File _patchinfo of Package patchinfo.38788
<patchinfo incident="38788">
<issue id="1215199" tracker="bnc">[trackerbug] 6.4 powerpc base kernel fixes</issue>
<issue id="1223809" tracker="bnc">VUL-0: CVE-2024-27018: kernel: netfilter: br_netfilter: skip conntrack input hook for promisc packets</issue>
<issue id="1224013" tracker="bnc">kernel: rtnetlink.c:3870 crash / iproute2 reports Buffer too small for object with SR-IOV on infiniband NIC</issue>
<issue id="1224597" tracker="bnc">VUL-0: CVE-2024-35840: kernel: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()</issue>
<issue id="1224757" tracker="bnc">VUL-0: CVE-2024-27415: kernel: netfilter: bridge: confirm multicast packets before passing them up the stack</issue>
<issue id="1228659" tracker="bnc">Snapshot 20240730 - unbootable after transactional-update dup</issue>
<issue id="1230764" tracker="bnc">VUL-0: CVE-2024-46763: kernel: fou: Fix null-ptr-deref in GRO.</issue>
<issue id="1231103" tracker="bnc">VUL-0: CVE-2024-46865: kernel: fou: fix initialization of grc</issue>
<issue id="1231910" tracker="bnc">VUL-0: CVE-2024-50038: kernel: netfilter: xtables: avoid NFPROTO_UNSPEC where needed</issue>
<issue id="1232493" tracker="bnc">VUL-0: CVE-2024-50083: kernel: tcp: fix mptcp DSS corruption due to large pmtu xmit</issue>
<issue id="1233075" tracker="bnc">VUL-0: CVE-2024-50162: kernel: bpf: devmap: provide rxq after redirect</issue>
<issue id="1233098" tracker="bnc">VUL-0: CVE-2024-50163: kernel: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap</issue>
<issue id="1234074" tracker="bnc">VUL-0: CVE-2024-53124: kernel: net: fix data-races around sk->sk_forward_alloc</issue>
<issue id="1234157" tracker="bnc">VUL-0: CVE-2024-53139: kernel: sctp: fix possible UAF in sctp_v6_available()</issue>
<issue id="1234698" tracker="bnc">Increase perf MAX_NR_CPUS to 4096</issue>
<issue id="1235501" tracker="bnc">VUL-0: CVE-2024-56702: kernel: bpf: mark raw_tp arguments with PTR_MAYBE_NULL</issue>
<issue id="1235526" tracker="bnc">VUL-0: CVE-2024-56641: kernel: net/smc: initialize close_work early to avoid warning</issue>
<issue id="1235550" tracker="bnc">SLE15-SP6 KOTD boot failed (as of commit 0d65f46)</issue>
<issue id="1235870" tracker="bnc">Partner-L3: intermittent reboot failures using TPM to unlock encrypted drives during boot: "tpm tpm0: tpm_try_transmit: send(): error -62"</issue>
<issue id="1236086" tracker="bnc">VUL-0: CVE-2024-57924: kernel: fs: relax assertions on failure to encode file handles</issue>
<issue id="1236704" tracker="bnc">VUL-0: CVE-2025-21683: kernel: bpf: fix bpf_sk_select_reuseport() memory leak</issue>
<issue id="1237111" tracker="bnc">VUL-0: CVE-2025-21696: kernel: mm: clear uffd-wp PTE/PMD state on mremap()</issue>
<issue id="1237874" tracker="bnc">VUL-0: CVE-2025-21729: kernel: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion</issue>
<issue id="1237882" tracker="bnc">VUL-0: CVE-2025-21755: kernel: vsock: Orphan socket after transport release</issue>
<issue id="1238052" tracker="bnc">Nvidia Grace: sysfs cpuinfo_cur_freq shows cpufreq higher than the limits</issue>
<issue id="1238212" tracker="bnc">clustermd: mdadm grow hangs and become uninterruptible</issue>
<issue id="1238471" tracker="bnc">VUL-0: CVE-2025-21812: kernel: ax25: rcu protect dev->ax25_ptr</issue>
<issue id="1238527" tracker="bnc">VUL-0: CVE-2024-57998: kernel: OPP: add index check to assert to avoid buffer overflow in _read_freq()</issue>
<issue id="1238565" tracker="bnc">nested nfsv3 mount does not honour "rw" option</issue>
<issue id="1238714" tracker="bnc">VUL-0: CVE-2025-21768: kernel: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels</issue>
<issue id="1238737" tracker="bnc">VUL-0: CVE-2025-21758: kernel: ipv6: mcast: add RCU protection to mld_newpack()</issue>
<issue id="1238742" tracker="bnc">VUL-0: CVE-2025-21808: kernel: net: xdp: Disallow attaching device-bound programs in generic mode</issue>
<issue id="1238745" tracker="bnc">VUL-0: CVE-2025-21792: kernel: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt</issue>
<issue id="1238746" tracker="bnc">VUL-0: CVE-2025-21806: kernel: net: let net.core.dev_weight always be non-zero</issue>
<issue id="1238862" tracker="bnc">VUL-0: CVE-2025-21707: kernel: mptcp: consolidate suboption status</issue>
<issue id="1238961" tracker="bnc">VUL-0: CVE-2024-58068: kernel: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized</issue>
<issue id="1238970" tracker="bnc">VUL-0: CVE-2024-58071: kernel: team: prevent adding a device which is already a team device lower</issue>
<issue id="1238983" tracker="bnc">VUL-0: CVE-2024-58070: kernel: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT</issue>
<issue id="1238990" tracker="bnc">VUL-0: CVE-2024-58018: kernel: nvkm: correctly calculate the available space of the GSP cmdq buffer</issue>
<issue id="1239066" tracker="bnc">VUL-0: CVE-2025-21836: kernel: io_uring/kbuf: reallocate buf lists on upgrade</issue>
<issue id="1239079" tracker="bnc">VUL-0: CVE-2024-58001: kernel: ocfs2: handle a symlink read error correctly</issue>
<issue id="1239108" tracker="bnc">VUL-0: CVE-2025-21833: kernel: iommu/vt-d: avoid use of NULL after WARN_ON_ONCE</issue>
<issue id="1239470" tracker="bnc">VUL-0: CVE-2025-21854: kernel: sockmap, vsock: For connectible sockets allow only connected</issue>
<issue id="1239475" tracker="bnc">VUL-0: CVE-2025-21863: kernel: io_uring: prevent opcode speculation</issue>
<issue id="1239476" tracker="bnc">VUL-0: CVE-2025-21853: kernel: bpf: avoid holding freeze_mutex during mmap operation</issue>
<issue id="1239487" tracker="bnc">VUL-0: CVE-2025-21852: kernel: net: Add rx_skb of kfree_skb to raw_tp_null_args[].</issue>
<issue id="1239510" tracker="bnc">VUL-0: CVE-2024-58088: kernel: bpf: fix deadlock when freeing cgroup storage</issue>
<issue id="1239684" tracker="bnc">VUL-0: CVE-2025-2312: kernel: cifs-utils: cifs.upcall makes an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials</issue>
<issue id="1239906" tracker="bnc">perf ships a binary with executable stack</issue>
<issue id="1239925" tracker="bnc">SLES15 SP6: Panic in hw_stat_device_show()</issue>
<issue id="1239997" tracker="bnc">L3: smb: copying big local files (+100G) to a cifs mounted share results in unresponsive system due to extreme high load</issue>
<issue id="1240167" tracker="bnc">VUL-0: CVE-2025-21889: kernel: perf/core: Add RCU read lock protection to perf_iterate_ctx()</issue>
<issue id="1240168" tracker="bnc">VUL-0: CVE-2025-21875: kernel: mptcp: always handle address removal under msk socket lock</issue>
<issue id="1240171" tracker="bnc">VUL-0: CVE-2025-21884: kernel: net: better track kernel sockets lifetime</issue>
<issue id="1240176" tracker="bnc">VUL-0: CVE-2025-21887: kernel: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up</issue>
<issue id="1240181" tracker="bnc">VUL-0: CVE-2025-21867: kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()</issue>
<issue id="1240184" tracker="bnc">VUL-0: CVE-2025-21873: kernel: scsi: ufs: core: bsg: Fix crash when arpmb command fails</issue>
