-38541 at NVDCVE-2025-38543 at SUSECVE-2025-38543 at NVDCVE-2025-38547 at SUSECVE-2025-38547 at NVDCVE-2025-38548 at SUSECVE-2025-38548 at NVDCVE-2025-38550 at SUSECVE-2025-38550 at NVDCVE-2025-38551 at SUSECVE-2025-38551 at NVDCVE-2025-38569 at SUSECVE-2025-38569 at NVDCVE-2025-38589 at SUSECVE-2025-38589 at NVDCVE-2025-38590 at SUSECVE-2025-38590 at NVDCVE-2025-38645 at SUSECVE-2025-38645 at NVDCVE-2025-39689 at SUSECVE-2025-39689 at NVDCVE-2025-39795 at SUSECVE-2025-39795 at NVDCVE-2025-39813 at SUSECVE-2025-39813 at NVDCVE-2025-39814 at SUSECVE-2025-39814 at NVDCVE-2025-39817 at SUSECVE-2025-39817 at NVDCVE-2025-39829 at SUSECVE-2025-39829 at NVDCVE-2025-39880 at SUSECVE-2025-39880 at NVDCVE-2025-39913 at SUSECVE-2025-39913 at NVDCVE-2025-39927 at SUSECVE-2025-39927 at NVDCVE-2025-40030 at SUSECVE-2025-40030 at NVDCVE-2025-40045 at SUSECVE-2025-40045 at NVDCVE-2025-40097 at SUSECVE-2025-40097 at NVDCVE-2025-40106 at SUSECVE-2025-40106 at NVDCVE-2025-40147 at SUSECVE-2025-40147 at NVDCVE-2025-40195 at SUSECVE-2025-40195 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40259 at SUSECVE-2025-40259 at NVDCVE-2025-40261 at SUSECVE-2025-40261 at NVDCVE-2025-40363 at SUSECVE-2025-40363 at NVDCVE-2025-68174 at SUSECVE-2025-68174 at NVDCVE-2025-68178 at SUSECVE-2025-68178 at NVDCVE-2025-68188 at SUSECVE-2025-68188 at NVDCVE-2025-68200 at SUSECVE-2025-68200 at NVDCVE-2025-68211 at SUSECVE-2025-68211 at NVDCVE-2025-68218 at SUSECVE-2025-68218 at NVDCVE-2025-68227 at SUSECVE-2025-68227 at NVDCVE-2025-68241 at SUSECVE-2025-68241 at NVDCVE-2025-68245 at SUSECVE-2025-68245 at NVDCVE-2025-68261 at SUSECVE-2025-68261 at NVDCVE-2025-68296 at SUSECVE-2025-68296 at NVDCVE-2025-68297 at SUSECVE-2025-68297 at NVDCVE-2025-68320 at SUSECVE-2025-68320 at NVDCVE-2025-68325 at SUSECVE-2025-68325 at NVDCVE-2025-68337 at SUSECVE-2025-68337 at NVDCVE-2025-68341 at SUSECVE-2025-68341 at NVDCVE-2025-68348 at SUSECVE-2025-68348 at NVDCVE-2025-68349 at SUSECVE-2025-68349 at NVDCVE-2025-68356 at SUSECVE-2025-68356 at NVDCVE-2025-68359 at SUSECVE-2025-68359 at NVDCVE-2025-68360 at SUSECVE-2025-68360 at NVDCVE-2025-68361 at SUSECVE-2025-68361 at NVDCVE-2025-68366 at SUSECVE-2025-68366 at NVDCVE-2025-68367 at SUSECVE-2025-68367 at NVDCVE-2025-68368 at SUSECVE-2025-68368 at NVDCVE-2025-68372 at SUSECVE-2025-68372 at NVDCVE-2025-68374 at SUSECVE-2025-68374 at NVDCVE-2025-68376 at SUSECVE-2025-68376 at NVDCVE-2025-68379 at SUSECVE-2025-68379 at NVDCVE-2025-68725 at SUSECVE-2025-68725 at NVDCVE-2025-68735 at SUSECVE-2025-68735 at NVDCVE-2025-68741 at SUSECVE-2025-68741 at NVDCVE-2025-68743 at SUSECVE-2025-68743 at NVDCVE-2025-68764 at SUSECVE-2025-68764 at NVDCVE-2025-68768 at SUSECVE-2025-68768 at NVDCVE-2025-68770 at SUSECVE-2025-68770 at NVDCVE-2025-68771 at SUSECVE-2025-68771 at NVDCVE-2025-68773 at SUSECVE-2025-68773 at NVDCVE-2025-68775 at SUSECVE-2025-68775 at NVDCVE-2025-68776 at SUSECVE-2025-68776 at NVDCVE-2025-68777 at SUSECVE-2025-68777 at NVDCVE-2025-68778 at SUSECVE-2025-68778 at NVDCVE-2025-68783 at SUSECVE-2025-68783 at NVDCVE-2025-68784 at SUSECVE-2025-68784 at NVDCVE-2025-68788 at SUSECVE-2025-68788 at NVDCVE-2025-68789 at SUSECVE-2025-68789 at NVDCVE-2025-68792 at SUSECVE-2025-68792 at NVDCVE-2025-68795 at SUSECVE-2025-68795 at NVDCVE-2025-68797 at SUSECVE-2025-68797 at NVDCVE-2025-68798 at SUSECVE-2025-68798 at NVDCVE-2025-68799 at SUSECVE-2025-68799 at NVDCVE-2025-68800 at SUSECVE-2025-68800 at NVDCVE-2025-68801 at SUSECVE-2025-68801 at NVDCVE-2025-68802 at SUSECVE-2025-68802 at NVDCVE-2025-68803 at SUSECVE-2025-68803 at NVDCVE-2025-68804 at SUSECVE-2025-68804 at NVDCVE-2025-68808 at SUSECVE-2025-68808 at NVDCVE-2025-68811 at SUSECVE-2025-68811 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-68814 at SUSECVE-2025-68814 at NVDCVE-2025-68815 at SUSECVE-2025-68815 at NVDCVE-2025-68816 at SUSECVE-2025-68816 at NVDCVE-2025-68819 at SUSECVE-2025-68819 at NVDCVE-2025-68820 at SUSECVE-2025-68820 at NVDCVE-2025-68821 at SUSECVE-2025-68821 at NVDCVE-2025-68822 at SUSECVE-2025-68822 at NVDCVE-2025-71064 at SUSECVE-2025-71064 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2025-71073 at SUSECVE-2025-71073 at NVDCVE-2025-71076 at SUSECVE-2025-71076 at NVDCVE-2025-71077 at SUSECVE-2025-71077 at NVDCVE-2025-71078 at SUSECVE-2025-71078 at NVDCVE-2025-71079 at SUSECVE-2025-71079 at NVDCVE-2025-71080 at SUSECVE-2025-71080 at NVDCVE-2025-71081 at SUSECVE-2025-71081 at NVDCVE-2025-71082 at SUSECVE-2025-71082 at NVDCVE-2025-71083 at SUSECVE-2025-71083 at NVDCVE-2025-71084 at SUSECVE-2025-71084 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71086 at SUSECVE-2025-71086 at NVDCVE-2025-71087 at SUSECVE-2025-71087 at NVDCVE-2025-71088 at SUSECVE-2025-71088 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71091 at SUSECVE-2025-71091 at NVDCVE-2025-71093 at SUSECVE-2025-71093 at NVDCVE-2025-71094 at SUSECVE-2025-71094 at NVDCVE-2025-71095 at SUSECVE-2025-71095 at NVDCVE-2025-71097 at SUSECVE-2025-71097 at NVDCVE-2025-71098 at SUSECVE-2025-71098 at NVDCVE-2025-71099 at SUSECVE-2025-71099 at NVDCVE-2025-71100 at SUSECVE-2025-71100 at NVDCVE-2025-71101 at SUSECVE-2025-71101 at NVDCVE-2025-71108 at SUSECVE-2025-71108 at NVDCVE-2025-71111 at SUSECVE-2025-71111 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2025-71113 at SUSECVE-2025-71113 at NVDCVE-2025-71114 at SUSECVE-2025-71114 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71118 at SUSECVE-2025-71118 at NVDCVE-2025-71119 at SUSECVE-2025-71119 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2025-71123 at SUSECVE-2025-71123 at NVDCVE-2025-71126 at SUSECVE-2025-71126 at NVDCVE-2025-71130 at SUSECVE-2025-71130 at NVDCVE-2025-71131 at SUSECVE-2025-71131 at NVDCVE-2025-71132 at SUSECVE-2025-71132 at NVDCVE-2025-71133 at SUSECVE-2025-71133 at NVDCVE-2025-71135 at SUSECVE-2025-71135 at NVDCVE-2025-71136 at SUSECVE-2025-71136 at NVDCVE-2025-71137 at SUSECVE-2025-71137 at NVDCVE-2025-71138 at SUSECVE-2025-71138 at NVDCVE-2025-71141 at SUSECVE-2025-71141 at NVDCVE-2025-71142 at SUSECVE-2025-71142 at NVDCVE-2025-71143 at SUSECVE-2025-71143 at NVDCVE-2025-71145 at SUSECVE-2025-71145 at NVDCVE-2025-71147 at SUSECVE-2025-71147 at NVDCVE-2025-71148 at SUSECVE-2025-71148 at NVDCVE-2025-71149 at SUSECVE-2025-71149 at NVDCVE-2025-71154 at SUSECVE-2025-71154 at NVDCVE-2025-71156 at SUSECVE-2025-71156 at NVDCVE-2025-71157 at SUSECVE-2025-71157 at NVDCVE-2025-71162 at SUSECVE-2025-71162 at NVDCVE-2025-71163 at SUSECVE-2025-71163 at NVDCVE-2026-22976 at SUSECVE-2026-22976 at NVDCVE-2026-22977 at SUSECVE-2026-22977 at NVDCVE-2026-22978 at SUSECVE-2026-22978 at NVDCVE-2026-22981 at SUSECVE-2026-22981 at NVDCVE-2026-22982 at SUSECVE-2026-22982 at NVDCVE-2026-22984 at SUSECVE-2026-22984 at NVDCVE-2026-22985 at SUSECVE-2026-22985 at NVDCVE-2026-22986 at SUSECVE-2026-22986 at NVDCVE-2026-22988 at SUSECVE-2026-22988 at NVDCVE-2026-22989 at SUSECVE-2026-22989 at NVDCVE-2026-22990 at SUSECVE-2026-22990 at NVDCVE-2026-22991 at SUSECVE-2026-22991 at NVDCVE-2026-22992 at SUSECVE-2026-22992 at NVDCVE-2026-22993 at SUSECVE-2026-22993 at NVDCVE-2026-22996 at SUSECVE-2026-22996 at NVDCVE-2026-22997 at SUSECVE-2026-22997 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23000 at SUSECVE-2026-23000 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDCVE-2026-23002 at SUSECVE-2026-23002 at NVDCVE-2026-23005 at SUSECVE-2026-23005 at NVDCVE-2026-23006 at SUSECVE-2026-23006 at NVDCVE-2026-23011 at SUSECVE-2026-23011 at NVDcpe:/o:suse:sl-micro:6.2Security update for the initial kernel livepatch (Important)SUSE Linux Micro 6.2
This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update.
Importantcpe:/o:suse:sl-micro:6.2Security update for haproxy (Moderate)SUSE Linux Micro 6.2
This update for haproxy fixes the following issues:
- Update to version 3.2.12+git0.6011f448e
- CVE-2026-26081: Fixed a DOS vulnerability in QUIC. (bsc#1257976)
- CVE-2026-26080: Fixed a DOS vulnerability in QUIC. (bsc#1257976)
ModerateSUSE bug 1257521SUSE bug 1257976CVE-2026-26080 at SUSECVE-2026-26080 at NVDCVE-2026-26081 at SUSECVE-2026-26081 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes one security issue
The following security issue was fixed:
- CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439).
ImportantSUSE bug 1253439CVE-2025-40186 at SUSECVE-2025-40186 at NVDcpe:/o:suse:sl-micro:6.2Security update for podman (Important)SUSE Linux Micro 6.2
This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
ImportantSUSE bug 1248988SUSE bug 1249154SUSE bug 1252376SUSE bug 1253542SUSE bug 1253993CVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-47913 at SUSECVE-2025-47913 at NVDCVE-2025-47914 at SUSECVE-2025-47914 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDCVE-2025-6032 at SUSECVE-2025-6032 at NVDCVE-2025-9566 at SUSECVE-2025-9566 at NVDcpe:/o:suse:sl-micro:6.2Security update for expat (Moderate)SUSE Linux Micro 6.2
This update for expat fixes the following issues:
- CVE-2026-24515: failure to copy the encoding handler data passed to XML_SetUnknownEncodingHandler may cause a NULL
dereference (bsc#1257144).
- CVE-2026-25210: lack of buffer size check can lead to an integer overflow (bsc#1257496).
ModerateSUSE bug 1257144SUSE bug 1257496CVE-2026-24515 at SUSECVE-2026-24515 at NVDCVE-2026-25210 at SUSECVE-2026-25210 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit-podman (Important)SUSE Linux Micro 6.2
This update for cockpit-podman fixes the following issues:
- CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global
prototypes (bsc#1257324).
ImportantSUSE bug 1257324CVE-2025-13465 at SUSECVE-2025-13465 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.7.1 fixes one security issue
The following security issue was fixed:
- CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (bsc#1253415).
ImportantSUSE bug 1253415CVE-2025-40130 at SUSECVE-2025-40130 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205).
- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1250190).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249480).
- CVE-2025-40129: sunrpc: fix null pointer dereference on zero-length checksum (bsc#1253473).
- CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (bsc#1253415).
- CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439).
ImportantSUSE bug 1249205SUSE bug 1249480SUSE bug 1250190SUSE bug 1253415SUSE bug 1253439SUSE bug 1253473CVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-39698 at SUSECVE-2025-39698 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-40129 at SUSECVE-2025-40129 at NVDCVE-2025-40130 at SUSECVE-2025-40130 at NVDCVE-2025-40186 at SUSECVE-2025-40186 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.5.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205).
- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1250190).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249480).
- CVE-2025-40129: sunrpc: fix null pointer dereference on zero-length checksum (bsc#1253473).
- CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439).
The following non security issue was fixed:
- bsc#1249241: fix addr_bit_set() issue on big-endian machines BITOP_BE32_SWIZZLE ought to be defined depending on the target's endianess, but the livepatch includes only the little-endian variant. Fix that. (bsc#1249241 bsc#1256928).
ImportantSUSE bug 1249205SUSE bug 1249241SUSE bug 1249480SUSE bug 1250190SUSE bug 1253439SUSE bug 1253473SUSE bug 1256928CVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-39698 at SUSECVE-2025-39698 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-40129 at SUSECVE-2025-40129 at NVDCVE-2025-40186 at SUSECVE-2025-40186 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes one security issue
The following security issue was fixed:
- CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (bsc#1253415).
ImportantSUSE bug 1253415CVE-2025-40130 at SUSECVE-2025-40130 at NVDcpe:/o:suse:sl-micro:6.2Security update for libxml2, libxslt (Moderate)SUSE Linux Micro 6.2
This update for libxml2, libxslt fixes the following issues:
Changes in libxml2:
- CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in
`xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811).
- CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling
`nextCatalog` elements (bsc#1256809, bsc#1256812).
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files
(bsc#1247858).
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257594, bsc#1257595).
- CVE-2025-10911: parsing xsl nodes may lead to use-after-free with key data stored cross-RVT (bsc#1250553)
ModerateSUSE bug 1247850SUSE bug 1247858SUSE bug 1250553SUSE bug 1256804SUSE bug 1256807SUSE bug 1256808SUSE bug 1256809SUSE bug 1256810SUSE bug 1256811SUSE bug 1256812SUSE bug 1257593SUSE bug 1257594SUSE bug 1257595CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2025-8732 at SUSECVE-2025-8732 at NVDCVE-2026-0990 at SUSECVE-2026-0990 at NVDCVE-2026-0992 at SUSECVE-2026-0992 at NVDCVE-2026-1757 at SUSECVE-2026-1757 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise kernel 6.12.0-160000.8.1 fixes one security issue
The following security issue was fixed:
- CVE-2025-40130: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling (bsc#1253415).
ImportantSUSE bug 1253415CVE-2025-40130 at SUSECVE-2025-40130 at NVDcpe:/o:suse:sl-micro:6.2Recommended update for shim (Moderate)SUSE Linux Micro 6.2
This update for shim fixes the following issues:
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix "Verifiying" typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as "vendor_db"
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
ModerateSUSE bug 1205588SUSE bug 1247432SUSE bug 1254336SUSE bug 1254679CVE-2024-2312 at SUSECVE-2024-2312 at NVDcpe:/o:suse:sl-micro:6.2Security update for virtiofsd (Important)SUSE Linux Micro 6.2
This update for virtiofsd fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257912).
ImportantSUSE bug 1257912CVE-2026-25727 at SUSECVE-2026-25727 at NVDcpe:/o:suse:sl-micro:6.2Security update for helm (Moderate)SUSE Linux Micro 6.2
This update for helm fixes the following issues:
- Update to version 3.19.1:
* CVE-2025-47911: golang.org/x/net/html: Fixed various algorithms with
quadratic complexity when parsing HTML documents (bsc#1251442)
* CVE-2025-58190: golang.org/x/net/html: Fixed xcessive memory
consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251649)
* jsonschema: warn and ignore unresolved URN $ref to match
v3.18.4
* Avoid "panic: interface conversion: interface {} is nil"
* Fix `helm pull` untar dir check with repo urls
* Fix deprecation warning
* Add timeout flag to repo add and update flags
- Update to version 3.19.0:
* bump version to v3.19.0
* fix: use username and password if provided
* fix(helm-lint): fmt
* fix(helm-lint): Add TLSClientConfig
* fix(helm-lint): Add HTTP/HTTPS URL support for json schema references
* chore(deps): bump the k8s-io group with 7 updates
* fix: go mod tidy for v3
* fix Chart.yaml handling
* Handle messy index files
* json schema fix
* fix: k8s version parsing to match original
* Do not explicitly set SNI in HTTPGetter
* Disabling linter due to unknown issue
* Updating link handling
* fix: user username password for login
* Update pkg/registry/transport.go
* fix: add debug logging to oci transport
* fix: legacy docker support broken for login
* fix: plugin installer test with no Internet
* Handle an empty registry config file.
* Prevent fetching newReference again as we have in calling method
* Prevent failure when resolving version tags in oras memory store
* fix(client): skipnode utilization for PreCopy
* test: Skip instead of returning early. looks more intentional
* test: tests repo stripping functionality
* test: include tests for Login based on different protocol prefixes
* fix(client): layers now returns manifest - remove duplicate from descriptors
* fix(client): return nil on non-allowed media types
* Fix 3.18.0 regression: registry login with scheme
* Update pkg/plugin/plugin.go
* Wait for Helm v4 before raising when platformCommand and Command are set
* Revert "fix (helm) : toToml` renders int as float [ backport to v3 ]"
* build(deps): bump the k8s-io group with 7 updates
* chore: update generalization warning message
* fix: move warning to top of block
* fix: govulncheck workflow
* fix: replace fmt warning with slog
* fix: add warning when ignore repo flag
* feat: add httproute from gateway-api to create chart template
- Update to version 3.18.6:
* fix(helm-lint): fmt
* fix(helm-lint): Add TLSClientConfig
* fix(helm-lint): Add HTTP/HTTPS URL support for json schema
references
- Update to version 3.18.5:
* fix Chart.yaml handling 7799b48 (Matt Farina)
* Handle messy index files dd8502f (Matt Farina)
* json schema fix cb8595b (Robert Sirchia)
- Fix shell completion dependencies
* Add BuildRequires to prevent inclusion of folders owned by shells.
* Add Requires because installing completions without appropriate
shell is questionable.
- Fix zsh completion location
ModerateSUSE bug 1251442SUSE bug 1251649CVE-2025-47911 at SUSECVE-2025-47911 at NVDCVE-2025-58190 at SUSECVE-2025-58190 at NVDcpe:/o:suse:sl-micro:6.2Security update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer (Moderate)SUSE Linux Micro 6.2
This update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer fixes the following issues:
Changes in gstreamer-rtsp-server:
- Update to version 1.26.7:
+ Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT.
+ rtsp-server: tests: Switch to fixtures to ensure pool shutdown
+ rtsp-server: tests: Fix a few memory leaks
Changes in gstreamer-plugins-ugly:
- Update to version 1.26.7:
+ No changes, stable version bump only.
Changes in gstreamer-plugins-rs:
- Update to version 1.26.7+git0.6ab75814:
* tracers: Fix inverted append logic when writing log files
* threadshare:
- examples: standalone: also handle buffer lists
- Pad push_list: downgrade Pad flushing log level
- sinks: fix / handle query()
- backpressure: abort pending items on flush start
- udpsink: fix panic recalculating latency from certain
executors
- audiotestsrc:
. support more Audio formats
. use AudioInfo
. fix latency
. act as a pseudo live source by default
- runtime task: execute action in downward transition
- example cleanups
- udpsink: distinguish sync status for latency & report added
latency
- sink elements: implement `send_event`
- dataqueue elements: report min and max latency
* rtp:
- Add linear audio (L8, L16, L24) RTP payloaders / depayloaders
* rtp: basedepay: reuse last PTS, when possible
* skia: Update to skia-safe 0.89
* mp4: Update to mp4-atom 0.9
* Update dependencies
* webrtc: livekit: Drop connection lock after take()
* onvifmetadatapay: copy metadata from source buffer
* fallbacksrc: Fix custom source reuse case
* add `rust-tls-native-roots` feature to the `reqwest` dep
* rtpamrpay2:
- Actually forward the frame quality indicator
- Set frame quality indicator flag
- Add patch to fix reproducibility of package build (boo#1237097)
- Update to version 1.26.6+git20.e287e869:
* Fix some new clippy 1.90 warnings
* colordetect: Don't use deprecated color_name API
* deny: Update
* quinn: Update to web-transport-quinn 0.8
* skia: Update to skia-safe 0.88
* Update Cargo.lock
* Allow windows-sys 0.61 too
* intersink: add sync property
* meson: Fix .pc files installation and simplify build output
handling. This also fixes the .pc file install directory and
ensures that the .pc files are only installed when static
builds is enabled.
- Drop devel subpackage following upstream changes.
- Update to version 1.26.6:
+ aws: Ensure task stopping on paused-to-ready state change
+ fallbacksrc:
- Don't panic during retries if the element was shut down in
parallel
- Don't restart source if the element is just being shut down
- Fix some custom source deadlocks
- Fix sources only being restarted once
+ gtk4: Try importing dmabufs withouth DMA_DRM caps
+ inter: Give the appsrc/appsink a name that has the parent
element as prefix
+ mp4: Skip tests using x264enc if it does not exist
+ rtpgccbwe: avoid clamp() panic when min_bitrate > max_bitrate
+ rtpmp4gdepay2: allow only constantduration with neither
constantsize nor sizelength set
+ rtprecv: fix race condition on first buffer
+ speechmatics: Specify rustls as an explicit dependency
+ spotify: update to librespot 0.7
+ threadshare:
- add a blocking adapter element
- always use block_on_or_add_subtask
- audiotestsrc: fix setting samples-per-buffer...
- blocking_adapter: fix Since marker in docs
- fix resources not available when preparing asynchronously
- fix ts-inter test one_to_one_up_first
- have: have Task log its obj
- intersink: return from blocking tasks when stopping
- inter: update doc example
- runtime/pad: lower log level pushing Buffer to flushing pad
- separate blocking & throttling schedulers
- update examples
- Update to getifaddrs 0.5
- Fix macOS build post getifaddrs 0.5 update
- Bump up getiffaddrs to 0.1.5 and revert "udp: avoid
getifaddrs in android"
- Reapply "udp: avoid getifaddrs in android"
+ transcriberbin: Fix some deadlocks
+ Update dependencies
+ webrtc: Migrate to warp 0.4 and switch to tokio-rustls
+ webrtc/signalling: Fix setting of host address
+ ci: add script to check readme against plugins list
+ Fix various new clippy 1.89 warnings
+ Don't suggest running cargo cinstall after cargo cbuild
+ meson: Isolate built plugins from cargo target directory
- Update to version 1.26.5+git11.949807a4 (boo#1248053,
CVE-2025-55159):
+ rtprecv: fix race condition on first buffer
+ threadshare: intersink: return from blocking tasks when
stopping
+ threadshare: inter: store upstream latency in InterContext
+ threadshare: add a blocking adapter element
+ transcriberbin: Fix settings/state lock order violation in
set_property()
+ transcriberbin: Don't keep state locked while querying upstream
latency
+ threadshare: audiotestsrc: fix setting samples-per-buffer...
+ rtpgccbwe: avoid clamp() panic when min_bitrate > max_bitrate
+ fallbacksrc: Don't restart source if the element is just being
shut down
+ aws: Ensure task stopping on paused-to-ready state change
+ fallbacksrc: Don't panic during retries if the element was shut
down in parallel
+ Update Cargo.lock.
- Update to version 1.26.5:
+ awstranscriber2, awstranslate: Handle multiple stream-start
event
+ ceaX08overlay: support ANY caps features, allowing e.g.
memory:GLMemory if downstream supports the overlay composition
meta
+ hlsmultivariantsink: Fix master playlist version
+ rtprecv: Drop state lock before chaining RTCP packets from the
RTP chain function
+ Add rtpbin2 examples
+ rtpmp4apay2: fix payload size prefix
+ rtp: threadshare: fix some property ranges
+ mpegtslivesrc: Remove leftover debug message
+ ts-audiotestsrc fixes
+ threadshare: fix flush for ts-queue ts-proxy & ts-intersrc
+ threadshare: fix regression in ts-proxysrc
+ threadshare: improvements to some elements
+ threadshare: Enable windows Win32_Networking feature
+ threadshare: queue & proxy: fix race condition stopping
+ threadshare: Also enable windows Win32_Networking_WinSock
feature
+ tracers: pipeline-snapshot: reduce WebSocket connection log
level
+ tracers: queue-levels: add support for threadshare DataQueue
related elements
+ tracers: Update to etherparse 0.19
+ transcriberbin: Fix handling of upstream latency query
+ webrtcsink: Move videorate before videoconvert and videoscale
to avoid processing frames that would be dropped
+ Fix various new clippy 1.89 warnings
- Update to version 1.26.4:
+ aws: s3hlssink: Write to S3 on OutputStream flush
+ cea708mux: fix clipping function
+ dav1ddec: Use video decoder base class latency reporting API
+ elevenlabssynthesizer: fix running time checks
+ gopbuffer: Push GOPs in order of time on EOS
+ gtk4: Improve color-state fallbacks for unknown values
+ gtk4: Add YCbCr memory texture formats
+ gtk4: Promote set_caps debug log to info
+ hlssink3: Fix a comment typo
+ hlssink3: Use closed fragment location in playlist generation
+ livekit: add room-timeout
+ mccparse: Convert "U" to the correct byte representation
+ mp4mux: add TAI timestamp element and muxing
+ threadshare: add a ts-rtpdtmfsrc element
+ rtp: Update to rtcp-types 0.2
+ rtpsend: Don't configure a zero min RTCP interval for senders
+ rtpbin2: Fix handling of unknown PTs and don't warn about
incomplete RTP caps to allow for bundling
+ rtpbin2: Improve rtcp-mux support
+ rtpbin2: fix race condition on serialized Queries
+ rtpbin2: sync: fix race condition
+ rtprecv optimize src pad scheduling
+ rtprecv: fix SSRC collision event sent in wrong direction
+ skia: Add harfbuzz, freetype and fontconfig as dependencies in
the meson build
+ tttocea{6,7}08: Disallow pango markup from input caps
+ ts-intersrc: handle dynamic inter-ctx changes
+ threadshare: src elements: don't pause the task in downward
state transitions
+ webrtc: sink: avoid recursive locking of the session
+ webrtcsink: fix deadlock on error setting remote description
+ webrtcsink: add mitigation modes parameter and signal
+ webrtc: fix Safari addIceCandidate crash
+ webrtc-api: Set default bundle policy to max-bundle
+ WHIP client: emit shutdown after DELETE request
+ Fix various new clippy 1.88 warnings
+ Update dependencies
- Update to version 1.26.3:
+ Add new speech synthesis element around ElevenLabs API
+ cea708mux: fix another WouldOverflow case
+ cea708mux: support configuring a limit to how much data will be
pending.
+ cea708overlay: also reset the output size on flush stop
+ gcc: handle out of order packets
+ fmp4mux: Fix panic on late GOP
+ livekit: expose a connection state property
+ mp4mux: add taic box
+ mp4mux: test the trak structure
+ pcap_writer: Make target-property and pad-path properties
writable again
+ skia: Don't build skia plugin by default for now
+ threadshare: cleanups & usability improvements
+ threadshare: sync runtime with latest async-io
+ threadshare: fix kqueue reactor
+ threadshare: Update to getifaddrs 0.2
+ threadshare: add new thread-sharing inter elements
+ threadshare: add a ts-rtpdtmfsrc element
+ transcriberbin: fix naming of subtitle pads
+ tttocea708: don't panic if a new service would overflow
+ webrtc: android: Update Gradle and migrate to
FindGStreamerMobile
+ webrtc: add new examples for stream selection over data channel
+ webrtcsrc: the webrtcbin get-transceiver index is not
mlineindex
+ webrtcsrc: send CustomUpstream events over control channel ..
+ webrtcsink: Don't require encoder element for pre-encoded
streams
+ webrtcsink: Don't reject caps events if the codec_data changes
+ whip: server: pick session-id from the endpoint if specified
+ cargo: add config file to force
CARGO_NET_GIT_FETCH_WITH_CLI=true
+ Cargo.lock, deny: Update dependencies and log duplicated
targo-lexicon
+ Update windows-sys dependency from ">=0.52, <=0.59" to ">=0.52,
<=0.60"
+ deny: Add override for windows-sys 0.59
+ deny: Update lints
+ cargo_wrapper: Fix backslashes being parsed as escape codes on
Windows
+ Fixes for Clock: non-optional return types
+ Rename relationmeta plugin to analytics
Changes in gstreamer-plugins-libav:
- Update to version 1.26.7:
+ No changes, stable versionbump only.
