SUSE-SU-2025:20344-1

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006).
• CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinish_connect() (bsc#1224597).
• CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075).
• CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098).
• CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086).
• CVE-2024-58068: OPP: fix devpmoppfindbw_*() when bandwidth table not initialized (bsc#1238961).
• CVE-2024-58070: bpf: bpflocalstorage: Always use bpfmemalloc in PREEMPT_RT (bsc#1238983).
• CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510).
• CVE-2025-21683: bpf: Fix bpfskselect_reuseport() memory leak (bsc#1236704).
• CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111).
• CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862).
• CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737).
• CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714).
• CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745).
• CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742).
• CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
• CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARNONONCE (bsc#1239108).
• CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470).
• CVE-2025-21867: bpf, testrun: Fix use-after-free issue in ethskbpkttype() (bsc#1240181).
• CVE-2025-21904: caifvirtio: fix wrong pointer check in cfvprobe() (bsc#1240576).
• CVE-2025-21925: llc: do not use skbget() before devqueue_xmit() (bsc#1240713).
• CVE-2025-21926: net: gso: fix ownership in __udpgsosegment (bsc#1240712).
• CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709).
• CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655).
• CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717).
• CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740).
• CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809).
• CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811).
• CVE-2025-21999: proc: fix UAF in procgetinode() (bsc#1240802).
• CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
• CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944).
• CVE-2025-22016: dpll: fix xaalloccyclic() error handling (bsc#1240934).
• CVE-2025-22017: devlink: fix xaalloccyclic() error handling (bsc#1240936).
• CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266).
• CVE-2025-22029: exec: fix the racy usage of fsstruct->inexec (bsc#1241378).
• CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426).
• CVE-2025-22045: x86/mm: Fix flushtlbrange() when used for zapping normal PMDs (bsc#1241433).
• CVE-2025-22053: net: ibmveth: make vethpoolstore stop hanging (bsc#1241373).
• CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
• CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332).
• CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
• CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413).
• CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdrfirstde() (bsc#1241416).
• CVE-2025-22090: mm: (un)trackpfncopy() fix + doc improvements (bsc#1241537).
• CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456).
• CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550).
• CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548).
• CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledelete_entry() (bsc#1241575).
• CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573).
• CVE-2025-22115: btrfs: fix block group refcount race in btrfscreatependingblockgroups() (bsc#1241578).
• CVE-2025-22121: ext4: fix out-of-bound read in ext4xattrinodedecref_all() (bsc#1241593).
• CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451).
• CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
• CVE-2025-23145: mptcp: fix NULL pointer in canacceptnew_subflow (bsc#1242596).
• CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
• CVE-2025-37798: codel: remove sch->q.qlen check before qdisctreereduce_backlog() (bsc#1242414).
• CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3processxdp (bsc#1242283).
• CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsungclkinit() (bsc#1241626).

The following non-security bugs were fixed:

• ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes).
• ACPI: EC: Set ecnowakeup for Lenovo Go S (stable-fixes).
• ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).
• ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
• ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes).
• ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes).
• ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes).
• ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044).
• ALSA: usb-audio: Add retry on -EPROTO from usbsetinterface() (stable-fixes).
• ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes).
• ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes).
• ASoC: Intel: avs: Fix null-ptr-deref in avscomponentprobe() (git-fixes).
• ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes).
• ASoC: Use ofpropertyread_bool() (stable-fixes).
• ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).
• ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes).
• ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes).
• ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).
• ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes).
• ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes).
• ASoC: soc-core: Stop using ofpropertyread_bool() for non-boolean properties (stable-fixes).
• ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes).
• Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes).
• Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes).
• Bluetooth: hcievent: Fix sending MGMTEVDEVICEFOUND for invalid address (git-fixes).
• Bluetooth: hci_uart: Fix another race during initialization (git-fixes).
• Bluetooth: hci_uart: fix race during initialization (stable-fixes).
• Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes).
• Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes).
• Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).
• Correct the upsteram version numbers in the previous patches
• Drop PCI patch that caused a regression (bsc#1241123)
• Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).
• Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes).
• Input: xpad - fix two controller table values (git-fixes).
• Move upstreamed smb patch into sorted section Also move other out-of-tree patches into the proper section
• Move upstreamed sound patch into sorted section
• OPP: add index check to assert to avoid buffer overflow in readfreq() (bsc#1238961)
• PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes).
• PCI: vmd: Make vmddev::cfglock a rawspinlockt type (stable-fixes).
• RDMA/cma: Fix workqueue crash in cmaneteventwork_handler (git-fixes)
• RDMA/core: Silence oversized kvmalloc() warning (git-fixes)
• RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)
• RDMA/mana_ib: Ensure variable err is initialized (git-fixes).