<issue id="1240185" tracker="bnc">VUL-0: CVE-2025-21881: kernel: uprobes: Reject the shared zeropage in uprobe_write_opcode()</issue>
<issue id="1240375" tracker="bnc">[SELinux] rke2-ingress-nginx-controller crashloop after 1.31.7+rke2r1 or newer</issue>
<issue id="1240557" tracker="bnc">fstests generic/365 fails in ext4</issue>
<issue id="1240575" tracker="bnc">VUL-0: CVE-2025-21905: kernel: wifi: iwlwifi: limit printed string from FW file</issue>
<issue id="1240576" tracker="bnc">VUL-0: CVE-2025-21904: kernel: caif_virtio: fix wrong pointer check in cfv_probe()</issue>
<issue id="1240581" tracker="bnc">VUL-0: CVE-2025-21894: kernel: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC</issue>
<issue id="1240582" tracker="bnc">VUL-0: CVE-2025-21916: kernel: usb: atm: cxacru: fix a flaw in existing endpoint checks</issue>
<issue id="1240583" tracker="bnc">VUL-0: CVE-2025-21910: kernel: wifi: cfg80211: regulatory: improve invalid hints checking</issue>
<issue id="1240584" tracker="bnc">VUL-0: CVE-2025-21912: kernel: gpio: rcar: Use raw_spinlock to protect register access</issue>
<issue id="1240585" tracker="bnc">VUL-0: CVE-2025-21895: kernel: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list</issue>
<issue id="1240587" tracker="bnc">VUL-0: CVE-2025-21906: kernel: wifi: iwlwifi: mvm: clean up ROC on failure</issue>
<issue id="1240590" tracker="bnc">VUL-0: CVE-2025-21909: kernel: wifi: nl80211: reject cooked mode if it is set along with other flags</issue>
<issue id="1240591" tracker="bnc">VUL-0: CVE-2025-21913: kernel: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()</issue>
<issue id="1240592" tracker="bnc">VUL-0: CVE-2025-21918: kernel: usb: typec: ucsi: Fix NULL pointer access</issue>
<issue id="1240594" tracker="bnc">VUL-0: CVE-2025-21915: kernel: cdx: Fix possible UAF error in driver_override_show()</issue>
<issue id="1240595" tracker="bnc">VUL-0: CVE-2025-21914: kernel: slimbus: messaging: Free transaction ID in delayed interrupt scenario</issue>
<issue id="1240596" tracker="bnc">VUL-0: CVE-2025-21917: kernel: usb: renesas_usbhs: Flush the notify_hotplug_work</issue>
<issue id="1240600" tracker="bnc">VUL-0: CVE-2025-21908: kernel: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback</issue>
<issue id="1240612" tracker="bnc">VUL-0: CVE-2025-21981: kernel: ice: fix memory leak in aRFS after reset</issue>
<issue id="1240616" tracker="bnc">autofs does not handle cifs cache correctly - ref:_00D1igLOd._500TrWFPq9:ref</issue>
<issue id="1240617" tracker="bnc">[Microsoft Azure]MokList not imported by SLES kernel for kmod validation in secureboot scenario</issue>
<issue id="1240639" tracker="bnc">VUL-0: CVE-2025-21922: kernel: ppp: Fix KMSAN uninit-value warning with bpf</issue>
<issue id="1240643" tracker="bnc">VUL-0: CVE-2025-21937: kernel: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()</issue>
<issue id="1240647" tracker="bnc">VUL-0: CVE-2025-21943: kernel: gpio: aggregator: protect driver attr handlers against module unload</issue>
<issue id="1240655" tracker="bnc">VUL-0: CVE-2025-21962: kernel: cifs: Fix integer overflow while processing closetimeo mount option</issue>
<issue id="1240691" tracker="bnc">VUL-0: CVE-2025-21923: kernel: HID: hid-steam: Fix use-after-free when detaching device</issue>
<issue id="1240700" tracker="bnc">VUL-0: CVE-2025-21935: kernel: rapidio: add check for rio_add_net() in rio_scan_alloc_net()</issue>
<issue id="1240701" tracker="bnc">VUL-0: CVE-2025-21941: kernel: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params</issue>
<issue id="1240703" tracker="bnc">VUL-0: CVE-2025-21948: kernel: HID: appleir: Fix potential NULL dereference at raw event handle</issue>
<issue id="1240708" tracker="bnc">VUL-0: CVE-2025-21934: kernel: rapidio: fix an API misues when rio_add_net() fails</issue>
<issue id="1240709" tracker="bnc">VUL-0: CVE-2025-21931: kernel: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio</issue>
<issue id="1240712" tracker="bnc">VUL-0: CVE-2025-21926: kernel: net: gso: fix ownership in __udp_gso_segment</issue>
<issue id="1240713" tracker="bnc">VUL-0: CVE-2025-21925: kernel: llc: do not use skb_get() before dev_queue_xmit()</issue>
<issue id="1240714" tracker="bnc">VUL-0: CVE-2025-21927: kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()</issue>
<issue id="1240715" tracker="bnc">VUL-0: CVE-2025-21930: kernel: wifi: iwlwifi: mvm: don't try to talk to a dead firmware</issue>
<issue id="1240716" tracker="bnc">VUL-0: CVE-2025-21936: kernel: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()</issue>
<issue id="1240717" tracker="bnc">VUL-0: CVE-2025-21963: kernel: cifs: Fix integer overflow while processing acdirmax mount option</issue>
<issue id="1240718" tracker="bnc">VUL-0: CVE-2025-21951: kernel: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock</issue>
<issue id="1240719" tracker="bnc">VUL-0: CVE-2025-21950: kernel: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl</issue>
<issue id="1240720" tracker="bnc">VUL-0: CVE-2025-21924: kernel: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error</issue>
<issue id="1240722" tracker="bnc">VUL-0: CVE-2025-21928: kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()</issue>
<issue id="1240727" tracker="bnc">VUL-0: CVE-2025-21953: kernel: net: mana: cleanup mana struct after debugfs_remove()</issue>
<issue id="1240739" tracker="bnc">VUL-0: CVE-2025-21956: kernel: drm/amd/display: Assign normalized_pix_clk when color depth = 14</issue>
<issue id="1240740" tracker="bnc">VUL-0: CVE-2025-21964: kernel: cifs: Fix integer overflow while processing acregmax mount option</issue>
<issue id="1240742" tracker="bnc">VUL-0: CVE-2025-21957: kernel: scsi: qla1280: Fix kernel oops when debug level > 2</issue>
<issue id="1240779" tracker="bnc">VUL-0: CVE-2025-21966: kernel: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature</issue>
<issue id="1240783" tracker="bnc">VUL-0: CVE-2025-21968: kernel: drm/amd/display: Fix slab-use-after-free on hdcp_work</issue>
<issue id="1240784" tracker="bnc">VUL-0: CVE-2025-21969: kernel: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd</issue>
<issue id="1240785" tracker="bnc">Update from 20250329 failing</issue>
<issue id="1240795" tracker="bnc">VUL-0: CVE-2025-21991: kernel: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes</issue>
<issue id="1240796" tracker="bnc">VUL-0: CVE-2025-21992: kernel: HID: ignore non-functional sensor in HP 5MP Camera</issue>
<issue id="1240797" tracker="bnc">VUL-0: CVE-2025-21993: kernel: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()</issue>
<issue id="1240799" tracker="bnc">VUL-0: CVE-2025-21971: kernel: net_sched: Prevent creation of classes with TC_H_ROOT</issue>
<issue id="1240801" tracker="bnc">VUL-0: CVE-2025-21996: kernel: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()</issue>
<issue id="1240802" tracker="bnc">VUL-0: CVE-2025-21999: kernel: proc: fix UAF in proc_get_inode()</issue>