Changes in gstreamer-plugins-good:
- Update to version 1.26.7:
+ matroskamux: Properly check if pads are EOS in find_best_pad
+ qtdemux:
- Bad performance with GoPro videos containing FDSC metadata
tracks
- Fix open/seek perf for GoPro files with SOS track
- Handle unsupported channel layout tags gracefully
- Set channel-mask to 0 for unknown layout tags
+ rtspsrc: Send RTSP keepalives in TCP/interleaved modes
+ v4l2:
- Add GstV4l2Error handling in gst_v4l2_get_capabilities
- Fix memory leak for DRM caps negotiation
+ v4l2transform: reconfigure v4l2object only if respective caps
changed
+ Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT
- Update to version 1.26.6:
+ adaptivedemux2: fix crash due to log
+ adaptivedemux2: Crash in logging when "Dropping EOS before next
period"
+ hlsdemux2: Fix parsing of byterange and init map directives
+ mpg123audiodec: Always break the decoding loop and relay
downstream flow errors upstream
+ v4l2: Add support for WVC1 and WMV3
+ Monorepo: dv plugin requires explicit enablement now for a
build using the Meson subproject fallback
- Update to version 1.26.5:
+ 4l2: fix memory leak for dynamic resolution change
+ videorate, imagefreeze: add support for JPEG XS
- Update to version 1.26.4:
+ adaptivedemux2: Fixed reverse playback
+ matroskademux: Send tags after seeking
+ qtdemux: Fix incorrect FourCC used when iterating over sbgp
atoms
+ qtdemux: Incorrect sibling type used in sbgp iteration loop
+ rtph265pay: add profile-id, tier-flag, and level-id to output
rtp caps
+ rtpjpeg: fix copying of quant data if it spans memory segments
+ soup: Disable range requests when talking to Python's
http.server
+ v4l2videodec: need replace acquired_caps on set_format success
+ Fix various valgrind/test errors when GST_DEBUG is enabled
+ More valgrind and test fixes
+ Various ASAN fixes
- Update to version 1.26.3:
+ aacparse: Fix counting audio channels in program_config_element
+ adaptivedemux2: free cancellable when freeing transfer task
+ dashdemux2: Fix seeking in a stream with gaps
+ decodebin wavparse cannot pull header
+ imagefreeze: fix not negotiate log when stop
+ osxvideosink: Use gst_pad_push_event() and post navigation
messages
+ qml6glsink: Allow configuring if the item will consume input
events
+ qtmux: Update chunk offsets when converting stco to co64 with
faststart
+ splitmuxsink: Only send closed message once per open fragment
+ rtph265depay: CRA_NUT can also start an (open) GOP
+ rtph265depay: fix codec_data generation
+ rtspsrc: Don't emit error during close if server is EOF
+ twcc: Fix reference timestamp wrapping (again)
+ v4l2: Fix possible internal pool leak
+ v4l2object: Add support for colorimetry bt2100-pq and 1:4:5:3
+ wavparse: Don't error out always when parsing acid chunks
Changes in gstreamer-plugins-base:
- Update to version 1.26.7:
+ discoverer: Mark gst_discoverer_stream_info_list_free() as
transfer full
+ riff: Add channel reorder maps for 3 and 7 channel audio
+ sdp: proper usage of gst_buffer_append
+ videorate: fix assert fail due to invalid buffer duration
+ Fix build error with glib < 2.68
- Update to version 1.26.6:
+ decodebin3: Update stream tags
+ rtpbasedepayload: Avoid potential use-after free
+ rtspconnection: Add get_url and get_ip return value annotation
+ gst_rtsp_connection_get_url return value transfer annotation
missing
+ videometa: Fix valgrind warning when deserializing video meta
+ videorate: don't hold the reference to the buffer in drop-only
mode
+ gst-device-monitor-1.0: Fix device-path regression on Windows
+ gst-device-monitor-1.0: Add quoting for powershell and cmd
+ Monorepo: opengl, vorbis, plugins require explicit enablement
now for a build using the Meson subproject fallback
- Update to version 1.26.5:
+ audioconvert: mix-matrix causes caps negotiation failure
+ decodebin3: Don't error on an incoming ONVIF metadata stream
+ gloverlay: Recompute geometry when caps change, and load
texture after stopping and starting again
+ uridecodebin3: Add missing locking and NULL checks when adding
URIs to messages
+ uridecodebin3: segfault in update_message_with_uri() if no
decoder available
+ videorate, imagefreeze: add support for JPEG XS
+ gst-device-monitor-1.0: Add shell quoting for launch lines
+ gst-device-monitor-1.0: Fix criticals, and also accept utf8 in
launch lines
+ gst-device-monitor-1.0: Use gst_print instead of g_print
- Update to version 1.26.4:
+ Revert "streamsynchronizer: Consider streams having received
stream-start as waiting"
+ alsa: free conf cache under valgrind
+ gst-device-monitor: Fix caps filter splitting
+ Fix various valgrind/test errors when GST_DEBUG is enabled
+ More valgrind and test fixes
+ Various ASAN fixes
- Update to version 1.26.3:
+ GstAudioAggregator: fix structure unref in peek_next_sample()
+ audioconvert: Fix setting mix-matrix when input caps changes
+ encodebasebin: Duplicate encoding profile in property setter
+ gl: simplify private
gst_gl_gst_meta_api_type_tags_contain_only()
+ osxvideosink: Use gst_pad_push_event() and post navigation
messages
+ playsink: Fix race condition in stream synchronizer pad cleanup
during state changes
+ python: Fix pulling events from appsink
+ streamsynchronizer: Consider streams having received
stream-start as waiting
+ urisourcebin: Text tracks are no longer set as sparse stream in
urisourcebin's multiqueue
Changes in gstreamer-plugins-bad:
- Update to version 1.26.7:
+ cuda: Fix runtime kernel compile with CUDA 13.0
+ d3d12convert: Fix crop meta support
+ d3d12deinterlace: Fix passthrough handling
+ gst: Fix a few small leaks
+ matroskamux: Properly check if pads are EOS in find_best_pad
+ tsdemux: Directly forward Opus AUs without opus_control_header
+ tsmux: Write a full Opus channel configuration if no matching
Vorbis one is found
+ unixfd: Fix case of buffer with big payload
+ vacompositor: Correct scale-method properties
+ webrtc: nice: Fix a use-after-free and a mem leak
+ Fix all compiler warnings on Fedora
+ Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT
- Update to version 1.26.6:
+ analytics: always add GstTensorMeta
+ cccombiner: Crash fixes
+ curlsmtpsink: adapt to date formatting issue
+ decklinkvideosrc: fix decklinkvideosrc becomes unrecoverable if
it fails to start streaming
+ decklinkvideosrc gets into unrecoverable state if device is
busy
+ dwrite: Fix D3D12 critical warning
+ hlsdemux: Fix parsing of byterange and init map directives
+ mpegtsmux: Caps event fails with stream type change error
+ vulkanh24xdec: couple of fixes
+ vulkanh26xdec: fix discont state handling
+ waylandsink: add some error handler for event dispatch
+ zbar: tests: Handle symbol-bytes as not null-terminated
+ Monorepo: avtp, codec2json, iqa, microdns, openjpeg, qroverlay,
soundtouch, tinyalsa plugins require explicit enablement now
for a build using the Meson subproject fallback
- Update to version 1.26.5:
+ av1parse: Don't error out on "currently" undefined seq-level
indices
+ av1parse: fails to parse AV1 bitstreams generated by FFmpeg
using the av1_nvenc hardware encoder
+ d3d12screencapturedevice: Avoid false device removal on monitor
reconfiguration
+ d3d12screencapturesrc: Fix OS handle leaks/random crash in WGC
mode
+ meson: d3d12: Add support for MinGW DirectXMath package
+ va: Re-negotiate after FLUSH
+ vaXXXenc: calculate latency with corrected framerate
+ vaXXXenc: fix potential race condition
+ vkphysicaldevice: enable sampler ycbcr conversion,
synchronization2 and timeline semaphore features
+ vulkan: ycbcr conversion extension got promoted in 1.1.0
+ wasapi2: Port to IMMDevice based device selection
- Fix really disabling faad when building without faad support.
- Do not build with faad in SLE16 where faad2 is not available.
- Update to version 1.26.4:
+ avtp: crf: Setup socket during state change to ensure we handle
failure
+ d3d12screencapture: Add support for monitor add/remove in
device provider
+ mpegtsmux: fix double free caused by shared PMT descriptor
+ openh264: Ensure src_pic is initialized before use
+ rtmp2src: various fixes to make it play back AWS medialive
streams
+ ssdobjectdetector: Use correct tensor data index for the scores
+ v4l2codecs: h265dec: Fix zero-copy of cropped window located at
position 0,0
+ vp9parse: Fix handling of spatial SVC decoding
+ vp9parse: Revert "Always default to super-frame"
+ vtenc: Fix negotiation failure with profile=main-422-10
+ vulkan: Fix drawing too many triangles in fullscreenquad
+ vulkanfullscreenquad: add locks for synchronisation
+ Fix various valgrind/test errors when GST_DEBUG is enabled
+ More valgrind and test fixes
+ Various ASAN fixes
- Provide and Obsolete gstreamer-1.20-plugin-openh264 too, not just
gstreamer-plugin-openh264.
- Update to version 1.26.3:
+ amc: Overhaul hw-accelerated video codecs detection
+ bayer2rgb: Fix RGB stride calculation
+ d3d12compositor: Fix critical warnings
+ dashsink: Fix failing test
+ decklink: calculate internal using values closer to the current
clock times
+ decklinkvideosink: show preroll frame correctly
+ decklink: clock synchronization after pause
+ h266parser: Fix overflow when parsing subpic_level_info
+ lcevcdec: Check for errors after receiving all enhanced and
base pictures
+ meson: fix building -bad tests with disabled soundtouch
+ mpegts: handle MPEG2-TS with KLV metadata safely by preventing
out of bounds
+ mpegtsmux: Corrections around Teletext handling
+ srtsink: Fix header buffer filtering
+ transcoder: Fix uritranscodebin reference handling
+ tsdemux: Allow access unit parsing failures
+ tsdemux: Send new-segment before GAP
+ vulkanupload: fix regression for uploading VulkanBuffer
+ vulkanupload: fix regression when uploading to single memory
multiplaned memory images
+ webrtcbin: disconnect signal ICE handlers on dispose
+ {d3d12,d3d11}compositor: Fix negative position handling
+ {nv,d3d12,d3d11}decoder: Use interlace info in input caps
- Build with noopenh264, move plugin to main package.
- Drop conditionals for fdk-aac, explicitly build it for all
targets.
- Move faad plugin to main package.
Changes in gstreamer-docs:
- Update to version 1.26.7:
+ No changes, stable bump only.
+ Update docs.
Changes in gstreamer-devtools:
- Update to version 1.26.7:
+ Fix issues with G_DISABLE_CHECKS & G_DISABLE_ASSERT
- Update to version 1.26.6:
+ validate: http-actions: Replace GUri with GstURI for GLib 2.64
compatibility
+ Fix memory leak and use of incorrect context
- Update to version 1.26.5:
+ No changes, stable bump only.
- Update vendored dependencies (boo#1248053, CVE-2025-55159).
- Update to version 1.26.4:
+ Update various Rust dependencies
- Update to version 1.26.3:
+ validate: More memory leaks
+ validate: Valgrind fixes
Changes in gstreamer:
- Update to version 1.26.7:
+ Highlighted bugfixes in 1.26.7:
- cea608overlay: improve handling of non-system memory
- cuda: Fix runtime kernel compile with CUDA 13.0
- d3d12: Fix crop meta support in converter and passthrough
handling in deinterlacer
- fallbacksrc: source handling improvements; no-more-pads
signal for streams-unaware parents
- inter: add properties to fine tune the inner elements
- qtdemux: surround sound channel layout handling fixes and
performance improvements for GoPro videos
- rtp: Add linear audio (L8, L16, L24) RTP payloaders /
depayloaders
- rtspsrc: Send RTSP keepalives in TCP/interleaved modes
- rtpamrpay2: frame quality indicator flag related fixes
- rtpbasepay2: reuse last PTS when possible, to work around
problems with NVIDIA Jetson AV1 encoder
- mpegtsmux, tsdemux: Opus audio handling fixes
- threadshare: latency related improvements and many other
fixes
- matroskamux, tsmux, flvmux, cea608mux: Best pad determination
fixes at EOS
- unixfd: support buffers with a big payload
- videorate unknown buffer duration assertion failure with
variable framerates
- editing services: Make GESTimeline respect
SELECT_ELEMENT_TRACK signal discard decision; memory leak
fixes
- gobject-introspection annotation fixes
- cerbero: Update meson to 1.9.0 to enable Xcode 26
compatibility
- Various bug fixes, build fixes, memory leak fixes, and other
stability and reliability improvements
+ gstreamer:
- controller: Fix get_all() return type annotation
- gst-launch: Do not assume error messages have a src element
- multiqueue: Fix object reference handling in signal callbacks
- netclientclock: Fix memory leak in error paths
- Update to version 1.26.6:
+ Highlighted bugfixes in 1.26.6:
- analytics GstTensorMeta handling changes (see note below)
- closed caption combiner and transcriberbin stability fixes
- decklinkvideosrc: fix unrecoverable state after failing to
start streaming because device is busy
- decodebin3 tag handling improvements
- fallbacksrc: Fix sources only being restarted once, as well
as some deadlocks and race conditions on shutdown
- gtk4paintablesink: Try importing dmabufs withouth DMA_DRM
caps
- hlsdemux2: Fix parsing of byterange and init map directives
- rtpmp4gdepay2: allow only constantduration with neither
constantsize nor sizelength set
- spotifysrc: update to librespot 0.7 to make work after recent
Spotify changes
- threadshare: new blocking adapter element for use in front of
block elements such as sinks that sync to the clock
- threadshare: various other threadshare element fixes and
improvements
- v4l2: Add support for WVC1 and WMV3
- videorate: possible performance improvements when operating
in drop-only mode
- GstBaseParse fixes
- Vulkan video decoder fixes
- Fix gst-device-monitor-1.0 tool device-path regression on
Windows
- Monorepo development environment builds fewer plugins using
subprojects by default, those require explicit enablement now
- Python bindings: Handle buffer PTS, DTS, duration, offset,
and offset-end as unsigned long long (regression fix)
- Cerbero: Reduce recipe parallelism in various cases and dump
cerbero and recipe versions into datadir during packaging
- Various bug fixes, build fixes, memory leak fixes, and other
stability and reliability improvements
+ Possibly breaking behavioural changes:
- Previously it was guaranteed that there is only ever up to
one GstTensorMeta per buffer. This is no longer true and code
working with GstTensorMeta must be able to handle multiple
GstTensorMeta now.
+ gstreamer:
- baseparse: Try harder to fixate caps based on upstream in
default negotiation
- gst-discoverer reports 1x1 dimensions for "valid" MP4 files
- baseparse: don't clear most sticky events after a FLUSH_STOP
event
- gstreamer: Disable miniobject inline functions for
gobject-introspection for non-subprojects too
- gstreamer: Make sure to zero-initialize the GValue before
G_VALUE_COLLECT_INIT
- ptp: Fix a new Rust 1.89 compiler warning on Windows
- ptp: Fix new compiler warning with Rust 1.89
- Segmentation fault when compiled with
"-ftrivial-auto-var-init=pattern". Use of unitialized GValue
- Update to version 1.26.5:
+ Highlighted bugfixes:
- audioconvert: Fix caps negotiation regression when using a
mix matrix
- cea608overlay, cea708overlay: Accept GPU memory buffers if
downstream supports the overlay composition meta
- d3d12screencapture source element and device provider fixes
- decodebin3: Don't error on an incoming ONVIF metadata stream
- uridecodebin3: Fix potential crash when adding URIs to
messages, e.g. if no decoder is available
- v4l2: Fix memory leak for dynamic resolution change
- VA encoder fixes
- videorate, imagefreeze: Add support for JPEG XS
- Vulkan integration fixes
- wasapi2 audio device monitor improvements
- threadshare: Many improvements and fixes to the generic
threadshare and RTP threadshare elements
- rtpbin2 improvements and fixes
- gst-device-monitor-1.0 command line tool improvements
- Various bug fixes, build fixes, memory leak fixes, and other
stability and reliability improvements
+ gstreamer:
- aggregator: add sub_latency_min to pad queue size
- build: Disable C5287 warning on MSVC
- Update to version 1.26.4:
+ Highlighted bugfixes in 1.26.4:
- adaptivedemux2: Fixed reverse playback
- d3d12screencapture: Add support for monitor add/remove in
device provider
- rtmp2src: various fixes to make it play back AWS medialive
streams
- rtph265pay: add profile-id, tier-flag, and level-id to output
rtp caps
- vp9parse: Fix handling of spatial SVC decoding
- vtenc: Fix negotiation failure with profile=main-422-10
- gtk4paintablesink: Add YCbCr memory texture formats and other
improvements
- livekit: add room-timeout
- mp4mux: add TAI timestamp muxing support
- rtpbin2: fix various race conditions, plus other bug fixes
and performance improvements
- threadshare: add a ts-rtpdtmfsrc element, implement run-time
input switching in ts-intersrc
- webrtcsink: fix deadlock on error setting remote description
and other fixes.
- cerbero: WiX installer: fix missing props files in the MSI
packages
- smaller macOS/iOS package sizes
- Various bug fixes, build fixes, memory leak fixes, and other
stability and reliability improvements
+ gstreamer:
- tracers: Fix deadlock in latency tracer
- Fix various valgrind/test errors when GST_DEBUG is enabled
- More valgrind and test fixes
- Various ASAN fixes
- Update to version 1.26.3:
+ Highlighted bugfixes in 1.26.3:
- Security fix for the H.266 video parser
- Fix regression for WAV files with acid chunks
- Fix high memory consumption caused by a text handling
regression in uridecodebin3 and playbin3
- Fix panic on late GOP in fragmented MP4 muxer
- Closed caption conversion, rendering and muxing improvements
- Decklink video sink preroll frame rendering and clock drift
handling fixes
- MPEG-TS demuxing and muxing fixes
- MP4 muxer fixes for creating very large files with faststart
support
- New thread-sharing 1:N inter source and sink elements, and a
ts-rtpdtmfsrc
- New speech synthesis element around ElevenLabs API
- RTP H.265 depayloader fixes and improvements, as well as TWCC
and GCC congestion control fixes
- Seeking improvements in DASH client for streams with gaps
- WebRTC sink and source fixes and enhancements, including to
LiveKit and WHIP signallers
- The macOS osxvideosink now posts navigation messages
- QtQML6GL video sink input event handling improvements
- Overhaul detection of hardware-accelerated video codecs on
Android
- Video4Linux capture source fixes and support for BT.2100 PQ
and 1:4:5:3 colorimetry
- Vulkan buffer upload and memory handling regression fixes
- gst-python: fix various regressions introduced in 1.26.2
- cerbero: fix text relocation issues on 32-bit Android and fix
broken VisualStudio VC templates
- packages: ship pbtypes plugin and update openssl to 3.5.0 LTS
- Various bug fixes, build fixes, memory leak fixes, and other
stability and reliability improvements
+ gstreamer:
- aggregator: Do not set event seqnum to INVALID
- baseparse: test: Fix race on test start
- pad: Only remove TAG events on STREAM_START if the stream-id
actually changes
- utils: Mark times array as static to avoid symbol conflict
with the POSIX function
- vecdeque: Use correct index type gst_vec_deque_drop_struct()
ModerateSUSE bug 1237097SUSE bug 1248053CVE-2025-55159 at SUSECVE-2025-55159 at NVDcpe:/o:suse:sl-micro:6.2Security update for qemu (Moderate)SUSE Linux Micro 6.2
This update for qemu fixes the following issues:
- Update to version 10.0.8
- CVE-2025-14876: Fixed unbounded allocation in virtio-crypto. (bsc#1255400)
- CVE-2026-0665: Fixed PIRQ bounds check in xen_physdev_map_pirq. (bsc#1256484)
ModerateSUSE bug 1255400SUSE bug 1256484SUSE bug 1257474SUSE bug 1257492CVE-2025-14876 at SUSECVE-2025-14876 at NVDCVE-2026-0665 at SUSECVE-2026-0665 at NVDcpe:/o:suse:sl-micro:6.2Security update for rust-keylime (Important)SUSE Linux Micro 6.2
This update for rust-keylime fixes the following issues:
- Update to version 0.2.8+116:
- CVE-2026-25727: Update vendored crates to fix a date parser can lead to stack exhaustion in Time. (bsc#1257908)
ImportantSUSE bug 1247193SUSE bug 1248006SUSE bug 1257908CVE-2025-55159 at SUSECVE-2025-55159 at NVDCVE-2025-58266 at SUSECVE-2025-58266 at NVDCVE-2026-25727 at SUSECVE-2026-25727 at NVDcpe:/o:suse:sl-micro:6.2Security update for python-maturin (Important)SUSE Linux Micro 6.2
This update for python-maturin fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257918).
ImportantSUSE bug 1257918CVE-2026-25727 at SUSECVE-2026-25727 at NVDcpe:/o:suse:sl-micro:6.2Security update for libpng16 (Important)SUSE Linux Micro 6.2
This update for libpng16 fixes the following issues:
- CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
- CVE-2025-28162: Fixed a memory leaks when running `pngimage`. (bsc#1257364)
- CVE-2025-28164: Fixed a memory leaks when running `pngimage`. (bsc#1257365)
ImportantSUSE bug 1257364SUSE bug 1257365SUSE bug 1258020CVE-2025-28162 at SUSECVE-2025-28162 at NVDCVE-2025-28164 at SUSECVE-2025-28164 at NVDCVE-2026-25646 at SUSECVE-2026-25646 at NVDcpe:/o:suse:sl-micro:6.2Security update for net-snmp (Important)SUSE Linux Micro 6.2
This update for net-snmp fixes the following issues:
- CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491).
ImportantSUSE bug 1255491CVE-2025-68615 at SUSECVE-2025-68615 at NVDcpe:/o:suse:sl-micro:6.2Security update for libsoup (Important)SUSE Linux Micro 6.2
This update for libsoup fixes the following issues:
Update to libsoup 3.6.6:
- CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555).
- CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (bsc#1254876).
- CVE-2025-32049: Denial of Service attack to websocket server (bsc#1240751).
- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).
- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects
(bsc#1257441).
- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request
smuggling and potential DoS (bsc#1257597).
- CVE-2026-2369: Buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information
disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
Changelog:
- websocket: Fix out-of-bounds read in process_frame
- Check nulls returned by soup_date_time_new_from_http_string()
- Numerous fixes to handling of Range headers
- server: close the connection after responsing a request
containing Content-Length and Transfer-Encoding
- Use CRLF as line boundary when parsing chunked enconding data
- websocket: do not accept messages frames after closing due to
an error
- Sanitize filename of content disposition header values
- Always validate the headers value when coming from untrusted
source
- uri-utils: do host validation when checking if a GUri is valid
- multipart: check length of bytes read
soup_filter_input_stream_read_until()
- message-headers: Reject duplicate Host headers
- server: null-check soup_date_time_to_string()
- auth-digest: fix crash in
soup_auth_digest_get_protection_space()
- session: fix 'heap-use-after-free' caused by 'finishing' queue
item twice
- cookies: Avoid expires attribute if date is invalid
- http1: Set EOF flag once content-length bytes have been read
- date-utils: Add value checks for date/time parsing
- multipart: Fix multiple boundry limits
- Fixed multiple possible memory leaks
- message-headers: Correct merge of ranges
- body-input-stream: Correct chunked trailers end detection
- server-http2: Correctly validate URIs
- multipart: Fix read out of buffer bounds under
soup_multipart_new_from_message()
- headers: Ensure Request-Line comprises entire first line
- tests: Fix MSVC build error
- Fix possible deadlock on init from gmodule usage
- Updated translations.
ImportantSUSE bug 1240751SUSE bug 1252555SUSE bug 1254876SUSE bug 1257398SUSE bug 1257441SUSE bug 1257597SUSE bug 1258120SUSE bug 1258170SUSE bug 1258508CVE-2025-12105 at SUSECVE-2025-12105 at NVDCVE-2025-14523 at SUSECVE-2025-14523 at NVDCVE-2025-32049 at SUSECVE-2025-32049 at NVDCVE-2026-1467 at SUSECVE-2026-1467 at NVDCVE-2026-1539 at SUSECVE-2026-1539 at NVDCVE-2026-1760 at SUSECVE-2026-1760 at NVDCVE-2026-2369 at SUSECVE-2026-2369 at NVDCVE-2026-2443 at SUSECVE-2026-2443 at NVDCVE-2026-2708 at SUSECVE-2026-2708 at NVDcpe:/o:suse:sl-micro:6.2Security update for protobuf (Moderate)SUSE Linux Micro 6.2
This update for protobuf fixes the following issues:
Security fixes:
- CVE-2025-4565: Fixed parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive
groups or messages that could lead to crash due to RecursionError (bsc#1244663).
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
Other fixes:
- Fixed import issues of reverse-dependency packages within the google namespace (bsc#1244918).
ModerateSUSE bug 1244663SUSE bug 1244918SUSE bug 1257173CVE-2025-4565 at SUSECVE-2025-4565 at NVDCVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sl-micro:6.2Security update for librsvg (Moderate)SUSE Linux Micro 6.2
This update for librsvg fixes the following issues:
Update to version 2.60.2:
- CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243867).
- CVE-2024-43806: Fixed memory explosion in rustix (bsc#1229950).
ModerateSUSE bug 1229376SUSE bug 1229950SUSE bug 1243867CVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDcpe:/o:suse:sl-micro:6.2Security update for libsodium (Moderate)SUSE Linux Micro 6.2
This update for libsodium fixes the following issues:
- CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
ModerateSUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDcpe:/o:suse:sl-micro:6.2Security update for ucode-intel (Moderate)SUSE Linux Micro 6.2
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046):
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access (bsc#1229129).
- CVE-2025-31648: Improper handling of values in the
microcode flow for some Intel Processor Family may allow
an escalation of privilege (bsc#1258046).
- Intel CPU Microcode was updated to the 20251111 release (bsc#1253319):
- Update for functional issues.
- switch the supplements to use supplements + kernel to allow
moving a installation to Intel hardware (bsc#1249138)
- Intel CPU Microcode was updated to the 20241029 release (bsc#1230400):
- Update for functional issues.
ModerateSUSE bug 1229129SUSE bug 1230400SUSE bug 1249138SUSE bug 1253319SUSE bug 1258046CVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2025-31648 at SUSECVE-2025-31648 at NVDcpe:/o:suse:sl-micro:6.2Security update for vim (Important)SUSE Linux Micro 6.2
This update for vim fixes the following issues:
- Update Vim to version 9.2.0110 that includes security fixes for:
* CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
* CVE-2026-26269: stack buffer overflow in Vim's NetBeans integration when processing the specialKeys command (bsc#1258229).
* CVE-2025-53906: path traversal in Vim's zip.vim plugin (bsc#1246602).
- Other changes:
* Add wayland-client to BuildRequires and enable Wayland support.
* Add Wayland include path to CFLAGS to fix clipboard compilation.
* Package new Swedish (sv) man pages and clean up duplicate encodings (sv.ISO8859-1 and sv.UTF-8).
ImportantSUSE bug 1246602SUSE bug 1258229SUSE bug 1259051CVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2026-26269 at SUSECVE-2026-26269 at NVDCVE-2026-28417 at SUSECVE-2026-28417 at NVDcpe:/o:suse:sl-micro:6.2Security update for curl (Important)SUSE Linux Micro 6.2
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
ImportantSUSE bug 1259362SUSE bug 1259363SUSE bug 1259364SUSE bug 1259365CVE-2026-1965 at SUSECVE-2026-1965 at NVDCVE-2026-3783 at SUSECVE-2026-3783 at NVDCVE-2026-3784 at SUSECVE-2026-3784 at NVDCVE-2026-3805 at SUSECVE-2026-3805 at NVDcpe:/o:suse:sl-micro:6.2Security update for python-tornado6 (Important)SUSE Linux Micro 6.2
This update for python-tornado6 fixes the following issues:
- CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553).
- incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes
(bsc#1259630).
ImportantSUSE bug 1259553SUSE bug 1259630CVE-2026-31958 at SUSECVE-2026-31958 at NVDcpe:/o:suse:sl-micro:6.2Security update for harfbuzz (Moderate)SUSE Linux Micro 6.2
This update for harfbuzz fixes the following issues:
Update to version 11.4.5:
Security fixes:
- CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459).
Other fixes:
- Bug fixes for “AAT” shaping, and other shaping micro
optimizations.
- Fix a shaping regression affecting mark glyphs in certain
fonts.
- Fix pruning of mark filtering sets when subsetting fonts, which
caused changes in shaping behaviour.
- Make shaping fail much faster for certain malformed fonts
(e.g., those that trigger infinite recursion).
- Fix undefined behaviour introduced in 11.4.2.
- Fix detection of the “Cambria Math” font when fonts are scaled,
so the workaround for the bad MATH table constant is applied.
- Various performance and memory usage improvements.
- The hb-shape command line tool can now be built with the
amalgamated harfbuzz.cc source.
- Fix regression in handling version 2 of avar table.
- Increase various buffer length limits for better handling of
fonts that generate huge number of glyphs per codepoint (e.g.
Noto Sans Duployan).
- Improvements to the harfrust shaper for more accurate testing.
- Fix clang compiler warnings.
- General shaping and subsetting speedups.
- Fix in Graphite shaping backend when glyph advances became
negative.
- Subsetting improvements, pruning empty mark-attachment lookups.
- Don't use the macro name _S, which is reserved by system
liberaries.
- Build fixes and speedup.
- Add a kbts shaping backend that calls into the kb_text_shape
single-header shaping library. This is purely for testing and
performance evaluation and we do NOT recommend using it for any
other purposes.
