File _patchinfo of Package patchinfo.41875
<patchinfo incident="41875">
<issue id="1232223" tracker="bnc">requesting patch NFSD: CREATE_SESSION must never cache NFS4ERR_DELAY replies</issue>
<issue id="1236743" tracker="bnc">Unable to install SLES due to out of memory failure (kernel)</issue>
<issue id="1237888" tracker="bnc">VUL-0: CVE-2025-21710: kernel: tcp: correct handling of extreme memory squeeze</issue>
<issue id="1243474" tracker="bnc">VUL-0: CVE-2025-37916: kernel: pds_core: remove write-after-free of client_id</issue>
<issue id="1245193" tracker="bnc">backport nvmet-loop fixes</issue>
<issue id="1247076" tracker="bnc">VUL-0: CVE-2025-38359: kernel: s390/mm: Fix in_atomic() handling in do_secure_storage_access()</issue>
<issue id="1247079" tracker="bnc">VUL-0: CVE-2025-38361: kernel: drm/amd/display: Check dce_hwseq before dereferencing it</issue>
<issue id="1247500" tracker="bnc">nvme over FC: kernel soft lockup on module removal</issue>
<issue id="1247509" tracker="bnc">'perf script' command takes a long time because of the C-based addr2line</issue>
<issue id="1249547" tracker="bnc">VUL-0: CVE-2025-39788: kernel: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE</issue>
<issue id="1249912" tracker="bnc">VUL-0: CVE-2022-50253: kernel: bpf: make sure skb->len != 0 when redirecting to a tunneling device</issue>
<issue id="1249982" tracker="bnc">VUL-0: CVE-2025-39805: kernel: net: macb: fix unregister_netdev call order in macb_remove()</issue>
<issue id="1250176" tracker="bnc">VUL-0: CVE-2025-39819: kernel: fs/smb: Fix inconsistent refcnt update</issue>
<issue id="1250237" tracker="bnc">nftables stack guard hit + kernel panic on synproxy in output chain</issue>
<issue id="1250252" tracker="bnc">VUL-0: CVE-2025-39859: kernel: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog</issue>
<issue id="1250705" tracker="bnc">VUL-0: CVE-2025-39913: kernel: tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.</issue>
<issue id="1251120" tracker="bnc">VUL-0: CVE-2025-39944: kernel: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()</issue>
<issue id="1251786" tracker="bnc">VUL-0: CVE-2023-53676: kernel: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()</issue>
<issue id="1252063" tracker="bnc">VUL-0: CVE-2025-39980: kernel: nexthop: Forbid FDB status change while nexthop is in a group</issue>
<issue id="1252267" tracker="bnc">[Suse][STORVSC] [Backport] Backport for Linux storage driver patch for fixing performance issues</issue>
<issue id="1252269" tracker="bnc">SLES15 SP6 install boot fails with "Could not allocate memory for RTAS" - thread::VSmdwHVTIs64xFDlEjpgjys::</issue>
<issue id="1252303" tracker="bnc">VUL-0: CVE-2025-40001: kernel: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue</issue>
<issue id="1252353" tracker="bnc">SLES 15 SP7 - net/smc: Remove validation of reserved bits in CLC Decline msg</issue>
<issue id="1252681" tracker="bnc">VUL-0: CVE-2025-40021: kernel: tracing: dynevent: Add a missing lockdown check on dynevent</issue>
<issue id="1252763" tracker="bnc">VUL-0: CVE-2025-40027: kernel: net/9p: fix double req put in p9_fd_cancelled</issue>
<issue id="1252773" tracker="bnc">VUL-0: CVE-2025-40030: kernel: pinctrl: check the return value of pinmux_ops::get_function_name()</issue>
<issue id="1252780" tracker="bnc">VUL-0: CVE-2025-40040: kernel: mm/ksm: fix flag-dropping behavior in ksm_madvise</issue>
<issue id="1252794" tracker="bnc">VUL-0: CVE-2025-40074: kernel: ipv4: start using dst_dev_rcu()</issue>
<issue id="1252795" tracker="bnc">VUL-0: CVE-2025-40075: kernel: tcp_metrics: use dst_dev_net_rcu()</issue>
<issue id="1252809" tracker="bnc">VUL-0: CVE-2025-40059: kernel: coresight: Fix incorrect handling for return value of devm_kzalloc</issue>
<issue id="1252817" tracker="bnc">VUL-0: CVE-2025-40038: kernel: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid</issue>
<issue id="1252821" tracker="bnc">VUL-0: CVE-2025-40055: kernel: ocfs2: fix double free in user_cluster_connect()</issue>
<issue id="1252836" tracker="bnc">VUL-0: CVE-2025-40070: kernel: pps: fix warning in pps_register_cdev when register device fail</issue>