<issue id="1240806" tracker="bnc">VUL-0: CVE-2025-21978: kernel: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed</issue>
<issue id="1240808" tracker="bnc">VUL-0: CVE-2025-21979: kernel: wifi: cfg80211: cancel wiphy_work before freeing wiphy</issue>
<issue id="1240809" tracker="bnc">VUL-0: CVE-2025-21980: kernel: sched: address a potential NULL pointer dereference in the GRED scheduler.</issue>
<issue id="1240811" tracker="bnc">VUL-0: CVE-2025-21985: kernel: drm/amd/display: Fix out-of-bound accesses</issue>
<issue id="1240812" tracker="bnc">VUL-0: CVE-2025-21975: kernel: net/mlx5: handle errors in mlx5_chains_create_table()</issue>
<issue id="1240813" tracker="bnc">VUL-0: CVE-2025-21972: kernel: net: mctp: unshare packets when reassembling</issue>
<issue id="1240815" tracker="bnc">VUL-0: CVE-2025-21960: kernel: eth: bnxt: do not update checksum in bnxt_xdp_build_skb()</issue>
<issue id="1240816" tracker="bnc">VUL-0: CVE-2025-21961: kernel: eth: bnxt: fix truesize for mb-xdp-pass case</issue>
<issue id="1240819" tracker="bnc">VUL-0: CVE-2025-21970: kernel: net/mlx5: Bridge, fix the crash caused by LAG state check</issue>
<issue id="1240821" tracker="bnc">VUL-0: CVE-2025-21995: kernel: drm/sched: Fix fence reference count leak</issue>
<issue id="1240825" tracker="bnc">VUL-0: CVE-2025-22003: kernel: can: ucan: fix out of bound read in strscpy() source</issue>
<issue id="1240829" tracker="bnc">VUL-0: CVE-2025-22007: kernel: Bluetooth: Fix error code in chan_alloc_skb_cb()</issue>
<issue id="1240835" tracker="bnc">VUL-0: CVE-2025-22004: kernel: net: atm: fix use after free in lec_send()</issue>
<issue id="1240873" tracker="bnc">VUL-0: CVE-2025-22001: kernel: accel/qaic: Fix integer overflow in qaic_validate_req()</issue>
<issue id="1240934" tracker="bnc">VUL-0: CVE-2025-22016: kernel: dpll: fix xa_alloc_cyclic() error handling</issue>
<issue id="1240936" tracker="bnc">VUL-0: CVE-2025-22017: kernel: devlink: fix xa_alloc_cyclic() error handling</issue>
<issue id="1240937" tracker="bnc">VUL-0: CVE-2025-22014: kernel: soc: qcom: pdr: Fix the potential deadlock</issue>
<issue id="1240938" tracker="bnc">VUL-0: CVE-2025-22013: kernel: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state</issue>
<issue id="1240940" tracker="bnc">VUL-0: CVE-2025-22009: kernel: regulator: dummy: force synchronous probing</issue>
<issue id="1240942" tracker="bnc">VUL-0: CVE-2025-22008: kernel: regulator: check that dummy regulator has been probed before using it</issue>
<issue id="1240943" tracker="bnc">VUL-0: CVE-2025-22010: kernel: RDMA/hns: Fix soft lockup during bt pages loop</issue>
<issue id="1240944" tracker="bnc">VUL-0: CVE-2025-22015: kernel: mm/migrate: fix shmem xarray update during migration</issue>
<issue id="1240978" tracker="bnc">s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs</issue>
<issue id="1240979" tracker="bnc">s390/cio: Fix CHPID "configure" attribute caching</issue>
<issue id="1241010" tracker="bnc">Enable RAPL PMU support for the TPMI RAPL driver</issue>
<issue id="1241038" tracker="bnc">Use "OrderWithRequires" in kernel binary packages</issue>
<issue id="1241051" tracker="bnc">Bad page map in process stress-ng-vm — ref:_00D1igLOd._500TrWxKY9:ref</issue>
<issue id="1241123" tracker="bnc">regression: PCIe passthrough of VGA device to VM is broken</issue>
<issue id="1241151" tracker="bnc">fstests generic/363 fails in btrfs</issue>
<issue id="1241167" tracker="bnc">zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING</issue>
<issue id="1241175" tracker="bnc">tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192</issue>
<issue id="1241204" tracker="bnc">fstests generic/370 fails in btrfs</issue>
<issue id="1241250" tracker="bnc">ntfs3: kernel compilation fails after update from kernel-source-6.4.0-150600.23.42.1.noarch to kernel-source-6.4.0-150600.23.47.2.noarch</issue>
<issue id="1241265" tracker="bnc">L3: After upgrade to SLE15 SP6, memory usage keeps increasing if CIFS mount point is mounted with the default "cache=strict" option - ref:_00D1igLOd._500TrSqo0l:ref</issue>
<issue id="1241266" tracker="bnc">VUL-0: CVE-2025-22018: kernel: atm: Fix NULL pointer dereference</issue>
<issue id="1241280" tracker="bnc">VUL-0: CVE-2025-22020: kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove</issue>
<issue id="1241332" tracker="bnc">VUL-0: CVE-2025-22058: kernel: udp: Fix memory accounting leak.</issue>
<issue id="1241333" tracker="bnc">VUL-0: CVE-2025-22065: kernel: idpf: fix adapter NULL pointer dereference on reboot</issue>
<issue id="1241341" tracker="bnc">VUL-0: CVE-2023-53034: kernel: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans</issue>
<issue id="1241343" tracker="bnc">VUL-0: CVE-2024-58097: kernel: wifi: ath11k: fix RCU stall while reaping monitor destination ring</issue>
<issue id="1241344" tracker="bnc">VUL-0: CVE-2024-58096: kernel: wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode</issue>
<issue id="1241347" tracker="bnc">VUL-0: CVE-2024-58093: kernel: PCI/ASPM: fix link state exit during switch upstream function removal</issue>
<issue id="1241357" tracker="bnc">VUL-0: CVE-2025-23136: kernel: thermal: int340x: Add NULL check for adev</issue>
<issue id="1241361" tracker="bnc">VUL-0: CVE-2025-22025: kernel: nfsd: put dl_stid if fail to queue dl_recall</issue>
<issue id="1241369" tracker="bnc">VUL-0: CVE-2025-22027: kernel: media: streamzap: fix race between device disconnection and urb callback</issue>
<issue id="1241371" tracker="bnc">VUL-0: CVE-2025-22055: kernel: net: fix geneve_opt length integer overflow</issue>
<issue id="1241373" tracker="bnc">VUL-0: CVE-2025-22053: kernel: net: ibmveth: make veth_pool_store stop hanging</issue>
<issue id="1241378" tracker="bnc">VUL-0: REJECTED: CVE-2025-22029: kernel: exec: fix the racy usage of fs_struct->in_exec</issue>
<issue id="1241394" tracker="bnc">Port these vmxnet3 XDP upstream fixes for your distro</issue>
<issue id="1241402" tracker="bnc">VUL-0: CVE-2025-22075: kernel: rtnetlink: Allocate vfinfo size for VF GUIDs when supported</issue>
<issue id="1241412" tracker="bnc">VUL-0: CVE-2025-22062: kernel: sctp: add mutual exclusion in proc_sctp_do_udp_port()</issue>
<issue id="1241413" tracker="bnc">VUL-0: CVE-2025-22064: kernel: netfilter: nf_tables: don't unregister hook when table is dormant</issue>
<issue id="1241416" tracker="bnc">VUL-0: CVE-2025-22080: kernel: fs/ntfs3: Prevent integer overflow in hdr_first_de()</issue>
<issue id="1241424" tracker="bnc">VUL-0: CVE-2025-22044: kernel: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl</issue>
<issue id="1241426" tracker="bnc">VUL-0: CVE-2025-22036: kernel: exfat: fix random stack corruption after get_block</issue>
<issue id="1241433" tracker="bnc">VUL-0: CVE-2025-22045: kernel: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs</issue>
<issue id="1241436" tracker="bnc">VUL-0: CVE-2025-22033: kernel: arm64: Don't call NULL in do_compat_alignment_fixup()</issue>
<issue id="1241441" tracker="bnc">VUL-0: CVE-2025-22050: kernel: usbnet:fix NPE during rx_complete</issue>
