Security update for the Linux Kernel
| Announcement ID: | SUSE-SU-2026:0962-1 |
|---|---|
| Release Date: | 2026-03-23T09:09:03Z |
| Rating: | important |
| References: |
|
| Cross-References: |
|
| CVSS scores: |
|
| Affected Products: |
|
An update that solves 153 vulnerabilities and has 31 security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992).
- CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET (bsc#1249587).
- CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).
- CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).
- CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).
- CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).
- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
- CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379).
- CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129).
- CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).
- CVE-2025-68735: drm/panthor: Prevent potential UAF in group creation (bsc#1255811).
- CVE-2025-68736: landlock: Fix handling of disconnected directories (bsc#1255698).
- CVE-2025-68778: btrfs: don't log conflicting inode if it's a dir moved in the current transaction (bsc#1256683).
- CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).
- CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679).
- CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).
- CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).
- CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716).
- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
- CVE-2025-71126: mptcp: reset fallback status gracefully at disconnect() time (bsc#1256755).
- CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).
- CVE-2025-71184: btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635).
- CVE-2025-71194: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (bsc#1257687).
- CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).
- CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228).
- CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).
- CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209).
- CVE-2026-23003: geneve: Fix incorrect inner network header offset when innerprotoinherit is set (bsc#1257246).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332).
- CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).
- CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556).
- CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559).
- CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718).
- CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).
- CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23083: fou: Don't allow 0 for FOU_ATTR_IPPROTO (bsc#1257745).
- CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830).
- CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).
- CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).
- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
- CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816).
- CVE-2026-23102: arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772).
- CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
- CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775).
- CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).
- CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).
- CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184).
- CVE-2026-23113: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (bsc#1258278).
- CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).
- CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273).
- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).
- CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304).
- CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).
- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
- CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272).
- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).
- CVE-2026-23171: net: bonding: update the slave array for broadcast mode (bsc#1258349).
- CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).
- CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517).
- CVE-2026-23213: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (bsc#1258465).
- CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb
The following non-security bugs were fixed:
- ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs (git-fixes).
- ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes).
- ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO (git-fixes).
- ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (stable-fixes).
- ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP (stable-fixes).
- ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (git-fixes).
- ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro (stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound (stable-fixes).
- ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (stable-fixes).
- ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU (git-fixes).
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (stable-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (stable-fixes).
- ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio (stable-fixes).
- ALSA: usb-audio: Add sanity check for OOB writes at silencing (stable-fixes).
- ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (stable-fixes).
- ALSA: usb-audio: Cap the packet size pre-calculations (git-fixes).
- ALSA: usb-audio: Check max frame size for implicit feedback mode, too (stable-fixes).
- ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (git-fixes).
- ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).
- ALSA: usb-audio: Use correct version for UAC3 header validation (git-fixes).
- ALSA: usb-audio: Use inclusive terms (git-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes).
- ALSA: vmaster: Relax __free() variable declarations (git-fixes).
- APEI/GHES: ensure that won't go past CPER allocated record (stable-fixes).
- ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9 (stable-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).
- ASoC: SOF: ipc4-control: Keep the payload size up to date (git-fixes).
- ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls (git-fixes).
- ASoC: amd: drop unused Kconfig symbols (git-fixes).
- ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes).
- ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO (stable-fixes).
- ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes).
- ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes).
- ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe() (stable-fixes).
- ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel (stable-fixes).
- ASoC: cs42l43: Correct handling of 3-pole jack load detection (stable-fixes).
- ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (stable-fixes).
- ASoC: nau8821: Avoid unnecessary blocking in IRQ handler (stable-fixes).
- ASoC: nau8821: Cancel delayed work on component remove (git-fixes).
- ASoC: nau8821: Cancel pending work before suspend (git-fixes).
- ASoC: nau8821: Consistently clear interrupts before unmasking (git-fixes).
- ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes).
- ASoC: pxa: drop unused Kconfig symbol (git-fixes).
- ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk (git-fixes).
- ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio (stable-fixes).
- ASoC: tlv320adcx140: Propagate error codes during probe (stable-fixes).
- ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask (stable-fixes).
- ASoC: wm8962: Do not report a microphone if it's shorted to ground on plug (stable-fixes).
- Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971).
- Add bugnumber to existing mana change (bsc#1251971).
- Add bugnumber to existing mana changes (bsc#1245728 bsc#1251971 bsc#1252266 bsc#1257466)
- Add bugnumber to existing mana changes (bsc#1259558 bsc#1259580).
- Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ (git-fixes).
- Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU is too short (git-fixes).
- Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary handler (git-fixes).
- Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB (stable-fixes).
- Bluetooth: btusb: Add device ID for Realtek RTL8761BU (stable-fixes).
- Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes).
- Bluetooth: hci_conn: Set link_policy on incoming ACL connections (stable-fixes).
- Bluetooth: hci_conn: use mod_delayed_work for active mode timeout (stable-fixes).
- Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes).
- Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors (git-fixes).
- Documentation: mailbox: mbox_chan_ops.flush() is optional (git-fixes).
- Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary (git-fixes).
- Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes).
- Drivers: hv: Fix bad pointer dereference in hv_get_partition_id (git-fixes).
- Drivers: hv: Fix the check for HYPERVISOR_CALLBACK_VECTOR (git-fixes).
- Drivers: hv: Fix warnings for missing export.h header inclusion (git-fixes).
- Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes).
- Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes).
- Drivers: hv: Use kzalloc for panic page allocation (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes).
- Drivers: hv: util: Cosmetic changes for hv_utils_transport.c (git-fixes).
- Drivers: hv: vmbus: Add comments about races with "channels" sysfs dir (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- Drivers: hv: vmbus: Get the IRQ number from DeviceTree (git-fixes).
- Drivers: hv: vmbus: Introduce hv_get_vmbus_root_device() (git-fixes).
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (stable-fixes).
- HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards (stable-fixes).
- HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK (stable-fixes).
- HID: hid-pl: handle probe errors (git-fixes).
- HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() (stable-fixes).
- HID: intel-ish-hid: Reset enum_devices_done before enumeration (stable-fixes).
- HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).
- HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients (git-fixes).
- HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() (stable-fixes).
- HID: magicmouse: Do not crash on missing msc->input (stable-fixes).
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (stable-fixes).
- HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes).
- HID: playstation: Add missing check for input_ff_create_memless (git-fixes).
- HID: playstation: Center initial joystick axes to prevent spurious events (stable-fixes).
- HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes).
- HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (stable-fixes).
- Input: stmfts - correct wording for the warning message (git-fixes).
- Input: stmfts - make comments correct (git-fixes).
- KABi: fix "dm-snapshot: fix 'scheduling while atomic' on real-time kernels" (git-fixes).
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (git-fixes).
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes).
- KVM: x86: Do not clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (git-fixes).
- KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (git-fixes).
- KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (git-fixes).
- Move upstreamed mm and SCSI patches into sorted section
- NTB: ntb_transport: Fix too small buffer for debugfs_name (git-fixes).
- PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes).
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (git-fixes).
- PCI/MSI: Unmap MSI-X region on error (git-fixes).
- PCI/MSI: Unmap MSI-X region on error (stable-fixes).
- PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (git-fixes).
- PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes).
- PCI/portdrv: Fix potential resource leak (git-fixes).
- PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404] (git-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (stable-fixes).
- PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros (stable-fixes).
- PCI: Add defines for bridge window indexing (stable-fixes).
- PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes).
- PCI: Do not attempt to set ExtTag for VFs (git-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms (git-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms (stable-fixes).
- PCI: Fix pci_slot_lock () device locking (git-fixes).
- PCI: Fix pci_slot_lock () device locking (stable-fixes).
- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI: Initialize RCB from pci_configure_device() (git-fixes).
- PCI: Log bridge info when first enumerating bridge (stable-fixes).