- Fix bug in vertical shaping of fonts without the vmtx table.
- Fix build with non-compliant C++11 compilers that don't
recognize the "and" keyword.
- Fix crasher in the glyph_v_origin function introduced in
11.3.0.
- Speed up handling fonts with very large number of variations.
- Speed up getting horizontal and vertical glyph advances by up
to 24%.
- Significantly speed up vertical text shaping.
- Various documentation improvements.
- Various build improvements.
- Various subsetting improvements.
- Various improvements to Rust font functions (fontations
integration) and shaper (HarfRust integration).
- Rename harfruzz option and shaper to harfrust following
upstream rename.
- Implement hb_face_reference_blob() for DirectWrite font
functions.
- Various build improvements.
- Fix build with HB_NO_DRAW and HB_NO_PAINT.
- Add an optional harfruzz shaper that uses HarfRuzz; an ongoing
Rust port of HarfBuzz shaping. This shaper is mainly used for
testing the output of the Rust implementation.
- Fix regression that caused applying unsafe_to_break() to the
whole buffer to be ignored.
- Update USE data files.
- Fix getting advances of out-of-rage glyph indices in
DirectWrite font functions.
- Painting of COLRv1 fonts without clip boxes is now about 10
times faster.
- Synthetic bold/slant of a sub font is now respected, instead of
using the parent’s.
- Glyph extents for fonts synthetic bold/slant are now accurately
calculated.
- Various build fixes.
- Include bidi mirroring variants of the requested codepoints
when subsetting. The new HB_SUBSET_FLAGS_NO_BIDI_CLOSURE can be
used to disable this behaviour.
- Various bug fixes.
- Various build fixes and improvements.
- Various test suite improvements.
- The change in version 10.3.0 to apply “trak” table tracking
values to glyph advances directly has been reverted as it
required every font functions implementation to handle it,
which breaks existing custom font functions. Tracking is
instead back to being applied during shaping.
- When directwrite integration is enabled, we now link to
dwrite.dll instead of dynamically loading it.
- A new experimental APIs for getting raw “CFF” and “CFF2”
CharStrings.
- We now provide manpages for the various command line utilities.
Building manpages requires “help2man” and will be skipped if it
is not present.
- The command line utilities now set different return value for
different kinds of failures. Details are provided in the
manpages.
- Various fixes and improvements to fontations font functions.
- All shaping operations using the ot shaper have become memory
allocation-free.
- Glyph extents returned by hb-ot and hb-ft font functions are
now rounded in stead of flooring/ceiling them, which also
matches what other font libraries do.
- Fix “AAT” deleted glyph marks interfering with fallback mark
positioning.
- Glyph outlines emboldening have been moved out of hb-ot and
hb-ft font functions to the HarfBuzz font layer, so that it
works with any font functions implementation.
- Fix our fallback C++11 atomics integration, which seems to not
be widely used.
- Various testing fixes and improvements.
- Various subsetting fixes and improvements.
- Various other fixes and improvements.
ModerateSUSE bug 1256459CVE-2026-22693 at SUSECVE-2026-22693 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1255052SUSE bug 1255053SUSE bug 1255378SUSE bug 1255402SUSE bug 1255895SUSE bug 1256624SUSE bug 1256644CVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1255052SUSE bug 1255053SUSE bug 1255378SUSE bug 1255402SUSE bug 1255895SUSE bug 1256624SUSE bug 1256644SUSE bug 1257669CVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40284 at SUSECVE-2025-40284 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1247240SUSE bug 1255052SUSE bug 1255053SUSE bug 1255378SUSE bug 1255402SUSE bug 1255895SUSE bug 1256624SUSE bug 1256644SUSE bug 1257669CVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40284 at SUSECVE-2025-40284 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1256624SUSE bug 1256644CVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1255052SUSE bug 1255053SUSE bug 1255378SUSE bug 1255402SUSE bug 1255895SUSE bug 1256624SUSE bug 1256644SUSE bug 1257669CVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40284 at SUSECVE-2025-40284 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for nghttp2 (Important)SUSE Linux Micro 6.2
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
ImportantSUSE bug 1259845CVE-2026-27135 at SUSECVE-2026-27135 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Important)SUSE Linux Micro 6.2
The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues.
The following security issues were fixed:
- CVE-2025-39753: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590).
- CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).
- CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).
- CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).
- CVE-2025-40230: mm: prevent poison consumption when splitting THP (bsc#1254817).
- CVE-2025-68173: ftrace: Fix softlockup in ftrace_module_enable (bsc#1255311).
- CVE-2025-68186: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (bsc#1255144).
- CVE-2025-68292: mm/memfd: fix information leak in hugetlb folios (bsc#1255148).
- CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129).
- CVE-2025-68329: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (bsc#1255490).
- CVE-2025-68371: scsi: smartpqi: Fix device resources accessed after device removal (bsc#1255572).
- CVE-2025-68745: scsi: qla2xxx: Clear cmds after chip reset (bsc#1255721).
- CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).
- CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679).
- CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).
- CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).
- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
- CVE-2025-71134: mm/page_alloc: change all pageblocks migrate type on coalescing (bsc#1256732).
- CVE-2025-71161: dm-verity: disable recursive forward error correction (bsc#1257174).
- CVE-2025-71184: btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635).
- CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686).
- CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).
- CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228).
- CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209).
- CVE-2026-23003: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1257246).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332).
- CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).
- CVE-2026-23022: idpf: fix memory leak in idpf_vc_core_deinit() (bsc#1257581).
- CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556).
- CVE-2026-23024: idpf: fix memory leak of flow steer list on rmmod (bsc#1257572).
- CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559).
- CVE-2026-23042: idpf: fix aux device unplugging when rdma is not supported by vport (bsc#1257705).
- CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
- CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718).
- CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
- CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
- CVE-2026-23066: rxrpc: Fix recvmsg() unconditional requeue (bsc#1257726).
- CVE-2026-23068: spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805).
- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).
- CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23083: tools: ynl-gen: use big-endian netlink attribute types (bsc#1257745).
- CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830).
- CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).
- CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).
- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
- CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
- CVE-2026-23097: migrate: correct lock ordering for hugetlb file folios (bsc#1257815).
- CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816).
- CVE-2026-23100: mm/hugetlb: fix hugetlb_pmd_shared() (bsc#1257817).
- CVE-2026-23102: arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772).
- CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
- CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775).
- CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).
- CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).
- CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184).
- CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).
- CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273).
- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
- CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304).
- CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).
- CVE-2026-23142: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (bsc#1258289).
- CVE-2026-23144: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (bsc#1258290).
- CVE-2026-23148: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (bsc#1258258).
- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
- CVE-2026-23161: mm/shmem, swap: fix race of truncate and swap entry split (bsc#1258355).
- CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272).
- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).
- CVE-2026-23171: bonding: fix use-after-free due to enslave fail after slave array update (bsc#1258349).
- CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).
- CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394).
- CVE-2026-23189: ceph: fix NULL pointer dereference in ceph_mds_auth_match() (bsc#1258308).
- CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321).
- CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517).
- CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).
- CVE-2026-23223: xfs: fix UAF in xchk_btree_check_block_owner (bsc#1258483).
- CVE-2026-23224: erofs: fix UAF issue for file-backed mounts w/ directio option (bsc#1258461).
The following non security issues were fixed:
- ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).
- Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971).
- HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455).
- HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868).
- PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672)
- PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672)
- PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).
- Refresh and move upstreamed ath12k patch into sorted section
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153)
- add bugnumber to existing mana change (bsc#1252266).
- arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329)
- bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes).
- clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818).
- clocksource: Print durations for sync check unconditionally (bsc#1257818).
- clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818).
- clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818).
- dm: Fix deadlock when reloading a multipath table (bsc#1254928).
- drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes).
- gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes).
- i3c: master: Update hot-join flag only on success (git-fixes).
- ktls, sockmap: Fix missing uncharge operation (bsc#1252008).
- media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes).
- modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- platform/x86/amd: amd_3d_vcache: Add AMD 3D V-Cache optimizer driver (jsc#PED-11563).
- sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634).
- sched/deadline: Fix race in push_dl_task() (bsc#1234634).
- sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634).
- sched/fair: Fix pelt clock sync when entering idle (bsc#1234634).
- sched/fair: Fix pelt lost idle time detection (bsc#1234634).
- staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).
ImportantSUSE bug 1234634SUSE bug 1249590SUSE bug 1250748SUSE bug 1251135SUSE bug 1251966SUSE bug 1251971SUSE bug 1252008SUSE bug 1252266SUSE bug 1252911SUSE bug 1252924SUSE bug 1253129SUSE bug 1253691SUSE bug 1254817SUSE bug 1254928SUSE bug 1255129SUSE bug 1255144SUSE bug 1255148SUSE bug 1255311SUSE bug 1255490SUSE bug 1255572SUSE bug 1255721SUSE bug 1255868SUSE bug 1256640SUSE bug 1256675SUSE bug 1256679SUSE bug 1256708SUSE bug 1256732SUSE bug 1256784SUSE bug 1256802SUSE bug 1256865SUSE bug 1256867SUSE bug 1257154SUSE bug 1257174SUSE bug 1257209SUSE bug 1257222SUSE bug 1257228SUSE bug 1257231SUSE bug 1257246SUSE bug 1257332SUSE bug 1257466SUSE bug 1257472SUSE bug 1257473SUSE bug 1257551SUSE bug 1257552SUSE bug 1257553SUSE bug 1257554SUSE bug 1257556SUSE bug 1257557SUSE bug 1257559SUSE bug 1257560SUSE bug 1257561SUSE bug 1257562SUSE bug 1257565SUSE bug 1257570SUSE bug 1257572SUSE bug 1257573SUSE bug 1257576SUSE bug 1257579SUSE bug 1257580SUSE bug 1257581SUSE bug 1257586SUSE bug 1257600SUSE bug 1257631SUSE bug 1257635SUSE bug 1257679SUSE bug 1257682SUSE bug 1257686SUSE bug 1257687SUSE bug 1257688SUSE bug 1257704SUSE bug 1257705SUSE bug 1257706SUSE bug 1257707SUSE bug 1257709SUSE bug 1257714SUSE bug 1257715SUSE bug 1257716SUSE bug 1257718SUSE bug 1257722SUSE bug 1257723SUSE bug 1257726SUSE bug 1257729SUSE bug 1257730SUSE bug 1257732SUSE bug 1257734SUSE bug 1257735SUSE bug 1257737SUSE bug 1257739SUSE bug 1257740SUSE bug 1257741SUSE bug 1257742SUSE bug 1257743SUSE bug 1257745SUSE bug 1257749SUSE bug 1257750SUSE bug 1257755SUSE bug 1257757SUSE bug 1257758SUSE bug 1257759SUSE bug 1257761SUSE bug 1257762SUSE bug 1257763SUSE bug 1257765SUSE bug 1257768SUSE bug 1257770SUSE bug 1257772SUSE bug 1257775SUSE bug 1257776SUSE bug 1257788SUSE bug 1257789SUSE bug 1257790SUSE bug 1257805SUSE bug 1257808SUSE bug 1257809SUSE bug 1257811SUSE bug 1257813SUSE bug 1257814SUSE bug 1257815SUSE bug 1257816SUSE bug 1257817SUSE bug 1257818SUSE bug 1257830SUSE bug 1257942SUSE bug 1257952SUSE bug 1258153SUSE bug 1258181SUSE bug 1258184SUSE bug 1258222SUSE bug 1258232SUSE bug 1258234SUSE bug 1258237SUSE bug 1258245SUSE bug 1258249SUSE bug 1258252SUSE bug 1258256SUSE bug 1258258SUSE bug 1258259SUSE bug 1258272SUSE bug 1258273SUSE bug 1258276SUSE bug 1258277SUSE bug 1258279SUSE bug 1258286SUSE bug 1258289SUSE bug 1258290SUSE bug 1258297SUSE bug 1258298SUSE bug 1258299SUSE bug 1258303SUSE bug 1258304SUSE bug 1258308SUSE bug 1258309SUSE bug 1258313SUSE bug 1258317SUSE bug 1258321SUSE bug 1258323SUSE bug 1258324SUSE bug 1258326SUSE bug 1258331SUSE bug 1258338SUSE bug 1258349SUSE bug 1258354SUSE bug 1258355SUSE bug 1258358SUSE bug 1258374SUSE bug 1258376SUSE bug 1258377SUSE bug 1258379SUSE bug 1258389SUSE bug 1258394SUSE bug 1258395SUSE bug 1258397SUSE bug 1258411SUSE bug 1258415SUSE bug 1258419SUSE bug 1258421SUSE bug 1258422SUSE bug 1258424SUSE bug 1258429SUSE bug 1258430SUSE bug 1258442SUSE bug 1258455SUSE bug 1258461SUSE bug 1258464SUSE bug 1258465SUSE bug 1258468SUSE bug 1258469SUSE bug 1258483SUSE bug 1258484SUSE bug 1258489SUSE bug 1258517SUSE bug 1258518SUSE bug 1258519SUSE bug 1258520SUSE bug 1258524SUSE bug 1258544SUSE bug 1258660SUSE bug 1258672SUSE bug 1258824SUSE bug 1259329CVE-2025-39753 at SUSECVE-2025-39753 at NVDCVE-2025-39964 at SUSECVE-2025-39964 at NVDCVE-2025-40099 at SUSECVE-2025-40099 at NVDCVE-2025-40103 at SUSECVE-2025-40103 at NVDCVE-2025-40230 at SUSECVE-2025-40230 at NVDCVE-2025-68173 at SUSECVE-2025-68173 at NVDCVE-2025-68186 at SUSECVE-2025-68186 at NVDCVE-2025-68292 at SUSECVE-2025-68292 at NVDCVE-2025-68295 at SUSECVE-2025-68295 at NVDCVE-2025-68329 at SUSECVE-2025-68329 at NVDCVE-2025-68371 at SUSECVE-2025-68371 at NVDCVE-2025-68745 at SUSECVE-2025-68745 at NVDCVE-2025-68785 at SUSECVE-2025-68785 at NVDCVE-2025-68810 at SUSECVE-2025-68810 at NVDCVE-2025-68818 at SUSECVE-2025-68818 at NVDCVE-2025-71071 at SUSECVE-2025-71071 at NVDCVE-2025-71104 at SUSECVE-2025-71104 at NVDCVE-2025-71125 at SUSECVE-2025-71125 at NVDCVE-2025-71134 at SUSECVE-2025-71134 at NVDCVE-2025-71161 at SUSECVE-2025-71161 at NVDCVE-2025-71182 at SUSECVE-2025-71182 at NVDCVE-2025-71183 at SUSECVE-2025-71183 at NVDCVE-2025-71184 at SUSECVE-2025-71184 at NVDCVE-2025-71185 at SUSECVE-2025-71185 at NVDCVE-2025-71186 at SUSECVE-2025-71186 at NVDCVE-2025-71188 at SUSECVE-2025-71188 at NVDCVE-2025-71189 at SUSECVE-2025-71189 at NVDCVE-2025-71190 at SUSECVE-2025-71190 at NVDCVE-2025-71191 at SUSECVE-2025-71191 at NVDCVE-2025-71192 at SUSECVE-2025-71192 at NVDCVE-2025-71193 at SUSECVE-2025-71193 at NVDCVE-2025-71194 at SUSECVE-2025-71194 at NVDCVE-2025-71195 at SUSECVE-2025-71195 at NVDCVE-2025-71196 at SUSECVE-2025-71196 at NVDCVE-2025-71197 at SUSECVE-2025-71197 at NVDCVE-2025-71198 at SUSECVE-2025-71198 at NVDCVE-2025-71199 at SUSECVE-2025-71199 at NVDCVE-2025-71200 at SUSECVE-2025-71200 at NVDCVE-2025-71222 at SUSECVE-2025-71222 at NVDCVE-2025-71224 at SUSECVE-2025-71224 at NVDCVE-2025-71225 at SUSECVE-2025-71225 at NVDCVE-2025-71229 at SUSECVE-2025-71229 at NVDCVE-2025-71231 at SUSECVE-2025-71231 at NVDCVE-2025-71232 at SUSECVE-2025-71232 at NVDCVE-2025-71233 at SUSECVE-2025-71233 at NVDCVE-2025-71234 at SUSECVE-2025-71234 at NVDCVE-2025-71235 at SUSECVE-2025-71235 at NVDCVE-2025-71236 at SUSECVE-2025-71236 at NVDCVE-2026-22979 at SUSECVE-2026-22979 at NVDCVE-2026-22980 at SUSECVE-2026-22980 at NVDCVE-2026-22998 at SUSECVE-2026-22998 at NVDCVE-2026-23003 at SUSECVE-2026-23003 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23010 at SUSECVE-2026-23010 at NVDCVE-2026-23017 at SUSECVE-2026-23017 at NVDCVE-2026-23018 at SUSECVE-2026-23018 at NVDCVE-2026-23021 at SUSECVE-2026-23021 at NVDCVE-2026-23022 at SUSECVE-2026-23022 at NVDCVE-2026-23023 at SUSECVE-2026-23023 at NVDCVE-2026-23024 at SUSECVE-2026-23024 at NVDCVE-2026-23026 at SUSECVE-2026-23026 at NVDCVE-2026-23030 at SUSECVE-2026-23030 at NVDCVE-2026-23031 at SUSECVE-2026-23031 at NVDCVE-2026-23033 at SUSECVE-2026-23033 at NVDCVE-2026-23035 at SUSECVE-2026-23035 at NVDCVE-2026-23037 at SUSECVE-2026-23037 at NVDCVE-2026-23038 at SUSECVE-2026-23038 at NVDCVE-2026-23042 at SUSECVE-2026-23042 at NVDCVE-2026-23047 at SUSECVE-2026-23047 at NVDCVE-2026-23049 at SUSECVE-2026-23049 at NVDCVE-2026-23050 at SUSECVE-2026-23050 at NVDCVE-2026-23053 at SUSECVE-2026-23053 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23055 at SUSECVE-2026-23055 at NVDCVE-2026-23056 at SUSECVE-2026-23056 at NVDCVE-2026-23057 at SUSECVE-2026-23057 at NVDCVE-2026-23058 at SUSECVE-2026-23058 at NVDCVE-2026-23059 at SUSECVE-2026-23059 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23061 at SUSECVE-2026-23061 at NVDCVE-2026-23062 at SUSECVE-2026-23062 at NVDCVE-2026-23063 at SUSECVE-2026-23063 at NVDCVE-2026-23064 at SUSECVE-2026-23064 at NVDCVE-2026-23065 at SUSECVE-2026-23065 at NVDCVE-2026-23066 at SUSECVE-2026-23066 at NVDCVE-2026-23068 at SUSECVE-2026-23068 at NVDCVE-2026-23069 at SUSECVE-2026-23069 at NVDCVE-2026-23070 at SUSECVE-2026-23070 at NVDCVE-2026-23071 at SUSECVE-2026-23071 at NVDCVE-2026-23073 at SUSECVE-2026-23073 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23076 at SUSECVE-2026-23076 at NVDCVE-2026-23078 at SUSECVE-2026-23078 at NVDCVE-2026-23080 at SUSECVE-2026-23080 at NVDCVE-2026-23082 at SUSECVE-2026-23082 at NVDCVE-2026-23083 at SUSECVE-2026-23083 at NVDCVE-2026-23084 at SUSECVE-2026-23084 at NVDCVE-2026-23085 at SUSECVE-2026-23085 at NVDCVE-2026-23086 at SUSECVE-2026-23086 at NVDCVE-2026-23088 at SUSECVE-2026-23088 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDCVE-2026-23090 at SUSECVE-2026-23090 at NVDCVE-2026-23091 at SUSECVE-2026-23091 at NVDCVE-2026-23094 at SUSECVE-2026-23094 at NVDCVE-2026-23095 at SUSECVE-2026-23095 at NVDCVE-2026-23096 at SUSECVE-2026-23096 at NVDCVE-2026-23097 at SUSECVE-2026-23097 at NVDCVE-2026-23099 at SUSECVE-2026-23099 at NVDCVE-2026-23100 at SUSECVE-2026-23100 at NVDCVE-2026-23101 at SUSECVE-2026-23101 at NVDCVE-2026-23102 at SUSECVE-2026-23102 at NVDCVE-2026-23104 at SUSECVE-2026-23104 at NVDCVE-2026-23105 at SUSECVE-2026-23105 at NVDCVE-2026-23107 at SUSECVE-2026-23107 at NVDCVE-2026-23108 at SUSECVE-2026-23108 at NVDCVE-2026-23110 at SUSECVE-2026-23110 at NVDCVE-2026-23111 at SUSECVE-2026-23111 at NVDCVE-2026-23112 at SUSECVE-2026-23112 at NVDCVE-2026-23116 at SUSECVE-2026-23116 at NVDCVE-2026-23119 at SUSECVE-2026-23119 at NVDCVE-2026-23121 at SUSECVE-2026-23121 at NVDCVE-2026-23123 at SUSECVE-2026-23123 at NVDCVE-2026-23128 at SUSECVE-2026-23128 at NVDCVE-2026-23129 at SUSECVE-2026-23129 at NVDCVE-2026-23131 at SUSECVE-2026-23131 at NVDCVE-2026-23133 at SUSECVE-2026-23133 at NVDCVE-2026-23135 at SUSECVE-2026-23135 at NVDCVE-2026-23136 at SUSECVE-2026-23136 at NVDCVE-2026-23137 at SUSECVE-2026-23137 at NVDCVE-2026-23139 at SUSECVE-2026-23139 at NVDCVE-2026-23141 at SUSECVE-2026-23141 at NVDCVE-2026-23142 at SUSECVE-2026-23142 at NVDCVE-2026-23144 at SUSECVE-2026-23144 at NVDCVE-2026-23145 at SUSECVE-2026-23145 at NVDCVE-2026-23146 at SUSECVE-2026-23146 at NVDCVE-2026-23148 at SUSECVE-2026-23148 at NVDCVE-2026-23150 at SUSECVE-2026-23150 at NVDCVE-2026-23151 at SUSECVE-2026-23151 at NVDCVE-2026-23152 at SUSECVE-2026-23152 at NVDCVE-2026-23154 at SUSECVE-2026-23154 at NVDCVE-2026-23155 at SUSECVE-2026-23155 at NVDCVE-2026-23156 at SUSECVE-2026-23156 at NVDCVE-2026-23157 at SUSECVE-2026-23157 at NVDCVE-2026-23158 at SUSECVE-2026-23158 at NVDCVE-2026-23161 at SUSECVE-2026-23161 at NVDCVE-2026-23163 at SUSECVE-2026-23163 at NVDCVE-2026-23166 at SUSECVE-2026-23166 at NVDCVE-2026-23167 at SUSECVE-2026-23167 at NVDCVE-2026-23169 at SUSECVE-2026-23169 at NVDCVE-2026-23170 at SUSECVE-2026-23170 at NVDCVE-2026-23171 at SUSECVE-2026-23171 at NVDCVE-2026-23172 at SUSECVE-2026-23172 at NVDCVE-2026-23173 at SUSECVE-2026-23173 at NVDCVE-2026-23176 at SUSECVE-2026-23176 at NVDCVE-2026-23177 at SUSECVE-2026-23177 at NVDCVE-2026-23178 at SUSECVE-2026-23178 at NVDCVE-2026-23179 at SUSECVE-2026-23179 at NVDCVE-2026-23182 at SUSECVE-2026-23182 at NVDCVE-2026-23188 at SUSECVE-2026-23188 at NVDCVE-2026-23189 at SUSECVE-2026-23189 at NVDCVE-2026-23190 at SUSECVE-2026-23190 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23198 at SUSECVE-2026-23198 at NVDCVE-2026-23202 at SUSECVE-2026-23202 at NVDCVE-2026-23207 at SUSECVE-2026-23207 at NVDCVE-2026-23208 at SUSECVE-2026-23208 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23210 at SUSECVE-2026-23210 at NVDCVE-2026-23213 at SUSECVE-2026-23213 at NVDCVE-2026-23214 at SUSECVE-2026-23214 at NVDCVE-2026-23221 at SUSECVE-2026-23221 at NVDCVE-2026-23222 at SUSECVE-2026-23222 at NVDCVE-2026-23223 at SUSECVE-2026-23223 at NVDCVE-2026-23224 at SUSECVE-2026-23224 at NVDCVE-2026-23229 at SUSECVE-2026-23229 at NVDCVE-2026-23230 at SUSECVE-2026-23230 at NVDcpe:/o:suse:sl-micro:6.2Security update for the initial kernel livepatch (Important)SUSE Linux Micro 6.2
This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update.
Importantcpe:/o:suse:sl-micro:6.2Security update for python-pyasn1 (Important)SUSE Linux Micro 6.2
This update for python-pyasn1 fixes the following issue:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
ImportantSUSE bug 1259803CVE-2026-30922 at SUSECVE-2026-30922 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1256624SUSE bug 1256644CVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1255052SUSE bug 1255053SUSE bug 1255378SUSE bug 1255402SUSE bug 1255895SUSE bug 1256624SUSE bug 1256644CVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for python-PyJWT (Important)SUSE Linux Micro 6.2
This update for python-PyJWT fixes the following issue:
Update to PyJWT 2.12.1:
- CVE-2026-32597: PyJWT accepts unknown `crit` header extensions (bsc#1259616).
Changelog:
Update to 2.12.1:
- Add missing typing_extensions dependency for Python < 3.11 in
#1150
Update to 2.12.0:
- Annotate PyJWKSet.keys for pyright by @tamird in #1134
- Close HTTPError response to prevent ResourceWarning on
Python 3.14 by @veeceey in #1133
- Do not keep algorithms dict in PyJWK instances by @akx in
#1143
- Use PyJWK algorithm when encoding without explicit
algorithm in #1148
- Docs: Add PyJWKClient API reference and document the
two-tier caching system (JWK Set cache and signing key LRU
cache).
Update to 2.11.0:
- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in #1105
- Validate key against allowed types for Algorithm family in
#964
- Add iterator for JWKSet in #1041
- Validate iss claim is a string during encoding and decoding
by @pachewise in #1040
- Improve typing/logic for options in decode, decode_complete
by @pachewise in #1045
- Declare float supported type for lifespan and timeout by
@nikitagashkov in #1068
- Fix SyntaxWarnings/DeprecationWarnings caused by invalid
escape sequences by @kurtmckee in #1103
- Development: Build a shared wheel once to speed up test
suite setup times by @kurtmckee in #1114
- Development: Test type annotations across all supported
Python versions, increase the strictness of the type
checking, and remove the mypy pre-commit hook by @kurtmckee
in #1112
- Support Python 3.14, and test against PyPy 3.10 and 3.11 by
@kurtmckee in #1104
- Development: Migrate to build to test package building in
CI by @kurtmckee in #1108
- Development: Improve coverage config and eliminate unused
test suite code by @kurtmckee in #1115
- Docs: Standardize CHANGELOG links to PRs by @kurtmckee in
#1110
- Docs: Fix Read the Docs builds by @kurtmckee in #1111
- Docs: Add example of using leeway with nbf by @djw8605 in
#1034
- Docs: Refactored docs with autodoc; added PyJWS and
jwt.algorithms docs by @pachewise in #1045
- Docs: Documentation improvements for "sub" and "jti" claims
by @cleder in #1088
- Development: Add pyupgrade as a pre-commit hook by
@kurtmckee in #1109
- Add minimum key length validation for HMAC and RSA keys
(CWE-326). Warns by default via InsecureKeyLengthWarning
when keys are below minimum recommended lengths per RFC
7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass
enforce_minimum_key_length=True in options to PyJWT or
PyJWS to raise InvalidKeyError instead.
- Refactor PyJWT to own an internal PyJWS instance instead of
calling global api_jws functions.
ImportantSUSE bug 1259616CVE-2026-32597 at SUSECVE-2026-32597 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1247240SUSE bug 1255052SUSE bug 1255053SUSE bug 1255378SUSE bug 1255402SUSE bug 1255895SUSE bug 1256624SUSE bug 1256644SUSE bug 1257669CVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40284 at SUSECVE-2025-40284 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1255052SUSE bug 1255053SUSE bug 1255378SUSE bug 1255402SUSE bug 1255895SUSE bug 1256624SUSE bug 1256644SUSE bug 1257669CVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40284 at SUSECVE-2025-40284 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053).
- CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624).
ImportantSUSE bug 1255052SUSE bug 1255053SUSE bug 1255378SUSE bug 1255402SUSE bug 1255895SUSE bug 1256624SUSE bug 1256644SUSE bug 1257669CVE-2025-40214 at SUSECVE-2025-40214 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40284 at SUSECVE-2025-40284 at NVDCVE-2025-40297 at SUSECVE-2025-40297 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDcpe:/o:suse:sl-micro:6.2Security update for net-tools (Moderate)SUSE Linux Micro 6.2
This update for net-tools fixes the following issues:
- Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq-cmw2-cq59).
- Avoid unsafe memcpy in ifconfig (bsc#1248687).
- Prevent overflow in ax25 and netrom (bsc#1248687)
- Keep possibility to enter long interface names, even if they are
not accepted by the kernel, because it was always possible up to
CVE-2025-46836 fix. But issue a warning about an interface name
concatenation (bsc#1248410).
ModerateSUSE bug 1243581SUSE bug 1248410SUSE bug 1248687SUSE bug 142461SUSE bug 430864SUSE bug 544339CVE-2025-46836 at SUSECVE-2025-46836 at NVDcpe:/o:suse:sl-micro:6.2Security update for docker-compose (Important)SUSE Linux Micro 6.2
This update for docker-compose fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253584).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds
read (bsc#1254041).
- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files
(bsc#1252752).