<issue id="1241442" tracker="bnc">VUL-0: CVE-2024-58095: kernel: jfs: add check read-only before txBeginAnon() call</issue>
<issue id="1241443" tracker="bnc">VUL-0: CVE-2024-58094: kernel: jfs: add check read-only before truncation in jfs_truncate_nolock()</issue>
<issue id="1241451" tracker="bnc">VUL-0: CVE-2025-23133: kernel: wifi: ath11k: update channel list in reg notifier instead reg worker</issue>
<issue id="1241456" tracker="bnc">VUL-0: CVE-2025-22102: kernel: Bluetooth: btnxpuart: Fix kernel panic during FW release</issue>
<issue id="1241458" tracker="bnc">VUL-0: CVE-2025-22086: kernel: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow</issue>
<issue id="1241459" tracker="bnc">VUL-0: CVE-2025-22116: kernel: idpf: check error for register_netdev() on init</issue>
<issue id="1241526" tracker="bnc">VUL-0: CVE-2025-22060: kernel: net: mvpp2: Prevent parser TCAM memory corruption</issue>
<issue id="1241528" tracker="bnc">VUL-0: CVE-2025-22088: kernel: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()</issue>
<issue id="1241537" tracker="bnc">VUL-0: CVE-2025-22090: kernel: x86/mm/pat: fix VM_PAT handling when fork() fails in copy_page_range()</issue>
<issue id="1241541" tracker="bnc">VUL-0: CVE-2025-22097: kernel: drm/vkms: fix use after free and double free on init error</issue>
<issue id="1241545" tracker="bnc">VUL-0: CVE-2025-22093: kernel: drm/amd/display: avoid NPD when ASIC does not support DMUB</issue>
<issue id="1241547" tracker="bnc">VUL-0: CVE-2025-22106: kernel: vmxnet3: unregister xdp rxq info in the reset path</issue>
<issue id="1241550" tracker="bnc">VUL-0: CVE-2025-22104: kernel: ibmvnic: use kernel helpers for hex dumps</issue>
<issue id="1241573" tracker="bnc">VUL-0: CVE-2025-22109: kernel: ax25: remove broken autobind</issue>
<issue id="1241574" tracker="bnc">VUL-0: CVE-2025-22108: kernel: bnxt_en: mask the bd_cnt field in the TX BD properly</issue>
<issue id="1241575" tracker="bnc">VUL-0: CVE-2025-22107: kernel: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()</issue>
<issue id="1241578" tracker="bnc">VUL-0: CVE-2025-22115: kernel: btrfs: fix block group refcount race in btrfs_create_pending_block_groups()</issue>
<issue id="1241590" tracker="bnc">VUL-0: kernel: Global BPF program can bypass invalid packet pointer check</issue>
<issue id="1241593" tracker="bnc">VUL-0: CVE-2025-22121: kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()</issue>
<issue id="1241598" tracker="bnc">VUL-0: CVE-2025-22128: kernel: wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path</issue>
<issue id="1241599" tracker="bnc">VUL-0: CVE-2025-23129: kernel: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path</issue>
<issue id="1241601" tracker="bnc">VUL-0: CVE-2025-23131: kernel: dlm: prevent NPD when writing a positive value to event_done</issue>
<issue id="1241626" tracker="bnc">VUL-0: CVE-2025-39728: kernel: clk: samsung: fix UBSAN panic in samsung_clk_init()</issue>
<issue id="1241640" tracker="bnc">VUL-0: CVE-2025-37785: kernel: ext4: fix OOB read when checking dotdot dir</issue>
<issue id="1241648" tracker="bnc">VUL-0: CVE-2025-23138: kernel: watch_queue: fix pipe accounting mismatch</issue>
<issue id="1242006" tracker="bnc">VUL-0: CVE-2024-28956: Intel CPU: Indirect Target Selection (ITS)</issue>
<issue id="1241452" tracker="bnc">VUL-0: CVE-2025-37860: kernel: sfc: fix NULL dereferences in ef100_process_design_param()</issue>
<issue id="1241548" tracker="bnc">VUL-0: CVE-2025-22105: kernel: bonding: check xdp prog when set bond mode</issue>
<issue id="1242044" tracker="bnc">Fix potential OOB access in MIDI2 UMP conversion code</issue>
<issue id="1242172" tracker="bnc">Backport: perf: arm_cspmu: nvidia: update event list and filter</issue>
<issue id="1242283" tracker="bnc">VUL-0: CVE-2025-37799: kernel: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp</issue>
<issue id="1242307" tracker="bnc">[PATCH] isofs: fix KMSAN uninit-value bug in do_isofs_readdir()</issue>
<issue id="1242313" tracker="bnc">[PATCH] udf: Fix inode_getblk() return value</issue>
<issue id="1242314" tracker="bnc">[PATCH] udf: Verify inode link counts before performing rename</issue>
<issue id="1242315" tracker="bnc">[PATCH] udf: Skip parent dir link count update if corrupted</issue>
<issue id="1242321" tracker="bnc">[PATCH] mm/readahead: fix large folio support in async readahead</issue>
<issue id="1242326" tracker="bnc">[PATCH] mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT</issue>
<issue id="1242327" tracker="bnc">[PATCH] mm: fix filemap_get_folios_contig returning batches of identical folios</issue>
<issue id="1242328" tracker="bnc">[PATCH] splice: remove duplicate noinline from pipe_clear_nowait</issue>
<issue id="1242332" tracker="bnc">[PATCH] jbd2: increase IO priority for writing revoke records</issue>
<issue id="1242333" tracker="bnc">[PATCH] jbd2: flush filesystem device before updating tail sequence</issue>
<issue id="1242335" tracker="bnc">[PATCH] ext4: protect ext4_release_dquot against freezing</issue>
<issue id="1242336" tracker="bnc">[PATCH] ext4: partial zero eof block on unaligned inode size extension</issue>
<issue id="1242342" tracker="bnc">[PATCH] ext4: add missing brelse() for bh2 in ext4_dx_add_entry()</issue>
<issue id="1242343" tracker="bnc">[PATCH] jbd2: remove wrong sb->s_sequence check</issue>
<issue id="1242344" tracker="bnc">[PATCH] jbd2: fix off-by-one while erasing journal</issue>
<issue id="1242345" tracker="bnc">[PATCH] ext4: don't over-report free space or inodes in statvfs</issue>
<issue id="1242346" tracker="bnc">[PATCH] jbd2: add a missing data flush during file and fs synchronization</issue>
<issue id="1242347" tracker="bnc">[PATCH] ext4: don't treat fhandle lookup of ea_inode as FS corruption</issue>
<issue id="1242348" tracker="bnc">[PATCH] ext4: make block validity check resistent to sb bh corruption</issue>
<issue id="1242414" tracker="bnc">VUL-0: CVE-2025-37798: kernel: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()</issue>
<issue id="1242526" tracker="bnc">[PATCH] fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT</issue>
<issue id="1242528" tracker="bnc">[PATCH] fs: better handle deep ancestor chains in is_subdir()</issue>
<issue id="1242534" tracker="bnc">[PATCH] vfs: don't mod negative dentry count when on shrinker list</issue>
<issue id="1242535" tracker="bnc">[PATCH] fs: consistently deref the files table with rcu_dereference_raw()</issue>
<issue id="1242536" tracker="bnc">[PATCH] ext4: replace the traditional ternary conditional operator with with max()/min()</issue>
<issue id="1242537" tracker="bnc">[PATCH] jbd2: increase the journal IO's priority</issue>
<issue id="1242538" tracker="bnc">[PATCH] ext4: unify the type of flexbg_size to unsigned int</issue>
<issue id="1242539" tracker="bnc">[PATCH] ext4: treat end of range as exclusive in ext4_zero_range()</issue>
<issue id="1242540" tracker="bnc">[PATCH] ext4: correct encrypted dentry name hash when not casefolded</issue>