- PCI: Log bridge windows conditionally (stable-fixes).
- PCI: Mark 3ware-9650SA Root Port Extended Tags as broken (git-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset (git-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset (stable-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (stable-fixes).
- PCI: Move pci_read_bridge_windows() below individual window accessors (stable-fixes).
- PCI: Supply bridge device, not secondary bus, to read window details (stable-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port (git-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port (stable-fixes).
- PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- PCI: hv: Fix warnings for missing export.h header inclusion (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: mediatek: Fix IRQ domain leak when MSI allocation fails (git-fixes).
- PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).
- PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races (git-fixes).
- PM: wakeup: Handle empty list in wakeup_sources_walk_start() (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- RDMA/rtrs-clt: For conn rejection use actual err number (git-fixes)
- Revive thinkpad-lmi driver and mark as supported (jsc#PED-15553).
- USB: serial: option: add Telit FN920C04 RNDIS compositions (stable-fixes).
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153 bsc#1258226)
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153)
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes)
- arm64: Disable branch profiling for all arm64 code (git-fixes)
- arm64: Set __nocfi on swsusp_arch_resume() (git-fixes)
- ata: libata: avoid long timeouts on hot-unplugged SATA DAS (stable-fixes).
- ata: pata_ftide010: Fix some DMA timings (git-fixes).
- atm: fore200e: fix use-after-free in tasklets during device removal (git-fixes).
- auxdisplay: arm-charlcd: fix release_mem_region() size (git-fixes).
- backlight: qcom-wled: Change PM8950 WLED configurations (git-fixes).
- backlight: qcom-wled: Support ovp values for PMI8994 (git-fixes).
- batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes).
- block,bfq: fix aux stat accumulation destination (git-fixes).
- bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).
- bpf: selftests: Move xfrm tunnel test to test_progs (bsc#1258860).
- bpf: selftests: test_tunnel: Setup fresh topology for each subtest (bsc#1258860).
- bpf: selftests: test_tunnel: Use vmlinux.h declarations (bsc#1258860).
- bpf: verifier improvement in 32bit shift sign extension pattern (git-fixes).
- bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860).
- bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state() (bsc#1258860).
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
- bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (stable-fixes).
- bus: fsl-mc: fix an error handling in fsl_mc_device_add() (git-fixes).
- bus: fsl-mc: fix use-after-free in driver_override_show() (git-fixes).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes).
- can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes).
- can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes).
- can: ucan: Fix infinite loop from zero-length messages (git-fixes).
- can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes).
- cgroup: Fix incorrect WARN_ON_ONCE() in css_release_work_fn() (bsc#1256564 bsc#1259130).
- cgroup: Show # of subsystem CSSes in cgroup.stat (bsc#1256564 bsc#1259130).
- char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (stable-fixes).
- cifs: add xid to query server interface call (git-fixes).
- clk: clk-apple-nco: Add "apple,t8103-nco" compatible (git-fixes).
- clk: mediatek: Fix error handling in runtime PM setup (git-fixes).
- clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes).
- clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs (git-fixes).
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & (git-fixes)
- clk: qcom: dispcc-sdm845: Enable parents for pixel clocks (git-fixes).
- clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes).
- clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc (git-fixes).
- clk: qcom: gfx3d: add parent to parent request map (git-fixes).
- clk: qcom: rcg2: compute 2d using duty fraction directly (git-fixes).
- clk: renesas: rzg2l: Fix intin variable size (git-fixes).
- clk: renesas: rzg2l: Select correct div round macro (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc() (git-fixes).
- clk: tegra: tegra124-emc: fix device leak on set_rate() (git-fixes).
- clocksource: Print durations for sync check unconditionally (bsc#1241345).
- clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345).
- clocksource: hyper-v: Fix warnings for missing export.h header inclusion (git-fixes).
- cpu: export lockdep_assert_cpus_held() (git-fixes).
- cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update (bsc#1247180).
- cpufreq/amd-pstate: Add the missing cpufreq_cpu_put() (bsc#1247180).
- cpufreq/amd-pstate: Fix the clamping of perf values (bsc#1247180).
- cpufreq/amd-pstate: Modularize perf<->freq conversion (bsc#1247180).
- cpufreq/amd-pstate: Refactor max frequency calculation (bsc#1247180).
- cpufreq/amd-pstate: fix setting policy current frequency value (bsc#1247180).
- cpufreq/amd-pstate: store all values in cpudata struct in khz (bsc#1247180).
- cpufreq: amd-pstate: Unify computation of {max,min,nominal,lowest_nonlinear}_freq (bsc#1247180).
- crypto: cavium - fix dma_free_coherent() size (git-fixes).
- crypto: ccp - Add an S4 restore flow (git-fixes).
- crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable (git-fixes).
- crypto: hisilicon/trng - support tfms sharing the device (git-fixes).
- crypto: hisilicon/zip - adjust the way to obtain the req in the callback function (git-fixes).
- crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (git-fixes).
- crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (git-fixes).
- crypto: octeontx - fix dma_free_coherent() size (git-fixes).
- crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (git-fixes).
- crypto: qat - fix parameter order used in ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes).
- crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes).
- crypto: virtio - Add spinlock protection with virtqueue notification (git-fixes).
- crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (git-fixes).
- device property: Allow secondary lookup in fwnode_get_next_child_node() (git-fixes).
- dm mpath: make pg_init_delay_msecs settable (git-fixes).
- dm-bufio: align write boundary on physical block size (git-fixes).
- dm-ebs: Mark full buffer dirty even on partial write (git-fixes).
- dm-snapshot: fix 'scheduling while atomic' on real-time kernels (git-fixes).
- dm: clear cloned request bio pointer when last clone bio completes (git-fixes).
- dm: remove fake timeout to avoid leak request (git-fixes).
- dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes).
- dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX (git-fixes).
- dmaengine: sun6i: Choose appropriate burst length under maxburst (stable-fixes).
- docs: fix WARNING document not included in any toctree (stable-fixes).
- drivers/hv: add CPU offlining support (git-fixes).
- drivers/hv: introduce vmbus_channel_set_cpu() (git-fixes).
- drivers: iio: mpu3050: use dev_err_probe for regulator request (git-fixes).
- drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32 (stable-fixes).
- drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src (stable-fixes).
- drm/amd/display: Avoid updating surface with the same surface under MPO (stable-fixes).
- drm/amd/display: Disable FEC when powering down encoders (stable-fixes).
- drm/amd/display: Fix GFX12 family constant checks (stable-fixes).
- drm/amd/display: Fix dsc eDP issue (stable-fixes).
- drm/amd/display: Fix out-of-bounds stream encoder index v3 (git-fixes).
- drm/amd/display: Fix system resume lag issue (stable-fixes).
- drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes).
- drm/amd/display: Increase DCN35 SR enter/exit latency (stable-fixes).
- drm/amd/display: Reject cursor plane on DCE when scaled differently than primary (git-fixes).
- drm/amd/display: Remove conditional for shaper 3DLUT power-on (stable-fixes).
- drm/amd/display: Use same max plane scaling limits for all 64 bpp formats (git-fixes).
- drm/amd/display: avoid dig reg access timeout on usb4 link training fail (stable-fixes).
- drm/amd/display: bypass post csc for additional color spaces in dal (stable-fixes).
- drm/amd/display: extend delta clamping logic to CM3 LUT helper (stable-fixes).
- drm/amd/display: fix wrong color value mapping on MCM shaper LUT (git-fixes).
- drm/amd/display: only power down dig on phy endpoints (stable-fixes).
- drm/amd/display: remove assert around dpp_base replacement (stable-fixes).
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (stable-fixes).
- drm/amd: Disable MES LR compute W/A (git-fixes).
- drm/amd: Drop "amdgpu kernel modesetting enabled" message (git-fixes).
- drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (git-fixes).
- drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/soc21: fix xclk for APUs (stable-fixes).
- drm/amdgpu: Add HAINAN clock adjustment (stable-fixes).
- drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes).
- drm/amdgpu: Fix locking bugs in error paths (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes).
- drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (stable-fixes).
- drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes).
- drm/amdgpu: Unlock a mutex before destroying it (git-fixes).
- drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() (git-fixes).
- drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes).
- drm/amdgpu: avoid a warning in timedout job handler (stable-fixes).
- drm/amdgpu: ensure no_hw_access is visible before MMIO (git-fixes).
- drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes).
- drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify (git-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).
- drm/amdgpu: remove invalid usage of sched.ready (stable-fixes).
- drm/amdgpu: stop unmapping MQD for kernel queues v3 (stable-fixes).
- drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map() (stable-fixes).
- drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (stable-fixes).
- drm/amdkfd: Fix signal_eviction_fence() bool return value (git-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (git-fixes).
- drm/amdkfd: Handle GPU reset and drain retry fault race (stable-fixes).
- drm/amdkfd: Relax size checking during queue buffer get (stable-fixes).
- drm/amdkfd: fix debug watchpoints for logical devices (stable-fixes).
- drm/atmel-hlcdc: do not reject the commit if the src rect has fractional parts (stable-fixes).
- drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback (stable-fixes).
- drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release (stable-fixes).
- drm/bridge: anx7625: Fix invalid EDID size (git-fixes).
- drm/bridge: samsung-dsim: Fix memory leak in error path (git-fixes).
- drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (git-fixes).
- drm/buddy: Prevent BUG_ON by validating rounded allocation (git-fixes).
- drm/display/dp_mst: Add protection against 0 vcpi (stable-fixes).
- drm/i915/acpi: free _DSM package when no connectors (git-fixes).
- drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
- drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros (stable-fixes).
- drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (git-fixes).
- drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes).
- drm/msm/a2xx: fix pixel shader start on A225 (git-fixes).
- drm/msm/disp: set num_planes to 1 for interleaved YUV formats (git-fixes).
- drm/msm/dpu: Set vsync source irrespective of mdp top support (git-fixes).
- drm/msm/dpu: drop intr_start from DPU 3.x catalog files (git-fixes).
- drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes).
- drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes).
- drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() (stable-fixes).
- drm/panel: sw43408: Remove manual invocation of unprepare at remove (git-fixes).
- drm/panthor: Evict groups before VM termination (git-fixes).
- drm/panthor: Fix immediate ticking on a disabled tick (git-fixes).
- drm/panthor: Fix the full_tick check (git-fixes).
- drm/panthor: Fix the group priority rotation logic (git-fixes).
- drm/panthor: Fix the logic that decides when to stop ticking (git-fixes).
- drm/panthor: Make sure we resume the tick when new jobs are submitted (git-fixes).
- drm/panthor: Recover from panthor_gpu_flush_caches() failures (git-fixes).
- drm/radeon: Add HAINAN clock adjustment (stable-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).
- drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes).
- drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes).
- drm/tegra: dsi: fix device leak on probe (git-fixes).
- drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (stable-fixes).
- drm/tests: shmem: Swap names of export tests (git-fixes).
- drm/v3d: Set DMA segment size to avoid debug warnings (stable-fixes).
- drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (git-fixes).
- drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (git-fixes).
- drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes).
- drm/xe/pm: Also avoid missing outer rpm warning on system suspend (stable-fixes).
- drm/xe/pm: Disable D3Cold for BMG only on specific platforms (git-fixes).
- drm/xe/ptl: Apply Wa_13011645652 (stable-fixes).
- drm/xe/query: Fix topology query pointer advance (git-fixes).
- drm/xe/sync: Cleanup partially initialized sync on parse failure (git-fixes).
- drm/xe/xe2_hpg: Add set of workarounds (stable-fixes).
- drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138 (git-fixes).
- drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes).
- drm/xe: Adjust mmio code to pass VF substructure to SRIOV code (stable-fixes).
- drm/xe: Clarify size of MMIO region (stable-fixes).
- drm/xe: Create dedicated xe_mmio structure (stable-fixes).
- drm/xe: Defer gt->mmio initialization until after multi-tile setup (git-fixes).
- drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio' (stable-fixes).
- drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes).
- drm/xe: Only toggle scheduling in TDR if GuC is running (stable-fixes).
- drm/xe: Populate GT's mmio iomap from tile during init (stable-fixes).
- drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt (stable-fixes).
- drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes).
- drm/xe: Unregister drm device on probe error (git-fixes).
- drm: Account property blob allocations to memcg (stable-fixes).
- efi: Fix reservation of unaccepted memory table (git-fixes).
- efivarfs: fix error propagation in efivar_entry_get() (git-fixes).
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes).
- fbcon: check return value of con2fb_acquire_newinfo() (git-fixes).
- fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() (git-fixes).
- fbdev: ffb: fix corrupted video output on Sun FFB1 (stable-fixes).
- fbdev: of: display_timing: fix refcount leak in of_get_display_timings() (git-fixes).
- fbdev: rivafb: fix divide error in nv3_arb() (git-fixes).
- fbdev: smscufx: properly copy ioctl memory to kernelspace (stable-fixes).
- fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes).
- fix it87_wdt early reboot by reporting running timer (stable-fixes).
- fpga: dfl: use subsys_initcall to allow built-in drivers to be added (git-fixes).
- fpga: of-fpga-region: Fail if any bridge is missing (stable-fixes).
- genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes).
- gpio: aspeed-sgpio: Change the macro to support deferred probe (stable-fixes).
- gpio: pca953x: mask interrupts in irq shutdown (stable-fixes).
- gpio: sprd: Change sprd_gpio lock to raw_spin_lock (stable-fixes).
- gpu/panel-edp: add AUO panel entry for B140HAN06.4 (stable-fixes).
- hwmon: (f71882fg) Add F81968 support (stable-fixes).
- hwmon: (it87) Check the it87_lock() return value (git-fixes).
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (git-fixes).
- hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes).
- hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes).
- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes).
- hyperv: Convert hypercall statuses to linux error codes (git-fixes).
- hyperv: Move arch/x86/hyperv/hv_proc.c to drivers/hv (git-fixes).
- hyperv: Move hv_current_partition_id to arch-generic code (git-fixes).
- i3c: Move device name assignment after i3c_bus_init (git-fixes).
- i3c: dw: Initialize spinlock to avoid upsetting lockdep (git-fixes).
- i3c: master: Update hot-join flag only on success (git-fixes).
- i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr() (stable-fixes).
- iio: Use IRQF_NO_THREAD (stable-fixes).
- iio: gyro: itg3200: Fix unchecked return value in read_raw (git-fixes).
- iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes).
- iio: sca3000: Fix a resource leak in sca3000_probe() (git-fixes).
- iomap: account for unaligned end offsets when truncating read range (git-fixes).
- ipmi: ipmb: initialise event handler read bytes (git-fixes).
- kabi: cgroup.stat fixup (bsc#1256564 bsc#1259130).
- ktls, sockmap: Fix missing uncharge operation (bsc#1252008).
- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- leds: qcom-lpg: Check the return value of regmap_bulk_write() (git-fixes).
- media: adv7180: fix frame interval in progressive mode (stable-fixes).
- media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START (stable-fixes).
- media: amphion: Drop min_queued_buffers assignment (git-fixes).
- media: ccs: Accommodate C-PHY into the calculation (git-fixes).
- media: ccs: Avoid possible division by zero (git-fixes).
- media: ccs: Fix setting initial sub-device state (git-fixes).
- media: chips-media: wave5: Fix memory leak on codec_info allocation failure (git-fixes).
- media: cx23885: Add missing unmap in snd_cx23885_hw_params() (git-fixes).