ImportantSUSE bug 1252752SUSE bug 1253584SUSE bug 1254041CVE-2025-47913 at SUSECVE-2025-47913 at NVDCVE-2025-47914 at SUSECVE-2025-47914 at NVDCVE-2025-62725 at SUSECVE-2025-62725 at NVDcpe:/o:suse:sl-micro:6.2Security update for runc (Important)SUSE Linux Micro 6.2
This update for runc fixes the following issues:
- Update to runc v1.3.3:
* CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing
runc's restrictions for writing to arbitrary /proc files (bsc#1252232)
ImportantSUSE bug 1252110SUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sl-micro:6.2Security update for gnutls (Moderate)SUSE Linux Micro 6.2
This update for gnutls fixes the following issues:
- CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960)
- CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
- Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753)
ModerateSUSE bug 1254132SUSE bug 1257960SUSE bug 1258083CVE-2025-14831 at SUSECVE-2025-14831 at NVDCVE-2025-9820 at SUSECVE-2025-9820 at NVDcpe:/o:suse:sl-micro:6.2Security update for expat (Important)SUSE Linux Micro 6.2
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition
(bsc#1259729).
ImportantSUSE bug 1259711SUSE bug 1259726SUSE bug 1259729CVE-2026-32776 at SUSECVE-2026-32776 at NVDCVE-2026-32777 at SUSECVE-2026-32777 at NVDCVE-2026-32778 at SUSECVE-2026-32778 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit-repos (Important)SUSE Linux Micro 6.2
This update for cockpit-repos fixes the following issue:
- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character
that doesn't appear in the test string (bsc#1258637).
ImportantSUSE bug 1258637CVE-2026-26996 at SUSECVE-2026-26996 at NVDcpe:/o:suse:sl-micro:6.2Security update for libpng16 (Important)SUSE Linux Micro 6.2
This update for libpng16 fixes the following issues:
- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
execution (bsc#1260754).
- CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and
crashes (bsc#1260755).
ImportantSUSE bug 1260754SUSE bug 1260755CVE-2026-33416 at SUSECVE-2026-33416 at NVDCVE-2026-33636 at SUSECVE-2026-33636 at NVDcpe:/o:suse:sl-micro:6.2Security update for libtasn1 (Moderate)SUSE Linux Micro 6.2
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in
`asn1_expend_octet_string` (bsc#1256341).
ModerateSUSE bug 1256341CVE-2025-13151 at SUSECVE-2025-13151 at NVDcpe:/o:suse:sl-micro:6.2Security update for systemd (Important)SUSE Linux Micro 6.2
This update for systemd fixes the following issues:
Update to systemd v257.13:
Security issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697).
Non security issues:
- Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853).
- Sign systemd-boot EFI binary on aarch64 (bsc#1258344)
- terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326)
Changelog:
- 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
- 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111)
- fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28
ImportantSUSE bug 1255326SUSE bug 1258344SUSE bug 1259418SUSE bug 1259650SUSE bug 1259697CVE-2026-29111 at SUSECVE-2026-29111 at NVDCVE-2026-4105 at SUSECVE-2026-4105 at NVDcpe:/o:suse:sl-micro:6.2Security update for tar (Important)SUSE Linux Micro 6.2
This update for tar fixes the following issue:
Security issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
Non security issue:
- Fixes tar creating invalid tarballs when used with --delete (bsc#1246607)
ImportantSUSE bug 1246399SUSE bug 1246607CVE-2025-45582 at SUSECVE-2025-45582 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues
The following security issues were fixed:
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).
ImportantSUSE bug 1258051SUSE bug 1258183SUSE bug 1258784CVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23111 at SUSECVE-2026-23111 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).
ImportantSUSE bug 1256780SUSE bug 1257238SUSE bug 1258051SUSE bug 1258183SUSE bug 1258784CVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23111 at SUSECVE-2026-23111 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).
ImportantSUSE bug 1256780SUSE bug 1257238SUSE bug 1258051SUSE bug 1258183SUSE bug 1258784CVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23111 at SUSECVE-2026-23111 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).
ImportantSUSE bug 1252036SUSE bug 1252689SUSE bug 1253404SUSE bug 1256780SUSE bug 1257238SUSE bug 1258051SUSE bug 1258183SUSE bug 1258784CVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40159 at SUSECVE-2025-40159 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23111 at SUSECVE-2026-23111 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).
ImportantSUSE bug 1252036SUSE bug 1252689SUSE bug 1253404SUSE bug 1256780SUSE bug 1257238SUSE bug 1258051SUSE bug 1258183SUSE bug 1258784CVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40159 at SUSECVE-2025-40159 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23111 at SUSECVE-2026-23111 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).
ImportantSUSE bug 1253404SUSE bug 1256780SUSE bug 1257238SUSE bug 1258051SUSE bug 1258183SUSE bug 1258784CVE-2025-40159 at SUSECVE-2025-40159 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23111 at SUSECVE-2026-23111 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Important)SUSE Linux Micro 6.2
The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953).
- CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108).
- CVE-2024-57952: Revert "libfs: fix infinite directory reads for offset dir" (bsc#1237131).
- CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324).
- CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435).
- CVE-2025-22077: Revert "smb: client: fix TCP timers deadlock after rmmod" (bsc#1241403).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864).
- CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000).
- CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068).
- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
- CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965).
- CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930).
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000).
- CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792).
- CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812).
- CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151).
- CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216).
- CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734).
- CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659).
- CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663).
- CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664).
- CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695).
- CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700).
- CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710).
- CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767).
- CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780).
- CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012).
- CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973).
- CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977).
- CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005).
- CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815).
- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
- CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966).
- CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976).
- CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176).
- CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183).
- CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193).
- CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181).
- CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188).
- CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185).
- CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248).
- CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245).
- CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252).
- CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268).
- CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351).
- CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366).
- CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376).
- CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444).
- CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253).
- CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260).
- CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
- CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078).
- CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023).
- CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024).
- CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031).
- CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250).
- CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156).
- CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097).
- CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262).
- CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126).
- CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137).
- CVE-2025-38419: remoteproc: core: Cleanup acquired resources when
rproc_handle_resources() fails in rproc_attach() (bsc#1247136).
- CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252).
- CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155).
- CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290).
- CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167).
- CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162).
- CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229).
- CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102).
- CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234).
- CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099).
- CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098).
- CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116).
- CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113).
- CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313).
- CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243).
- CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280).
- CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088).
- CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190).
- CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202).
- CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194).
- CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192).
- CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199).
- CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200).
- CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211).
- CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225).
- CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).
- CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299).
- CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374).
- CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365).
- CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343).
- CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368).
- CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357).
- CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392).
- CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619).
- CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610).
- CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616).
- CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674).
- CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622).
- CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156).
- CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258).
- CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199).
- CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201).
- CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300).
- CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303).
- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314).
- CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494).
- CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533).
- CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524).
- CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510).
- CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508).
- CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504).
- CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500).
- CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526).
- CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550).
- CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032).
- CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179).
- CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205).
- CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974).
- CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365).
- CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251).
- CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294).
- CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398).
- CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722).
- CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483).
- CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387).
The following non-security bugs were fixed:
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes).
- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes).
- ACPI: LPSS: Remove AudioDSP related ID (git-fixes).
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes).
- ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes).
- ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes).
- ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes).
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: debug: fix signedness issues in read/write helpers (git-fixes).
- ACPI: pfr_update: Fix the driver update version check (git-fixes).
- ACPI: processor: Rescan "dead" SMT siblings during initialization (jsc#PED-13815).
- ACPI: processor: fix acpi_object initialization (stable-fixes).
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes).
- ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes).
- ACPI: processor: perflib: Move problematic pr->performance check (git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).
- ACPICA: Fix largest possible resource descriptor index (git-fixes).
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes).
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes).
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes).
- ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes).
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes).
- ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes).
- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes).
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes).
- ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes).
- ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes).
- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes).
- ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes).
- ALSA: hda: Disable jack polling at shutdown (stable-fixes).
- ALSA: hda: Handle the jack polling always via a work (stable-fixes).
- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes).
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes).
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes).
- ALSA: lx_core: use int type to store negative error codes (git-fixes).
- ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes).
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes).
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes).
- ALSA: timer: fix ida_free call while not allocated (git-fixes).
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes).
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes).
- ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes).
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes).
- ALSA: usb-audio: Convert comma to semicolon (git-fixes).
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).
- ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes).
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes).
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes).
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes).
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes).
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes).
- ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes).
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes).
- ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes).
- ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes).
- ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes).
- ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes).
- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes).
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes).
- ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes).
- ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes).
- ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes).
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes).
- ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes).
- ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes).
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes).
- ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes).
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes).
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes).
- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).
- ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes).
- ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes).
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes).
- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes).
- ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes).
- ASoC: qcom: use drvdata instead of component to keep id (stable-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes).
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes).
- ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes).
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes).
- ASoC: wm8940: Correct PLL rate rounding (git-fixes).
- ASoC: wm8940: Correct typo in control name (git-fixes).
- ASoC: wm8974: Correct PLL rate rounding (git-fixes).
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes).
- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).
- Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes).
- Bluetooth: ISO: free rx_skb if not consumed (git-fixes).
- Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).
- Bluetooth: MGMT: Fix possible UAFs (git-fixes).
- Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes).
- Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes).
- Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes).
- Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes).
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes).
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes).
- Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes).
- Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes).
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes).
- Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes).
- Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes).
- Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes).
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes).
- Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes).
- Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes).
- Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes).
- Bluetooth: hci_sync: fix set_local_name race condition (git-fixes).
- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes).
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- Disable CET before shutdown by tboot (bsc#1247950).
- Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes).
- Documentation/x86: Document new attack vector controls (git-fixes).
- Documentation: ACPI: Fix parent device references (git-fixes).
- Documentation: KVM: Fix unexpected unindent warning (git-fixes).
- Documentation: KVM: Fix unexpected unindent warnings (git-fixes).
- Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes).
- Drop ath12k patch that was reverted in the upstream (git-fixes)
- EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
- Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone
using CMA or investigating CMA issues, with a small and simple code base
and no runtime overhead.
- Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325)
- Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256).
- Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself.
- Fix dma_unmap_sg() nents value (git-fixes)
- HID: amd_sfh: Add sync across amd sfh work functions (git-fixes).
- HID: apple: avoid setting up battery timer for devices without battery (git-fixes).
- HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes).
- HID: asus: add support for missing PX series fn keys (stable-fixes).
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes).
- HID: core: do not bypass hid_hw_raw_request (stable-fixes).
- HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes).
- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes).
- HID: hidraw: tighten ioctl command parsing (git-fixes).
- HID: input: rename hidinput_set_battery_charge_status() (stable-fixes).
- HID: input: report battery status changes immediately (git-fixes).
- HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes).
- HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes).
- HID: magicmouse: avoid setting up battery timer when not needed (git-fixes).
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes).
- HID: quirks: add support for Legion Go dual dinput modes (stable-fixes).
- HID: wacom: Add a new Art Pen 2 (stable-fixes).
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)
- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: iqs7222 - avoid enabling unused interrupts (stable-fixes).
- Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).
- KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes).
- KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes).
- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes).
- KVM: Conditionally reschedule when resetting the dirty ring (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes).
- KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes).
- KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302).
- KVM: TDX: Do not report base TDVMCALLs (git-fixes).
- KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302).
- KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302).
- KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302).
- KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302).
- KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302).
- KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes).
- KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes).
- KVM: arm64: Fix error path in init_hyp_mode() (git-fixes).
- KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes).
- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).
- KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124).
- KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123).
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes).
- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes).
- KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes).
- KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes).
- KVM: x86: avoid underflow when scaling TSC frequency (git-fixes).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move upstreamed SPI patch into sorted section
- NFS: Fix a race when updating an existing write (git-fixes).
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes).
- NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes).
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes).
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes).
- NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes).
- NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes).
- NFSv4.2: another fix for listxattr (git-fixes).
- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).
- NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes).
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes).
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes).
- NFSv4: Do not clear capabilities that won't be reset (git-fixes).
- Octeontx2-af: Skip overlap check for SPI field (git-fixes).
- PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes).
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes).
- PCI/ERR: Fix uevent on failure to recover (git-fixes).
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes).
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457).
- PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes).
- PCI/pwrctrl: Fix device leak at registration (git-fixes).
- PCI/sysfs: Ensure devices are powered for config reads (git-fixes).
- PCI: Extend isolated function probing to LoongArch (git-fixes).
- PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes).
- PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes).
- PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes).
- PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes).
- PCI: endpoint: Fix configfs group list head handling (git-fixes).
- PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes).
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes).
- PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457).
- PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes).
- PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes).
- PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes).
- PCI: imx6: Delay link start until configfs 'start' written (git-fixes).
- PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings (git-fixes).
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (git-fixes).
- PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199).
- PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199).
- PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes).
- PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes).
- PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes).
- PCI: rcar-gen4: Fix PHY initialization (git-fixes).
- PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
- PCI: rcar-host: Drop PMSR spinlock (git-fixes).
- PCI: rockchip-host: Fix "Unexpected Completion" log message (git-fixes).
- PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes).
- PCI: rockchip: Use standard PCIe definitions (git-fixes).
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: tegra194: Handle errors in BPMP response (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes).
- PCI: xilinx-nwl: Fix ECAM programming (git-fixes).
- PM / devfreq: Check governor before using governor->name (git-fixes).
- PM / devfreq: Fix a index typo in trans_stat (git-fixes).
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes).
- PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes).
- PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes).
- PM: EM: use kfree_rcu() to simplify the code (stable-fixes).
- PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes).
- PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes).
- PM: sleep: console: Fix the black screen issue (stable-fixes).
- PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes).
- RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034).
- RAS/AMD/FMPM: Get masked address (bsc#1242034).
- RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes)
- RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes)
- RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes)
- RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes)
- RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes)
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)
- RDMA/core: Rate limit GID cache warning messages (git-fixes)
- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)
- RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes)
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes)
- RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes)
- RDMA/hns: Drop GFP_NOWARN (git-fixes)
- RDMA/hns: Fix -Wframe-larger-than issue (git-fixes)
- RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes)
- RDMA/hns: Fix accessing uninitialized resources (git-fixes)
- RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes)
- RDMA/hns: Fix double destruction of rsv_qp (git-fixes)
- RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes)
- RDMA/hns: Get message length of ack_req from FW (git-fixes)
- RDMA/mana_ib: Add device statistics support (bsc#1246651).
- RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135).
- RDMA/mana_ib: Extend modify QP (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes)
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes)
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes)
- RDMA/rxe: Fix race in do_task() when draining (git-fixes)
- RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes)
- RDMA/siw: Always report immediate post SQ errors (git-fixes)
- RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes)
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes)
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes)
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes)
- README.BRANCH: mfranc@suse.cz leaving SUSE
- RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348).
- Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes).
- Reapply "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" (jsc#PED-13815).
- Revert "SUNRPC: Do not allow waiting for exiting tasks" (git-fixes).
- Revert "drm/amdgpu: fix incorrect vm flags to map bo" (stable-fixes).
- Revert "drm/nouveau: check ioctl command codes better" (git-fixes).
- Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes).
- Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" (git-fixes).
- Revert "mac80211: Dynamically set CoDel parameters per station" (stable-fixes).
- Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (git-fixes).
- Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (stable-fixes).
- Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" (git-fixes).
- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).
- Squashfs: add additional inode sanity checking (git-fixes).
- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).
- Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes).
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes).
- USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes).
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes).
- USB: serial: option: add Foxconn T99W640 (stable-fixes).
- USB: serial: option: add Foxconn T99W709 (stable-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes).
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes).
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes).
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- Update config files: revive pwc driver for Leap (bsc#1249060)
- accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes).
- accel/ivpu: Correct DCT interrupt handling (git-fixes).
- accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes).
- accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes).
- accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes).
- amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes).
- aoe: defer rexmit timer downdev work to workqueue (git-fixes).
- arch/powerpc: Remove .interp section in vmlinux (bsc#1215199).
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes)
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes)
- arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes)
- arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes)
- arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes)
- arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
- arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes)
- arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes)
- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes)
- arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes)
- arm64: Handle KCOV __init vs inline mismatches (git-fixes)
- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)
- arm64: Restrict pagetable teardown to avoid false warning (git-fixes)
- arm64: config: Make tpm_tis_spi module build-in (bsc#1246896)
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes)
- arm64: dts: add big-endian property back into watchdog node (git-fixes)
- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)
- arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes)
- arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes)
- arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes)
- arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes)
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes)
- arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes)
- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)
- arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes)
- arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes)
- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)
- arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes)
- arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes)
- arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes)
- arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes)
- arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes)
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes).
- arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)
- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes)
- arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes)
- arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes)
- arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes)
- arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes)
- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)
- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)
- arm64: dts: st: fix timer used for ticks (git-fixes)
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)
- arm64: map [_text, _stext) virtual address range (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- arm64: poe: Handle spurious Overlay faults (git-fixes)
- arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes)
- arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes)
- arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes)
- arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes)
- arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes)
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes)
- arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes)
- ata: ahci: Disable DIPM if host lacks support (stable-fixes).
- ata: ahci: Disallow LPM policy control if not supported (stable-fixes).
- ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes).
- ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes).
- ata: libata-scsi: Fix CDL control (git-fixes).
- audit,module: restore audit logging in load failure case (git-fixes).
- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).
- batman-adv: fix OOB read/write in network-coding decode (git-fixes).
- benet: fix BUG when creating VFs (git-fixes).
- block: Introduce bio_needs_zone_write_plugging() (git-fixes).
- block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552).
- block: ensure discard_granularity is zero when discard is not supported (git-fixes).
- block: fix kobject leak in blk_unregister_queue (git-fixes).
- block: mtip32xx: Fix usage of dma_map_sg() (git-fixes).
- block: sanitize chunk_sectors for atomic write limits (git-fixes).
- bnxt_en: Add a helper function to configure MRU and RSS (git-fixes).
- bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes).
- bnxt_en: Fix DCB ETS validation (git-fixes).
- bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes).
- bnxt_en: Fix stats context reservation logic (git-fixes).
- bnxt_en: Flush FW trace before copying to the coredump (git-fixes).
- bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes).
- bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes).
- bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes)
- bpf, arm64: Fix fp initialization for exception boundary (git-fixes)
- bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes).
- bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes).
- bpf: Adjust free target to avoid global starvation of LRU map (git-fixes).
- bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes).
- bpf: Forget ranges when refining tnum after JSET (git-fixes).
- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).
- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes).
- bpf: Reject %p% format string in bprintf-like helpers (git-fixes).
- bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes).
- bpf: Reject narrower access to pointer ctx fields (git-fixes).
- bpf: Return prog btf_id without capable check (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes).
- bpf: fix possible endless loop in BPF map iteration (git-fixes).
- btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes).
- btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes).
- btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes).
- btrfs: add debug build only WARN (bsc#1249038).
- btrfs: add function comment for check_committed_ref() (git-fixes).
- btrfs: always abort transaction on failure to add block group to free space tree (git-fixes).
- btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes).
- btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes).
- btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes).
- btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes).
- btrfs: codify pattern for adding block_group to bg_list (git-fixes).
- btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038).
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes).
- btrfs: correctly escape subvol in btrfs_show_options() (git-fixes).
- btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540).
- btrfs: do not ignore inode missing when replaying log tree (git-fixes).
- btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes).
- btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949).
- btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes).
- btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes).
- btrfs: enhance ASSERT() to take optional format string (bsc#1249038).
- btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes).
- btrfs: exit after state split error at set_extent_bit() (git-fixes).
- btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068)
- btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949).
- btrfs: fix assertion when building free space tree (git-fixes).
- btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes).
- btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes).
- btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes).
- btrfs: fix incorrect log message for nobarrier mount option (git-fixes).
- btrfs: fix inode lookup error handling during log replay (git-fixes).
- btrfs: fix invalid extref key setup when replaying dentry (git-fixes).
- btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes).
- btrfs: fix invalid inode pointer dereferences during log replay (git-fixes).
- btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes).
- btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes).
- btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes).
- btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes).
- btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes).
- btrfs: fix race between logging inode and checking if it was logged before (git-fixes).
- btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes).
- btrfs: fix squota compressed stats leak (git-fixes).
- btrfs: fix ssd_spread overallocation (git-fixes).
- btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes).
- btrfs: fix the inode leak in btrfs_iget() (git-fixes).
- btrfs: fix two misuses of folio_shift() (git-fixes).
- btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes).
- btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038).
- btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes).
- btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068)
- btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes).
- btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes).
- btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes).
- btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes).
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes).
- btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes).
- btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes).
- btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes).
- btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes).
- btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes).
- btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes).
- btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes).
- btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes).
- btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes).
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes).
- btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes).
- btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes).
- btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes).
- btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes).
- btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes).
- btrfs: remove redundant path release when replaying a log tree (git-fixes).
- btrfs: remove the snapshot check from check_committed_ref() (git-fixes).
- btrfs: restore mount option info messages during mount (git-fixes).
- btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes).
- btrfs: return a btrfs_inode from read_one_inode() (git-fixes).
- btrfs: return any hit error from extent_writepage_io() (git-fixes).
- btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes).
- btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes).
- btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949).
- btrfs: simplify error detection flow during log replay (git-fixes).
- btrfs: simplify return logic at check_committed_ref() (git-fixes).
- btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes).
- btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes).
- btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes).
- btrfs: unfold transaction aborts when replaying log trees (git-fixes).
- btrfs: unify ordering of btrfs_key initializations (git-fixes).
- btrfs: update superblock's device bytes_used when dropping chunk (git-fixes).
- btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949).
- btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes).
- btrfs: use filemap_get_folio() helper (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes).
- btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes).
- btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes).
- btrfs: use verbose ASSERT() in volumes.c (bsc#1249038).
- build_bug.h: Add KABI assert (bsc#1249186).
- bus: firewall: Fix missing static inline annotations for stubs (git-fixes).
- bus: fsl-mc: Check return value of platform_get_resource() (git-fixes).
- bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes).
- bus: mhi: ep: Fix chained transfer handling in read path (git-fixes).
- bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes).
- bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes).
- bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes).
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes).
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes).
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes).
- can: kvaser_pciefd: Store device channel index (git-fixes).
- can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes).
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes).
- can: peak_usb: fix USB FD devices potential malfunction (git-fixes).
- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes).
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes).
- cdc-acm: fix race between initial clearing halt and open (git-fixes).
- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes).
- cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes).
- cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166).
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166).
- cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405).
- cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405).
- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).
- cgroup: make css_rstat_updated nmi safe (bsc#1247963).
- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).
- cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963).
- char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: at91: sam9x7: update pll clk ranges (git-fixes).
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes).
- clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes).
- clk: imx95-blk-ctl: Fix synchronous abort (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes).
- clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes).
- clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes).
- clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes).
- clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes).
- clk: samsung: exynos850: fix a comment (git-fixes).
- clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes).
- clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes).
- clk: sunxi-ng: v3s: Fix de clock definition (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes).
- clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes).
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes).
- comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes).
- comedi: fix race between polling and detaching (git-fixes).
- comedi: pcl726: Prevent invalid irq number (git-fixes).
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes).
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).
- config.sh: SLFO 1.2 branched in IBS
- config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206)
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- cpu: Define attack vectors (git-fixes).
- cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes).
- cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes).
- cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes)
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes)
- cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes).
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes).
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes).
- cpufreq: Exit governor when failed to start old governor (stable-fixes).
- cpufreq: Init policy->rwsem before it may be possibly used (git-fixes).
- cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes).
- cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes).
- cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes).
- cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes).
- cpufreq: armada-8k: make both cpu masks static (git-fixes).
- cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes).
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes).
- cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes).
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes).
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes).
- cpufreq: mediatek: fix device leak on probe failure (git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: scpi: compare kHz instead of Hz (git-fixes).
- cpufreq: sun50i: prevent out-of-bounds access (git-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpufreq: tegra186: Share policy per cluster (stable-fixes).
- cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes).
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes).
- crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes).
- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).
- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).
- crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes).
- crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes).
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes).
- crypto: ccp - Fix locking on alloc failure handling (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes).
- crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes).
- crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes).
- crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes).
- crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes).
- crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes).
- crypto: jitter - fix intermediary handling (stable-fixes).
- crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes).
- crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes).
- crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes).
- crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes).
- crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes).
- crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes).
- crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes).
- crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes).
- crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes).
- crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes).
- crypto: qat - fix state restore for banks with exceptions (git-fixes).
- crypto: qat - flush misc workqueue during device shutdown (git-fixes).
- crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes).
- crypto: qat - use unmanaged allocation for dc_data (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes).
- crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes).
- devlink: Add support for u64 parameters (jsc#PED-13331).
- devlink: avoid param type value translations (jsc#PED-13331).
- devlink: define enum for attr types of dynamic attributes (jsc#PED-13331).
- devlink: introduce devlink_nl_put_u64() (jsc#PED-13331).
- devlink: let driver opt out of automatic phys_port_name generation (git-fixes).
- dm-mpath: do not print the "loaded" message if registering fails (git-fixes).
- dm-stripe: limit chunk_sectors to the stripe size (git-fixes).
- dm-table: fix checking for rq stackable devices (git-fixes).
- dm: Check for forbidden splitting of zone write operations (git-fixes).
- dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes).
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes).
- dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes).
- dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes).
- dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes).
- dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes).
- dmaengine: idxd: Fix refcount underflow on module unload (git-fixes).
- dmaengine: idxd: Remove improper idxd_free (git-fixes).
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes).
- dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes).
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes).
- dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes).
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes).
- dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes).
- dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes).
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes).
- docs: admin-guide: update to current minimum pipe size default (git-fixes).
- dpll: Add basic Microchip ZL3073x support (jsc#PED-13331).
- dpll: Make ZL3073X invisible (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331).
- dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331).
- dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331).
- dpll: zl3073x: Fix build failure (jsc#PED-13331).
- dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331).
- dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331).
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331).
- dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/base/node: fix double free in register_one_node() (git-fixes).
- drivers/base/node: handle error properly in register_one_node() (git-fixes).
- drivers: base: handle module_kobject creation (git-fixes).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes).
- drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes).
- drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes).
- drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes).
- drm/amd/display: Allow DCN301 to clear update flags (git-fixes).
- drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes).
- drm/amd/display: Avoid a NULL pointer dereference (stable-fixes).
- drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes).
- drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes).
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes).
- drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes).
- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).
- drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes).
- drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes).
- drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes).
- drm/amd/display: Do not print errors for nonexistent connectors (git-fixes).
- drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes).
- drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes).
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes).
- drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes).
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes).
- drm/amd/display: Fix mismatch type comparison (stable-fixes).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: Free memory allocation (stable-fixes).
- drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes).
- drm/amd/display: Initialize mode_select to 0 (stable-fixes).
- drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/display: Remove redundant semicolons (git-fixes).
- drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes).
- drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
- drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: fix initial backlight brightness calculation (git-fixes).
- drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/display: remove output_tf_change flag (git-fixes).
- drm/amd/display: use udelay rather than fsleep (git-fixes).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes).
- drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes).
- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes).
- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes).
- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).
- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).
- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes).
- drm/amd/pm: fix null pointer access (stable-fixes).
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amd: Restore cached power limit during resume (stable-fixes).
- drm/amdgpu/discovery: fix fw based ip discovery (git-fixes).
- drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes).
- drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes).
- drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/mes: add missing locking in helper functions (stable-fixes).
- drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes).
- drm/amdgpu/mes: optimize compute loop handling (stable-fixes).
- drm/amdgpu/swm14: Update power limit logic (stable-fixes).
- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes).
- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes).
- drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: Avoid extra evict-restore process (stable-fixes).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes).
- drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Increase reset counter only on success (stable-fixes).
- drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes).
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).
- drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes).
- drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes).
- drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes).
- drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes).
- drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).
- drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes).
- drm/amdgpu: fix incorrect vm flags to map bo (git-fixes).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes).
- drm/amdgpu: fix vram reservation issue (git-fixes).
- drm/amdgpu: remove the redeclaration of variable i (git-fixes).
- drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes).
- drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes).
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes).
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/ast: Use msleep instead of mdelay for edid read (git-fixes).
- drm/bridge: fix OF node leak (git-fixes).
- drm/bridge: it6505: select REGMAP_I2C (git-fixes).
- drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes).
- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).
- drm/cirrus-qemu: Fix pitch programming (git-fixes).
- drm/connector: hdmi: Evaluate limited range after computing format (git-fixes).
- drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121).
- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes).
- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121).
- drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121).
- drm/edid: Define the quirks in an enum list (bsc#1248121).
- drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes).
- drm/gem: Internally test import_attach for imported objects (git-fixes).
- drm/gem: Test for imported GEM buffers with helper (stable-fixes).
- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes).
- drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes).
- drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes).
- drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes).
- drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes).
- drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes).
- drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes).
- drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes).
- drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes).
- drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes).
- drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes).
- drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes).
- drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes).
- drm/i915/icl+/tc: Cache the max lane count value (stable-fixes).
- drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes).
- drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes).
- drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes).
- drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes).
- drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes).
- drm/mediatek: fix potential OF node use-after-free (git-fixes).
- drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes).
- drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes).
- drm/msm/dpu: fix incorrect type for ret (git-fixes).
- drm/msm/kms: move snapshot init earlier in KMS init (git-fixes).
- drm/msm: Add error handling for krealloc in metadata setup (stable-fixes).
- drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes).
- drm/msm: update the high bitfield of certain DSI registers (git-fixes).
- drm/msm: use trylock for debugfs (stable-fixes).
- drm/nouveau/disp: Always accept linear modifier (git-fixes).
- drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes).
- drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes).
- drm/nouveau: fix typos in comments (git-fixes).
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes).
- drm/nouveau: remove unused memory target test (git-fixes).
- drm/panel: novatek-nt35560: Fix invalid return value (git-fixes).
- drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes).
- drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes).
- drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes).
- drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes).
- drm/panthor: validate group queue count (git-fixes).
- drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes).
- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes).
- drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes).
- drm/simpledrm: Do not upcast in release helpers (git-fixes).
- drm/tests: Fix endian warning (git-fixes).
- drm/ttm: Respect the shrinker core free target (stable-fixes).