<issue id="1252845" tracker="bnc">VUL-0: CVE-2025-40064: kernel: smc: Fix use-after-free in __pnet_find_base_ndev().</issue>
<issue id="1252862" tracker="bnc">VUL-0: CVE-2025-40048: kernel: uio_hv_generic: Let userspace take care of interrupt mask</issue>
<issue id="1252912" tracker="bnc">VUL-0: CVE-2025-40083: kernel: net/sched: sch_qfq: Fix null-deref in agg_dequeue</issue>
<issue id="1252917" tracker="bnc">VUL-0: CVE-2025-40098: kernel: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state()</issue>
<issue id="1252928" tracker="bnc">VUL-0: CVE-2025-40105: kernel: vfs: Don't leak disconnected dentries on umount</issue>
<issue id="1253018" tracker="bnc">VUL-0: CVE-2025-40107: kernel: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled</issue>
<issue id="1253176" tracker="bnc">VUL-0: CVE-2025-40109: kernel: crypto: rng - Ensure set_ent is always present</issue>
<issue id="1253275" tracker="bnc">VUL-0: CVE-2025-40110: kernel: drm/vmwgfx: Fix a null-ptr access in the cursor snooper</issue>
<issue id="1253318" tracker="bnc">VUL-0: CVE-2025-40115: kernel: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()</issue>
<issue id="1253324" tracker="bnc">VUL-0: CVE-2025-40116: kernel: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup</issue>
<issue id="1253349" tracker="bnc">VUL-0: CVE-2025-40140: kernel: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast</issue>
<issue id="1253352" tracker="bnc">VUL-0: CVE-2025-40141: kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free</issue>
<issue id="1253355" tracker="bnc">VUL-0: CVE-2025-40149: kernel: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().</issue>
<issue id="1253360" tracker="bnc">VUL-0: CVE-2025-40120: kernel: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock</issue>
<issue id="1253362" tracker="bnc">VUL-0: CVE-2025-40111: kernel: drm/vmwgfx: Fix Use-after-free in validation</issue>
<issue id="1253363" tracker="bnc">VUL-0: CVE-2025-40118: kernel: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod</issue>
<issue id="1253367" tracker="bnc">VUL-0: CVE-2025-40121: kernel: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping</issue>
<issue id="1253369" tracker="bnc">VUL-0: CVE-2025-40127: kernel: hwrng: ks-sa - fix division by zero in ks_sa_rng_init</issue>
<issue id="1253393" tracker="bnc">VUL-0: CVE-2025-40206: kernel: netfilter: nft_objref: validate objref and objrefmap expressions</issue>
<issue id="1253395" tracker="bnc">VUL-0: CVE-2025-40207: kernel: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()</issue>
<issue id="1253403" tracker="bnc">VUL-0: CVE-2025-40159: kernel: xsk: Harden userspace-supplied xdp_desc validation</issue>
<issue id="1253407" tracker="bnc">VUL-0: CVE-2025-40164: kernel: usbnet: Fix using smp_processor_id() in preemptible code warnings</issue>
<issue id="1253409" tracker="bnc">VUL-0: CVE-2025-40139: kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().</issue>
<issue id="1253412" tracker="bnc">VUL-0: CVE-2025-40171: kernel: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op</issue>
<issue id="1253416" tracker="bnc">VUL-0: CVE-2025-40169: kernel: bpf: Reject negative offsets for ALU ops</issue>
<issue id="1253421" tracker="bnc">VUL-0: CVE-2025-40173: kernel: net/ip6_tunnel: Prevent perpetual tunnel growth</issue>
<issue id="1253423" tracker="bnc">VUL-0: CVE-2025-40157: kernel: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller</issue>
<issue id="1253424" tracker="bnc">VUL-0: CVE-2025-40172: kernel: accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()</issue>
<issue id="1253425" tracker="bnc">VUL-0: CVE-2025-40176: kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails</issue>
<issue id="1253427" tracker="bnc">VUL-0: CVE-2025-40168: kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().</issue>
<issue id="1253428" tracker="bnc">VUL-0: CVE-2025-40156: kernel: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe()</issue>
<issue id="1253431" tracker="bnc">VUL-0: CVE-2025-40154: kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping</issue>