- media: cx25821: Add missing unmap in snd_cx25821_hw_params() (git-fixes).
- media: cx25821: Fix a resource leak in cx25821_dev_setup() (stable-fixes).
- media: cx88: Add missing unmap in snd_cx88_hw_params() (git-fixes).
- media: dvb-core: dmxdevfilter must always flush bufs (stable-fixes).
- media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (git-fixes).
- media: dvb-net: fix OOB access in ULE extension header tables (git-fixes).
- media: i2c/tw9903: Fix potential memory leak in tw9903_probe() (git-fixes).
- media: i2c/tw9906: Fix potential memory leak in tw9906_probe() (git-fixes).
- media: i2c: ov5647: Correct minimum VBLANK value (git-fixes).
- media: i2c: ov5647: Correct pixel array offset (git-fixes).
- media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode (git-fixes).
- media: i2c: ov5647: Initialize subdev before controls (git-fixes).
- media: i2c: ov5647: Sensor should report RAW color space (git-fixes).
- media: i2c: ov5647: use our own mutex for the ctrl lock (git-fixes).
- media: ipu6: Fix RPM reference leak in probe error paths (git-fixes).
- media: ipu6: Fix typo and wrong constant in ipu6-mmu.c (git-fixes).
- media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() (git-fixes).
- media: mtk-mdp: Fix error handling in probe function (git-fixes).
- media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes (stable-fixes).
- media: omap3isp: isppreview: always clamp in preview_try_format() (stable-fixes).
- media: omap3isp: set initial format (stable-fixes).
- media: pvrusb2: fix URB leak in pvr2_send_request_ex (stable-fixes).
- media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes).
- media: radio-keene: fix memory leak in error path (git-fixes).
- media: rkisp1: Fix filter mode register configuration (stable-fixes).
- media: solo6x10: Check for out of bounds chip_id (stable-fixes).
- media: tegra-video: Fix memory leak in __tegra_channel_try_format() (git-fixes).
- media: uvcvideo: Fix allocation for small frame sizes (git-fixes).
- media: v4l2-async: Fix error handling on steps after finding a match (stable-fixes).
- media: venus: vdec: fix error state assignment for zero bytesused (git-fixes).
- media: verisilicon: AV1: Fix enable cdef computation (git-fixes).
- media: verisilicon: AV1: Fix tile info buffer size (git-fixes).
- media: verisilicon: AV1: Fix tx mode bit setting (git-fixes).
- media: verisilicon: AV1: Set IDR flag for intra_only frame type (git-fixes).
- mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure (git-fixes).
- mfd: core: Add locking around 'mfd_of_node_list' (git-fixes).
- mfd: tps6105x: Fix kernel-doc warnings relating to the core struct and tps6105x_mode (git-fixes).
- mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes).
- misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() (stable-fixes).
- misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66 (stable-fixes).
- mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (git-fixes).
- mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms (git-fixes).
- mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() (git-fixes).
- mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions() (git-fixes).
- mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper (git-fixes).
- mtd: rawnand: pl353: Fix software ECC support (git-fixes).
- mtd: spinand: Fix kernel doc (git-fixes).
- myri10ge: avoid uninitialized variable use (stable-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- net: nfc: nci: Fix parameter validation for packet data (git-fixes).
- net: nfc: nci: Fix zero-length proprietary notifications (git-fixes).
- net: usb: catc: enable basic endpoint checking (git-fixes).
- net: usb: kalmia: validate USB endpoints (git-fixes).
- net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode (git-fixes).
- net: usb: kaweth: validate USB endpoints (git-fixes).
- net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes).
- net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes).
- net: usb: lan78xx: scan all MDIO addresses on LAN7801 (git-fixes).
- net: usb: pegasus: enable basic endpoint checking (git-fixes).
- net: usb: r8152: fix transmit queue timeout (stable-fixes).
- net: usb: sr9700: remove code to drive nonexistent multicast filter (stable-fixes).
- net: usb: sr9700: support devices with virtual driver CD (stable-fixes).
- net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() (git-fixes).
- net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets (git-fixes).
- nfc: hci: shdlc: Stop timers and work before freeing context (git-fixes).
- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes).
- nfc: nci: free skb on nci_transceive early error paths (git-fixes).
- nfc: nxp-nci: remove interrupt trigger type (stable-fixes).
- nfc: pn533: properly drop the usb interface reference on disconnect (git-fixes).
- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).
- nfsd: check that server is running in unlock_filesystem (bsc#1257279).
- nfsd: use correct loop termination in nfsd4_revoke_states() (git-fixes).
- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes).
- ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access (stable-fixes).
- ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut (stable-fixes).
- nvme-fc: do not hold rport lock when putting ctrl (git-fixes).
- nvme-fc: release admin tagset if init fails (git-fixes).
- nvme-pci: disable secondary temp for Wodposit WPBSNM8 (git-fixes).
- phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature (stable-fixes).
- phy: mvebu-cp110-utmi: fix dr_mode property read from dts (stable-fixes).
- pinctrl: equilibrium: Fix device node reference leak in pinbank_init() (git-fixes).
- pinctrl: meson: mark the GPIO controller as sleeping (git-fixes).
- pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition (git-fixes).
- pinctrl: single: fix refcount leak in pcs_add_gpio_func() (git-fixes).
- platform/chrome: cros_ec_lightbar: Fix response size initialization (git-fixes).
- platform/chrome: cros_typec_switch: Do not touch struct fwnode_handle::dev (git-fixes).
- platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro (stable-fixes).
- platform/x86: ISST: Add missing write block check (git-fixes).
- platform/x86: classmate-laptop: Add missing NULL pointer checks (stable-fixes).
- platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git-fixes).
- platform/x86: hp-bioscfg: Skip empty attribute names (git-fixes).
- platform/x86: int0002: Remove IRQF_ONESHOT from request_irq() (git-fixes).
- platform/x86: intel_telemetry: Fix PSS event register mask (git-fixes).
- platform/x86: intel_telemetry: Fix swapped arrays in PSS output (git-fixes).
- platform/x86: panasonic-laptop: Fix sysfs group leak in error path (stable-fixes).
- platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (git-fixes).
- pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset (git-fixes).
- power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write (git-fixes).
- power: supply: ab8500: Fix use-after-free in power_supply_changed() (git-fixes).
- power: supply: act8945a: Fix use-after-free in power_supply_changed() (git-fixes).
- power: supply: bq256xx: Fix use-after-free in power_supply_changed() (git-fixes).
- power: supply: bq25980: Fix use-after-free in power_supply_changed() (git-fixes).
- power: supply: bq27xxx: fix wrong errno when bus ops are unsupported (git-fixes).
- power: supply: cpcap-battery: Fix use-after-free in power_supply_changed() (git-fixes).
- power: supply: goldfish: Fix use-after-free in power_supply_changed() (git-fixes).
- power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer (git-fixes).
- power: supply: rt9455: Fix use-after-free in power_supply_changed() (git-fixes).
- power: supply: sbs-battery: Fix use-after-free in power_supply_changed() (git-fixes).
- power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() (git-fixes).
- powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check (git-fixes).
- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes).
- rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() (git-fixes).
- regmap: maple: free entry on mas_store_gfp() failure (stable-fixes).
- regulator: core: fix locking in regulator_resolve_supply() error path (git-fixes).
- regulator: core: move supply check earlier in set_machine_constraints() (git-fixes).
- remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes).
- rpmsg: core: fix race in driver_override_show() and use core helper (git-fixes).
- rtc: interface: Alarm race handling should not discard preceding error (git-fixes).
- rtc: zynqmp: correct frequency value (stable-fixes).
- s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214).
- s390/ipl: Clear SBP flag when bootprog is set (bsc#1258176).
- s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253644).
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- selftests/bpf: Add tc helpers (bsc#1258860).