- drm/ttm: Should to return the evict error (stable-fixes).
- drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- drm/xe/bmg: Add new PCI IDs (stable-fixes).
- drm/xe/bmg: Add one additional PCI ID (stable-fixes).
- drm/xe/bmg: Update Wa_22019338487 (git-fixes).
- drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes).
- drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes).
- drm/xe/mocs: Initialize MOCS index early (stable-fixes).
- drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes).
- drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes).
- drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes).
- drm/xe/tile: Release kobject for the failure path (git-fixes).
- drm/xe/uapi: Correct sync type definition in comments (git-fixes).
- drm/xe/uapi: loosen used tracking restriction (git-fixes).
- drm/xe/vf: Disable CSC support on VF (git-fixes).
- drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes).
- drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes).
- drm/xe/xe_sync: avoid race during ufence signaling (git-fixes).
- drm/xe: Allow dropping kunit dependency as built-in (git-fixes).
- drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes).
- drm/xe: Carve out wopcm portion from the stolen memory (git-fixes).
- drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes).
- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes).
- drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes).
- drm/xe: Fix build without debugfs (git-fixes).
- drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes).
- drm/xe: Move page fault init after topology init (git-fixes).
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes).
- drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes).
- dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331).
- dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331).
- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes).
- e1000e: ignore uninitialized checksum word on tgp (git-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- erofs: avoid reading more for fragment maps (git-fixes).
- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes).
- execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes).
- exfat: add cluster chain loop check for dir (git-fixes).
- exfat: fdatasync flag should be same like generic_write_sync() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: remove writable userspace mappings before truncating page cache (bsc#1247223).
- fbcon: Fix OOB access in font allocation (git-fixes).
- fbcon: Fix outdated registered_fb reference in comment (git-fixes).
- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes).
- fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes).
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes).
- fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes).
- fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes).
- firewire: core: fix overlooked update of subsystem ABI version (git-fixes).
- firewire: ohci: correct code comments about bus_reset tasklet (git-fixes).
- firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes).
- firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes).
- firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes).
- firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes).
- firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes).
- firmware: firmware: meson-sm: fix compile-test default (git-fixes).
- firmware: meson_sm: fix device leak at probe (git-fixes).
- firmware: tegra: Fix IVC dependency problems (stable-fixes).
- flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes).
- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).
- fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes).
- fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450
- ftrace: Fix function profiler's filtering functionality (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220).
- gfs2: Clean up delete work processing (bsc#1247220).
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220).
- gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220).
- gfs2: Minor delete_work_func cleanup (bsc#1247220).
- gfs2: Only defer deletes when we have an iopen glock (bsc#1247220).
- gfs2: Prevent inode creation race (2) (bsc#1247220).
- gfs2: Prevent inode creation race (bsc#1247220).
- gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220).
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220).
- gfs2: Rename dinode_demise to evict_behavior (bsc#1247220).
- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220).
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220).
- gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220).
- gfs2: Update to the evict / remote delete documentation (bsc#1247220).
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220).
- gfs2: gfs2_evict_inode clarification (bsc#1247220).
- gfs2: minor evict fix (bsc#1247220).
- gfs2: skip if we cannot defer delete (bsc#1247220).
- gpio: mlxbf2: use platform_get_irq_optional() (git-fixes).
- gpio: mlxbf3: use platform_get_irq_optional() (git-fixes).
- gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes).
- gpio: virtio: Fix config space reading (git-fixes).
- gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- gpiolib: Extend software-node support to support secondary software-nodes (git-fixes).
- gve: Fix stuck TX queue for DQ queue format (git-fixes).
- gve: prevent ethtool ops after shutdown (git-fixes).
- habanalabs: fix UAF in export_dmabuf() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- hv_netvsc: Link queues to NAPIs (git-fixes).
- hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes).
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes).
- hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes).
- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes).
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes).
- hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes).
- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).
- i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes).
- i2c: designware: Add disabling clocks when probe fails (git-fixes).
- i2c: designware: Add quirk for Intel Xe (stable-fixes).
- i2c: designware: Fix clock issue when PM is disabled (git-fixes).
- i2c: designware: Use temporary variable for struct device (stable-fixes).
- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes).
- i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes).
- i2c: omap: Add support for setting mux (stable-fixes).
- i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes).
- i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes).
- i2c: omap: fix deprecated of_property_read_bool() use (git-fixes).
- i2c: qup: jump out of the loop in case of timeout (git-fixes).
- i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes).
- i2c: tegra: Fix reset error handling with ACPI (git-fixes).
- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)
- i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes).
- i3c: Fix default I2C adapter timeout value (git-fixes).
- i3c: add missing include to internal header (stable-fixes).
- i3c: do not fail if GETHDRCAP is unsupported (stable-fixes).
- i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes).
- i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes).
- i3c: master: svc: Recycle unused IBI slot (git-fixes).
- i3c: master: svc: Use manual response for IBI events (git-fixes).
- i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes).
- i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes).
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes).
- ice, irdma: fix an off by one in error handling code (bsc#1247712).
- ice, irdma: move interrupts code to irdma (bsc#1247712).
- ice/ptp: fix crosstimestamp reporting (git-fixes).
- ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712).
- ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762).
- ice: check correct pointer in fwlog debugfs (git-fixes).
- ice: count combined queues using Rx/Tx count (bsc#1247712).
- ice: devlink PF MSI-X max and min parameter (bsc#1247712).
- ice: do not leave device non-functional if Tx scheduler config fails (git-fixes).
- ice: enable_rdma devlink param (bsc#1247712).
- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728).
- ice: fix incorrect counter for buffer allocation failures (git-fixes).
- ice: get rid of num_lan_msix field (bsc#1247712).
- ice: init flow director before RDMA (bsc#1247712).
- ice: remove splitting MSI-X between features (bsc#1247712).
- ice: simplify VF MSI-X managing (bsc#1247712).
- ice: treat dyn_allowed only as suggestion (bsc#1247712).
- ice: use fixed adapter index for E825C embedded devices (git-fixes).
- idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762).
- idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762).
- idpf: add cross timestamping (jsc#PED-13728).
- idpf: add flow steering support (jsc#PED-13728).
- idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762).
- idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762).
- idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728).
- idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762).
- idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762).
- idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728).
- idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762).
- idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762).
- idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762).
- idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762).
- idpf: improve when to set RE bit logic (jsc#PED-13728).
- idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762).
- idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762).
- idpf: preserve coalescing settings across resets (jsc#PED-13728).
- idpf: remove obsolete stashing code (jsc#PED-13728).
- idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762).
- idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728).
- idpf: set mac type when adding and removing MAC filters (jsc#PED-13728).
- idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728).
- idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728).
- idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762).
- igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes).
- igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes).
- igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes).
- iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762).
- iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762).
- iio/adc/pac1934: fix channel disable configuration (git-fixes).
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes).
- iio: accel: fxls8962af: Fix temperature calculation (git-fixes).
- iio: adc: ad7173: fix setting ODR in probe (git-fixes).
- iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes).
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes).
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes).
- iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes).
- iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes).
- iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes).
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes).
- iio: adc: max1363: Reorder mode_list[] entries (stable-fixes).
- iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes).
- iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes).
- iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes).
- iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes).
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes).
- iio: dac: ad5360: use int type to store negative error codes (git-fixes).
- iio: dac: ad5421: use int type to store negative error codes (git-fixes).
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes).
- iio: frequency: adf4350: Fix prescaler usage (git-fixes).
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes).
- iio: hid-sensor-prox: Restore lost scale assignments (git-fixes).
- iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes).
- iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes).
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes).
- iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes).
- iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes).
- iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes).
- iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes).
- iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes).
- iio: light: as73211: Ensure buffer holes are zeroed (git-fixes).
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes).
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes).
- iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes).
- iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes).
- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).
- iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes).
- integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan "dead" SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- interconnect: qcom: sc8180x: specify num_nodes (git-fixes).
- interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes).
- io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting.
- io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542).
- io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes).
- iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes).
- iommu/amd: Fix alias device DTE setting (git-fixes).
- iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes).
- iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes).
- iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes).
- iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes).
- iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes).
- iommu/vt-d: Fix possible circular locking dependency (git-fixes).
- iommu/vt-d: Fix system hang on reboot -f (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- iommu: Handle race with default domain setup (git-fixes).
- iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes).
- ipmi: Fix strcpy source and destination the same (stable-fixes).
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes).
- ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes).
- ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes).
- ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes).
- ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes).
- ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes).
- irdma: free iwdev->rf after removing MSI-X (bsc#1247712).
- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).
- iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes).
- ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410).
- ixgbe: prevent from unwanted interface name changes (git-fixes).
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes).
- kABI fix after Add TDX support for vSphere (jsc#PED-13302).
- kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes).
- kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes).
- kABI workaround for "drm/dp: Add an EDID quirk for the DPCD register access probe" (bsc#1248121).
- kABI workaround for amd_sfh (git-fixes).
- kABI workaround for drm_gem.h (git-fixes).
- kABI workaround for struct mtk_base_afe changes (git-fixes).
- kABI: Fix the module::name type in audit_context (git-fixes).
- kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes).
- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).
- kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes).
- kABI: netfilter: supress warnings for nft_set_ops (git-fixes).
- kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes).
- kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally
- kabi/severities: ignore two unused/dropped symbols from MEI
- kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745).
- kabi: Restore layout of parallel_data (bsc1248343).
- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).
- kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes).
- kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).
- kbuild: rust: add rustc-min-version support function (git-fixes)
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel: globalize lookup_or_create_module_kobject() (stable-fixes).
- kernel: param: rename locate_module_kobject (stable-fixes).
- leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes).
- leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes).
- leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes).
- leds: leds-lp55xx: Use correct address for memory programming (git-fixes).
- lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897).
- libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes).
- libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762).
- livepatch: Add stack_order sysfs attribute (poo#187320).
- loop: use kiocb helpers to fix lockdep warning (git-fixes).
- lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519).
- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).
- mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes).
- mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes).
- mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes).
- mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes).
- mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes).
- mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes).
- mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes).
- maple_tree: fix status setup on restore to active (git-fixes).
- maple_tree: fix testing for 32 bit builds (git-fixes).
- mctp: no longer rely on net->dev_index_head (git-fixes).
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- md: allow removing faulty rdev during resync (git-fixes).
- md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes).
- md: make rdev_addable usable for rcu mode (git-fixes).
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes).
- media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes).
- media: cx18: Add missing check after DMA map (git-fixes).
- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes).
- media: dvb-frontends: w7090p: fix null-ptr-deref in
w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes).
- media: gspca: Add bounds checking to firmware parser (git-fixes).
- media: hi556: Fix reset GPIO timings (stable-fixes).
- media: hi556: correct the test pattern configuration (git-fixes).
- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes).
- media: ipu-bridge: Add _HID for OV5670 (stable-fixes).
- media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes).
- media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes).
- media: lirc: Fix error handling in lirc_register() (git-fixes).
- media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes).
- media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes).
- media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes).
- media: pci: ivtv: Add missing check after DMA map (git-fixes).
- media: pci: mg4b: fix uninitialized iio scan data (git-fixes).
- media: pisp_be: Fix pm_runtime underrun in probe (git-fixes).
- media: qcom: camss: cleanup media device allocated resource on error path (git-fixes).
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes).
- media: rc: fix races with imon_disconnect() (git-fixes).
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).
- media: s5p-mfc: remove an unused/uninitialized variable (git-fixes).
- media: st-delta: avoid excessive stack usage (git-fixes).
- media: tc358743: Check I2C succeeded during probe (stable-fixes).
- media: tc358743: Increase FIFO trigger level to 374 (stable-fixes).
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes).
- media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes).
- media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes).
- media: ti: j721e-csi2rx: fix list_del corruption (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: usb: hdpvr: disable zero-length read messages (stable-fixes).
- media: usbtv: Lock resolution while streaming (git-fixes).
- media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes).
- media: uvcvideo: Do not mark valid metadata as invalid (git-fixes).
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes).
- media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes).
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes).
- media: uvcvideo: Rollback non processed entities on error (git-fixes).
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes).
- media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes).
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes).
- media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes).
- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes).
- media: venus: Add a check for packet size after reading from shared memory (git-fixes).
- media: venus: Fix MSM8998 frequency table (git-fixes).
- media: venus: Fix OOB read due to missing payload bound check (git-fixes).
- media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes).
- media: venus: hfi: explicitly release IRQ during teardown (git-fixes).
- media: venus: protect against spurious interrupts during probe (git-fixes).
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes).
- media: verisilicon: Fix AV1 decoder clock frequency (git-fixes).
- media: vivid: fix wrong pixel_array control size (git-fixes).
- media: zoran: Remove zoran_fh structure (git-fixes).
- mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes).
- mei: vsc: Destroy mutex after freeing the IRQ (git-fixes).
- mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes).
- mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes).
- mei: vsc: Event notifier fixes (git-fixes).
- mei: vsc: Fix "BUG: Invalid wait context" lockdep error (git-fixes).
- mei: vsc: Run event callback from a workqueue (git-fixes).
- mei: vsc: Unset the event callback on remove and probe errors (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8186 (git-fixes).
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes).
- memstick: Fix deadlock by moving removing flag earlier (git-fixes).
- mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes).
- mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes).
- mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes).
- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes).
- microchip: lan865x: Fix LAN8651 autoloading (git-fixes).
- microchip: lan865x: Fix module autoloading (git-fixes).
- microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes).
- microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes).
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes).
- misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes).
- misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes).
- mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes).
- mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes).
- mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes).
- mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes).
- mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes).
- mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes).
- mm/damon/sysfs: fix use-after-free in state_show() (git-fixes).
- mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087).
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes)
- mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes).
- mm: close theoretical race where stale TLB entries could linger (git-fixes).
- mm: fault in complete folios instead of individual pages for tmpfs (git-fixes).
- mm: fix the inaccurate memory statistics issue for users (bsc#1244723).
- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).
- mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630).
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630).
- mm: move page table sync declarations to linux/pgtable.h (git-fixes).
- mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes).
- mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes).
- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes).
- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes).
- mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes).
- mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes).
- mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes).
- mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes).
- module: Fix memory deallocation on error path in move_module() (git-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes).
- module: Restore the moduleparam prefix length check (git-fixes).
- most: core: Drop device reference after usage in get_channel() (git-fixes).
- mptcp: fix spurious wake-up on under memory pressure (git-fixes).
- mtd: fix possible integer overflow in erase_xfer() (git-fixes).
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes).
- mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes).
- mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes).
- mtd: rawnand: atmel: set pmecc data setup time (git-fixes).
- mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes).
- mtd: rawnand: omap2: fix device leak on probe failure (git-fixes).
- mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes).
- mtd: rawnand: renesas: Add missing check after DMA map (git-fixes).
- mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes).
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes).
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).
- mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes).
- mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes).
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes).
- mwl8k: Add missing check after DMA map (git-fixes).
- neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes).
- net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes).
- net/mlx5: CT: Use the correct counter offset (git-fixes).
- net/mlx5: Check device memory pointer before usage (git-fixes).
- net/mlx5: Correctly set gso_segs when LRO is used (git-fixes).
- net/mlx5: Correctly set gso_size when LRO is used (git-fixes).
- net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes).
- net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes).
- net/mlx5: Fix memory leak in cmd_exec() (git-fixes).
- net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes).
- net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes).
- net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes).
- net/mlx5: Nack sync reset when SFs are present (git-fixes).
- net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes).
- net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes).
- net/mlx5e: Add new prio for promiscuous mode (git-fixes).
- net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes).
- net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes).
- net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes).
- net/mlx5e: Set local Xoff after FW update (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes).
- net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes).
- net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes).
- net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes).
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes).
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes).
- net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes).
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes).
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes).
- net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes).
- net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes).
- net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes).
- net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes).
- net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes).
- net: ieee8021q: fix insufficient table-size assertion (stable-fixes).
- net: llc: reset skb->transport_header (git-fixes).
- net: mana: Add handler for hardware servicing events (bsc#1245730).
- net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726).
- net: mana: Add support for net_shaper_ops (bsc#1245726).
- net: mana: Allocate MSI-X vectors dynamically (bsc#1245457).
- net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457).
- net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729).
- net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes).
- net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728).
- net: mana: Handle unsupported HWC commands (bsc#1245726).
- net: mana: Set tx_packets to post gso processing packet count (bsc#1245731).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: mana: explain irq_setup() algorithm (bsc#1245457).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mctp: handle skb cleanup on sock_queue failures (git-fixes).
- net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes).
- net: nfc: nci: Add parameter validation for packet data (git-fixes).
- net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes).
- net: phy: bcm54811: PHY initialization (stable-fixes).
- net: phy: fix phy_uses_state_machine() (git-fixes).
- net: phy: micrel: Add ksz9131_resume() (stable-fixes).
- net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes).
- net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes).
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes).
- net: rose: convert 'use' field to refcount_t (git-fixes).
- net: rose: fix a typo in rose_clear_routes() (git-fixes).
- net: rose: include node references in rose_neigh refcount (git-fixes).
- net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes).
- net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes).
- net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes).
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes).
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes).
- net: usb: cdc-ncm: check for filtering capability (git-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes).
- net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes).
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes).
- net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes).
- netfilter: ctnetlink: fix refcount leak on table dump (git-fixes).
- netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes).
- netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes).
- netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes).
- netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes).
- netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes).
- netfilter: nf_tables: adjust lockdep assertions handling (git-fixes).
- netfilter: nf_tables: fix set size with rbtree backend (git-fixes).
- netfilter: nf_tables: imbalance in flowtable binding (git-fixes).
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes).
- netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes).
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes).
- netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes).
- netfilter: nft_tunnel: fix geneve_opt dump (git-fixes).
- netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes).
- netlink: fix policy dump for int with validation callback (jsc#PED-13331).
- netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331).
- netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes).
- nfs/localio: add direct IO enablement with sync and async IO support (git-fixes).
- nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes).
- nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes).
- nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes).
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes).
- nouveau: fix disabling the nonstall irq due to storm code (git-fixes).
- nvme-auth: update bi_directional flag (git-fixes).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-pci: try function level reset on init failure (git-fixes).
- nvme-tcp: log TLS handshake failures at error level (git-fixes).
- nvme-tcp: send only permitted commands for secure concat (git-fixes).
- nvme: fix PI insert on write (git-fixes).
- nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes).
- nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes).
- nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- nvmet-tcp: fix callback lock for TLS handshake (git-fixes).
- nvmet: exit debugfs after discovery subsystem exits (git-fixes).
- nvmet: initialize discovery subsys after debugfs is initialized (git-fixes).
- nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes).
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes).
- objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes).
- objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes).
- of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes).
- of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes).
- of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes).
- of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes).
- of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes).
- of: unittest: Unlock on error in unittest_data_add() (git-fixes).
- pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes).
- pNFS: Fix disk addr range check in block/scsi layout (git-fixes).
- pNFS: Fix stripe mapping in block/scsi layout (git-fixes).
- pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes).
- pNFS: Handle RPC size limit for layoutcommits (git-fixes).
- percpu: fix race on alloc failed warning limit (git-fixes).
- perf bpf-event: Fix use-after-free in synthesis (git-fixes).
- perf bpf-utils: Constify bpil_array_desc (git-fixes).
- perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes).
- perf dso: Add missed dso__put to dso__load_kcore (git-fixes).
- perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes).
- perf parse-events: Set default GH modifier properly (git-fixes).
- perf record: Cache build-ID of hit DSOs only (git-fixes).
- perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes).
- perf sched: Fix memory leaks in 'perf sched latency' (git-fixes).
- perf sched: Fix memory leaks in 'perf sched map' (git-fixes).
- perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes).
- perf sched: Free thread->priv using priv_destructor (git-fixes).
- perf sched: Make sure it frees the usage string (git-fixes).
- perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes).
- perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes).
- perf test: Fix a build error in x86 topdown test (git-fixes).
- perf tests bp_account: Fix leaked file descriptor (git-fixes).
- perf tools: Remove libtraceevent in .gitignore (git-fixes).
- perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes).
- perf trace: Remove --map-dump documentation (git-fixes).
- phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes).
- phy: mscc: Fix parsing of unicast frames (git-fixes).
- phy: mscc: Fix timestamping for vsc8584 (git-fixes).
- phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes).
- phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes).
- phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes).
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes).
- phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes).
- phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes).
- phy: tegra: xusb: fix device and OF node leak at probe (git-fixes).
- phy: ti-pipe3: fix device leak at unbind (git-fixes).
- phy: ti: omap-usb2: fix device leak at unbind (git-fixes).
- pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113).
- pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562).
- pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes).
- pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes).
- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).
- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).
- pinctrl: renesas: Use int type to store negative error codes (git-fixes).
- pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes).
- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).
- pinctrl: stm32: Manage irq affinity settings (stable-fixes).
- pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes).
- pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes).
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes).
- platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes).
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes).
- platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes).
- platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes).
- platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes).
- platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes).
- platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes).
- platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes).
- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes).
- platform/x86: Fix initialization order for firmware_attributes_class (git-fixes).
- platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes).
- platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes).
- platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes).
- platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes).
- platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes).
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes).
- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes).
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes).
- power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes).
- power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes).
- power: supply: cw2015: Fix a alignment coding style issue (git-fixes).
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes).
- power: supply: max77976_charger: fix constant current reporting (git-fixes).
- power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes).
- powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes).
- powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199).
- powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes).
- powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes).
- powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343).
- powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343).
- powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes).
- powerpc: do not build ppc_save_regs.o always (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- pptp: fix pptp_xmit() error path (git-fixes).
- printk: nbcon: Allow reacquire during panic (bsc#1246688).
- psample: adjust size if rate_as_probability is set (git-fixes).
- ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes).
- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).
- pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes).
- pwm: mediatek: Fix duty and period setting (git-fixes).
- pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes).
- pwm: rockchip: Round period/duty down on apply, up on get (git-fixes).
- pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes).
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes).
- pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes).
- pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes).
- r8169: add support for RTL8125D (stable-fixes).
- r8169: disable RTL8126 ZRX-DC timeout (stable-fixes).
- r8169: do not scan PHY addresses > 0 (stable-fixes).
- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)
- regmap: Remove superfluous check for !config in __regmap_init() (git-fixes).
- regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes).
- regulator: scmi: Use int type to store negative error codes (git-fixes).
- regulator: sy7636a: fix lifecycle of power good gpio (git-fixes).
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes).
- reset: eyeq: fix OF node leak (git-fixes).
- resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762).
- resource: fix false warning in __request_region() (git-fixes).
- ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes).
- ring-buffer: Make reading page consistent with the code logic (git-fixes).
- rpm/config.sh: SLFO 1.2 is now synced to OBS as well
- rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes).
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes).
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes).
- rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes).
- rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes).
- rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837).
- s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868).
- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477).
- s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061).
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes).
- s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes).
- s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372).
- s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838).
- s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066).
- s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366).
- s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478).
- s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes).
- s390/sclp: Fix SCCB present check (git-fixes bsc#1249065).
- s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062).
- s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- samples: mei: Fix building on musl libc (git-fixes).
- sched/deadline: Always stop dl-server before changing parameters (bsc#1247936).
- sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936).
- sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936).
- sched/deadline: Fix dl_server_stopped() (bsc#1247936).
- sched/deadline: Initialize dl_servers after SMP (git-fixes)
- sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes)
- scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes).
- scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes).
- scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: isci: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519).
- scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186).
- scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186).
- scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186).
- scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186).
- scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes).
- scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186).
- scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes).
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes).
- scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186).
- scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186).
- scsi: mpt3sas: Fix a fw_event memory leak (git-fixes).
- scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes).
- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes).
- scsi: qla2xxx: Remove firmware URL (git-fixes).
- scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes).
- scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes).
- scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes).
- scsi: smartpqi: Enhance WWID logging logic (bsc#1246631).
- scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631).
- scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631).
- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes).
- scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes).
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes).
- scsi: ufs: core: Add missing post notify for power mode change (git-fixes).
- scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes).
- scsi: ufs: core: Always initialize the UIC done completion (git-fixes).
- scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes).
- scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes).
- scsi: ufs: core: Fix error return with query response (git-fixes).
- scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes).
- scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes).
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes).
- scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes).
- scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes).
- scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes).
- scsi: ufs: core: Remove redundant query_complete trace (git-fixes).
- scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes).
- scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes).
- scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes).
- scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes).
- scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes).
- scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes).
- scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes).
- scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes).
- scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes).
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes).
- scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes).
- scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes).
- scsi: ufs: exynos: Remove empty drv_init method (git-fixes).
- scsi: ufs: exynos: Remove superfluous function parameter (git-fixes).
- scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes).
- scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes).
- scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes).
- scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes).
- scsi: ufs: qcom: Fix crypto key eviction (git-fixes).
- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes).
- scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes).
- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes).
- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671).
- selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320).
- selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344).
- selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320).
- selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320).
- selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320).
- selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320).
- selftests/tracing: Fix false failure of subsystem event test (git-fixes).
- selftests: ALSA: fix memory leak in utimer test (git-fixes).
- selftests: livepatch: add new ftrace helpers functions (poo#187320).
- selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320).
- selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320).
- selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320).
- selftests: livepatch: save and restore kprobe state (poo#187320).
- selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320).
- selftests: livepatch: test livepatching a kprobed function (poo#187320).
- selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443).
- selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes).
- serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688).
- serial: 8250: fix panic due to PSLVERR (git-fixes).
- serial: max310x: Add error checking in probe() (git-fixes).
- serial: sc16is7xx: fix bug in flow control levels init (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- slab: Decouple slab_debug and no_hash_pointers (bsc#1249022).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix netns refcount leak after net_passive changes (git-fixes).
- soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes).
- soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes).
- soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes).
- soc: qcom: QMI encoding/decoding for big endian (git-fixes).
- soc: qcom: fix endianness for QMI header (git-fixes).
- soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes).
- soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes).
- soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes).
- soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes).
- soc: qcom: pmic_glink: fix OF node leak (git-fixes).
- soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes).
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes).
- soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes).
- soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes).
- soundwire: amd: fix for handling slave alerts after link is down (git-fixes).
- soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes).
- soundwire: stream: restore params when prepare ports fail (git-fixes).
- spi: bcm2835: Remove redundant semicolons (git-fixes).
- spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes).
- spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes).
- spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979).
- spi: fix return code when spi device has too many chipselects (git-fixes).
- spi: mtk-snfi: Remove redundant semicolons (git-fixes).
- spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes).
- spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes).
- spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes).
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes).
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes).
- spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes).
- sprintf.h requires stdarg.h (git-fixes).
- sprintf.h: mask additional include (git-fixes).
- squashfs: fix memory leak in squashfs_fill_super (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- staging: axis-fifo: remove sysfs interface (git-fixes).
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes).
- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes).
- staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes).
- staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes).
- struct cdc_ncm_ctx: move new member to end (git-fixes).
- sunrpc: fix client side handling of tls alerts (git-fixes).
- sunrpc: fix handling of server side tls alerts (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes).
- supported.conf: Mark ZL3073X modules supported
- supported.conf: mark hyperv_drm as external
- tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes).
- thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes).
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes).
- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes).
- thunderbolt: Compare HMAC values in constant time (git-fixes).
- thunderbolt: Fix copy+paste error in match_service_id() (git-fixes).
- tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes).
- tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes).
- tools/power turbostat: Fix build with musl (stable-fixes).
- tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes).
- tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- trace/fgraph: Fix error handling (git-fixes).
- trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes).
- tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631).
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes).
- tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Fix using ret variable in tracing_set_tracer() (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- tracing: Switch trace.c code over to use guard() (git-fixes).
- tracing: Switch trace_events_hist.c code over to use guard() (git-fixes).
- tracing: fprobe events: Fix possible UAF on modules (git-fixes).
- tracing: tprobe-events: Fix leakage of module refcount (git-fixes).
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062).
- tty: n_gsm: Do not block input queue by waiting MSC (git-fixes).
- tty: serial: fix print format specifiers (stable-fixes).
- ublk: sanity check add_dev input for underflow (git-fixes).
- ublk: use vmalloc for ublk_device's __queues (git-fixes).
- ucount: fix atomic_long_inc_below() argument type (git-fixes).
- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).
- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes).
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes).
- usb: core: Add 0x prefix to quirks debug output (stable-fixes).
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes).
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes).
- usb: core: usb_submit_urb: downgrade type check (stable-fixes).
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes).
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes).
- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).
- usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes).
- usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes).
- usb: dwc3: qcom: Do not leave BCR asserted (git-fixes).
- usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes).
- usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).
- usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes).
- usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes).
- usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes).
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes).
- usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes).
- usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes).
- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes).
- usb: musb: omap2430: fix device leak at unbind (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: renesas-xhci: Fix External ROM access timeouts (git-fixes).
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes).
- usb: typec: fusb302: cache PD RX state (git-fixes).
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes).
- usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes).
- usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes).
- usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes).
- usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes).
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes).
- usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: typec: ucsi: Update power_supply on power role change (git-fixes).
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes).
- usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).
- usb: xhci: Avoid showing errors during surprise removal (stable-fixes).
- usb: xhci: Avoid showing warnings for dying controller (stable-fixes).
- usb: xhci: Fix slot_id resource race conflict (git-fixes).
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes).
- usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes).
- use uniform permission checks for all mount propagation changes (git-fixes).
- vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes).
- vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes).
- vhost-scsi: Fix log flooding with target does not exist errors (git-fixes).
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes).
- vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes).
- vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes).
- vhost: Reintroduce kthread API and add mode selection (git-fixes).
- vhost: fail early when __vhost_add_used() fails (git-fixes).
- virtchnl2: add flow steering support (jsc#PED-13728).
- virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728).
- virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762).
- virtio_net: Enforce minimum TX ring size for reliability (git-fixes).
- virtio_ring: Fix error reporting in virtqueue_resize (git-fixes).