<issue id="1242546" tracker="bnc">[PATCH] mm: fix oops when filemap_map_pmd() without prealloc_pte</issue>
<issue id="1242556" tracker="bnc">[PATCH] ext4: goto right label 'out_mmap_sem' in ext4_setattr()</issue>
<issue id="1242596" tracker="bnc">VUL-0: CVE-2025-23145: kernel: mptcp: fix NULL pointer in can_accept_new_subflow</issue>
<issue id="1242710" tracker="bnc">L3: csum errors after migration from 15 SP5 to SP6</issue>
<issue id="1242778" tracker="bnc">VUL-0: kernel: cBPF issue</issue>
<issue id="1242831" tracker="bnc">btrfs: always fallback to buffered write if the inode requires checksum</issue>
<issue id="1242985" tracker="bnc">CVE-L3: Regression in CVE-2024-56641 fix (smc) s390x: net/smc: initialize close_work early to avoid warning</issue>
<issue id="2023-53034" tracker="cve" />
<issue id="2024-27018" tracker="cve" />
<issue id="2024-27415" tracker="cve" />
<issue id="2024-28956" tracker="cve" />
<issue id="2024-35840" tracker="cve" />
<issue id="2024-46763" tracker="cve" />
<issue id="2024-46865" tracker="cve" />
<issue id="2024-50038" tracker="cve" />
<issue id="2024-50083" tracker="cve" />
<issue id="2024-50162" tracker="cve" />
<issue id="2024-50163" tracker="cve" />
<issue id="2024-53124" tracker="cve" />
<issue id="2024-53139" tracker="cve" />
<issue id="2024-56641" tracker="cve" />
<issue id="2024-56702" tracker="cve" />
<issue id="2024-57924" tracker="cve" />
<issue id="2024-57998" tracker="cve" />
<issue id="2024-58001" tracker="cve" />
<issue id="2024-58018" tracker="cve" />
<issue id="2024-58068" tracker="cve" />
<issue id="2024-58070" tracker="cve" />
<issue id="2024-58071" tracker="cve" />
<issue id="2024-58088" tracker="cve" />
<issue id="2024-58093" tracker="cve" />
<issue id="2024-58094" tracker="cve" />
<issue id="2024-58095" tracker="cve" />
<issue id="2024-58096" tracker="cve" />
<issue id="2024-58097" tracker="cve" />
<issue id="2025-21683" tracker="cve" />
<issue id="2025-21696" tracker="cve" />
<issue id="2025-21707" tracker="cve" />
<issue id="2025-21729" tracker="cve" />
<issue id="2025-21755" tracker="cve" />
<issue id="2025-21758" tracker="cve" />
<issue id="2025-21768" tracker="cve" />
<issue id="2025-21792" tracker="cve" />
<issue id="2025-21806" tracker="cve" />
<issue id="2025-21808" tracker="cve" />
<issue id="2025-21812" tracker="cve" />
<issue id="2025-21833" tracker="cve" />
<issue id="2025-21836" tracker="cve" />
<issue id="2025-21852" tracker="cve" />
<issue id="2025-21853" tracker="cve" />
<issue id="2025-21854" tracker="cve" />
<issue id="2025-21863" tracker="cve" />
<issue id="2025-21867" tracker="cve" />
<issue id="2025-21873" tracker="cve" />
<issue id="2025-21875" tracker="cve" />
<issue id="2025-21881" tracker="cve" />
<issue id="2025-21884" tracker="cve" />
<issue id="2025-21887" tracker="cve" />
<issue id="2025-21889" tracker="cve" />
<issue id="2025-21894" tracker="cve" />
<issue id="2025-21895" tracker="cve" />
<issue id="2025-21904" tracker="cve" />
<issue id="2025-21905" tracker="cve" />
<issue id="2025-21906" tracker="cve" />
<issue id="2025-21908" tracker="cve" />
<issue id="2025-21909" tracker="cve" />
<issue id="2025-21910" tracker="cve" />
<issue id="2025-21912" tracker="cve" />
<issue id="2025-21913" tracker="cve" />
<issue id="2025-21914" tracker="cve" />
<issue id="2025-21915" tracker="cve" />
<issue id="2025-21916" tracker="cve" />
<issue id="2025-21917" tracker="cve" />
<issue id="2025-21918" tracker="cve" />
<issue id="2025-21922" tracker="cve" />
<issue id="2025-21923" tracker="cve" />
<issue id="2025-21924" tracker="cve" />
<issue id="2025-21925" tracker="cve" />
<issue id="2025-21926" tracker="cve" />
<issue id="2025-21927" tracker="cve" />
<issue id="2025-21928" tracker="cve" />
<issue id="2025-21930" tracker="cve" />
<issue id="2025-21931" tracker="cve" />
<issue id="2025-21934" tracker="cve" />
<issue id="2025-21935" tracker="cve" />
<issue id="2025-21936" tracker="cve" />
<issue id="2025-21937" tracker="cve" />
<issue id="2025-21941" tracker="cve" />
<issue id="2025-21943" tracker="cve" />
<issue id="2025-21948" tracker="cve" />
<issue id="2025-21950" tracker="cve" />
<issue id="2025-21951" tracker="cve" />
<issue id="2025-21953" tracker="cve" />
<issue id="2025-21956" tracker="cve" />
<issue id="2025-21957" tracker="cve" />
<issue id="2025-21960" tracker="cve" />
<issue id="2025-21961" tracker="cve" />
<issue id="2025-21962" tracker="cve" />
<issue id="2025-21963" tracker="cve" />
<issue id="2025-21964" tracker="cve" />
<issue id="2025-21966" tracker="cve" />
<issue id="2025-21968" tracker="cve" />
<issue id="2025-21969" tracker="cve" />
<issue id="2025-21970" tracker="cve" />
<issue id="2025-21971" tracker="cve" />
<issue id="2025-21972" tracker="cve" />
<issue id="2025-21975" tracker="cve" />
<issue id="2025-21978" tracker="cve" />
<issue id="2025-21979" tracker="cve" />
<issue id="2025-21980" tracker="cve" />
<issue id="2025-21981" tracker="cve" />
<issue id="2025-21985" tracker="cve" />
<issue id="2025-21991" tracker="cve" />
<issue id="2025-21992" tracker="cve" />
<issue id="2025-21993" tracker="cve" />
<issue id="2025-21995" tracker="cve" />
<issue id="2025-21996" tracker="cve" />
<issue id="2025-21999" tracker="cve" />
<issue id="2025-22001" tracker="cve" />
<issue id="2025-22003" tracker="cve" />
<issue id="2025-22004" tracker="cve" />
<issue id="2025-22007" tracker="cve" />
<issue id="2025-22008" tracker="cve" />
<issue id="2025-22009" tracker="cve" />
<issue id="2025-22010" tracker="cve" />
<issue id="2025-22013" tracker="cve" />
<issue id="2025-22014" tracker="cve" />
<issue id="2025-22015" tracker="cve" />
<issue id="2025-22016" tracker="cve" />
<issue id="2025-22017" tracker="cve" />
<issue id="2025-22018" tracker="cve" />
<issue id="2025-22020" tracker="cve" />
<issue id="2025-22025" tracker="cve" />
<issue id="2025-22027" tracker="cve" />
<issue id="2025-22029" tracker="cve" />
<issue id="2025-22033" tracker="cve" />
<issue id="2025-22036" tracker="cve" />
<issue id="2025-22044" tracker="cve" />
<issue id="2025-22045" tracker="cve" />
<issue id="2025-22050" tracker="cve" />
<issue id="2025-22053" tracker="cve" />
<issue id="2025-22055" tracker="cve" />
<issue id="2025-22058" tracker="cve" />
<issue id="2025-22060" tracker="cve" />
<issue id="2025-22062" tracker="cve" />
<issue id="2025-22064" tracker="cve" />
<issue id="2025-22065" tracker="cve" />
<issue id="2025-22075" tracker="cve" />
<issue id="2025-22080" tracker="cve" />
<issue id="2025-22086" tracker="cve" />
<issue id="2025-22088" tracker="cve" />
<issue id="2025-22090" tracker="cve" />
<issue id="2025-22093" tracker="cve" />
<issue id="2025-22097" tracker="cve" />
<issue id="2025-22102" tracker="cve" />
<issue id="2025-22104" tracker="cve" />
<issue id="2025-22105" tracker="cve" />
<issue id="2025-22106" tracker="cve" />
<issue id="2025-22107" tracker="cve" />
<issue id="2025-22108" tracker="cve" />
<issue id="2025-22109" tracker="cve" />
<issue id="2025-22115" tracker="cve" />
<issue id="2025-22116" tracker="cve" />