- selftests/bpf: Integrate test_tc_tunnel.sh tests into test_progs (bsc#1258860).
- selftests/bpf: Make test_tc_tunnel.bpf.c compatible with big endian platforms (bsc#1258860).
- selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860).
- selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860).
- selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860).
- selftests/bpf: Use connect_to_addr in test_sock_addr (bsc#1258860).
- selftests/bpf: Use log_err in open_netns/close_netns (bsc#1258860).
- selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860).
- selftests/bpf: Use start_server_addr in test_sock_addr (bsc#1258860).
- selftests/bpf: add verifier sign extension bound computation tests (git-fixes).
- selftests/bpf: test_tunnel: Add generic_attach* helpers (bsc#1258860).
- selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860).
- selftests/bpf: test_tunnel: Move erspan tunnel tests to test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move geneve tunnel test to test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move gre tunnel test to test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6erspan tunnel test to test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6geneve tunnel test to test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6gre tunnel test to test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6tnl tunnel tests to test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860).
- serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (git-fixes).
- serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done (stable-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume (git-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume (stable-fixes).
- serial: SH_SCI: improve "DMA support" prompt (git-fixes).
- serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes).
- shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564).
- soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() (git-fixes).
- soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe (git-fixes).
- soc: qcom: smem: handle ENOMEM error during probe (git-fixes).
- soc: ti: k3-socinfo: Fix regmap leak on probe failure (git-fixes).
- soc: ti: pruss: Fix double free in pruss_clk_mux_setup() (git-fixes).
- soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15) (stable-fixes).
- soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes).
- spi-geni-qcom: initialize mode related registers to 0 (stable-fixes).
- spi-geni-qcom: use xfer->bits_per_word for can_dma() (stable-fixes).
- spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes)
- spi: spi-mem: Limit octal DTR constraints to octal DTR situations (stable-fixes).
- spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes)
- spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (stable-fixes).
- spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes)
- spi: stm32: fix Overrun issue at < 8bpw (stable-fixes).
- spi: tegra114: Preserve SPI mode bits in def_command1_reg (git-fixes).
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- spi: tegra210-quad: Move curr_xfer read inside spinlock (git-fixes).
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (git-fixes).
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (git-fixes).
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (git-fixes).
- spi: tegra: Fix a memory leak in tegra_slink_probe() (git-fixes).
- spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() (git-fixes).
- spi: wpcm-fiu: Fix uninitialized res (git-fixes).
- spi: wpcm-fiu: Simplify with dev_err_probe() (stable-fixes).
- spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname() (stable-fixes).
- staging: rtl8723bs: fix memory leak on failure path (stable-fixes).
- staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes).
- staging: rtl8723bs: fix null dereference in find_network (git-fixes).
- thermal: int340x: Fix sysfs group leak on DLVR registration failure (stable-fixes).
- thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature (git-fixes).
- tools/hv: fcopy: Fix irregularities with size of ring buffer (git-fixes).
- tools/power cpupower: Reset errno before strtoull() (stable-fixes).
- tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus() (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- tpm: st33zp24: Fix missing cleanup on get_burstcount() error (git-fixes).
- tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure (git-fixes).
- uio_hv_generic: Align ring size to system page (git-fixes).
- uio_hv_generic: Use correct size for interrupt and monitor pages (git-fixes).
- usb: bdc: fix sleep during atomic (git-fixes).
- usb: dwc2: fix resume failure if dr_mode is host (git-fixes).
- usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN (git-fixes).
- usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs (git-fixes).
- watchdog: imx7ulp_wdt: handle the nowayout option (stable-fixes).
- wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes).
- wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump() (git-fixes).
- wifi: ath11k: Fix failure to connect to a 6 GHz AP (stable-fixes).
- wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1 (stable-fixes).
- wifi: ath12k: fix preferred hardware mode calculation (stable-fixes).
- wifi: ath9k: debug.h: fix kernel-doc bad lines and struct ath_tx_stats (git-fixes).
- wifi: ath9k: fix kernel-doc warnings in common-debug.h (git-fixes).
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates (stable-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).
- wifi: cfg80211: allow only one NAN interface, also in multi radio (stable-fixes).
- wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (git-fixes).
- wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes).
- wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes).
- wifi: cw1200: Fix locking in error paths (git-fixes).
- wifi: iwlegacy: add missing mutex protection in il3945_store_measurement() (stable-fixes).
- wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power() (stable-fixes).
- wifi: iwlwifi: mvm: check the validity of noa_len (stable-fixes).
- wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes).
- wifi: libertas: fix WARNING in usb_tx_block (stable-fixes).
- wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (git-fixes).
- wifi: mac80211: collect station statistics earlier when disconnect (stable-fixes).
- wifi: mac80211: correctly check if CSA is active (stable-fixes).
- wifi: mac80211: do not increment crypto_tx_tailroom_needed_cnt twice (stable-fixes).
- wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (git-fixes).
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (stable-fixes).
- wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes).
- wifi: radiotap: reject radiotap with unknown bits (git-fixes).
- wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes).
- wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add (git-fixes).
- wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() (stable-fixes).
- wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() (git-fixes).
- wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero (stable-fixes).
- wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes).
- wifi: rtw89: 8922a: set random mac if efuse contains zeroes (stable-fixes).
- wifi: rtw89: mac: correct page number for CSI response (stable-fixes).
- wifi: rtw89: pci: restore LDO setting after device resume (stable-fixes).
- wifi: rtw89: ser: enable error IMR after recovering from L1 (stable-fixes).
- wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode (stable-fixes).
- wifi: wlcore: Fix a locking bug (git-fixes).
- wifi: wlcore: ensure skb headroom before skb_push (stable-fixes).
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
- x86/hyperv: Fix usage of cpu_online_mask to get valid cpu (git-fixes).
- x86/hyperv: Fix warnings for missing export.h header inclusion (git-fixes).
- x86/hyperv: Use named operands in inline asm (git-fixes).