• RDMA/usnic: Fix passing zero to PTRERR in usnicibpciprobe() (git-fixes)
• Revert "drivers: core: synchronize reallyprobe() and devuevent()" (stable-fixes).
• Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" (git-fixes).
• Revert "wifi: mac80211: Update skb's control block key in ieee80211txdequeue()" (git-fixes).
• USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes).
• USB: VLI disk crashes if LPM is used (stable-fixes).
• USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes).
• USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).
• USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes).
• USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).
• USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).
• USB: wdm: add annotation (git-fixes).
• USB: wdm: close race between wdmopen and wdmwwanportstop (git-fixes).
• USB: wdm: handle IO errors in wdmwwanport_start (git-fixes).
• USB: wdm: wdmwwanporttxcomplete mutex in atomic context (git-fixes).
• ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes).
• asus-laptop: Fix an uninitialized variable (git-fixes).
• ata: libata-sata: Save all fields from sense data descriptor (git-fixes).
• ata: libata-scsi: Fix atamselectcontrolatafeature() return type (git-fixes).
• ata: libata-scsi: Fix atamsensecontrolatafeature() (git-fixes).
• ata: libata-scsi: Improve CDL control (git-fixes).
• ata: patapxa: Fix potential NULL pointer dereference in pxaata_probe() (git-fixes).
• ata: satasx4: Add error handling in pdc20621i2c_read() (git-fixes).
• auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes).
• auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).
• badblocks: Fix error shitf ops (git-fixes).
• badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes).
• badblocks: fix missing bad blocks on retry in badblockscheck() (git-fixes).
• badblocks: fix the using of MAX_BADBLOCKS (git-fixes).
• badblocks: return error directly when setting badblocks exceeds 512 (git-fixes).
• badblocks: return error if any badblock set fails (git-fixes).
• blk-throttle: fix lower bps rate by throtltrimslice() (git-fixes).
• block: change blkmqaddtobatch() third argument type to bool (git-fixes).
• block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes).
• block: fix conversion of GPT partition name to 7-bit (git-fixes).
• block: fix resource leak in blkregisterqueue() error path (git-fixes).
• block: integrity: Do not call setpagedirty_lock() (git-fixes).
• block: make sure ->nrintegritysegments is cloned in blkrqprep_clone (git-fixes).
• bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes).
• bnxten: Mask the bdcnt field in the TX BD properly (git-fixes).
• bpf: Add missed varoff setting in coercesubregtosize_sx() (git-fixes).
• bpf: Add missed varoff setting in setsext32defaultval() (git-fixes).
• bpf: add findcontainingsubprog() utility function (bsc#1241590).
• bpf: check changespktdata property for extension programs (bsc#1241590).
• bpf: consider that tail calls invalidate packet pointers (bsc#1241590).
• bpf: fix null dereference when computing changespktdata of prog w/o subprogs (bsc#1241590).
• bpf: refactor bpfhelperchangespktdata to use helper number (bsc#1241590).
• bpf: track changespktdata property for global functions (bsc#1241590).
• btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204).
• btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710).
• btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151).
• btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204).
• btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204).
• btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204).
• can: gw: fix RCU/BH usage in cgwcreatejob() (git-fixes).
• can: mcan: mcanclass_unregister(): fix order of unregistration calls (git-fixes).
• can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes).
• can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes).
• cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes).
• char: misc: register chrdev region with all possible minors (git-fixes).
• cifs: Fix integer overflow while processing actimeo mount option (git-fixes).
• crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes).
• crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).
• crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).
• cxgb4: fix memory leak in cxgb4initethtool_filters() error path (git-fixes).
• dm-bufio: do not schedule in atomic context (git-fixes).
• dm-ebs: fix prefetch-vs-suspend race (git-fixes).
• dm-integrity: set ti->error on memory allocation failure (git-fixes).
• dm-verity: fix prefetch-vs-suspend race (git-fixes).
• dm: add missing unlock on in dmkeyslotevict() (git-fixes).
• dm: always update the array size in realloc_argv on success (git-fixes).
• dm: fix copying after src array boundaries (git-fixes).
• dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes).
• drivers: base: devres: Allow to release group on device release (stable-fixes).
• drm/amd/display: Add scoped mutexes for amdgpudmdhcp (stable-fixes).
• drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes).
• drm/amd/display: Fix gpu reset in multidisplay config (git-fixes).
• drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).
• drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes).
• drm/amd/display: Force full update in gpu reset (stable-fixes).
• drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes).
• drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes).
• drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes).
• drm/amd: Handle being compiled without SI or CIK support better (stable-fixes).
• drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes).