<issue id="2025-22121" tracker="cve" />
<issue id="2025-22128" tracker="cve" />
<issue id="2025-2312" tracker="cve" />
<issue id="2025-23129" tracker="cve" />
<issue id="2025-23131" tracker="cve" />
<issue id="2025-23133" tracker="cve" />
<issue id="2025-23136" tracker="cve" />
<issue id="2025-23138" tracker="cve" />
<issue id="2025-23145" tracker="cve" />
<issue id="2025-37785" tracker="cve" />
<issue id="2025-37798" tracker="cve" />
<issue id="2025-37799" tracker="cve" />
<issue id="2025-37860" tracker="cve" />
<issue id="2025-39728" tracker="cve" />
<issue id="PED-12309" tracker="jsc" />
<category>security</category>
<rating>important</rating>
<packager>olh</packager>
<reboot_needed/>
<description>The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27415: netfilter: bridge: confirm multicast packets before passing them up the stack (bsc#1224757).
- CVE-2024-28956: Intel CPU: Indirect Target Selection (ITS) (bsc#1242006).
- CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597).
- CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764).
- CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910).
- CVE-2024-50162: bpf: devmap: provide rxq after redirect (bsc#1233075).
- CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157).
- CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086).
- CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990).
- CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961).
- CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983).
- CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970).
- CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).
- CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704).
- CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).
- CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).
- CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874).
- CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882).
- CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).
- CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).
- CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).
- CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746).
- CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108).
- CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066).
- CVE-2025-21854: sockmap, vsock: For connectible sockets allow only connected (bsc#1239470).
- CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475).
- CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181).
- CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184).
- CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171).
- CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176).
- CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167).
- CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581).
- CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585).
- CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576).
- CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587).
- CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600).
- CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591).
- CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639).
- CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720).
- CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713).
- CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712).
- CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709).
- CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742).
- CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815).
- CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816).
- CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655).
- CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717).
- CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740).
- CVE-2025-21969: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (bsc#1240784).
- CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819).
- CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813).
- CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812).
- CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809).
- CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612).
- CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).
- CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795).
- CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944).
- CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934).
- CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936).
- CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).
- CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378).
- CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413).
- CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416).
- CVE-2025-22090: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() (bsc#1241537).
- CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456).
- CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
- CVE-2025-22105: bonding: check xdp prog when set bond mode (bsc#1241548).
- CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575).
- CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).
- CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578).
- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
- CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414).
- CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283).
- CVE-2025-37860: sfc: fix NULL dereferences in ef100_process_design_param() (bsc#1241452).
- CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626).
The following non-security bugs were fixed:
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).
- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes).
- ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes).
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes).
- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes).
- ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes).
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044).
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes).
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).
- ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes).
- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes).
- ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes).
- ASoC: Use of_property_read_bool() (stable-fixes).
- ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).
- ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes).
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes).
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).
- ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes).
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes).
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).
- Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes).
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes).
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes).
- Bluetooth: hci_uart: Fix another race during initialization (git-fixes).