- vmci: Prevent the dispatching of uninitialized payloads (git-fixes).
- vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes).
- vsock/virtio: Validate length in packet header before skb_put() (git-fixes).
- vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes).
- vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes).
- watchdog: dw_wdt: Fix default timeout (stable-fixes).
- watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes).
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes).
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes).
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes).
- wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes).
- wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes).
- wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes).
- wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes).
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath11k: fix group data packet drops during rekey (git-fixes).
- wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes).
- wifi: ath11k: fix source ring-buffer corruption (git-fixes).
- wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes).
- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).
- wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes).
- wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes).
- wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes).
- wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes).
- wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes).
- wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption (git-fixes).
- wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes).
- wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes).
- wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes).
- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes).
- wifi: ath12k: fix source ring-buffer corruption (git-fixes).
- wifi: ath12k: fix the fetching of combined rssi (git-fixes).
- wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: ath12k: fix wrong logging ID used for CE (git-fixes).
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes).
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes).
- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes).
- wifi: cfg80211: Fix interface type validation (stable-fixes).
- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).
- wifi: cfg80211: reject HTC bit for management frames (stable-fixes).
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes).
- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).
- wifi: iwlegacy: Check rate_idx range after addition (stable-fixes).
- wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084).
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes).
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes).
- wifi: iwlwifi: Remove redundant header files (git-fixes).
- wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084).
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes).
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes).
- wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes).
- wifi: iwlwifi: mvm: fix scan request validation (stable-fixes).
- wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes).
- wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes).
- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).
- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).
- wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes).
- wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes).
- wifi: mac80211: Do not schedule stopped TXQs (git-fixes).
- wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes).
- wifi: mac80211: avoid weird state in error path (stable-fixes).
- wifi: mac80211: do not complete management TX on SAE commit (stable-fixes).
- wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes).
- wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes).
- wifi: mac80211: fix incorrect type for ret (stable-fixes).
- wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes).
- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).
- wifi: mac80211: reject TDLS operations when station is not associated (git-fixes).
- wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes).
- wifi: mt76: fix linked list corruption (git-fixes).
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes).
- wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes).
- wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes).
- wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes).
- wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes).
- wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes).
- wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes).
- wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes).
- wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes).
- wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes).
- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes).
- wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes).
- wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes).
- wifi: mwifiex: send world regulatory domain to driver (git-fixes).
- wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes).
- wifi: plfxlc: Fix error handling in usb driver probe (git-fixes).
- wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes).
- wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes).
- wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes).
- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- wifi: rtw88: Fix macid assigned to TDLS station (git-fixes).
- wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes).
- wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes).
- wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes).
- wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes).
- wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes).
- wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes).
- wifi: virt_wifi: Fix page fault on connect (stable-fixes).
- wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes).
- writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776).
- writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776).
- writeback: Avoid excessively long inode switching times (bsc#1237776).
- writeback: Avoid softlockup when switching many inodes (bsc#1237776).
- x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704).
- x86/Kconfig: Add arch attack vector support (git-fixes).
- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).
- x86/boot: Sanitize boot params before parsing command line (git-fixes).
- x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes).
- x86/bugs: Add attack vector controls for BHI (git-fixes).
- x86/bugs: Add attack vector controls for GDS (git-fixes).
- x86/bugs: Add attack vector controls for ITS (git-fixes).
- x86/bugs: Add attack vector controls for L1TF (git-fixes).
- x86/bugs: Add attack vector controls for MDS (git-fixes).
- x86/bugs: Add attack vector controls for MMIO (git-fixes).
- x86/bugs: Add attack vector controls for RFDS (git-fixes).
- x86/bugs: Add attack vector controls for SRBDS (git-fixes).
- x86/bugs: Add attack vector controls for SRSO (git-fixes).
- x86/bugs: Add attack vector controls for SSB (git-fixes).
- x86/bugs: Add attack vector controls for TAA (git-fixes).
- x86/bugs: Add attack vector controls for TSA (git-fixes).
- x86/bugs: Add attack vector controls for retbleed (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v1 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2 (git-fixes).
- x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes).
- x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes).
- x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes).
- x86/bugs: Avoid warning when overriding return thunk (git-fixes).
- x86/bugs: Clean up SRSO microcode handling (git-fixes).
- x86/bugs: Define attack vectors relevant for each bug (git-fixes).
- x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes).
- x86/bugs: Introduce cdt_possible() (git-fixes).
- x86/bugs: Print enabled attack vectors (git-fixes).
- x86/bugs: Remove its=stuff dependency on retbleed (git-fixes).
- x86/bugs: Select best SRSO mitigation (git-fixes).
- x86/bugs: Simplify the retbleed=stuff checks (git-fixes).
- x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes).
- x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes).
- x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes).
- x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes).
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes).
- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes).
- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes).
- x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes).
- x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes).
- x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes).
- x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes).
- x86/mce/amd: Add default names for MCA banks and blocks (git-fixes).
- x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes).
- x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes).
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes).
- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).
- x86/microcode: Consolidate the loader enablement checking (git-fixes).
- x86/microcode: Update the Intel processor flag scan check (git-fixes).
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes).
- x86/mm/pat: do not collapse pages without PSE set (git-fixes).
- x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes).
- x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes).
- x86/pkeys: Simplify PKRU update in signal frame (git-fixes).
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- x86/pti: Add attack vector controls for PTI (git-fixes).
- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
- x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes).
- xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes).
- xen/netfront: Fix TX response spurious interrupts (git-fixes).
- xen: fix UAF in dmabuf_exp_from_pages() (git-fixes).
- xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes).
- xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes).
- xfs: do not propagate ENODATA disk errors into xattr code (git-fixes).
- xfs: fix scrub trace with null pointer in quotacheck (git-fixes).
- xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes).
- xfs: remove unused event xfs_alloc_near_error (git-fixes).
- xfs: remove unused event xfs_alloc_near_nominleft (git-fixes).
- xfs: remove unused event xfs_attr_node_removename (git-fixes).
- xfs: remove unused event xfs_ioctl_clone (git-fixes).
- xfs: remove unused event xfs_pagecache_inval (git-fixes).
- xfs: remove unused event xlog_iclog_want_sync (git-fixes).
- xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes).
- xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes).
- xfs: remove unused trace event xfs_discard_rtrelax (git-fixes).
- xfs: remove unused trace event xfs_log_cil_return (git-fixes).
- xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes).
- xfs: remove unused xfs_attr events (git-fixes).
- xfs: remove unused xfs_reflink_compare_extents events (git-fixes).
- xfs: remove usused xfs_end_io_direct events (git-fixes).
- xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes).
- xhci: dbc: decouple endpoint allocation from initialization (git-fixes).
- xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes).
- xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes).
- zram: permit only one post-processing operation at a time (git-fixes).
ImportantSUSE bug 1215199SUSE bug 1218644SUSE bug 1230062SUSE bug 1234634SUSE bug 1234693SUSE bug 1234863SUSE bug 1235953SUSE bug 1236897SUSE bug 1237108SUSE bug 1237131SUSE bug 1237542SUSE bug 1237776SUSE bug 1238972SUSE bug 1239206SUSE bug 1240324SUSE bug 1240696SUSE bug 1240966SUSE bug 1240998SUSE bug 1241166SUSE bug 1241353SUSE bug 1241403SUSE bug 1241435SUSE bug 1242034SUSE bug 1242086SUSE bug 1242414SUSE bug 1242782SUSE bug 1242864SUSE bug 1242965SUSE bug 1242995SUSE bug 1243000SUSE bug 1243055SUSE bug 1243068SUSE bug 1243100SUSE bug 1243112SUSE bug 1243774SUSE bug 1244309SUSE bug 1244723SUSE bug 1244734SUSE bug 1244749SUSE bug 1244792SUSE bug 1244812SUSE bug 1244930SUSE bug 1244939SUSE bug 1245000SUSE bug 1245151SUSE bug 1245193SUSE bug 1245206SUSE bug 1245216SUSE bug 1245260SUSE bug 1245410SUSE bug 1245457SUSE bug 1245504SUSE bug 1245506SUSE bug 1245508SUSE bug 1245510SUSE bug 1245596SUSE bug 1245621SUSE bug 1245630SUSE bug 1245654SUSE bug 1245657SUSE bug 1245658SUSE bug 1245659SUSE bug 1245663SUSE bug 1245664SUSE bug 1245665SUSE bug 1245666SUSE bug 1245668SUSE bug 1245669SUSE bug 1245670SUSE bug 1245671SUSE bug 1245675SUSE bug 1245676SUSE bug 1245678SUSE bug 1245683SUSE bug 1245684SUSE bug 1245686SUSE bug 1245688SUSE bug 1245690SUSE bug 1245691SUSE bug 1245695SUSE bug 1245700SUSE bug 1245703SUSE bug 1245705SUSE bug 1245710SUSE bug 1245711SUSE bug 1245713SUSE bug 1245714SUSE bug 1245715SUSE bug 1245717SUSE bug 1245719SUSE bug 1245721SUSE bug 1245723SUSE bug 1245726SUSE bug 1245728SUSE bug 1245729SUSE bug 1245730SUSE bug 1245731SUSE bug 1245735SUSE bug 1245737SUSE bug 1245744SUSE bug 1245745SUSE bug 1245746SUSE bug 1245747SUSE bug 1245748SUSE bug 1245749SUSE bug 1245751SUSE bug 1245757SUSE bug 1245763SUSE bug 1245765SUSE bug 1245767SUSE bug 1245769SUSE bug 1245777SUSE bug 1245780SUSE bug 1245781SUSE bug 1245784SUSE bug 1245785SUSE bug 1245787SUSE bug 1245812SUSE bug 1245814SUSE bug 1245815SUSE bug 1245937SUSE bug 1245945SUSE bug 1245952SUSE bug 1245955SUSE bug 1245956SUSE bug 1245963SUSE bug 1245966SUSE bug 1245970SUSE bug 1245973SUSE bug 1245976SUSE bug 1245977SUSE bug 1245986SUSE bug 1246000SUSE bug 1246002SUSE bug 1246005SUSE bug 1246008SUSE bug 1246012SUSE bug 1246022SUSE bug 1246023SUSE bug 1246031SUSE bug 1246034SUSE bug 1246037SUSE bug 1246041SUSE bug 1246042SUSE bug 1246047SUSE bug 1246049SUSE bug 1246050SUSE bug 1246053SUSE bug 1246054SUSE bug 1246055SUSE bug 1246057SUSE bug 1246098SUSE bug 1246109SUSE bug 1246125SUSE bug 1246166SUSE bug 1246171SUSE bug 1246176SUSE bug 1246181SUSE bug 1246183SUSE bug 1246185SUSE bug 1246186SUSE bug 1246188SUSE bug 1246190SUSE bug 1246192SUSE bug 1246193SUSE bug 1246195SUSE bug 1246220SUSE bug 1246234SUSE bug 1246236SUSE bug 1246240SUSE bug 1246243SUSE bug 1246244SUSE bug 1246245SUSE bug 1246246SUSE bug 1246248SUSE bug 1246250SUSE bug 1246252SUSE bug 1246253SUSE bug 1246255SUSE bug 1246258SUSE bug 1246259SUSE bug 1246260SUSE bug 1246262SUSE bug 1246266SUSE bug 1246268SUSE bug 1246283SUSE bug 1246285SUSE bug 1246286SUSE bug 1246287SUSE bug 1246290SUSE bug 1246292SUSE bug 1246293SUSE bug 1246295SUSE bug 1246297SUSE bug 1246333SUSE bug 1246334SUSE bug 1246337SUSE bug 1246342SUSE bug 1246349SUSE bug 1246351SUSE bug 1246353SUSE bug 1246354SUSE bug 1246358SUSE bug 1246364SUSE bug 1246366SUSE bug 1246370SUSE bug 1246375SUSE bug 1246376SUSE bug 1246385SUSE bug 1246386SUSE bug 1246387SUSE bug 1246438SUSE bug 1246443SUSE bug 1246444SUSE bug 1246447SUSE bug 1246450SUSE bug 1246453SUSE bug 1246473SUSE bug 1246490SUSE bug 1246509SUSE bug 1246547SUSE bug 1246631SUSE bug 1246651SUSE bug 1246688SUSE bug 1246777SUSE bug 1246781SUSE bug 1246782SUSE bug 1246868SUSE bug 1246896SUSE bug 1246911SUSE bug 1246979SUSE bug 1247018SUSE bug 1247020SUSE bug 1247022SUSE bug 1247023SUSE bug 1247024SUSE bug 1247027SUSE bug 1247028SUSE bug 1247031SUSE bug 1247033SUSE bug 1247035SUSE bug 1247061SUSE bug 1247062SUSE bug 1247064SUSE bug 1247076SUSE bug 1247078SUSE bug 1247079SUSE bug 1247088SUSE bug 1247089SUSE bug 1247091SUSE bug 1247097SUSE bug 1247098SUSE bug 1247099SUSE bug 1247101SUSE bug 1247102SUSE bug 1247103SUSE bug 1247104SUSE bug 1247112SUSE bug 1247113SUSE bug 1247116SUSE bug 1247118SUSE bug 1247119SUSE bug 1247123SUSE bug 1247125SUSE bug 1247126SUSE bug 1247128SUSE bug 1247130SUSE bug 1247131SUSE bug 1247132SUSE bug 1247136SUSE bug 1247137SUSE bug 1247138SUSE bug 1247141SUSE bug 1247143SUSE bug 1247145SUSE bug 1247146SUSE bug 1247147SUSE bug 1247149SUSE bug 1247150SUSE bug 1247151SUSE bug 1247152SUSE bug 1247153SUSE bug 1247154SUSE bug 1247155SUSE bug 1247156SUSE bug 1247157SUSE bug 1247160SUSE bug 1247162SUSE bug 1247163SUSE bug 1247164SUSE bug 1247167SUSE bug 1247169SUSE bug 1247170SUSE bug 1247171SUSE bug 1247174SUSE bug 1247176SUSE bug 1247177SUSE bug 1247178SUSE bug 1247181SUSE bug 1247209SUSE bug 1247210SUSE bug 1247220SUSE bug 1247223SUSE bug 1247227SUSE bug 1247229SUSE bug 1247231SUSE bug 1247233SUSE bug 1247234SUSE bug 1247235SUSE bug 1247236SUSE bug 1247238SUSE bug 1247239SUSE bug 1247241SUSE bug 1247243SUSE bug 1247250SUSE bug 1247251SUSE bug 1247252SUSE bug 1247253SUSE bug 1247255SUSE bug 1247262SUSE bug 1247265SUSE bug 1247270SUSE bug 1247271SUSE bug 1247273SUSE bug 1247274SUSE bug 1247276SUSE bug 1247277SUSE bug 1247278SUSE bug 1247279SUSE bug 1247280SUSE bug 1247282SUSE bug 1247283SUSE bug 1247284SUSE bug 1247285SUSE bug 1247288SUSE bug 1247289SUSE bug 1247290SUSE bug 1247293SUSE bug 1247308SUSE bug 1247311SUSE bug 1247313SUSE bug 1247314SUSE bug 1247317SUSE bug 1247325SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247366SUSE bug 1247372SUSE bug 1247376SUSE bug 1247426SUSE bug 1247437SUSE bug 1247442SUSE bug 1247483SUSE bug 1247500SUSE bug 1247712SUSE bug 1247837SUSE bug 1247838SUSE bug 1247935SUSE bug 1247936SUSE bug 1247949SUSE bug 1247950SUSE bug 1247963SUSE bug 1247976SUSE bug 1248088SUSE bug 1248111SUSE bug 1248121SUSE bug 1248183SUSE bug 1248186SUSE bug 1248190SUSE bug 1248192SUSE bug 1248194SUSE bug 1248198SUSE bug 1248199SUSE bug 1248200SUSE bug 1248202SUSE bug 1248205SUSE bug 1248211SUSE bug 1248223SUSE bug 1248224SUSE bug 1248225SUSE bug 1248230SUSE bug 1248235SUSE bug 1248255SUSE bug 1248296SUSE bug 1248297SUSE bug 1248299SUSE bug 1248302SUSE bug 1248304SUSE bug 1248306SUSE bug 1248312SUSE bug 1248333SUSE bug 1248334SUSE bug 1248337SUSE bug 1248338SUSE bug 1248340SUSE bug 1248341SUSE bug 1248343SUSE bug 1248345SUSE bug 1248349SUSE bug 1248350SUSE bug 1248354SUSE bug 1248355SUSE bug 1248357SUSE bug 1248359SUSE bug 1248361SUSE bug 1248363SUSE bug 1248365SUSE bug 1248367SUSE bug 1248368SUSE bug 1248374SUSE bug 1248377SUSE bug 1248378SUSE bug 1248380SUSE bug 1248386SUSE bug 1248390SUSE bug 1248392SUSE bug 1248395SUSE bug 1248396SUSE bug 1248399SUSE bug 1248401SUSE bug 1248511SUSE bug 1248512SUSE bug 1248573SUSE bug 1248575SUSE bug 1248577SUSE bug 1248609SUSE bug 1248610SUSE bug 1248616SUSE bug 1248617SUSE bug 1248619SUSE bug 1248621SUSE bug 1248622SUSE bug 1248624SUSE bug 1248627SUSE bug 1248628SUSE bug 1248634SUSE bug 1248635SUSE bug 1248639SUSE bug 1248643SUSE bug 1248647SUSE bug 1248648SUSE bug 1248652SUSE bug 1248655SUSE bug 1248662SUSE bug 1248664SUSE bug 1248666SUSE bug 1248669SUSE bug 1248674SUSE bug 1248681SUSE bug 1248727SUSE bug 1248728SUSE bug 1248748SUSE bug 1248754SUSE bug 1248775SUSE bug 1249022SUSE bug 1249038SUSE bug 1249060SUSE bug 1249061SUSE bug 1249062SUSE bug 1249064SUSE bug 1249065SUSE bug 1249066SUSE bug 1249126SUSE bug 1249143SUSE bug 1249156SUSE bug 1249159SUSE bug 1249160SUSE bug 1249163SUSE bug 1249164SUSE bug 1249166SUSE bug 1249167SUSE bug 1249169SUSE bug 1249170SUSE bug 1249172SUSE bug 1249176SUSE bug 1249177SUSE bug 1249182SUSE bug 1249186SUSE bug 1249190SUSE bug 1249193SUSE bug 1249195SUSE bug 1249199SUSE bug 1249201SUSE bug 1249202SUSE bug 1249203SUSE bug 1249204SUSE bug 1249206SUSE bug 1249215SUSE bug 1249220SUSE bug 1249221SUSE bug 1249254SUSE bug 1249258SUSE bug 1249262SUSE bug 1249263SUSE bug 1249265SUSE bug 1249266SUSE bug 1249269SUSE bug 1249271SUSE bug 1249272SUSE bug 1249273SUSE bug 1249274SUSE bug 1249278SUSE bug 1249279SUSE bug 1249281SUSE bug 1249282SUSE bug 1249284SUSE bug 1249285SUSE bug 1249286SUSE bug 1249288SUSE bug 1249290SUSE bug 1249292SUSE bug 1249295SUSE bug 1249296SUSE bug 1249297SUSE bug 1249299SUSE bug 1249300SUSE bug 1249301SUSE bug 1249303SUSE bug 1249304SUSE bug 1249305SUSE bug 1249306SUSE bug 1249308SUSE bug 1249309SUSE bug 1249312SUSE bug 1249313SUSE bug 1249314SUSE bug 1249315SUSE bug 1249316SUSE bug 1249318SUSE bug 1249319SUSE bug 1249320SUSE bug 1249321SUSE bug 1249322SUSE bug 1249323SUSE bug 1249324SUSE bug 1249333SUSE bug 1249334SUSE bug 1249338SUSE bug 1249346SUSE bug 1249374SUSE bug 1249413SUSE bug 1249477SUSE bug 1249478SUSE bug 1249479SUSE bug 1249486SUSE bug 1249490SUSE bug 1249494SUSE bug 1249500SUSE bug 1249504SUSE bug 1249506SUSE bug 1249508SUSE bug 1249509SUSE bug 1249510SUSE bug 1249513SUSE bug 1249515SUSE bug 1249516SUSE bug 1249522SUSE bug 1249523SUSE bug 1249524SUSE bug 1249526SUSE bug 1249533SUSE bug 1249538SUSE bug 1249540SUSE bug 1249542SUSE bug 1249545SUSE bug 1249547SUSE bug 1249548SUSE bug 1249550SUSE bug 1249552SUSE bug 1249554SUSE bug 1249562SUSE bug 1249566SUSE bug 1249587SUSE bug 1249598SUSE bug 1249604SUSE bug 1249608SUSE bug 1249615SUSE bug 1249618SUSE bug 1249774SUSE bug 1249833SUSE bug 1249887SUSE bug 1249888SUSE bug 1249901SUSE bug 1249904SUSE bug 1249906SUSE bug 1249915SUSE bug 1249974SUSE bug 1249975SUSE bug 1250002SUSE bug 1250007SUSE bug 1250021SUSE bug 1250025SUSE bug 1250028SUSE bug 1250032SUSE bug 1250087SUSE bug 1250088SUSE bug 1250119SUSE bug 1250123SUSE bug 1250124SUSE bug 1250177SUSE bug 1250179SUSE bug 1250203SUSE bug 1250204SUSE bug 1250205SUSE bug 1250237SUSE bug 1250242SUSE bug 1250247SUSE bug 1250249SUSE bug 1250251SUSE bug 1250258SUSE bug 1250262SUSE bug 1250266SUSE bug 1250267SUSE bug 1250268SUSE bug 1250275SUSE bug 1250276SUSE bug 1250281SUSE bug 1250291SUSE bug 1250292SUSE bug 1250294SUSE bug 1250296SUSE bug 1250297SUSE bug 1250298SUSE bug 1250334SUSE bug 1250344SUSE bug 1250365SUSE bug 1250371SUSE bug 1250377SUSE bug 1250386SUSE bug 1250389SUSE bug 1250398SUSE bug 1250402SUSE bug 1250406SUSE bug 1250407SUSE bug 1250408SUSE bug 1250450SUSE bug 1250491SUSE bug 1250519SUSE bug 1250522SUSE bug 1250650SUSE bug 1250655SUSE bug 1250671SUSE bug 1250702SUSE bug 1250711SUSE bug 1250712SUSE bug 1250713SUSE bug 1250716SUSE bug 1250719SUSE bug 1250722SUSE bug 1250729SUSE bug 1250736SUSE bug 1250737SUSE bug 1250739SUSE bug 1250741SUSE bug 1250742SUSE bug 1250758SUSE bug 1250952SUSE bug 1251100SUSE bug 1251114SUSE bug 1251134SUSE bug 1251135SUSE bug 1251143SUSE bug 1251146SUSE bug 1251186SUSE bug 1251216SUSE bug 1251230SUSE bug 1251810SUSE bug 1252084CVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57891 at SUSECVE-2024-57891 at NVDCVE-2024-57951 at SUSECVE-2024-57951 at NVDCVE-2024-57952 at SUSECVE-2024-57952 at NVDCVE-2024-58090 at SUSECVE-2024-58090 at NVDCVE-2025-22034 at SUSECVE-2025-22034 at NVDCVE-2025-22077 at SUSECVE-2025-22077 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37821 at SUSECVE-2025-37821 at NVDCVE-2025-37849 at SUSECVE-2025-37849 at NVDCVE-2025-37856 at SUSECVE-2025-37856 at NVDCVE-2025-37861 at SUSECVE-2025-37861 at NVDCVE-2025-37864 at SUSECVE-2025-37864 at NVDCVE-2025-38006 at SUSECVE-2025-38006 at NVDCVE-2025-38008 at SUSECVE-2025-38008 at NVDCVE-2025-38019 at SUSECVE-2025-38019 at NVDCVE-2025-38034 at SUSECVE-2025-38034 at NVDCVE-2025-38038 at SUSECVE-2025-38038 at NVDCVE-2025-38052 at SUSECVE-2025-38052 at NVDCVE-2025-38058 at SUSECVE-2025-38058 at NVDCVE-2025-38062 at SUSECVE-2025-38062 at NVDCVE-2025-38075 at SUSECVE-2025-38075 at NVDCVE-2025-38087 at SUSECVE-2025-38087 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38089 at SUSECVE-2025-38089 at NVDCVE-2025-38090 at SUSECVE-2025-38090 at NVDCVE-2025-38091 at SUSECVE-2025-38091 at NVDCVE-2025-38095 at SUSECVE-2025-38095 at NVDCVE-2025-38096 at SUSECVE-2025-38096 at NVDCVE-2025-38098 at SUSECVE-2025-38098 at NVDCVE-2025-38099 at SUSECVE-2025-38099 at NVDCVE-2025-38101 at SUSECVE-2025-38101 at NVDCVE-2025-38102 at SUSECVE-2025-38102 at NVDCVE-2025-38103 at SUSECVE-2025-38103 at NVDCVE-2025-38106 at SUSECVE-2025-38106 at NVDCVE-2025-38107 at SUSECVE-2025-38107 at NVDCVE-2025-38108 at SUSECVE-2025-38108 at NVDCVE-2025-38109 at SUSECVE-2025-38109 at NVDCVE-2025-38110 at SUSECVE-2025-38110 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38112 at SUSECVE-2025-38112 at NVDCVE-2025-38113 at SUSECVE-2025-38113 at NVDCVE-2025-38114 at SUSECVE-2025-38114 at NVDCVE-2025-38117 at SUSECVE-2025-38117 at NVDCVE-2025-38118 at SUSECVE-2025-38118 at NVDCVE-2025-38119 at SUSECVE-2025-38119 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38122 at SUSECVE-2025-38122 at NVDCVE-2025-38123 at SUSECVE-2025-38123 at NVDCVE-2025-38124 at SUSECVE-2025-38124 at NVDCVE-2025-38125 at SUSECVE-2025-38125 at NVDCVE-2025-38127 at SUSECVE-2025-38127 at NVDCVE-2025-38128 at SUSECVE-2025-38128 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38134 at SUSECVE-2025-38134 at NVDCVE-2025-38135 at SUSECVE-2025-38135 at NVDCVE-2025-38136 at SUSECVE-2025-38136 at NVDCVE-2025-38137 at SUSECVE-2025-38137 at NVDCVE-2025-38138 at SUSECVE-2025-38138 at NVDCVE-2025-38140 at SUSECVE-2025-38140 at NVDCVE-2025-38141 at SUSECVE-2025-38141 at NVDCVE-2025-38142 at SUSECVE-2025-38142 at NVDCVE-2025-38143 at SUSECVE-2025-38143 at NVDCVE-2025-38145 at SUSECVE-2025-38145 at NVDCVE-2025-38146 at SUSECVE-2025-38146 at NVDCVE-2025-38148 at SUSECVE-2025-38148 at NVDCVE-2025-38149 at SUSECVE-2025-38149 at NVDCVE-2025-38151 at SUSECVE-2025-38151 at NVDCVE-2025-38153 at SUSECVE-2025-38153 at