• drm/amdgpu: handle amdgpucgscreatedevice() errors in amdpowerplay_create() (stable-fixes).
• drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).
• drm/amdkfd: Fix pqmdestroyqueue race with GPU reset (stable-fixes).
• drm/amdkfd: clamp queue size to minimum (stable-fixes).
• drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).
• drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes).
• drm/fdinfo: Protect against driver unbind (git-fixes).
• drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes).
• drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes).
• drm/i915/pxp: fix undefined reference to `intelpxpgsccsisreadyforsessions' (git-fixes).
• drm/i915/xelpg: Extend driver code of XeLPG to XeLPG+ (stable-fixes).
• drm/i915: Disable RPG during live selftest (git-fixes).
• drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes).
• drm/mediatek: mtkdpi: Move the input2p_en bit to platform data (stable-fixes).
• drm/nouveau: Fix WARNON in nouveaufencecontextkill() (git-fixes).
• drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes).
• drm/tests: Add helper to create mock crtc (stable-fixes).
• drm/tests: Add helper to create mock plane (stable-fixes).
• drm/tests: Build KMS helpers when DRMKUNITTEST_HELPERS is enabled (git-fixes).
• drm/tests: cmdline: Fix drmdisplaymode memory leak (git-fixes).
• drm/tests: helpers: Add atomic helpers (stable-fixes).
• drm/tests: helpers: Add helper for drmdisplaymodefromcea_vic() (stable-fixes).
• drm/tests: helpers: Create kunit helper to destroy a drmdisplaymode (stable-fixes).
• drm/tests: helpers: Fix compiler warning (git-fixes).
• drm/tests: modes: Fix drmdisplaymode memory leak (git-fixes).
• drm/tests: probe-helper: Fix drmdisplaymode memory leak (git-fixes).
• drm: Select DRMKMSHELPER from DRMDEBUGDPMSTTOPOLOGY_REFS (git-fixes).
• drm: allow encoder mode_set even when connectors change for crtc (stable-fixes).
• drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes).
• drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes).
• drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes).
• drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes).
• drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes).
• e1000e: change k1 configuration on MTP and later platforms (git-fixes).
• eth: bnxt: fix missing ring index trim on error path (git-fixes).
• ethtool: Fix context creation with no parameters (git-fixes).
• ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes).
• ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes).
• ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes).
• ethtool: fix setting key and resetting indir at once (git-fixes).
• ethtool: netlink: Add missing ethnlopsbegin/complete (git-fixes).
• ethtool: netlink: do not return SQI value if link is down (git-fixes).
• ethtool: plca: fix plca enable data type while parsing the value (git-fixes).
• ethtool: rss: echo the context number back (git-fixes).
• exfat: do not fallback to buffered write (git-fixes).
• exfat: drop ->isizeondisk (git-fixes).
• exfat: fix soft lockup in exfatclearbitmap (git-fixes).
• exfat: short-circuit zero-byte writes in exfatfilewrite_iter (git-fixes).
• ext4: add missing brelse() for bh2 in ext4dxadd_entry() (bsc#1242342).
• ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540).
• ext4: do not over-report free space or inodes in statvfs (bsc#1242345).
• ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347).
• ext4: fix FSIOCGETFSMAP handling (bsc#1240557).
• ext4: goto right label 'outmmapsem' in ext4_setattr() (bsc#1242556).
• ext4: make block validity check resistent to sb bh corruption (bsc#1242348).
• ext4: partial zero eof block on unaligned inode size extension (bsc#1242336).
• ext4: protect ext4releasedquot against freezing (bsc#1242335).
• ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536).
• ext4: treat end of range as exclusive in ext4zerorange() (bsc#1242539).
• ext4: unify the type of flexbg_size to unsigned int (bsc#1242538).
• fbdev: omapfb: Add 'plane' value check (stable-fixes).
• firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes).
• firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes).
• fs/jfs: Prevent integer overflow in AG size calculation (git-fixes).
• fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes).
• fs/ntfs3: add prefix to bitmapsize() and use BITSTO_U64() (bsc#1241250).
• fs: better handle deep ancestor chains in is_subdir() (bsc#1242528).
• fs: consistently deref the files table with rcudereferenceraw() (bsc#1242535).
• fs: do not allow non-init suserns for filesystems without FSUSERNSMOUNT (bsc#1242526).
• fs: support relative paths with FSCONFIGSETSTRING (git-fixes).
• gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes).
• gve: handle overflow when reporting TX consumed descriptors (git-fixes).
• gve: set xdp redirect target only when it is available (git-fixes).
• hfs/hfsplus: fix slab-out-of-bounds in hfsbnoderead_key (git-fixes).