- Bluetooth: hci_uart: fix race during initialization (stable-fixes).
- Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes).
- Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes).
- Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes).
- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).
- Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes).
- Input: xpad - fix two controller table values (git-fixes).
- OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961)
- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge() (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes).
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes).
- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes)
- RDMA/core: Silence oversized kvmalloc() warning (git-fixes)
- RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)
- RDMA/mana_ib: Ensure variable err is initialized (git-fixes).
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes)
- Drop "PCI: Avoid reset when disabled via sysfs" patch due to regression (bsc#1241123).
- Revert "drivers: core: synchronize really_probe() and dev_uevent()" (stable-fixes).
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" (git-fixes).
- Revert "tcp: Fix bind() regression for v6-only wildcard and" to avoid kABI breakage.
- Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes).
- Revert "mm/various: give up if pte_offset_map[_lock]() fails" (bsc#1241051).
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).
- USB: VLI disk crashes if LPM is used (stable-fixes).
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes).
- USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).
- USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes).
- USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).
- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).
- USB: wdm: add annotation (git-fixes).
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes).
- USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes).
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes).
- affs: do not write overlarge OFS data block size fields (git-fixes).
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes).
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052).
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052).
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052).
- arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes).
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052).
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052).
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052).
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052).
- arm64: mm: Correct the update of max_pfn (git-fixes).
- asus-laptop: Fix an uninitialized variable (git-fixes).
- ata: libata-sata: Save all fields from sense data descriptor (git-fixes).
- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes).
- ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes).
- ata: libata-scsi: Improve CDL control (git-fixes).
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes).
- ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes).
- auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes).
- auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).
- badblocks: Fix error shitf ops (git-fixes).
- badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes).
- badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes).
- badblocks: fix the using of MAX_BADBLOCKS (git-fixes).
- badblocks: return error directly when setting badblocks exceeds 512 (git-fixes).
- badblocks: return error if any badblock set fails (git-fixes).
- blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes).
- block: change blk_mq_add_to_batch() third argument type to bool (git-fixes).
- block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes).
- block: fix conversion of GPT partition name to 7-bit (git-fixes).
- block: fix resource leak in blk_register_queue() error path (git-fixes).
- block: integrity: Do not call set_page_dirty_lock() (git-fixes).
- block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes).
- bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes).
- bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes).
- bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes).
- bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members (git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes).
- bpf: add find_containing_subprog() utility function (bsc#1241590).
- bpf: avoid holding freeze_mutex during mmap operation (git-fixes).
- bpf: check changes_pkt_data property for extension programs (bsc#1241590).
- bpf: consider that tail calls invalidate packet pointers (bsc#1241590).
- bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590).
- bpf: fix potential error return (git-fixes).
- bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590).
- bpf: track changes_pkt_data property for global functions (bsc#1241590).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes).
- btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204).
- btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710).
- btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151).
- btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204).
- btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204).
- btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204).
- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).
- can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes).
- can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).
- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes).
- char: misc: register chrdev region with all possible minors (git-fixes).
- cifs: Fix integer overflow while processing actimeo mount option (git-fixes).
- counter: fix privdata alignment (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes).
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052).
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052).
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052).
- crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes).
- crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).
- crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes).
- dm-bufio: do not schedule in atomic context (git-fixes).
- dm-ebs: fix prefetch-vs-suspend race (git-fixes).
- dm-integrity: set ti->error on memory allocation failure (git-fixes).
- dm-verity: fix prefetch-vs-suspend race (git-fixes).
- dm: add missing unlock on in dm_keyslot_evict() (git-fixes).
- dm: always update the array size in realloc_argv on success (git-fixes).
- dm: fix copying after src array boundaries (git-fixes).
- dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes).
- drivers: base: devres: Allow to release group on device release (stable-fixes).
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes).
- drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes).
- drm/amd/display: Fix gpu reset in multidisplay config (git-fixes).
- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).
- drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).
- drm/amd/display: Force full update in gpu reset (stable-fixes).
- drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).
- drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- drm/amd: Handle being compiled without SI or CIK support better (stable-fixes).
- drm/amd: Keep display off while going into S4 (stable-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).
- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes).
- drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes).
- drm/amdkfd: clamp queue size to minimum (stable-fixes).
- drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).
- drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes).
- drm/dp_mst: Add a helper to queue a topology probe (stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes).
- drm/fdinfo: Protect against driver unbind (git-fixes).
- drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes).
- drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes).
- drm/i915/huc: Fix fence not released on early probe errors (git-fixes).
- drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes).
- drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes).
- drm/i915: Disable RPG during live selftest (git-fixes).
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes).
- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes).
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).
- drm/sti: remove duplicate object names (git-fixes).
- drm/tests: Add helper to create mock crtc (stable-fixes).
- drm/tests: Add helper to create mock plane (stable-fixes).
- drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes).
- drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: helpers: Add atomic helpers (stable-fixes).
- drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes).
- drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes).
- drm/tests: helpers: Fix compiler warning (git-fixes).
- drm/tests: modes: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes).
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes).
- drm: allow encoder mode_set even when connectors change for crtc (stable-fixes).
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes).
- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes).
- drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes).
- e1000e: change k1 configuration on MTP and later platforms (git-fixes).
- Enable IMA (bsc#1240617).
- eth: bnxt: fix missing ring index trim on error path (git-fixes).
- ethtool: Fix context creation with no parameters (git-fixes).
- ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes).
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes).
- ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes).
- ethtool: fix setting key and resetting indir at once (git-fixes).
- ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes).
- ethtool: netlink: do not return SQI value if link is down (git-fixes).
- ethtool: plca: fix plca enable data type while parsing the value (git-fixes).
- ethtool: rss: echo the context number back (git-fixes).
- exfat: do not fallback to buffered write (git-fixes).
- exfat: drop ->i_size_ondisk (git-fixes).
- exfat: fix soft lockup in exfat_clear_bitmap (git-fixes).
- exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes).
- exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes).
- ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342).
- ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).
- ext4: do not over-report free space or inodes in statvfs (bsc#1242345).
- ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347).
- ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).
- ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556).
- ext4: make block validity check resistent to sb bh corruption (bsc#1242348).
- ext4: partial zero eof block on unaligned inode size extension (bsc#1242336).
- ext4: protect ext4_release_dquot against freezing (bsc#1242335).
- ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536).
- ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539).
- ext4: unify the type of flexbg_size to unsigned int (bsc#1242538).
- fbdev: omapfb: Add 'plane' value check (stable-fixes).
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes).
- firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes).
- fs/jfs: Prevent integer overflow in AG size calculation (git-fixes).
- fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes).
- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250).
- fs: better handle deep ancestor chains in is_subdir() (bsc#1242528).
- fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535).
- fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526).
- fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path (git-fixes).
- gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes).
- gve: handle overflow when reporting TX consumed descriptors (git-fixes).
- gve: set xdp redirect target only when it is available (git-fixes).
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes).
- i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes).
- i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).
- ice: Add check for devm_kzalloc() (git-fixes).
- ice: fix reservation of resources for RDMA when disabled (git-fixes).
- ice: stop truncating queue ids when checking (git-fixes).
- idpf: check error for register_netdev() on init (git-fixes).
- idpf: fix adapter NULL pointer dereference on reboot (git-fixes).