NVDCVE-2025-38154 at SUSECVE-2025-38154 at NVDCVE-2025-38155 at SUSECVE-2025-38155 at NVDCVE-2025-38156 at SUSECVE-2025-38156 at NVDCVE-2025-38157 at SUSECVE-2025-38157 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38160 at SUSECVE-2025-38160 at NVDCVE-2025-38161 at SUSECVE-2025-38161 at NVDCVE-2025-38165 at SUSECVE-2025-38165 at NVDCVE-2025-38168 at SUSECVE-2025-38168 at NVDCVE-2025-38169 at SUSECVE-2025-38169 at NVDCVE-2025-38170 at SUSECVE-2025-38170 at NVDCVE-2025-38172 at SUSECVE-2025-38172 at NVDCVE-2025-38173 at SUSECVE-2025-38173 at NVDCVE-2025-38174 at SUSECVE-2025-38174 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38182 at SUSECVE-2025-38182 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38185 at SUSECVE-2025-38185 at NVDCVE-2025-38186 at SUSECVE-2025-38186 at NVDCVE-2025-38188 at SUSECVE-2025-38188 at NVDCVE-2025-38189 at SUSECVE-2025-38189 at NVDCVE-2025-38190 at SUSECVE-2025-38190 at NVDCVE-2025-38193 at SUSECVE-2025-38193 at NVDCVE-2025-38197 at SUSECVE-2025-38197 at NVDCVE-2025-38198 at SUSECVE-2025-38198 at NVDCVE-2025-38201 at SUSECVE-2025-38201 at NVDCVE-2025-38205 at SUSECVE-2025-38205 at NVDCVE-2025-38208 at SUSECVE-2025-38208 at NVDCVE-2025-38209 at SUSECVE-2025-38209 at NVDCVE-2025-38211 at SUSECVE-2025-38211 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38214 at SUSECVE-2025-38214 at NVDCVE-2025-38215 at SUSECVE-2025-38215 at NVDCVE-2025-38216 at SUSECVE-2025-38216 at NVDCVE-2025-38217 at SUSECVE-2025-38217 at NVDCVE-2025-38220 at SUSECVE-2025-38220 at NVDCVE-2025-38222 at SUSECVE-2025-38222 at NVDCVE-2025-38224 at SUSECVE-2025-38224 at NVDCVE-2025-38225 at SUSECVE-2025-38225 at NVDCVE-2025-38226 at SUSECVE-2025-38226 at NVDCVE-2025-38227 at SUSECVE-2025-38227 at NVDCVE-2025-38228 at SUSECVE-2025-38228 at NVDCVE-2025-38229 at SUSECVE-2025-38229 at NVDCVE-2025-38231 at SUSECVE-2025-38231 at NVDCVE-2025-38232 at SUSECVE-2025-38232 at NVDCVE-2025-38233 at SUSECVE-2025-38233 at NVDCVE-2025-38234 at SUSECVE-2025-38234 at NVDCVE-2025-38242 at SUSECVE-2025-38242 at NVDCVE-2025-38244 at SUSECVE-2025-38244 at NVDCVE-2025-38245 at SUSECVE-2025-38245 at NVDCVE-2025-38246 at SUSECVE-2025-38246 at NVDCVE-2025-38249 at SUSECVE-2025-38249 at NVDCVE-2025-38251 at SUSECVE-2025-38251 at NVDCVE-2025-38253 at SUSECVE-2025-38253 at NVDCVE-2025-38255 at SUSECVE-2025-38255 at NVDCVE-2025-38256 at SUSECVE-2025-38256 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38258 at SUSECVE-2025-38258 at NVDCVE-2025-38259 at SUSECVE-2025-38259 at NVDCVE-2025-38263 at SUSECVE-2025-38263 at NVDCVE-2025-38264 at SUSECVE-2025-38264 at NVDCVE-2025-38265 at SUSECVE-2025-38265 at NVDCVE-2025-38267 at SUSECVE-2025-38267 at NVDCVE-2025-38268 at SUSECVE-2025-38268 at NVDCVE-2025-38270 at SUSECVE-2025-38270 at NVDCVE-2025-38272 at SUSECVE-2025-38272 at NVDCVE-2025-38273 at SUSECVE-2025-38273 at NVDCVE-2025-38274 at SUSECVE-2025-38274 at NVDCVE-2025-38275 at SUSECVE-2025-38275 at NVDCVE-2025-38277 at SUSECVE-2025-38277 at NVDCVE-2025-38278 at SUSECVE-2025-38278 at NVDCVE-2025-38286 at SUSECVE-2025-38286 at NVDCVE-2025-38287 at SUSECVE-2025-38287 at NVDCVE-2025-38288 at SUSECVE-2025-38288 at NVDCVE-2025-38289 at SUSECVE-2025-38289 at NVDCVE-2025-38290 at SUSECVE-2025-38290 at NVDCVE-2025-38291 at SUSECVE-2025-38291 at NVDCVE-2025-38292 at SUSECVE-2025-38292 at NVDCVE-2025-38293 at SUSECVE-2025-38293 at NVDCVE-2025-38299 at SUSECVE-2025-38299 at NVDCVE-2025-38300 at SUSECVE-2025-38300 at NVDCVE-2025-38301 at SUSECVE-2025-38301 at NVDCVE-2025-38302 at SUSECVE-2025-38302 at NVDCVE-2025-38303 at SUSECVE-2025-38303 at NVDCVE-2025-38304 at SUSECVE-2025-38304 at NVDCVE-2025-38305 at SUSECVE-2025-38305 at NVDCVE-2025-38306 at SUSECVE-2025-38306 at NVDCVE-2025-38307 at SUSECVE-2025-38307 at NVDCVE-2025-38311 at SUSECVE-2025-38311 at NVDCVE-2025-38312 at SUSECVE-2025-38312 at NVDCVE-2025-38313 at SUSECVE-2025-38313 at NVDCVE-2025-38315 at SUSECVE-2025-38315 at NVDCVE-2025-38317 at SUSECVE-2025-38317 at NVDCVE-2025-38318 at SUSECVE-2025-38318 at NVDCVE-2025-38319 at SUSECVE-2025-38319 at NVDCVE-2025-38322 at SUSECVE-2025-38322 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38326 at SUSECVE-2025-38326 at NVDCVE-2025-38332 at SUSECVE-2025-38332 at NVDCVE-2025-38335 at SUSECVE-2025-38335 at NVDCVE-2025-38336 at SUSECVE-2025-38336 at NVDCVE-2025-38337 at SUSECVE-2025-38337 at NVDCVE-2025-38338 at SUSECVE-2025-38338 at NVDCVE-2025-38339 at SUSECVE-2025-38339 at NVDCVE-2025-38341 at SUSECVE-2025-38341 at NVDCVE-2025-38342 at SUSECVE-2025-38342 at NVDCVE-2025-38343 at SUSECVE-2025-38343 at NVDCVE-2025-38344 at SUSECVE-2025-38344 at NVDCVE-2025-38345 at SUSECVE-2025-38345 at NVDCVE-2025-38348 at SUSECVE-2025-38348 at NVDCVE-2025-38349 at SUSECVE-2025-38349 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38351 at SUSECVE-2025-38351 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38353 at SUSECVE-2025-38353 at NVDCVE-2025-38354 at SUSECVE-2025-38354 at NVDCVE-2025-38355 at SUSECVE-2025-38355 at NVDCVE-2025-38356 at SUSECVE-2025-38356 at NVDCVE-2025-38359 at SUSECVE-2025-38359 at NVDCVE-2025-38360 at SUSECVE-2025-38360 at NVDCVE-2025-38361 at SUSECVE-2025-38361 at NVDCVE-2025-38362 at SUSECVE-2025-38362 at NVDCVE-2025-38363 at SUSECVE-2025-38363 at NVDCVE-2025-38364 at SUSECVE-2025-38364 at NVDCVE-2025-38365 at SUSECVE-2025-38365 at NVDCVE-2025-38368 at SUSECVE-2025-38368 at NVDCVE-2025-38369 at SUSECVE-2025-38369 at NVDCVE-2025-38371 at SUSECVE-2025-38371 at NVDCVE-2025-38372 at SUSECVE-2025-38372 at NVDCVE-2025-38373 at SUSECVE-2025-38373 at NVDCVE-2025-38374 at SUSECVE-2025-38374 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-38376 at SUSECVE-2025-38376 at NVDCVE-2025-38377 at SUSECVE-2025-38377 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38381 at SUSECVE-2025-38381 at NVDCVE-2025-38382 at SUSECVE-2025-38382 at NVDCVE-2025-38383 at SUSECVE-2025-38383 at NVDCVE-2025-38384 at SUSECVE-2025-38384 at NVDCVE-2025-38385 at SUSECVE-2025-38385 at NVDCVE-2025-38386 at SUSECVE-2025-38386 at NVDCVE-2025-38387 at SUSECVE-2025-38387 at NVDCVE-2025-38389 at SUSECVE-2025-38389 at NVDCVE-2025-38390 at SUSECVE-2025-38390 at NVDCVE-2025-38391 at SUSECVE-2025-38391 at NVDCVE-2025-38392 at SUSECVE-2025-38392 at NVDCVE-2025-38393 at SUSECVE-2025-38393 at NVDCVE-2025-38395 at SUSECVE-2025-38395 at NVDCVE-2025-38396 at SUSECVE-2025-38396 at NVDCVE-2025-38397 at SUSECVE-2025-38397 at NVDCVE-2025-38399 at SUSECVE-2025-38399 at NVDCVE-2025-38400 at SUSECVE-2025-38400 at NVDCVE-2025-38401 at SUSECVE-2025-38401 at NVDCVE-2025-38402 at SUSECVE-2025-38402 at NVDCVE-2025-38403 at SUSECVE-2025-38403 at NVDCVE-2025-38404 at SUSECVE-2025-38404 at NVDCVE-2025-38405 at SUSECVE-2025-38405 at NVDCVE-2025-38406 at SUSECVE-2025-38406 at NVDCVE-2025-38408 at SUSECVE-2025-38408 at NVDCVE-2025-38409 at SUSECVE-2025-38409 at NVDCVE-2025-38410 at SUSECVE-2025-38410 at NVDCVE-2025-38412 at SUSECVE-2025-38412 at NVDCVE-2025-38413 at SUSECVE-2025-38413 at NVDCVE-2025-38414 at SUSECVE-2025-38414 at NVDCVE-2025-38415 at SUSECVE-2025-38415 at NVDCVE-2025-38416 at SUSECVE-2025-38416 at NVDCVE-2025-38417 at SUSECVE-2025-38417 at NVDCVE-2025-38418 at SUSECVE-2025-38418 at NVDCVE-2025-38419 at SUSECVE-2025-38419 at NVDCVE-2025-38420 at SUSECVE-2025-38420 at NVDCVE-2025-38421 at SUSECVE-2025-38421 at NVDCVE-2025-38424 at SUSECVE-2025-38424 at NVDCVE-2025-38425 at SUSECVE-2025-38425 at NVDCVE-2025-38426 at SUSECVE-2025-38426 at NVDCVE-2025-38427 at SUSECVE-2025-38427 at NVDCVE-2025-38428 at SUSECVE-2025-38428 at NVDCVE-2025-38429 at SUSECVE-2025-38429 at NVDCVE-2025-38430 at SUSECVE-2025-38430 at NVDCVE-2025-38436 at SUSECVE-2025-38436 at NVDCVE-2025-38438 at SUSECVE-2025-38438 at NVDCVE-2025-38439 at SUSECVE-2025-38439 at NVDCVE-2025-38440 at SUSECVE-2025-38440 at NVDCVE-2025-38441 at SUSECVE-2025-38441 at NVDCVE-2025-38443 at SUSECVE-2025-38443 at NVDCVE-2025-38444 at SUSECVE-2025-38444 at NVDCVE-2025-38445 at SUSECVE-2025-38445 at NVDCVE-2025-38446 at SUSECVE-2025-38446 at NVDCVE-2025-38448 at SUSECVE-2025-38448 at NVDCVE-2025-38449 at SUSECVE-2025-38449 at NVDCVE-2025-38450 at SUSECVE-2025-38450 at NVDCVE-2025-38451 at SUSECVE-2025-38451 at NVDCVE-2025-38453 at SUSECVE-2025-38453 at NVDCVE-2025-38454 at SUSECVE-2025-38454 at NVDCVE-2025-38455 at SUSECVE-2025-38455 at NVDCVE-2025-38456 at SUSECVE-2025-38456 at NVDCVE-2025-38457 at SUSECVE-2025-38457 at NVDCVE-2025-38458 at SUSECVE-2025-38458 at NVDCVE-2025-38459 at SUSECVE-2025-38459 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38461 at SUSECVE-2025-38461 at NVDCVE-2025-38462 at SUSECVE-2025-38462 at NVDCVE-2025-38463 at SUSECVE-2025-38463 at NVDCVE-2025-38464 at SUSECVE-2025-38464 at NVDCVE-2025-38465 at SUSECVE-2025-38465 at NVDCVE-2025-38466 at SUSECVE-2025-38466 at NVDCVE-2025-38467 at SUSECVE-2025-38467 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38470 at SUSECVE-2025-38470 at NVDCVE-2025-38472 at SUSECVE-2025-38472 at NVDCVE-2025-38473 at SUSECVE-2025-38473 at NVDCVE-2025-38474 at SUSECVE-2025-38474 at NVDCVE-2025-38475 at SUSECVE-2025-38475 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38478 at SUSECVE-2025-38478 at NVDCVE-2025-38480 at SUSECVE-2025-38480 at NVDCVE-2025-38481 at SUSECVE-2025-38481 at NVDCVE-2025-38482 at SUSECVE-2025-38482 at NVDCVE-2025-38483 at SUSECVE-2025-38483 at NVDCVE-2025-38484 at SUSECVE-2025-38484 at NVDCVE-2025-38485 at SUSECVE-2025-38485 at NVDCVE-2025-38487 at SUSECVE-2025-38487 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38489 at SUSECVE-2025-38489 at NVDCVE-2025-38490 at SUSECVE-2025-38490 at NVDCVE-2025-38491 at SUSECVE-2025-38491 at NVDCVE-2025-38493 at SUSECVE-2025-38493 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38496 at SUSECVE-2025-38496 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38500 at SUSECVE-2025-38500 at NVDCVE-2025-38503 at SUSECVE-2025-38503 at NVDCVE-2025-38506 at SUSECVE-2025-38506 at NVDCVE-2025-38508 at SUSECVE-2025-38508 at NVDCVE-2025-38514 at SUSECVE-2025-38514 at NVDCVE-2025-38524 at SUSECVE-2025-38524 at NVDCVE-2025-38526 at SUSECVE-2025-38526 at NVDCVE-2025-38527 at SUSECVE-2025-38527 at NVDCVE-2025-38528 at SUSECVE-2025-38528 at NVDCVE-2025-38531 at SUSECVE-2025-38531 at NVDCVE-2025-38533 at SUSECVE-2025-38533 at NVDCVE-2025-38539 at SUSECVE-2025-38539 at NVDCVE-2025-38544 at SUSECVE-2025-38544 at NVDCVE-2025-38545 at SUSECVE-2025-38545 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38549 at SUSECVE-2025-38549 at NVDCVE-2025-38552 at SUSECVE-2025-38552 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38554 at SUSECVE-2025-38554 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38556 at SUSECVE-2025-38556 at NVDCVE-2025-38557 at SUSECVE-2025-38557 at NVDCVE-2025-38559 at SUSECVE-2025-38559 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38564 at SUSECVE-2025-38564 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38566 at SUSECVE-2025-38566 at NVDCVE-2025-38568 at SUSECVE-2025-38568 at NVDCVE-2025-38571 at SUSECVE-2025-38571 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38573 at SUSECVE-2025-38573 at NVDCVE-2025-38574 at SUSECVE-2025-38574 at NVDCVE-2025-38576 at SUSECVE-2025-38576 at NVDCVE-2025-38581 at SUSECVE-2025-38581 at NVDCVE-2025-38582 at SUSECVE-2025-38582 at NVDCVE-2025-38583 at SUSECVE-2025-38583 at NVDCVE-2025-38584 at SUSECVE-2025-38584 at NVDCVE-2025-38585 at SUSECVE-2025-38585 at NVDCVE-2025-38586 at SUSECVE-2025-38586 at NVDCVE-2025-38587 at SUSECVE-2025-38587 at NVDCVE-2025-38588 at SUSECVE-2025-38588 at NVDCVE-2025-38591 at SUSECVE-2025-38591 at NVDCVE-2025-38593 at SUSECVE-2025-38593 at NVDCVE-2025-38595 at SUSECVE-2025-38595 at NVDCVE-2025-38597 at SUSECVE-2025-38597 at NVDCVE-2025-38601 at SUSECVE-2025-38601 at NVDCVE-2025-38602 at SUSECVE-2025-38602 at NVDCVE-2025-38604 at SUSECVE-2025-38604 at NVDCVE-2025-38605 at SUSECVE-2025-38605 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38609 at SUSECVE-2025-38609 at NVDCVE-2025-38610 at SUSECVE-2025-38610 at NVDCVE-2025-38612 at SUSECVE-2025-38612 at NVDCVE-2025-38614 at SUSECVE-2025-38614 at NVDCVE-2025-38616 at SUSECVE-2025-38616 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38619 at SUSECVE-2025-38619 at NVDCVE-2025-38621 at SUSECVE-2025-38621 at NVDCVE-2025-38622 at SUSECVE-2025-38622 at NVDCVE-2025-38623 at SUSECVE-2025-38623 at NVDCVE-2025-38624 at SUSECVE-2025-38624 at NVDCVE-2025-38628 at SUSECVE-2025-38628 at NVDCVE-2025-38630 at SUSECVE-2025-38630 at NVDCVE-2025-38631 at SUSECVE-2025-38631 at NVDCVE-2025-38632 at SUSECVE-2025-38632 at NVDCVE-2025-38634 at SUSECVE-2025-38634 at NVDCVE-2025-38635 at SUSECVE-2025-38635 at NVDCVE-2025-38639 at SUSECVE-2025-38639 at NVDCVE-2025-38640 at SUSECVE-2025-38640 at NVDCVE-2025-38643 at SUSECVE-2025-38643 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDCVE-2025-38646 at SUSECVE-2025-38646 at NVDCVE-2025-38648 at SUSECVE-2025-38648 at NVDCVE-2025-38656 at SUSECVE-2025-38656 at NVDCVE-2025-38658 at SUSECVE-2025-38658 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38660 at SUSECVE-2025-38660 at NVDCVE-2025-38662 at SUSECVE-2025-38662 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38665 at SUSECVE-2025-38665 at NVDCVE-2025-38668 at SUSECVE-2025-38668 at NVDCVE-2025-38670 at SUSECVE-2025-38670 at NVDCVE-2025-38671 at SUSECVE-2025-38671 at NVDCVE-2025-38676 at SUSECVE-2025-38676 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38679 at SUSECVE-2025-38679 at NVDCVE-2025-38680 at SUSECVE-2025-38680 at NVDCVE-2025-38681 at SUSECVE-2025-38681 at NVDCVE-2025-38683 at SUSECVE-2025-38683 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38686 at SUSECVE-2025-38686 at NVDCVE-2025-38687 at SUSECVE-2025-38687 at NVDCVE-2025-38691 at SUSECVE-2025-38691 at NVDCVE-2025-38692 at SUSECVE-2025-38692 at NVDCVE-2025-38693 at SUSECVE-2025-38693 at NVDCVE-2025-38694 at SUSECVE-2025-38694 at NVDCVE-2025-38695 at SUSECVE-2025-38695 at NVDCVE-2025-38700 at SUSECVE-2025-38700 at NVDCVE-2025-38701 at SUSECVE-2025-38701 at NVDCVE-2025-38702 at SUSECVE-2025-38702 at NVDCVE-2025-38703 at SUSECVE-2025-38703 at NVDCVE-2025-38705 at SUSECVE-2025-38705 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38709 at SUSECVE-2025-38709 at NVDCVE-2025-38710 at SUSECVE-2025-38710 at NVDCVE-2025-38717 at SUSECVE-2025-38717 at NVDCVE-2025-38721 at SUSECVE-2025-38721 at NVDCVE-2025-38722 at SUSECVE-2025-38722 at NVDCVE-2025-38724 at SUSECVE-2025-38724 at NVDCVE-2025-38725 at SUSECVE-2025-38725 at NVDCVE-2025-38727 at SUSECVE-2025-38727 at NVDCVE-2025-38729 at SUSECVE-2025-38729 at NVDCVE-2025-38730 at SUSECVE-2025-38730 at NVDCVE-2025-38732 at SUSECVE-2025-38732 at NVDCVE-2025-38733 at SUSECVE-2025-38733 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-38735 at SUSECVE-2025-38735 at NVDCVE-2025-38736 at SUSECVE-2025-38736 at NVDCVE-2025-39673 at SUSECVE-2025-39673 at NVDCVE-2025-39675 at SUSECVE-2025-39675 at NVDCVE-2025-39677 at SUSECVE-2025-39677 at NVDCVE-2025-39678 at SUSECVE-2025-39678 at NVDCVE-2025-39679 at SUSECVE-2025-39679 at NVDCVE-2025-39681 at SUSECVE-2025-39681 at NVDCVE-2025-39682 at SUSECVE-2025-39682 at NVDCVE-2025-39683 at SUSECVE-2025-39683 at NVDCVE-2025-39684 at SUSECVE-2025-39684 at NVDCVE-2025-39685 at SUSECVE-2025-39685 at NVDCVE-2025-39686 at SUSECVE-2025-39686 at NVDCVE-2025-39687 at SUSECVE-2025-39687 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39693 at SUSECVE-2025-39693 at NVDCVE-2025-39694 at SUSECVE-2025-39694 at NVDCVE-2025-39695 at SUSECVE-2025-39695 at NVDCVE-2025-39697 at SUSECVE-2025-39697 at NVDCVE-2025-39698 at SUSECVE-2025-39698 at NVDCVE-2025-39700 at SUSECVE-2025-39700 at NVDCVE-2025-39701 at SUSECVE-2025-39701 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39705 at SUSECVE-2025-39705 at NVDCVE-2025-39706 at SUSECVE-2025-39706 at NVDCVE-2025-39707 at SUSECVE-2025-39707 at NVDCVE-2025-39709 at SUSECVE-2025-39709 at NVDCVE-2025-39710 at SUSECVE-2025-39710 at NVDCVE-2025-39711 at SUSECVE-2025-39711 at NVDCVE-2025-39712 at SUSECVE-2025-39712 at NVDCVE-2025-39713 at SUSECVE-2025-39713 at NVDCVE-2025-39714 at SUSECVE-2025-39714 at NVDCVE-2025-39718 at SUSECVE-2025-39718 at NVDCVE-2025-39719 at SUSECVE-2025-39719 at NVDCVE-2025-39721 at SUSECVE-2025-39721 at NVDCVE-2025-39722 at SUSECVE-2025-39722 at NVDCVE-2025-39723 at SUSECVE-2025-39723 at NVDCVE-2025-39724 at SUSECVE-2025-39724 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39727 at SUSECVE-2025-39727 at NVDCVE-2025-39730 at SUSECVE-2025-39730 at NVDCVE-2025-39732 at SUSECVE-2025-39732 at NVDCVE-2025-39738 at SUSECVE-2025-39738 at NVDCVE-2025-39739 at SUSECVE-2025-39739 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39744 at SUSECVE-2025-39744 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39747 at SUSECVE-2025-39747 at NVDCVE-2025-39748 at SUSECVE-2025-39748 at NVDCVE-2025-39749 at SUSECVE-2025-39749 at NVDCVE-2025-39750 at SUSECVE-2025-39750 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39754 at SUSECVE-2025-39754 at NVDCVE-2025-39757 at SUSECVE-2025-39757 at NVDCVE-2025-39758 at SUSECVE-2025-39758 at NVDCVE-2025-39759 at SUSECVE-2025-39759 at NVDCVE-2025-39760 at SUSECVE-2025-39760 at NVDCVE-2025-39761 at SUSECVE-2025-39761 at NVDCVE-2025-39763 at SUSECVE-2025-39763 at NVDCVE-2025-39764 at SUSECVE-2025-39764 at NVDCVE-2025-39765 at SUSECVE-2025-39765 at NVDCVE-2025-39766 at SUSECVE-2025-39766 at NVDCVE-2025-39770 at SUSECVE-2025-39770 at NVDCVE-2025-39772 at SUSECVE-2025-39772 at NVDCVE-2025-39773 at SUSECVE-2025-39773 at NVDCVE-2025-39775 at SUSECVE-2025-39775 at NVDCVE-2025-39782 at SUSECVE-2025-39782 at NVDCVE-2025-39783 at SUSECVE-2025-39783 at NVDCVE-2025-39787 at SUSECVE-2025-39787 at NVDCVE-2025-39788 at SUSECVE-2025-39788 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39791 at SUSECVE-2025-39791 at NVDCVE-2025-39792 at SUSECVE-2025-39792 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39798 at SUSECVE-2025-39798 at NVDCVE-2025-39800 at SUSECVE-2025-39800 at NVDCVE-2025-39801 at SUSECVE-2025-39801 at NVDCVE-2025-39806 at SUSECVE-2025-39806 at NVDCVE-2025-39807 at SUSECVE-2025-39807 at NVDCVE-2025-39808 at SUSECVE-2025-39808 at NVDCVE-2025-39810 at SUSECVE-2025-39810 at NVDCVE-2025-39811 at SUSECVE-2025-39811 at NVDCVE-2025-39813 at SUSECVE-2025-39813 at NVDCVE-2025-39816 at SUSECVE-2025-39816 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39825 at SUSECVE-2025-39825 at NVDCVE-2025-39826 at SUSECVE-2025-39826 at NVDCVE-2025-39827 at SUSECVE-2025-39827 at NVDCVE-2025-39828 at SUSECVE-2025-39828 at NVDCVE-2025-39830 at SUSECVE-2025-39830 at NVDCVE-2025-39832 at SUSECVE-2025-39832 at NVDCVE-2025-39833 at SUSECVE-2025-39833 at NVDCVE-2025-39834 at SUSECVE-2025-39834 at NVDCVE-2025-39835 at SUSECVE-2025-39835 at NVDCVE-2025-39836 at SUSECVE-2025-39836 at NVDCVE-2025-39838 at SUSECVE-2025-39838 at NVDCVE-2025-39839 at SUSECVE-2025-39839 at NVDCVE-2025-39841 at SUSECVE-2025-39841 at NVDCVE-2025-39842 at SUSECVE-2025-39842 at NVDCVE-2025-39844 at SUSECVE-2025-39844 at NVDCVE-2025-39845 at SUSECVE-2025-39845 at NVDCVE-2025-39847 at SUSECVE-2025-39847 at NVDCVE-2025-39848 at SUSECVE-2025-39848 at NVDCVE-2025-39849 at SUSECVE-2025-39849 at NVDCVE-2025-39850 at SUSECVE-2025-39850 at NVDCVE-2025-39851 at SUSECVE-2025-39851 at NVDCVE-2025-39852 at SUSECVE-2025-39852 at NVDCVE-2025-39853 at SUSECVE-2025-39853 at NVDCVE-2025-39854 at SUSECVE-2025-39854 at NVDCVE-2025-39857 at SUSECVE-2025-39857 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39861 at SUSECVE-2025-39861 at NVDCVE-2025-39863 at SUSECVE-2025-39863 at NVDCVE-2025-39864 at SUSECVE-2025-39864 at NVDCVE-2025-39865 at SUSECVE-2025-39865 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDCVE-2025-39870 at SUSECVE-2025-39870 at NVDCVE-2025-39871 at SUSECVE-2025-39871 at NVDCVE-2025-39873 at SUSECVE-2025-39873 at NVDCVE-2025-39875 at SUSECVE-2025-39875 at NVDCVE-2025-39877 at SUSECVE-2025-39877 at NVDCVE-2025-39882 at SUSECVE-2025-39882 at NVDCVE-2025-39884 at SUSECVE-2025-39884 at NVDCVE-2025-39885 at SUSECVE-2025-39885 at NVDCVE-2025-39889 at SUSECVE-2025-39889 at NVDCVE-2025-39890 at SUSECVE-2025-39890 at NVDCVE-2025-39891 at SUSECVE-2025-39891 at NVDCVE-2025-39896 at SUSECVE-2025-39896 at NVDCVE-2025-39898 at SUSECVE-2025-39898 at NVDCVE-2025-39899 at SUSECVE-2025-39899 at NVDCVE-2025-39900 at SUSECVE-2025-39900 at NVDCVE-2025-39902 at SUSECVE-2025-39902 at NVDCVE-2025-39907 at SUSECVE-2025-39907 at NVDCVE-2025-39909 at SUSECVE-2025-39909 at NVDCVE-2025-39916 at SUSECVE-2025-39916 at NVDCVE-2025-39918 at SUSECVE-2025-39918 at NVDCVE-2025-39922 at SUSECVE-2025-39922 at NVDCVE-2025-39923 at SUSECVE-2025-39923 at NVDCVE-2025-39925 at SUSECVE-2025-39925 at NVDCVE-2025-39926 at SUSECVE-2025-39926 at NVDCVE-2025-39931 at SUSECVE-2025-39931 at NVDCVE-2025-39934 at SUSECVE-2025-39934 at NVDCVE-2025-39937 at SUSECVE-2025-39937 at NVDCVE-2025-39938 at SUSECVE-2025-39938 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39946 at SUSECVE-2025-39946 at NVDCVE-2025-39952 at SUSECVE-2025-39952 at NVDCVE-2025-39957 at SUSECVE-2025-39957 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDcpe:/o:suse:sl-micro:6.2Security update for zlib (Moderate)SUSE Linux Micro 6.2
This update for zlib fixes the following issues:
- CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392)
- CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378)
ModerateSUSE bug 1216378SUSE bug 1258392CVE-2023-45853 at SUSECVE-2023-45853 at NVDCVE-2026-27171 at SUSECVE-2026-27171 at NVDcpe:/o:suse:sl-micro:6.2Security update for util-linux (Moderate)SUSE Linux Micro 6.2
This update for util-linux fixes the following issues:
Security issues:
- CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859).
Non security issues:
- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
ModerateSUSE bug 1222465SUSE bug 1254666SUSE bug 1258859CVE-2025-14104 at SUSECVE-2025-14104 at NVDCVE-2026-3184 at SUSECVE-2026-3184 at NVDcpe:/o:suse:sl-micro:6.2Security update for ovmf (Moderate)SUSE Linux Micro 6.2
This update for ovmf fixes the following issue:
- CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441).
ModerateSUSE bug 1252441CVE-2025-59438 at SUSECVE-2025-59438 at NVDcpe:/o:suse:sl-micro:6.2Security update for glibc (Important)SUSE Linux Micro 6.2
This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
Other fixes:
- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319).
ImportantSUSE bug 1258319SUSE bug 1260078SUSE bug 1260082CVE-2026-4437 at SUSECVE-2026-4437 at NVDCVE-2026-4438 at SUSECVE-2026-4438 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) (Important)SUSE Linux Micro 6.2
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).
ImportantSUSE bug 1256780SUSE bug 1257238SUSE bug 1258051SUSE bug 1258183SUSE bug 1258784CVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23111 at SUSECVE-2026-23111 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit-podman (Important)SUSE Linux Micro 6.2
This update for cockpit-podman fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and
may crash a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character
that doesn't appear in the test string (bsc#1258641).
ImportantSUSE bug 1257836SUSE bug 1258641CVE-2026-25547 at SUSECVE-2026-25547 at NVDCVE-2026-26996 at SUSECVE-2026-26996 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit-machines (Important)SUSE Linux Micro 6.2
This update for cockpit-machines fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash
a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character
that doesn't appear in the test string can lead to ReDoS (bsc#1258641).
ImportantSUSE bug 1257836SUSE bug 1258641CVE-2026-25547 at SUSECVE-2026-25547 at NVDCVE-2026-26996 at SUSECVE-2026-26996 at NVDcpe:/o:suse:sl-micro:6.2Security update for cockpit (Important)SUSE Linux Micro 6.2
This update for cockpit fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash
a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character
that doesn't appear in the test string can lead to ReDoS (bsc#1258641).
ImportantSUSE bug 1257836SUSE bug 1258641CVE-2026-25547 at SUSECVE-2026-25547 at NVDCVE-2026-26996 at SUSECVE-2026-26996 at NVDcpe:/o:suse:sl-micro:6.2Security update for python-cryptography (Important)SUSE Linux Micro 6.2
This update for python-cryptography fixes the following issues:
- CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876)
- CVE-2026-26007: missing validation can lead to security issues for signature verification (ECDSA) and shared key negotiation (ECDH) (bsc#1258074).
ImportantSUSE bug 1258074SUSE bug 1260876CVE-2026-26007 at SUSECVE-2026-26007 at NVDCVE-2026-34073 at SUSECVE-2026-34073 at NVDcpe:/o:suse:sl-micro:6.2Security update for curl (Important)SUSE Linux Micro 6.2
This update for curl fixes the following issues:
- CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
- CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)
Other fixes:
- tool_operate: fix return code when --retry is used but not
triggered (bsc#1249367)
ImportantSUSE bug 1249191SUSE bug 1249348SUSE bug 1249367SUSE bug 1253757CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-11563 at SUSECVE-2025-11563 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sl-micro:6.2Security update for the Linux Kernel (Important)SUSE Linux Micro 6.2
The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809).
- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067).
- CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
- CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- add bug reference to existing hv_netvsc change (bsc#1252265)
- amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226).
- cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166).
- cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166).
- cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166).
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
The character was previously 'N', but upstream used it for TAINT_TEST,
which prompted the change of TAINT_NO_SUPPORT to 'n'.
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
- kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725).
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348).
ImportantSUSE bug 1218644SUSE bug 1238472SUSE bug 1239206SUSE bug 1241166SUSE bug 1241637SUSE bug 1247222SUSE bug 1248630SUSE bug 1249161SUSE bug 1249226SUSE bug 1249302SUSE bug 1249317SUSE bug 1249397SUSE bug 1249398SUSE bug 1249495SUSE bug 1249512SUSE bug 1249608SUSE bug 1249735SUSE bug 1250202SUSE bug 1250379SUSE bug 1250400SUSE bug 1250455SUSE bug 1250491SUSE bug 1250704SUSE bug 1250721SUSE bug 1250749SUSE bug 1250946SUSE bug 1251176SUSE bug 1251177SUSE bug 1251232SUSE bug 1251233SUSE bug 1251804SUSE bug 1251809SUSE bug 1251819SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252039SUSE bug 1252044SUSE bug 1252047SUSE bug 1252051SUSE bug 1252052SUSE bug 1252056SUSE bug 1252060SUSE bug 1252062SUSE bug 1252064SUSE bug 1252065SUSE bug 1252067SUSE bug 1252069SUSE bug 1252070SUSE bug 1252072SUSE bug 1252074SUSE bug 1252075SUSE bug 1252076SUSE bug 1252078SUSE bug 1252079SUSE bug 1252081SUSE bug 1252082SUSE bug 1252083SUSE bug 1252253SUSE bug 1252265SUSE bug 1252267SUSE bug 1252270SUSE bug 1252330SUSE bug 1252333SUSE bug 1252336SUSE bug 1252346SUSE bug 1252348SUSE bug 1252349SUSE bug 1252678SUSE bug 1252679SUSE bug 1252688SUSE bug 1252725SUSE bug 1252734SUSE bug 1252772SUSE bug 1252774SUSE bug 1252780SUSE bug 1252785SUSE bug 1252787SUSE bug 1252789SUSE bug 1252797SUSE bug 1252819SUSE bug 1252822SUSE bug 1252826SUSE bug 1252841SUSE bug 1252848SUSE bug 1252849SUSE bug 1252850SUSE bug 1252851SUSE bug 1252854SUSE bug 1252858SUSE bug 1252862SUSE bug 1252865SUSE bug 1252866SUSE bug 1252873SUSE bug 1252902SUSE bug 1252909SUSE bug 1252915SUSE bug 1252918SUSE bug 1252921SUSE bug 1252939CVE-2025-21816 at SUSECVE-2025-21816 at NVDCVE-2025-38653 at SUSECVE-2025-38653 at NVDCVE-2025-38718 at SUSECVE-2025-38718 at NVDCVE-2025-39676 at SUSECVE-2025-39676 at NVDCVE-2025-39702 at SUSECVE-2025-39702 at NVDCVE-2025-39756 at SUSECVE-2025-39756 at NVDCVE-2025-39779 at SUSECVE-2025-39779 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39812 at SUSECVE-2025-39812 at NVDCVE-2025-39866 at SUSECVE-2025-39866 at NVDCVE-2025-39876 at SUSECVE-2025-39876 at NVDCVE-2025-39881 at SUSECVE-2025-39881 at NVDCVE-2025-39895 at SUSECVE-2025-39895 at NVDCVE-2025-39903 at SUSECVE-2025-39903 at NVDCVE-2025-39911 at SUSECVE-2025-39911 at NVDCVE-2025-39947 at SUSECVE-2025-39947 at NVDCVE-2025-39948 at SUSECVE-2025-39948 at NVDCVE-2025-39949 at SUSECVE-2025-39949 at NVDCVE-2025-39950 at SUSECVE-2025-39950 at NVDCVE-2025-39955 at SUSECVE-2025-39955 at NVDCVE-2025-39956 at SUSECVE-2025-39956 at NVDCVE-2025-39963 at SUSECVE-2025-39963 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39969 at SUSECVE-2025-39969 at NVDCVE-2025-39970 at SUSECVE-2025-39970 at NVDCVE-2025-39971 at SUSECVE-2025-39971 at NVDCVE-2025-39972 at SUSECVE-2025-39972 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-39979 at SUSECVE-2025-39979 at NVDCVE-2025-39981 at SUSECVE-2025-39981 at NVDCVE-2025-39982 at SUSECVE-2025-39982 at NVDCVE-2025-39984 at SUSECVE-2025-39984 at NVDCVE-2025-39985 at SUSECVE-2025-39985 at NVDCVE-2025-39986 at SUSECVE-2025-39986 at NVDCVE-2025-39987 at SUSECVE-2025-39987 at NVDCVE-2025-39988 at SUSECVE-2025-39988 at NVDCVE-2025-39991 at SUSECVE-2025-39991 at NVDCVE-2025-39992 at SUSECVE-2025-39992 at NVDCVE-2025-39993 at SUSECVE-2025-39993 at NVDCVE-2025-39994 at SUSECVE-2025-39994 at NVDCVE-2025-39995 at SUSECVE-2025-39995 at NVDCVE-2025-39996 at SUSECVE-2025-39996 at NVDCVE-2025-39997 at SUSECVE-2025-39997 at NVDCVE-2025-40000 at SUSECVE-2025-40000 at NVDCVE-2025-40005 at SUSECVE-2025-40005 at NVDCVE-2025-40009 at SUSECVE-2025-40009 at NVDCVE-2025-40011 at SUSECVE-2025-40011 at NVDCVE-2025-40012 at SUSECVE-2025-40012 at NVDCVE-2025-40013 at SUSECVE-2025-40013 at NVDCVE-2025-40016 at SUSECVE-2025-40016 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40020 at SUSECVE-2025-40020 at NVDCVE-2025-40029 at SUSECVE-2025-40029 at NVDCVE-2025-40032 at SUSECVE-2025-40032 at NVDCVE-2025-40035 at SUSECVE-2025-40035 at NVDCVE-2025-40036 at SUSECVE-2025-40036 at NVDCVE-2025-40037 at SUSECVE-2025-40037 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40043 at SUSECVE-2025-40043 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40049 at SUSECVE-2025-40049 at NVDCVE-2025-40051 at SUSECVE-2025-40051 at NVDCVE-2025-40052 at SUSECVE-2025-40052 at NVDCVE-2025-40056 at SUSECVE-2025-40056 at NVDCVE-2025-40058 at SUSECVE-2025-40058 at NVDCVE-2025-40060 at SUSECVE-2025-40060 at NVDCVE-2025-40061 at SUSECVE-2025-40061 at NVDCVE-2025-40062 at SUSECVE-2025-40062 at NVDCVE-2025-40071 at SUSECVE-2025-40071 at NVDCVE-2025-40078 at SUSECVE-2025-40078 at NVDCVE-2025-40080 at SUSECVE-2025-40080 at NVDCVE-2025-40085 at SUSECVE-2025-40085 at NVDCVE-2025-40087 at SUSECVE-2025-40087 at NVDCVE-2025-40091 at SUSECVE-2025-40091 at NVDCVE-2025-40096 at SUSECVE-2025-40096 at NVDCVE-2025-40100 at SUSECVE-2025-40100 at NVDCVE-2025-40104 at SUSECVE-2025-40104 at NVDCVE-2025-40364 at SUSECVE-2025-40364 at NVDcpe:/o:suse:sl-micro:6.2Security update for libvirt (Moderate)SUSE Linux Micro 6.2
This update for libvirt fixes the following issues:
- CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots (bsc#1253703)
- CVE-2025-12748: Fixed Denial of service in XML parsing (bsc#1253278)
Other fixes:
- spec: Adjust dbus dependency (bsc#1253642)
- qemu: Add support for Intel TDX (jsc#PED-9265)
ModerateSUSE bug 1253278SUSE bug 1253642SUSE bug 1253703CVE-2025-12748 at SUSECVE-2025-12748 at NVDCVE-2025-13193 at SUSECVE-2025-13193 at NVDcpe:/o:suse:sl-micro:6.2Security update for openssh (Moderate)SUSE Linux Micro 6.2
This update for openssh fixes the following issues:
- CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198).
- CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199).
ModerateSUSE bug 1251198SUSE bug 1251199CVE-2025-61984 at SUSECVE-2025-61984 at NVDCVE-2025-61985 at SUSECVE-2025-61985 at NVDcpe:/o:suse:sl-micro:6.2Security update for binutils (Important)SUSE Linux Micro 6.2
This update for binutils fixes the following issues:
Changes in binutils:
- Update to current 2.45 branch at 94cb1c075 to include fix
for PR33584 (a problem related to LTO vs fortran COMMON
blocks).
- Do not enable '-z gcs=implicit' on aarch64 for old codestreams.
Update to version 2.45:
* New versioned release of libsframe.so.2
* s390: tools now support SFrame format 2; recognize "z17" as CPU
name [bsc#1247105, jsc#IBM-1485]
* sframe sections are now of ELF section type SHT_GNU_SFRAME.
* sframe secions generated by the assembler have
SFRAME_F_FDE_FUNC_START_PCREL set.
* riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0,
Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0,
ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0,
sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0,
zclsd v1.0, smrnmi v1.0;
vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0;
SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0;
T-Head: xtheadvdot v1.0;
MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0.
* Support RISC-V privileged version 1.13, profiles 20/22/23, and
.bfloat16 directive.
* x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS,
AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX.
Drop support for AVX10.2 256 bit rounding.
* arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and
extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui',
'+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2',
'+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'.
* Predefined symbols "GAS(version)" and, on non-release builds, "GAS(date)"
are now being made available.
* Add .errif and .warnif directives.
* linker:
- Add --image-base=<ADDR> option to the ELF linker to behave the same
as -Ttext-segment for compatibility with LLD.
- Add support for mixed LTO and non-LTO codes in relocatable output.
- s390: linker generates .eh_frame and/or .sframe for linker
generated .plt sections by default (can be disabled
by --no-ld-generated-unwind-info).
- riscv: add new PLT formats, and GNU property merge rules for zicfiss
and zicfilp extensions.
- gold is no longer included
- Contains fixes for these non-CVEs (not security bugs per upstreams
SECURITY.md):
* bsc#1236632 aka CVE-2025-0840 aka PR32560
* bsc#1236977 aka CVE-2025-1149 aka PR32576
* bsc#1236978 aka CVE-2025-1148 aka PR32576
* bsc#1236999 aka CVE-2025-1176 aka PR32636
* bsc#1237000 aka CVE-2025-1153 aka PR32603
* bsc#1237001 aka CVE-2025-1152 aka PR32576
* bsc#1237003 aka CVE-2025-1151 aka PR32576
* bsc#1237005 aka CVE-2025-1150 aka PR32576
* bsc#1237018 aka CVE-2025-1178 aka PR32638
* bsc#1237019 aka CVE-2025-1181 aka PR32643
* bsc#1237020 aka CVE-2025-1180 aka PR32642
* bsc#1237021 aka CVE-2025-1179 aka PR32640
* bsc#1237042 aka CVE-2025-1182 aka PR32644
* bsc#1240870 aka CVE-2025-3198 aka PR32716
* bsc#1243756 aka CVE-2025-5244 aka PR32858
* bsc#1243760 aka CVE-2025-5245 aka PR32829
* bsc#1246481 aka CVE-2025-7545 aka PR33049
* bsc#1246486 aka CVE-2025-7546 aka PR33050
* bsc#1247114 aka CVE-2025-8224 aka PR32109
* bsc#1247117 aka CVE-2025-8225 no PR
* bsc#1236976 aka CVE-2025-1147 aka PR32556
* bsc#1250632 aka CVE-2025-11083 aka PR33457
* bsc#1251275 aka CVE-2025-11412 aka PR33452
* bsc#1251276 aka CVE-2025-11413 aka PR33456
* bsc#1251277 aka CVE-2025-11414 aka PR33450
* bsc#1251794 aka CVE-2025-11494 aka PR33499
* bsc#1251795 aka CVE-2025-11495 aka PR33502
binutils-2.43-branch.diff.gz
ImportantSUSE bug 1236632SUSE bug 1236976SUSE bug 1236977SUSE bug 1236978SUSE bug 1236999SUSE bug 1237000SUSE bug 1237001SUSE bug 1237003SUSE bug 1237005SUSE bug 1237018SUSE bug 1237019SUSE bug 1237020SUSE bug 1237021SUSE bug 1237042SUSE bug 1240870SUSE bug 1243756SUSE bug 1243760SUSE bug 1246481SUSE bug 1246486SUSE bug 1247105SUSE bug 1247114SUSE bug 1247117SUSE bug 1250632SUSE bug 1251275SUSE bug 1251276SUSE bug 1251277SUSE bug 1251794SUSE bug 1251795CVE-2025-0840 at SUSECVE-2025-0840 at NVDCVE-2025-11083 at SUSECVE-2025-11083 at NVDCVE-2025-11412 at SUSECVE-2025-11412 at NVDCVE-2025-11413 at SUSECVE-2025-11413 at NVDCVE-2025-11414 at SUSECVE-2025-11414 at NVDCVE-2025-1147 at SUSECVE-2025-1147 at NVDCVE-2025-1148 at SUSECVE-2025-1148 at NVDCVE-2025-1149 at SUSECVE-2025-1149 at NVDCVE-2025-11494 at SUSECVE-2025-11494 at NVDCVE-2025-11495 at SUSECVE-2025-11495 at NVDCVE-2025-1150 at SUSECVE-2025-1150 at NVDCVE-2025-1151 at SUSECVE-2025-1151 at NVDCVE-2025-1152 at SUSECVE-2025-1152 at NVDCVE-2025-1153 at SUSECVE-2025-1153 at NVDCVE-2025-1176 at SUSECVE-2025-1176 at NVDCVE-2025-1178 at SUSECVE-2025-1178 at NVDCVE-2025-1179 at SUSECVE-2025-1179 at NVDCVE-2025-1180 at SUSECVE-2025-1180 at NVDCVE-2025-1181 at SUSECVE-2025-1181 at NVDCVE-2025-1182 at SUSECVE-2025-1182 at NVDCVE-2025-3198 at SUSECVE-2025-3198 at NVDCVE-2025-5244 at SUSECVE-2025-5244 at NVDCVE-2025-5245 at SUSECVE-2025-5245 at NVDCVE-2025-7545 at SUSECVE-2025-7545 at NVDCVE-2025-7546 at SUSECVE-2025-7546 at NVDCVE-2025-8224 at SUSECVE-2025-8224 at NVDCVE-2025-8225 at SUSECVE-2025-8225 at NVDcpe:/o:suse:sl-micro:6.2grub2grub2-arm64-efigrub2-commongrub2-i386-pcgrub2-powerpc-ieee1275grub2-s390x-emugrub2-snapper-plugingrub2-x86_64-efigrub2-x86_64-xenSL-Micro-releaselibopenssl-3-devellibopenssl-3-fips-providerlibopenssl3openssl-3qemuqemu-SLOFqemu-armqemu-audio-spiceqemu-block-iscsiqemu-block-sshqemu-chardev-spiceqemu-guest-agentqemu-hw-display-qxlqemu-hw-display-virtio-gpuqemu-hw-display-virtio-gpu-pciqemu-hw-display-virtio-vgaqemu-hw-s390x-virtio-gpu-ccwqemu-hw-usb-hostqemu-hw-usb-redirectqemu-imgqemu-ipxeqemu-ksmqemu-langqemu-ppcqemu-pr-helperqemu-s390xqemu-seabiosqemu-toolsqemu-ui-openglqemu-ui-spice-coreqemu-vgabiosqemu-vmsr-helperqemu-x86kernel-64kbkernel-defaultkernel-default-basekernel-default-extrakernel-default-livepatchkernel-macroskernel-rtkernel-rt-livepatchkernel-sourcelibsss_certmap0libsss_idmap0python3-sssd-configsssdsssd-adsssd-dbussssd-krb5sssd-krb5-commonsssd-ldapsssd-toolsavahilibavahi-client3libavahi-common3libavahi-core7python313-tornado6libmicrohttpd12libpng16-16gio-branding-SLEglib2-toolslibgio-2_0-0libgirepository-2_0-0libglib-2_0-0libgmodule-2_0-0libgobject-2_0-0typelib-1_0-GLib-2_0typelib-1_0-GModule-2_0typelib-1_0-GObject-2_0typelib-1_0-Gio-2_0gpg2curllibcurl4haproxydockerdocker-buildxlibvmtools0open-vm-toolspodmanpodman-dockerpodman-remotepodmanshlibpcap1libpython3_13-1_0python313python313-basepython313-cursesgdk-pixbuf-query-loaderslibgdk_pixbuf-2_0-0typelib-1_0-GdkPixbuf-2_0python313-urllib3python313-pyasn1kernel-livepatch-6_12_0-160000_7-defaultkernel-livepatch-6_12_0-160000_5-rtkernel-livepatch-6_12_0-160000_7-rtkernel-livepatch-6_12_0-160000_6-rtkernel-livepatch-6_12_0-160000_5-defaultcockpit-subscriptionskernel-livepatch-6_12_0-160000_6-defaultucode-amdcloud-initcloud-init-config-suseelemental-registerelemental-supportelemental-toolkitglibcglibc-develglibc-gconv-modules-extraglibc-localeglibc-locale-baselibldb2samba-client-libslibunbound8unbound-anchorlibudisks2-0libudisks2-0_btrfslibudisks2-0_lvm2udisks2libsoup-3_0-0libtiff6dpdkdpdk-toolslibdpdk-25libexslt0libxslt1cups-configlibcups2libxml2-2libxml2-toolspython313-libxml2python313-maturincockpitcockpit-bridgecockpit-firewalldcockpit-kdumpcockpit-networkmanagercockpit-selinuxcockpit-storagedcockpit-systemcockpit-wscockpit-ws-selinuxpatchopenCryptokilibexpat1cockpit-machinescockpit-reposopenssl-3-livepatchesglibc-livepatchescontainerized-data-importer-manifestskubevirt-manifestskubevirt-virtctlkernel-livepatch-6_12_0-160000_26-defaultkernel-livepatch-6_12_0-160000_26-rtcockpit-podmankernel-livepatch-6_12_0-160000_8-defaultshimvirtiofsdhelmhelm-bash-completiongstreamergstreamer-plugins-baselibgstallocators-1_0-0libgstapp-1_0-0libgstaudio-1_0-0libgstgl-1_0-0libgstpbutils-1_0-0libgstreamer-1_0-0libgstriff-1_0-0libgsttag-1_0-0libgstvideo-1_0-0rust-keylimelibsnmp40snmp-mibslibprotobuf28_3_0libutf8_range-28_3_0gdk-pixbuf-loader-rsvglibrsvg-2-2libsodium26ucode-intelvim-data-commonvim-smalllibharfbuzz-gobject0libharfbuzz0typelib-1_0-HarfBuzz-0_0kernel-livepatch-6_12_0-160000_8-rtkernel-livepatch-6_12_0-160000_9-rtlibnghttp2-14kernel-livepatch-6_12_0-160000_27-defaultkernel-livepatch-6_12_0-160000_27-rtkernel-livepatch-6_12_0-160000_9-defaultpython313-PyJWTnet-toolsdocker-composeruncgnutlslibgnutls30libtasn1-6libsystemd0libudev1systemdsystemd-containersystemd-experimentalsystemd-journal-remotesystemd-portableudevtarlibz1zlib-devellastlog2libblkid1libfdisk1liblastlog2-2libmount1libsmartcols1libuuid1util-linuxutil-linux-systemdqemu-ovmf-x86_64qemu-uefi-aarch64python313-cryptographylibvirt-clientlibvirt-client-qemulibvirt-daemon-commonlibvirt-daemon-config-networklibvirt-daemon-config-nwfilterlibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-driver-storage-corelibvirt-daemon-driver-storage-disklibvirt-daemon-driver-storage-iscsilibvirt-daemon-driver-storage-iscsi-directlibvirt-daemon-driver-storage-logicallibvirt-daemon-driver-storage-mpathlibvirt-daemon-driver-storage-scsilibvirt-daemon-hookslibvirt-daemon-locklibvirt-daemon-loglibvirt-daemon-plugin-lockdlibvirt-daemon-proxylibvirt-daemon-qemulibvirt-libslibvirt-nssopensshopenssh-clientsopenssh-commonopenssh-serveropenssh-server-config-rootloginbinutilslibctf-nobfd0libctf0(aarch64|ppc64le|s390x|x86_64)0:2.12-160000.3.1(noarch)0:2.12-160000.3.1(s390x)0:2.12-160000.3.16.2(aarch64|ppc64le|s390x|x86_64)0:3.5.0-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:10.0.7-160000.1.1(noarch)0:10.0.7-160000.1.1(aarch64)0:10.0.7-160000.1.1(s390x)0:10.0.7-160000.1.1(ppc64le)0:10.0.7-160000.1.1(noarch)0:10.0.71.16.3_3_g3d33c746-160000.1.1(x86_64)0:10.0.7-160000.1.1(aarch64)0:6.12.0-160000.8.1(aarch64|ppc64le|s390x|x86_64)0:6.12.0-160000.8.1(aarch64|ppc64le|x86_64)0:6.12.0-160000.8.1.160000.2.5(ppc64le|s390x|x86_64)0:6.12.0-160000.8.1(noarch)0:6.12.0-160000.8.1(aarch64|x86_64)0:6.12.0-160000.8.1(x86_64)0:6.12.0-160000.8.1(aarch64|ppc64le|s390x|x86_64)0:2.9.5-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:0.8-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:6.5-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:1.0.1-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:1.6.44-160000.3.1(noarch)0:16-160000.2.2(aarch64|ppc64le|s390x|x86_64)0:2.84.4-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:2.5.5-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:8.14.1-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:3.2.0+git0.e134140d2-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:28.5.1_ce-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:0.29.0-160000.4.1(x86_64)0:13.0.5-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:5.4.2-160000.3.1(noarch)0:5.4.2-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:1.10.5-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:3.13.11-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:1.6.44-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:2.42.12-160000.3.1(noarch)0:2.5.0-160000.3.1(noarch)0:0.6.1-160000.3.16.12.0-160000.7-default(ppc64le|s390x|x86_64)0:2-160000.1.16.12.0-160000.5-rt-default(x86_64)0:4-160000.3.46.12.0-160000.7-rt-default(x86_64)0:2-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:0.8-160000.4.16.12.0-160000.6-rt-default(x86_64)0:3-160000.1.16.12.0-160000.5-default(ppc64le|s390x|x86_64)0:5-160000.4.3(noarch)0:12.1-160000.1.16.12.0-160000.6-default(ppc64le|s390x|x86_64)0:3-160000.1.1(noarch)0:20251203-160000.1.1(noarch)0:2.5.0-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:25.1.3-160000.2.1(aarch64|x86_64)0:1.8.1-160000.1.1(aarch64|x86_64)0:2.3.2-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:2.40-160000.3.1(aarch64|x86_64)0:2.40-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:4.22.5+git.431.dc5a539f124-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:2.5.5-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:1.24.1-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:2.10.1-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:3.6.5-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:4.7.1-160000.1.1(aarch64)0:6.12.0-160000.9.1(aarch64|ppc64le|s390x|x86_64)0:6.12.0-160000.9.1(aarch64|ppc64le|x86_64)0:6.12.0-160000.9.1.160000.2.6(ppc64le|s390x|x86_64)0:6.12.0-160000.9.1(noarch)0:6.12.0-160000.9.1(aarch64|x86_64)0:6.12.0-160000.9.1(x86_64)0:6.12.0-160000.9.1(aarch64|ppc64le|x86_64)0:24.11.4-160000.1.1(noarch)0:24.11.4-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:2.84.4-160000.2.1(aarch64|ppc64le|s390x|x86_64)0:3.5.0-160000.5.1(aarch64|ppc64le|s390x|x86_64)0:1.1.43-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:2.4.16-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:2.13.8-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:1.8.7-160000.3.1(noarch)0:12.1-160000.2.1(aarch64|ppc64le|s390x|x86_64)0:340-160000.4.1(noarch)0:340-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:3.6.5-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:2.7.6-160000.3.1(s390x)0:3.26.0-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:2.7.1-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:354-160000.1.1(noarch)0:354-160000.1.1(noarch)0:346-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:28.5.1_ce-160000.5.1(aarch64|ppc64le|s390x|x86_64)0:0.29.0-160000.5.1(noarch)0:4.7-160000.1.1(ppc64le|s390x|x86_64)0:4-160000.1.1(ppc64le|x86_64)0:0.3-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:3.13.12-160000.1.1(x86_64)0:0.3-160000.1.1(x86_64)0:1.64.0-160000.1.1(aarch64|x86_64)0:1.7.0-160000.1.1(aarch64)0:6.12.0-160000.26.1(aarch64|ppc64le|s390x|x86_64)0:6.12.0-160000.26.1(aarch64|ppc64le|x86_64)0:6.12.0-160000.26.1.160000.2.7(ppc64le|s390x|x86_64)0:6.12.0-160000.26.1(noarch)0:6.12.0-160000.26.1(aarch64|x86_64)0:6.12.0-160000.26.1(x86_64)0:6.12.0-160000.26.1(ppc64le|s390x|x86_64)0:1-160000.1.1(x86_64)0:1-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:3.2.12+git0.6011f448e-160000.1.1(x86_64)0:4-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:5.4.2-160000.4.1(noarch)0:5.4.2-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:2.7.1-160000.4.1(noarch)0:117-160000.1.1(ppc64le|s390x|x86_64)0:7-160000.4.3(x86_64)0:5-160000.3.4(ppc64le|s390x|x86_64)0:5-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:1.1.43-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:2.13.8-160000.4.16.12.0-160000.8-default(aarch64|x86_64)0:16.1-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:1.12.0-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:3.19.1-160000.1.1(noarch)0:3.19.1-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:1.26.7-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:10.0.8-160000.1.1(noarch)0:10.0.8-160000.1.1(aarch64)0:10.0.8-160000.1.1(s390x)0:10.0.8-160000.1.1(ppc64le)0:10.0.8-160000.1.1(noarch)0:10.0.81.16.3_3_g3d33c746-160000.1.1(x86_64)0:10.0.8-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:0.2.8+116-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:1.8.7-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:1.6.44-160000.5.1(aarch64|ppc64le|s390x|x86_64)0:5.9.4-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:3.6.6-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:28.3-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:2.60.2-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:1.0.20-160000.3.1(x86_64)0:20260210-160000.1.1(noarch)0:9.2.0110-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:9.2.0110-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:8.14.1-160000.5.1(aarch64|ppc64le|s390x|x86_64)0:6.5-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:11.4.5-160000.1.16.12.0-160000.8-rt-default(x86_64)0:6-160000.3.46.12.0-160000.9-rt-default(x86_64)0:5-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:1.64.0-160000.3.1(aarch64)0:6.12.0-160000.27.1(aarch64|ppc64le|s390x|x86_64)0:6.12.0-160000.27.1(aarch64|ppc64le|x86_64)0:6.12.0-160000.27.1.160000.2.8(ppc64le|s390x|x86_64)0:6.12.0-160000.27.1(noarch)0:6.12.0-160000.27.1(aarch64|x86_64)0:6.12.0-160000.27.1(x86_64)0:6.12.0-160000.27.1(noarch)0:0.6.1-160000.4.16.12.0-160000.9-default(noarch)0:2.12.1-160000.1.1(ppc64le|s390x|x86_64)0:8-160000.4.3(ppc64le|s390x|x86_64)0:6-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:2.10-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:2.33.1-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:1.3.3-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:3.8.10-160000.2.1(aarch64|ppc64le|s390x|x86_64)0:2.7.1-160000.5.1(noarch)0:4.7-160000.2.1(aarch64|ppc64le|s390x|x86_64)0:1.6.44-160000.6.1(aarch64|ppc64le|s390x|x86_64)0:4.21.0-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:257.13-160000.1.1(aarch64|ppc64le|s390x|x86_64)0:1.35-160000.3.16.12.0-160000.26-rt-default(x86_64)0:7-160000.3.4(x86_64)0:6-160000.1.1(aarch64)0:6.12.0-160000.6.1(aarch64|ppc64le|s390x|x86_64)0:6.12.0-160000.6.1(aarch64|ppc64le|x86_64)0:6.12.0-160000.6.1.160000.2.4(ppc64le|s390x|x86_64)0:6.12.0-160000.6.1(noarch)0:6.12.0-160000.6.1(aarch64|x86_64)0:6.12.0-160000.6.1(x86_64)0:6.12.0-160000.6.1(aarch64|ppc64le|s390x|x86_64)0:1.2.13-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:2.41.1-160000.3.1(noarch)0:202502-160000.4.1(aarch64|ppc64le|s390x|x86_64)0:2.40-160000.4.1(aarch64|x86_64)0:2.40-160000.4.1(noarch)0:117-160000.2.1(noarch)0:346-160000.2.1(aarch64|ppc64le|s390x|x86_64)0:354-160000.2.1(noarch)0:354-160000.2.1(aarch64|ppc64le|s390x|x86_64)0:44.0.3-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:8.14.1-160000.3.1(aarch64)0:6.12.0-160000.7.1(aarch64|ppc64le|s390x|x86_64)0:6.12.0-160000.7.1(ppc64le|s390x|x86_64)0:6.12.0-160000.7.1(noarch)0:6.12.0-160000.7.1(aarch64|x86_64)0:6.12.0-160000.7.1(x86_64)0:6.12.0-160000.7.1(aarch64|ppc64le|s390x|x86_64)0:11.4.0-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:10.0p2-160000.3.1(aarch64|ppc64le|s390x|x86_64)0:2.45-160000.1.1