- x86/hyperv: fix an indentation issue in mshyperv.h (git-fixes).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-962=1 -
SUSE Real Time Module 15-SP7
zypper in -t patch SUSE-SLE-Module-RT-15-SP7-2026-962=1
Package List:
-
SUSE Linux Enterprise Live Patching 15-SP7 (x86_64)
- kernel-livepatch-SLE15-SP7-RT_Update_10-debugsource-1-150700.1.3.1
- kernel-livepatch-6_4_0-150700_7_34-rt-1-150700.1.3.1
- kernel-livepatch-6_4_0-150700_7_34-rt-debuginfo-1-150700.1.3.1
-
SUSE Real Time Module 15-SP7 (x86_64)
- kernel-rt-debuginfo-6.4.0-150700.7.34.1
- gfs2-kmp-rt-6.4.0-150700.7.34.1
- kernel-syms-rt-6.4.0-150700.7.34.1
- ocfs2-kmp-rt-debuginfo-6.4.0-150700.7.34.1
- kernel-rt-devel-debuginfo-6.4.0-150700.7.34.1
- kernel-rt-devel-6.4.0-150700.7.34.1
- ocfs2-kmp-rt-6.4.0-150700.7.34.1
- gfs2-kmp-rt-debuginfo-6.4.0-150700.7.34.1
- cluster-md-kmp-rt-6.4.0-150700.7.34.1
- kernel-rt-debugsource-6.4.0-150700.7.34.1
- dlm-kmp-rt-debuginfo-6.4.0-150700.7.34.1
- dlm-kmp-rt-6.4.0-150700.7.34.1
- cluster-md-kmp-rt-debuginfo-6.4.0-150700.7.34.1
-
SUSE Real Time Module 15-SP7 (noarch)
- kernel-devel-rt-6.4.0-150700.7.34.1
- kernel-source-rt-6.4.0-150700.7.34.1
-
SUSE Real Time Module 15-SP7 (nosrc x86_64)
- kernel-rt-6.4.0-150700.7.34.1
References:
- https://www.suse.com/security/cve/CVE-2023-53817.html
- https://www.suse.com/security/cve/CVE-2025-39748.html
- https://www.suse.com/security/cve/CVE-2025-39817.html
- https://www.suse.com/security/cve/CVE-2025-39964.html
- https://www.suse.com/security/cve/CVE-2025-40099.html
- https://www.suse.com/security/cve/CVE-2025-40103.html
- https://www.suse.com/security/cve/CVE-2025-40201.html
- https://www.suse.com/security/cve/CVE-2025-40253.html
- https://www.suse.com/security/cve/CVE-2025-68283.html
- https://www.suse.com/security/cve/CVE-2025-68295.html
- https://www.suse.com/security/cve/CVE-2025-68374.html
- https://www.suse.com/security/cve/CVE-2025-68735.html
- https://www.suse.com/security/cve/CVE-2025-68736.html
- https://www.suse.com/security/cve/CVE-2025-68778.html
- https://www.suse.com/security/cve/CVE-2025-68785.html
- https://www.suse.com/security/cve/CVE-2025-68810.html
- https://www.suse.com/security/cve/CVE-2025-71071.html
- https://www.suse.com/security/cve/CVE-2025-71104.html
- https://www.suse.com/security/cve/CVE-2025-71113.html
- https://www.suse.com/security/cve/CVE-2025-71125.html
- https://www.suse.com/security/cve/CVE-2025-71126.html
- https://www.suse.com/security/cve/CVE-2025-71148.html
- https://www.suse.com/security/cve/CVE-2025-71182.html
- https://www.suse.com/security/cve/CVE-2025-71184.html
- https://www.suse.com/security/cve/CVE-2025-71185.html
- https://www.suse.com/security/cve/CVE-2025-71188.html
- https://www.suse.com/security/cve/CVE-2025-71189.html
- https://www.suse.com/security/cve/CVE-2025-71190.html
- https://www.suse.com/security/cve/CVE-2025-71191.html
- https://www.suse.com/security/cve/CVE-2025-71192.html
- https://www.suse.com/security/cve/CVE-2025-71194.html
- https://www.suse.com/security/cve/CVE-2025-71195.html
- https://www.suse.com/security/cve/CVE-2025-71196.html
- https://www.suse.com/security/cve/CVE-2025-71197.html
- https://www.suse.com/security/cve/CVE-2025-71198.html
- https://www.suse.com/security/cve/CVE-2025-71199.html
- https://www.suse.com/security/cve/CVE-2025-71200.html
- https://www.suse.com/security/cve/CVE-2025-71222.html
- https://www.suse.com/security/cve/CVE-2025-71224.html
- https://www.suse.com/security/cve/CVE-2025-71225.html
- https://www.suse.com/security/cve/CVE-2025-71229.html
- https://www.suse.com/security/cve/CVE-2025-71231.html
- https://www.suse.com/security/cve/CVE-2025-71232.html
- https://www.suse.com/security/cve/CVE-2025-71234.html
- https://www.suse.com/security/cve/CVE-2025-71235.html
- https://www.suse.com/security/cve/CVE-2025-71236.html
- https://www.suse.com/security/cve/CVE-2026-22979.html
- https://www.suse.com/security/cve/CVE-2026-22982.html
- https://www.suse.com/security/cve/CVE-2026-22989.html
- https://www.suse.com/security/cve/CVE-2026-22998.html
- https://www.suse.com/security/cve/CVE-2026-23003.html
- https://www.suse.com/security/cve/CVE-2026-23004.html
- https://www.suse.com/security/cve/CVE-2026-23010.html
- https://www.suse.com/security/cve/CVE-2026-23017.html
- https://www.suse.com/security/cve/CVE-2026-23021.html
- https://www.suse.com/security/cve/CVE-2026-23023.html
- https://www.suse.com/security/cve/CVE-2026-23026.html
- https://www.suse.com/security/cve/CVE-2026-23033.html
- https://www.suse.com/security/cve/CVE-2026-23035.html
- https://www.suse.com/security/cve/CVE-2026-23037.html
- https://www.suse.com/security/cve/CVE-2026-23038.html
- https://www.suse.com/security/cve/CVE-2026-23049.html
- https://www.suse.com/security/cve/CVE-2026-23053.html
- https://www.suse.com/security/cve/CVE-2026-23054.html
- https://www.suse.com/security/cve/CVE-2026-23056.html
- https://www.suse.com/security/cve/CVE-2026-23057.html
- https://www.suse.com/security/cve/CVE-2026-23058.html
- https://www.suse.com/security/cve/CVE-2026-23060.html
- https://www.suse.com/security/cve/CVE-2026-23061.html
- https://www.suse.com/security/cve/CVE-2026-23062.html
- https://www.suse.com/security/cve/CVE-2026-23063.html
- https://www.suse.com/security/cve/CVE-2026-23064.html
- https://www.suse.com/security/cve/CVE-2026-23065.html
- https://www.suse.com/security/cve/CVE-2026-23068.html
- https://www.suse.com/security/cve/CVE-2026-23069.html
- https://www.suse.com/security/cve/CVE-2026-23070.html
- https://www.suse.com/security/cve/CVE-2026-23071.html
- https://www.suse.com/security/cve/CVE-2026-23073.html
- https://www.suse.com/security/cve/CVE-2026-23074.html
- https://www.suse.com/security/cve/CVE-2026-23076.html
- https://www.suse.com/security/cve/CVE-2026-23078.html
- https://www.suse.com/security/cve/CVE-2026-23080.html
- https://www.suse.com/security/cve/CVE-2026-23082.html
- https://www.suse.com/security/cve/CVE-2026-23083.html
- https://www.suse.com/security/cve/CVE-2026-23084.html
- https://www.suse.com/security/cve/CVE-2026-23085.html
- https://www.suse.com/security/cve/CVE-2026-23086.html
- https://www.suse.com/security/cve/CVE-2026-23088.html
- https://www.suse.com/security/cve/CVE-2026-23089.html
- https://www.suse.com/security/cve/CVE-2026-23090.html
- https://www.suse.com/security/cve/CVE-2026-23091.html
- https://www.suse.com/security/cve/CVE-2026-23094.html
- https://www.suse.com/security/cve/CVE-2026-23095.html