- igb: reject invalid external timestamp requests for 82580-based HW (git-fixes).
- igc: add lock preventing multiple simultaneous PTM transactions (git-fixes).
- igc: cleanup PTP module if probe fails (git-fixes).
- igc: fix PTM cycle trigger logic (git-fixes).
- igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes).
- igc: increase wait time before retrying PTM (git-fixes).
- igc: move ktime snapshot into PTM retry loop (git-fixes).
- iio: accel: adxl367: fix setting odr for activity time update (git-fixes).
- iio: adc: ad7606: fix serial register access (git-fixes).
- iio: adc: ad7768-1: Fix conversion result sign (git-fixes).
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes).
- iio: adis16201: Correct inclinometer channel resolution (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes).
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).
- iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes).
- ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes).
- irqchip/davinci: Remove leftover header (git-fixes).
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes).
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307).
- jbd2: add a missing data flush during file and fs synchronization (bsc#1242346).
- jbd2: fix off-by-one while erasing journal (bsc#1242344).
- jbd2: flush filesystem device before updating tail sequence (bsc#1242333).
- jbd2: increase IO priority for writing revoke records (bsc#1242332).
- jbd2: increase the journal IO's priority (bsc#1242537).
- jbd2: remove wrong sb->s_sequence check (bsc#1242343).
- jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes).
- jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes).
- jfs: add sanity check for agwidth in dbMount (git-fixes).
- kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).
- kABI workaround for powercap update (bsc#1241010).
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes).
- kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes).
- libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309).
- loop: LOOP_SET_FD: send uevents for partitions (git-fixes).
- loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes).
- loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes).
- md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212).
- media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).
- mei: me: add panther lake H DID (stable-fixes).
- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes).
- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes).
- mm/readahead: fix large folio support in async readahead (bsc#1242321).
- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326).
- mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327).
- mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546).
- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes).
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes).
- mptcp: refine opt_mp_capable determination (git-fixes).
- mptcp: relax check on MPC passive fallback (git-fixes).
- mptcp: strict validation before using mp_opt->hmac (git-fixes).
- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- net/mlx5: Fill out devlink dev info only for PFs (git-fixes).
- net/mlx5: IRQ, Fix null string in debug print (git-fixes).
- net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes).
- net/mlx5: Start health poll after enable hca (git-fixes).
- net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes).
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes).
- net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes).
- net/tcp: refactor tcp_inet6_sk() (git-fixes).
- net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes).
- net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes).
- net: blackhole_dev: fix build warning for ethh set but not used (git-fixes).
- net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes).
- net: ethtool: Fix RSS setting (git-fixes).
- net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).
- net: mana: Switch to page pool for jumbo frames (git-fixes).
- net: mark racy access on sk->sk_rcvbuf (git-fixes).
- net: phy: leds: fix memory leak (git-fixes).
- net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes).
- net: sctp: fix skb leak in sctp_inq_free() (git-fixes).
- net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes).
- net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes).
- net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes).
- net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes).
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes).
- net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes).
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes).
- nfs: add missing selections of CONFIG_CRC32 (git-fixes).
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes).
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers (git-fixes).
- ntb: intel: Fix using link status DB's (git-fixes).
- ntb: reduce stack usage in idt_scan_mws (stable-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes).
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes).
- nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes).
- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
- nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes).
- nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes).
- nvmet-fcloop: swap list_add_tail arguments (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes).
- objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309).
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172).
- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172).
- perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172).
- perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172).
- phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes).
- pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes).
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes).
- platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes).
- platform/x86: ISST: Correct command storage data length (git-fixes).
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
- powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes).
- powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010).
- powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010).
- powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes).
- powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes).
- powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes).
- powerpc/boot: Check for ld-option support (bsc#1215199).
- powerpc/boot: Fix dash warning (bsc#1215199).
- powerpc: Do not use --- in kernel logs (git-fixes).
- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes).
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes).
- pwm: rcar: Improve register calculation (git-fixes).
- rtc: pcf85063: do a SW reset if POR failed (stable-fixes).
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013).
- s390/cio: Fix CHPID "configure" attribute caching (git-fixes bsc#1240979).
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978).
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes).
- scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes).
- scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes).
- scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes).
- scsi: mpi3mr: Fix locking in an error path (git-fixes).
- scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).
- scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes).
- scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes).
- sctp: Fix undefined behavior in left shift operation (git-fixes).
- sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes).
- sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).
- sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes).
- sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes).
- sctp: fix busy polling (git-fixes).
- sctp: prefer struct_size over open coded arithmetic (git-fixes).
- sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selftests/bpf: Add a few tests to cover (git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes).
- selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590).
- selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590).
- selftests/bpf: test for changing packet data from global functions (bsc#1241590).
- selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590).
- selftests/futex: futex_waitv wouldblock test should fail (git-fixes).
- selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes).
- serial: msm: Configure correct working mode before starting earlycon (git-fixes).
- serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes).
- smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265).
- smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616).
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes).
- spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes).
- spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes).
- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes).
- splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328).
- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes).
- staging: axis-fifo: Remove hardware resets for user errors (git-fixes).
- staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes).
- tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes).
- thunderbolt: Scan retimers after device router has been enumerated (stable-fixes).
- tools/hv: update route parsing in kvp daemon (git-fixes).
- tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175).
- tools/power turbostat: report CoreThr per measurement interval (git-fixes).
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870).
- tty: n_tty: use uint for space returned by tty_write_room() (git-fixes).
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes).
- tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes).
- ublk: set_params: properly check if parameters can be applied (git-fixes).
- ucsi_ccg: Do not show failed to get FW build information error (git-fixes).
- udf: Fix inode_getblk() return value (bsc#1242313).
- udf: Skip parent dir link count update if corrupted (bsc#1242315).
- udf: Verify inode link counts before performing rename (bsc#1242314).
- usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes).
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes).
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes).
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes).
- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).
- usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes).
- usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).
- usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes).
- usb: gadget: f_ecm: Add get_status callback (git-fixes).
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes).
- usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes).
- usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).
- usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes).
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes).
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes).
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes).
- usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).
- usb: uhci-platform: Make the clock really optional (git-fixes).
- usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).
- usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).
- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).
- usb: xhci: correct debug message page size calculation (git-fixes).
- usbnet:fix NPE during rx_complete (git-fixes).
- vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes).
- vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).
- virtchnl: make proto and filter action count unsigned (git-fixes).
- vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).
- vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394).
- wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes).
- wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes).
- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes).
- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes).
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes).
- wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes).
- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes).
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes).
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes).
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes).
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes).
- wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
- x86/bugs: Add RSB mitigation document (git-fixes).
- x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).
- x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes).
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).
- x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes).
- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes).
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes).
- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes).
- x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).
- x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).
- x86/microcode/AMD: Split load_microcode_amd() (git-fixes).
- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes).
- x86/microcode/intel: Set new revision only after a successful update (git-fixes).
- x86/microcode: Remove the driver announcement and version (git-fixes).
- x86/microcode: Rework early revisions reporting (git-fixes).
- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).
- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes).
- xfs: flush inodegc before swapon (git-fixes).
- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).
- xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550).
- xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550).
- xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550).
- zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167).
</description>
<summary>Security update for the Linux Kernel</summary>
</patchinfo>