<issue id="1253436" tracker="bnc">VUL-0: CVE-2025-40204: kernel: sctp: Fix MAC comparison to be constant-time</issue>
<issue id="1253438" tracker="bnc">VUL-0: CVE-2025-40186: kernel: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().</issue>
<issue id="1253440" tracker="bnc">VUL-0: CVE-2025-40180: kernel: mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop</issue>
<issue id="1253441" tracker="bnc">VUL-0: CVE-2025-40183: kernel: bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}</issue>
<issue id="1253445" tracker="bnc">VUL-0: CVE-2025-40194: kernel: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()</issue>
<issue id="1253448" tracker="bnc">VUL-0: CVE-2025-40200: kernel: Squashfs: reject negative file sizes in squashfs_read_inode()</issue>
<issue id="1253449" tracker="bnc">VUL-0: CVE-2025-40188: kernel: pwm: berlin: Fix wrong register in suspend/resume</issue>
<issue id="1253453" tracker="bnc">VUL-0: CVE-2025-40198: kernel: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()</issue>
<issue id="1253456" tracker="bnc">VUL-0: CVE-2025-40205: kernel: btrfs: avoid potential out-of-bounds in btrfs_encode_fh()</issue>
<issue id="1253472" tracker="bnc">VUL-0: CVE-2025-40129: kernel: sunrpc: fix null pointer dereference on zero-length checksum</issue>
<issue id="1253779" tracker="bnc">L3: ZeroWindow sometimes not being sent on SLE 15 SP6 [thread::v0rDWOXNK46Oth_X8Ol5FSs::]</issue>
<issue id="2022-50253" tracker="cve" />
<issue id="2023-53676" tracker="cve" />
<issue id="2025-21710" tracker="cve" />
<issue id="2025-37916" tracker="cve" />
<issue id="2025-38359" tracker="cve" />
<issue id="2025-38361" tracker="cve" />
<issue id="2025-39788" tracker="cve" />
<issue id="2025-39805" tracker="cve" />
<issue id="2025-39819" tracker="cve" />
<issue id="2025-39859" tracker="cve" />
<issue id="2025-39944" tracker="cve" />
<issue id="2025-39980" tracker="cve" />
<issue id="2025-40001" tracker="cve" />
<issue id="2025-40021" tracker="cve" />
<issue id="2025-40027" tracker="cve" />
<issue id="2025-40030" tracker="cve" />
<issue id="2025-40038" tracker="cve" />
<issue id="2025-40040" tracker="cve" />
<issue id="2025-40048" tracker="cve" />
<issue id="2025-40055" tracker="cve" />
<issue id="2025-40059" tracker="cve" />
<issue id="2025-40064" tracker="cve" />
<issue id="2025-40070" tracker="cve" />
<issue id="2025-40074" tracker="cve" />
<issue id="2025-40075" tracker="cve" />
<issue id="2025-40083" tracker="cve" />
<issue id="2025-40098" tracker="cve" />
<issue id="2025-40105" tracker="cve" />
<issue id="2025-40107" tracker="cve" />
<issue id="2025-40109" tracker="cve" />
<issue id="2025-40110" tracker="cve" />
<issue id="2025-40111" tracker="cve" />
<issue id="2025-40115" tracker="cve" />
<issue id="2025-40116" tracker="cve" />
<issue id="2025-40118" tracker="cve" />
<issue id="2025-40120" tracker="cve" />
<issue id="2025-40121" tracker="cve" />
<issue id="2025-40127" tracker="cve" />
<issue id="2025-40129" tracker="cve" />
<issue id="2025-40139" tracker="cve" />
<issue id="2025-40140" tracker="cve" />
<issue id="2025-40141" tracker="cve" />
<issue id="2025-40149" tracker="cve" />
<issue id="2025-40154" tracker="cve" />
<issue id="2025-40156" tracker="cve" />
<issue id="2025-40157" tracker="cve" />
<issue id="2025-40159" tracker="cve" />
<issue id="2025-40164" tracker="cve" />
<issue id="2025-40168" tracker="cve" />
<issue id="2025-40169" tracker="cve" />
<issue id="2025-40171" tracker="cve" />
<issue id="2025-40172" tracker="cve" />
<issue id="2025-40173" tracker="cve" />
<issue id="2025-40176" tracker="cve" />
<issue id="2025-40180" tracker="cve" />
<issue id="2025-40183" tracker="cve" />
<issue id="2025-40186" tracker="cve" />
<issue id="2025-40188" tracker="cve" />
<issue id="2025-40194" tracker="cve" />
<issue id="2025-40198" tracker="cve" />
<issue id="2025-40200" tracker="cve" />
<issue id="2025-40204" tracker="cve" />
<issue id="2025-40205" tracker="cve" />
<issue id="2025-40206" tracker="cve" />
<issue id="2025-40207" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>olh</packager>
<reboot_needed/>
<description>The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888).
- CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474).
- CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076).
- CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079).
- CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547).
- CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982).
- CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
- CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252).
- CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120).
- CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
- CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303).
- CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
- CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763).
- CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773).
- CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821).
- CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
- CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845).
- CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836).
- CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794).
- CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795).
- CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912).
- CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917).
- CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928).
- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
- CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355).
- CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
- CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427).
- CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
- CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
- CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non-security bugs were fixed:
- ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes).
- ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes).
- ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes).
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes).
- ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
- ACPI: property: Return present device nodes only on fwnode interface (stable-fixes).
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes).
- ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes).
- ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes).
- ALSA: serial-generic: remove shared static buffer (stable-fixes).
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes).
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes).
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes).
- ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
- ALSA: usb-audio: do not log messages meant for 1810c when initializing 1824c (git-fixes).
- ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes).
- ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes).
- ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes).
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes).
- ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes).
- ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes).
- ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes).
- Bluetooth: 6lowpan: Do not hold spin lock over sleeping functions (git-fixes).
- Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes).
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes).
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes).
- Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes).
- Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
- Bluetooth: bcsp: receive data only if registered (stable-fixes).
- Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes).
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes).
- Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes).
- Documentation: ACPI: i2c-muxes: fix I2C device references (git-fixes).
- Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
- HID: amd_sfh: Stop sensor before starting (git-fixes).
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes).
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes).
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes).
- HID: uclogic: Fix potential memory leak in error path (git-fixes).
- Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
- Input: imx_sc_key - fix memory corruption on unload (git-fixes).
- Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes).
- KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
- KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes).
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes).
- KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes).
- KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes).
- KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes).
- KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes).
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes).
- KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes).
- KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes).
- KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes).
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
- KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes).
- KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
- KVM: x86: Do not treat ENTER and LEAVE as branches, because they are not (git-fixes).
- KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes).
- NFS4: Fix state renewals missing after boot (git-fixes).
- NFS: check if suid/sgid was cleared after a write as needed (git-fixes).
- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes).
- NFSD: Skip close replay processing if XDR encoding fails (git-fixes).
- NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes).
- NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes).
- NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes).
- PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes).
- PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
- PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes).
- PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
- RDMA/bnxt_re: Do not fail destroy QP and cleanup debugfs earlier (git-fixes).
- RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes).
- RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes).
- RDMA/hns: Fix the modification of max_send_sge (git-fixes).
- RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes).
- RDMA/irdma: Fix SD index calculation (git-fixes).
- RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes).
- Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" (git-fixes).
- Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (git-fixes).
- accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes).
- accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes).
- accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes).
- accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes).
- acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes).
- amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes).
- block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes).
- block: fix kobject double initialization in add_disk (git-fixes).
- btrfs: abort transaction on failure to add link to inode (git-fixes).
- btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix).
- btrfs: avoid using fixed char array size for tree names (git-fix).
- btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes).
- btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
- btrfs: fix inode leak on failure to add link to inode (git-fixes).
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix).
- btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes).
- btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix).
- btrfs: rename err to ret in btrfs_link() (git-fixes).
- btrfs: run btrfs_error_commit_super() early (git-fix).
- btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes).
- btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes).
- btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes).
- btrfs: simplify error handling logic for btrfs_link() (git-fixes).
- btrfs: tree-checker: add dev extent item checks (git-fix).
- btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix).
- btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix).
- btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
- btrfs: tree-checker: validate dref root and objectid (git-fix).
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes).
- char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes).
- char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes).
- char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes).
- cramfs: Verify inode mode when loading from disk (git-fixes).
- crypto: aspeed - fix double free caused by devm (git-fixes).
- crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes).
- crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes).
- crypto: iaa - Do not clobber req->base.data (git-fixes).
- crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes).
- dmaengine: dw-edma: Set status for callback_result (stable-fixes).
- dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
- drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes).
- drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
- drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
- drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes).
- drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
- drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes).
- drm/amd/display: add more cyan skillfish devices (stable-fixes).
- drm/amd/display: ensure committing streams is seamless (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
- drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes).
- drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
- drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (stable-fixes).
- drm/amd: Fix suspend failure with secure display TA (git-fixes).
- drm/amd: add more cyan skillfish PCI ids (stable-fixes).
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes).
- drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes).
- drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes).
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes).
- drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes).
- drm/amdgpu: do not enable SMU on cyan skillfish (stable-fixes).
- drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
- drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes).
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes).
- drm/amdkfd: fix vram allocation failure for a special case (stable-fixes).
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes).
- drm/bridge: cdns-dsi: Do not fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes).
- drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
- drm/bridge: display-connector: do not set OP_DETECT for DisplayPorts (stable-fixes).
- drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes).
- drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes).
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes).
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes).
- drm/msm: make sure to not queue up recovery more than once (stable-fixes).
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes).
- drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes).
- drm/tegra: Add call to put_pid() (git-fixes).
- drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes).
- drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes).
- drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes).
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes).
- exfat: limit log print for IO error (git-fixes).
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes).
- extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes).
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes).
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes).
- fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes).
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes).
- hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes).
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes).
- hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
- hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes).
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes).
- hwmon: sy7636a: add alias (stable-fixes).
- iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes).
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes).
- ima: do not clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes).
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes).
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes).
- jfs: Verify inode mode when loading from disk (git-fixes).
- jfs: fix uninitialized waitqueue in transaction manager (git-fixes).
- kABI fix for KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
- kabi/severities: drop xfer_to_guest_mode_handle_work.
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes).
- md/raid1: fix data lost for writemostly rdev (git-fixes).
- md: fix mssing blktrace bio split events (git-fixes).
- media: adv7180: Add missing lock in suspend callback (stable-fixes).
- media: adv7180: Do not write format to device in set_fmt (stable-fixes).
- media: adv7180: Only validate format in querystd (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
- media: fix uninitialized symbol warnings (stable-fixes).
- media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes).
- media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes).
- media: imon: make send_packet() more robust (stable-fixes).
- media: ov08x40: Fix the horizontal flip control (stable-fixes).
- media: redrat3: use int type to store negative error codes (stable-fixes).
- media: uvcvideo: Use heuristic to find stream entity (git-fixes).
- memstick: Add timeout to prevent indefinite waiting (stable-fixes).
- mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes).
- mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes).
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
- mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
- minixfs: Verify inode mode when loading from disk (git-fixes).
- mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes).
- mm/secretmem: fix use-after-free race in fault handler (git-fixes).
- mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes).
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes).
- mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes).
- mtdchar: fix integer overflow in read/write ioctls (git-fixes).
- net/mana: fix warning in the writer of client oob (git-fixes).
- net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779).
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes).
- net: phy: clear link parameters on admin link down (stable-fixes).
- net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes).
- net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes).
- net: tcp: send zero-window ACK when no memory (bsc#1253779).
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes).
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes).
- nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223).
- nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223).
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes).
- perf script: add --addr2line option (bsc#1247509).
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes).
- phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes).
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes).
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes).
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes).
- pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes).
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes).
- power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
- power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes).
- power: supply: sbs-charger: Support multiple devices (stable-fixes).
- powerpc: export MIN RMA size (bsc#1236743).
- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743, bsc#1252269).
- regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes).
- rtc: rx8025: fix incorrect register reference (git-fixes).
- s390/mm,fault: simplify kfence fault handling (bsc#1247076).
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes).
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
- scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes).
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes).
- scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes).
- scsi: mpi3mr: Correctly handle ATA device errors (git-fixes).
- scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes).
- scsi: mpt3sas: Correctly handle ATA device errors (git-fixes).
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes).
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes).
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes).
- selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes).
- selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes).
- selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes).
- selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes).
- selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
- selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes).
- selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes).
- selftests/bpf: fix signedness bug in redir_partial() (git-fixes).
- serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes).
- serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes).
- soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes).
- soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
- soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes).
- spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
- spi: loopback-test: Do not use %pK through printk (stable-fixes).
- spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
- strparser: Fix signed/unsigned mismatch bug (git-fixes).
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705).
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes).
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes).
- tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes).
- tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes).
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes).
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes).
- tools: lib: thermal: do not preserve owner in install (stable-fixes).
- tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes).
- uio_hv_generic: Query the ringbuffer size for device (git-fixes).
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
- usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes).
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes).
- usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes).
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes).
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes).
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes).
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes).
- watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes).
- wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
- wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes).
- wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes).
- wifi: mac80211: Fix HE capabilities element check (stable-fixes).
- wifi: mac80211: reject address change while connecting (git-fixes).
- wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes).
- wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes).
- wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes).
- wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
- wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes).
- wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes).
- wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes).
- x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
- x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
- x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
- x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
- x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
- x86/bugs: Report correct retbleed mitigation status (git-fixes).
- x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
- xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes).
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes).
- xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes).
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes).
- xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