- https://www.suse.com/security/cve/CVE-2026-23096.html
- https://www.suse.com/security/cve/CVE-2026-23099.html
- https://www.suse.com/security/cve/CVE-2026-23101.html
- https://www.suse.com/security/cve/CVE-2026-23102.html
- https://www.suse.com/security/cve/CVE-2026-23104.html
- https://www.suse.com/security/cve/CVE-2026-23105.html
- https://www.suse.com/security/cve/CVE-2026-23107.html
- https://www.suse.com/security/cve/CVE-2026-23108.html
- https://www.suse.com/security/cve/CVE-2026-23110.html
- https://www.suse.com/security/cve/CVE-2026-23111.html
- https://www.suse.com/security/cve/CVE-2026-23112.html
- https://www.suse.com/security/cve/CVE-2026-23113.html
- https://www.suse.com/security/cve/CVE-2026-23116.html
- https://www.suse.com/security/cve/CVE-2026-23119.html
- https://www.suse.com/security/cve/CVE-2026-23121.html
- https://www.suse.com/security/cve/CVE-2026-23125.html
- https://www.suse.com/security/cve/CVE-2026-23128.html
- https://www.suse.com/security/cve/CVE-2026-23129.html
- https://www.suse.com/security/cve/CVE-2026-23131.html
- https://www.suse.com/security/cve/CVE-2026-23133.html
- https://www.suse.com/security/cve/CVE-2026-23135.html
- https://www.suse.com/security/cve/CVE-2026-23139.html
- https://www.suse.com/security/cve/CVE-2026-23141.html
- https://www.suse.com/security/cve/CVE-2026-23145.html
- https://www.suse.com/security/cve/CVE-2026-23146.html
- https://www.suse.com/security/cve/CVE-2026-23150.html
- https://www.suse.com/security/cve/CVE-2026-23151.html
- https://www.suse.com/security/cve/CVE-2026-23152.html
- https://www.suse.com/security/cve/CVE-2026-23154.html
- https://www.suse.com/security/cve/CVE-2026-23155.html
- https://www.suse.com/security/cve/CVE-2026-23156.html
- https://www.suse.com/security/cve/CVE-2026-23157.html
- https://www.suse.com/security/cve/CVE-2026-23163.html
- https://www.suse.com/security/cve/CVE-2026-23166.html
- https://www.suse.com/security/cve/CVE-2026-23167.html
- https://www.suse.com/security/cve/CVE-2026-23169.html
- https://www.suse.com/security/cve/CVE-2026-23170.html
- https://www.suse.com/security/cve/CVE-2026-23171.html
- https://www.suse.com/security/cve/CVE-2026-23172.html
- https://www.suse.com/security/cve/CVE-2026-23173.html
- https://www.suse.com/security/cve/CVE-2026-23176.html
- https://www.suse.com/security/cve/CVE-2026-23178.html
- https://www.suse.com/security/cve/CVE-2026-23179.html
- https://www.suse.com/security/cve/CVE-2026-23182.html
- https://www.suse.com/security/cve/CVE-2026-23190.html
- https://www.suse.com/security/cve/CVE-2026-23191.html
- https://www.suse.com/security/cve/CVE-2026-23198.html
- https://www.suse.com/security/cve/CVE-2026-23202.html
- https://www.suse.com/security/cve/CVE-2026-23204.html
- https://www.suse.com/security/cve/CVE-2026-23207.html
- https://www.suse.com/security/cve/CVE-2026-23208.html
- https://www.suse.com/security/cve/CVE-2026-23209.html
- https://www.suse.com/security/cve/CVE-2026-23210.html
- https://www.suse.com/security/cve/CVE-2026-23213.html
- https://www.suse.com/security/cve/CVE-2026-23214.html
- https://www.suse.com/security/cve/CVE-2026-23221.html
- https://www.suse.com/security/cve/CVE-2026-23222.html
- https://www.suse.com/security/cve/CVE-2026-23229.html
- https://www.suse.com/security/cve/CVE-2026-23268.html
- https://www.suse.com/security/cve/CVE-2026-23269.html
- https://bugzilla.suse.com/show_bug.cgi?id=1241345
- https://bugzilla.suse.com/show_bug.cgi?id=1245728
- https://bugzilla.suse.com/show_bug.cgi?id=1247180
- https://bugzilla.suse.com/show_bug.cgi?id=1249587
- https://bugzilla.suse.com/show_bug.cgi?id=1249998
- https://bugzilla.suse.com/show_bug.cgi?id=1251135
- https://bugzilla.suse.com/show_bug.cgi?id=1251186
- https://bugzilla.suse.com/show_bug.cgi?id=1251966
- https://bugzilla.suse.com/show_bug.cgi?id=1251971
- https://bugzilla.suse.com/show_bug.cgi?id=1252008
- https://bugzilla.suse.com/show_bug.cgi?id=1252266
- https://bugzilla.suse.com/show_bug.cgi?id=1252911
- https://bugzilla.suse.com/show_bug.cgi?id=1252924
- https://bugzilla.suse.com/show_bug.cgi?id=1253049
- https://bugzilla.suse.com/show_bug.cgi?id=1253129
- https://bugzilla.suse.com/show_bug.cgi?id=1253644
- https://bugzilla.suse.com/show_bug.cgi?id=1253691
- https://bugzilla.suse.com/show_bug.cgi?id=1254214
- https://bugzilla.suse.com/show_bug.cgi?id=1254306
- https://bugzilla.suse.com/show_bug.cgi?id=1254992
- https://bugzilla.suse.com/show_bug.cgi?id=1255084
- https://bugzilla.suse.com/show_bug.cgi?id=1255129
- https://bugzilla.suse.com/show_bug.cgi?id=1255265
- https://bugzilla.suse.com/show_bug.cgi?id=1255379
- https://bugzilla.suse.com/show_bug.cgi?id=1255530
- https://bugzilla.suse.com/show_bug.cgi?id=1255698
- https://bugzilla.suse.com/show_bug.cgi?id=1255811
- https://bugzilla.suse.com/show_bug.cgi?id=1256564
- https://bugzilla.suse.com/show_bug.cgi?id=1256640
- https://bugzilla.suse.com/show_bug.cgi?id=1256679
- https://bugzilla.suse.com/show_bug.cgi?id=1256683
- https://bugzilla.suse.com/show_bug.cgi?id=1256708
- https://bugzilla.suse.com/show_bug.cgi?id=1256716
- https://bugzilla.suse.com/show_bug.cgi?id=1256755
- https://bugzilla.suse.com/show_bug.cgi?id=1256784
- https://bugzilla.suse.com/show_bug.cgi?id=1256802
- https://bugzilla.suse.com/show_bug.cgi?id=1256863
- https://bugzilla.suse.com/show_bug.cgi?id=1257159
- https://bugzilla.suse.com/show_bug.cgi?id=1257179
- https://bugzilla.suse.com/show_bug.cgi?id=1257209
- https://bugzilla.suse.com/show_bug.cgi?id=1257228
- https://bugzilla.suse.com/show_bug.cgi?id=1257231
- https://bugzilla.suse.com/show_bug.cgi?id=1257246
- https://bugzilla.suse.com/show_bug.cgi?id=1257279
- https://bugzilla.suse.com/show_bug.cgi?id=1257332
- https://bugzilla.suse.com/show_bug.cgi?id=1257466
- https://bugzilla.suse.com/show_bug.cgi?id=1257472
- https://bugzilla.suse.com/show_bug.cgi?id=1257473
- https://bugzilla.suse.com/show_bug.cgi?id=1257552
- https://bugzilla.suse.com/show_bug.cgi?id=1257553
- https://bugzilla.suse.com/show_bug.cgi?id=1257554
- https://bugzilla.suse.com/show_bug.cgi?id=1257556
- https://bugzilla.suse.com/show_bug.cgi?id=1257557
- https://bugzilla.suse.com/show_bug.cgi?id=1257559
- https://bugzilla.suse.com/show_bug.cgi?id=1257560
- https://bugzilla.suse.com/show_bug.cgi?id=1257562
- https://bugzilla.suse.com/show_bug.cgi?id=1257570
- https://bugzilla.suse.com/show_bug.cgi?id=1257573
- https://bugzilla.suse.com/show_bug.cgi?id=1257576
- https://bugzilla.suse.com/show_bug.cgi?id=1257579
- https://bugzilla.suse.com/show_bug.cgi?id=1257580
- https://bugzilla.suse.com/show_bug.cgi?id=1257586
- https://bugzilla.suse.com/show_bug.cgi?id=1257635
- https://bugzilla.suse.com/show_bug.cgi?id=1257679
- https://bugzilla.suse.com/show_bug.cgi?id=1257687
- https://bugzilla.suse.com/show_bug.cgi?id=1257704
- https://bugzilla.suse.com/show_bug.cgi?id=1257706
- https://bugzilla.suse.com/show_bug.cgi?id=1257707
- https://bugzilla.suse.com/show_bug.cgi?id=1257709
- https://bugzilla.suse.com/show_bug.cgi?id=1257714
- https://bugzilla.suse.com/show_bug.cgi?id=1257715
- https://bugzilla.suse.com/show_bug.cgi?id=1257716
- https://bugzilla.suse.com/show_bug.cgi?id=1257718
- https://bugzilla.suse.com/show_bug.cgi?id=1257722
- https://bugzilla.suse.com/show_bug.cgi?id=1257723
- https://bugzilla.suse.com/show_bug.cgi?id=1257729
- https://bugzilla.suse.com/show_bug.cgi?id=1257732
- https://bugzilla.suse.com/show_bug.cgi?id=1257734
- https://bugzilla.suse.com/show_bug.cgi?id=1257735
- https://bugzilla.suse.com/show_bug.cgi?id=1257739
- https://bugzilla.suse.com/show_bug.cgi?id=1257740
- https://bugzilla.suse.com/show_bug.cgi?id=1257741
- https://bugzilla.suse.com/show_bug.cgi?id=1257742
- https://bugzilla.suse.com/show_bug.cgi?id=1257743
- https://bugzilla.suse.com/show_bug.cgi?id=1257745
- https://bugzilla.suse.com/show_bug.cgi?id=1257749
- https://bugzilla.suse.com/show_bug.cgi?id=1257750
- https://bugzilla.suse.com/show_bug.cgi?id=1257755
- https://bugzilla.suse.com/show_bug.cgi?id=1257757
- https://bugzilla.suse.com/show_bug.cgi?id=1257758
- https://bugzilla.suse.com/show_bug.cgi?id=1257759
- https://bugzilla.suse.com/show_bug.cgi?id=1257761
- https://bugzilla.suse.com/show_bug.cgi?id=1257762
- https://bugzilla.suse.com/show_bug.cgi?id=1257763
- https://bugzilla.suse.com/show_bug.cgi?id=1257765
- https://bugzilla.suse.com/show_bug.cgi?id=1257768
- https://bugzilla.suse.com/show_bug.cgi?id=1257770
- https://bugzilla.suse.com/show_bug.cgi?id=1257772
- https://bugzilla.suse.com/show_bug.cgi?id=1257775
- https://bugzilla.suse.com/show_bug.cgi?id=1257776
- https://bugzilla.suse.com/show_bug.cgi?id=1257788
- https://bugzilla.suse.com/show_bug.cgi?id=1257789
- https://bugzilla.suse.com/show_bug.cgi?id=1257790
- https://bugzilla.suse.com/show_bug.cgi?id=1257805
- https://bugzilla.suse.com/show_bug.cgi?id=1257808
- https://bugzilla.suse.com/show_bug.cgi?id=1257809
- https://bugzilla.suse.com/show_bug.cgi?id=1257811
- https://bugzilla.suse.com/show_bug.cgi?id=1257813
- https://bugzilla.suse.com/show_bug.cgi?id=1257814
- https://bugzilla.suse.com/show_bug.cgi?id=1257816
- https://bugzilla.suse.com/show_bug.cgi?id=1257830
- https://bugzilla.suse.com/show_bug.cgi?id=1257891
- https://bugzilla.suse.com/show_bug.cgi?id=1257952
- https://bugzilla.suse.com/show_bug.cgi?id=1258037
- https://bugzilla.suse.com/show_bug.cgi?id=1258153
- https://bugzilla.suse.com/show_bug.cgi?id=1258176
- https://bugzilla.suse.com/show_bug.cgi?id=1258181
- https://bugzilla.suse.com/show_bug.cgi?id=1258184
- https://bugzilla.suse.com/show_bug.cgi?id=1258222
- https://bugzilla.suse.com/show_bug.cgi?id=1258226
- https://bugzilla.suse.com/show_bug.cgi?id=1258234
- https://bugzilla.suse.com/show_bug.cgi?id=1258237
- https://bugzilla.suse.com/show_bug.cgi?id=1258245
- https://bugzilla.suse.com/show_bug.cgi?id=1258249
- https://bugzilla.suse.com/show_bug.cgi?id=1258252
- https://bugzilla.suse.com/show_bug.cgi?id=1258256
- https://bugzilla.suse.com/show_bug.cgi?id=1258259
- https://bugzilla.suse.com/show_bug.cgi?id=1258272
- https://bugzilla.suse.com/show_bug.cgi?id=1258273
- https://bugzilla.suse.com/show_bug.cgi?id=1258277
- https://bugzilla.suse.com/show_bug.cgi?id=1258278
- https://bugzilla.suse.com/show_bug.cgi?id=1258279
- https://bugzilla.suse.com/show_bug.cgi?id=1258286
- https://bugzilla.suse.com/show_bug.cgi?id=1258293
- https://bugzilla.suse.com/show_bug.cgi?id=1258297
- https://bugzilla.suse.com/show_bug.cgi?id=1258298
- https://bugzilla.suse.com/show_bug.cgi?id=1258299
- https://bugzilla.suse.com/show_bug.cgi?id=1258304
- https://bugzilla.suse.com/show_bug.cgi?id=1258309
- https://bugzilla.suse.com/show_bug.cgi?id=1258313
- https://bugzilla.suse.com/show_bug.cgi?id=1258317
- https://bugzilla.suse.com/show_bug.cgi?id=1258321
- https://bugzilla.suse.com/show_bug.cgi?id=1258326
- https://bugzilla.suse.com/show_bug.cgi?id=1258338
- https://bugzilla.suse.com/show_bug.cgi?id=1258340
- https://bugzilla.suse.com/show_bug.cgi?id=1258349
- https://bugzilla.suse.com/show_bug.cgi?id=1258354
- https://bugzilla.suse.com/show_bug.cgi?id=1258358
- https://bugzilla.suse.com/show_bug.cgi?id=1258374
- https://bugzilla.suse.com/show_bug.cgi?id=1258376
- https://bugzilla.suse.com/show_bug.cgi?id=1258377
- https://bugzilla.suse.com/show_bug.cgi?id=1258379
- https://bugzilla.suse.com/show_bug.cgi?id=1258389
- https://bugzilla.suse.com/show_bug.cgi?id=1258394
- https://bugzilla.suse.com/show_bug.cgi?id=1258395
- https://bugzilla.suse.com/show_bug.cgi?id=1258397
- https://bugzilla.suse.com/show_bug.cgi?id=1258411
- https://bugzilla.suse.com/show_bug.cgi?id=1258415
- https://bugzilla.suse.com/show_bug.cgi?id=1258419
- https://bugzilla.suse.com/show_bug.cgi?id=1258422
- https://bugzilla.suse.com/show_bug.cgi?id=1258424
- https://bugzilla.suse.com/show_bug.cgi?id=1258429
- https://bugzilla.suse.com/show_bug.cgi?id=1258442
- https://bugzilla.suse.com/show_bug.cgi?id=1258464
- https://bugzilla.suse.com/show_bug.cgi?id=1258465
- https://bugzilla.suse.com/show_bug.cgi?id=1258468
- https://bugzilla.suse.com/show_bug.cgi?id=1258469
- https://bugzilla.suse.com/show_bug.cgi?id=1258484
- https://bugzilla.suse.com/show_bug.cgi?id=1258517
- https://bugzilla.suse.com/show_bug.cgi?id=1258518
- https://bugzilla.suse.com/show_bug.cgi?id=1258519
- https://bugzilla.suse.com/show_bug.cgi?id=1258520
- https://bugzilla.suse.com/show_bug.cgi?id=1258524
- https://bugzilla.suse.com/show_bug.cgi?id=1258544
- https://bugzilla.suse.com/show_bug.cgi?id=1258660
- https://bugzilla.suse.com/show_bug.cgi?id=1258824
- https://bugzilla.suse.com/show_bug.cgi?id=1258832
- https://bugzilla.suse.com/show_bug.cgi?id=1258849
- https://bugzilla.suse.com/show_bug.cgi?id=1258860
- https://bugzilla.suse.com/show_bug.cgi?id=1258928
- https://bugzilla.suse.com/show_bug.cgi?id=1259070
- https://bugzilla.suse.com/show_bug.cgi?id=1259130
- https://bugzilla.suse.com/show_bug.cgi?id=1259558
- https://bugzilla.suse.com/show_bug.cgi?id=1259580