• i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes).
• i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).
• ice: Add check for devm_kzalloc() (git-fixes).
• ice: fix reservation of resources for RDMA when disabled (git-fixes).
• ice: stop truncating queue ids when checking (git-fixes).
• idpf: check error for register_netdev() on init (git-fixes).
• idpf: fix adapter NULL pointer dereference on reboot (git-fixes).
• igb: reject invalid external timestamp requests for 82580-based HW (git-fixes).
• igc: add lock preventing multiple simultaneous PTM transactions (git-fixes).
• igc: cleanup PTP module if probe fails (git-fixes).
• igc: fix PTM cycle trigger logic (git-fixes).
• igc: handle the IGCPTPENABLED flag correctly (git-fixes).
• igc: increase wait time before retrying PTM (git-fixes).
• igc: move ktime snapshot into PTM retry loop (git-fixes).
• iio: accel: adxl367: fix setting odr for activity time update (git-fixes).
• iio: adc: ad7606: fix serial register access (git-fixes).
• iio: adc: ad7768-1: Fix conversion result sign (git-fixes).
• iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes).
• iio: adis16201: Correct inclinometer channel resolution (git-fixes).
• iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadfifo (git-fixes).
• iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadtagged_fifo (git-fixes).
• iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes).
• iommu: Fix two issues in iommucopystructfromuser() (git-fixes).
• ipv4: fib: annotate races around nh->nhsaddrgenid and nh->nh_saddr (git-fixes).
• irqchip/davinci: Remove leftover header (git-fixes).
• irqchip/gic-v2m: Prevent use after free of gicv2mgetfwnode() (git-fixes).
• irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes).
• isofs: fix KMSAN uninit-value bug in doisofsreaddir() (bsc#1242307).
• jbd2: add a missing data flush during file and fs synchronization (bsc#1242346).
• jbd2: fix off-by-one while erasing journal (bsc#1242344).
• jbd2: flush filesystem device before updating tail sequence (bsc#1242333).
• jbd2: increase IO priority for writing revoke records (bsc#1242332).
• jbd2: increase the journal IO's priority (bsc#1242537).
• jbd2: remove wrong sb->s_sequence check (bsc#1242343).
• jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes).
• jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes).
• jfs: add sanity check for agwidth in dbMount (git-fixes).
• kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).
• kABI workaround for powercap update (bsc#1241010).
• ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes).
• kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).
• loop: LOOPSETFD: send uevents for partitions (git-fixes).
• loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes).
• loop: stop using vfsiter{read,write} for buffered I/O (git-fixes).
• md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212)
• media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).
• mei: me: add panther lake H DID (stable-fixes).
• misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes).
• misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes).
• mm/readahead: fix large folio support in async readahead (bsc#1242321).
• mm: fix error handling in _filemapgetfolio() with FGPNOWAIT (bsc#1242326).
• mm: fix filemapgetfolios_contig returning batches of identical folios (bsc#1242327).
• mm: fix oops when filemapmappmd() without prealloc_pte (bsc#1242546).
• mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes).
• mmc: renesassdhi: Fix error handling in renesassdhi_probe (git-fixes).
• mptcp: mptcpparseoption() fix for MPTCPOPTMPJOIN (git-fixes).
• mptcp: refine optmpcapable determination (git-fixes).
• mptcp: relax check on MPC passive fallback (git-fixes).
• mptcp: strict validation before using mp_opt->hmac (git-fixes).
• mptcp: use OPTIONMPTCPMPJSYN in subflowcheck_req() (git-fixes).
• net/mlx5: Fill out devlink dev info only for PFs (git-fixes).
• net/mlx5: IRQ, Fix null string in debug print (git-fixes).
• net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes).
• net/mlx5: Start health poll after enable hca (git-fixes).
• net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes).
• net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes).
• net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes).
• net/tcp: refactor tcpinet6sk() (git-fixes).
• net: annotate data-races around sk->skdstpending_confirm (git-fixes).
• net: annotate data-races around sk->sktxqueue_mapping (git-fixes).
• net: blackhole_dev: fix build warning for ethh set but not used (git-fixes).
• net: ethtool: Do not call .cleanupdata when preparedata fails (git-fixes).
• net: ethtool: Fix RSS setting (git-fixes).
• net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).
• net: mana: Switch to page pool for jumbo frames (git-fixes).
• net: mark racy access on sk->sk_rcvbuf (git-fixes).
• net: phy: leds: fix memory leak (git-fixes).
• net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes).
• net: sctp: fix skb leak in sctpinqfree() (git-fixes).
• net: set SOCKRCUFREE before inserting socket into hashtable (git-fixes).
• net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).
• net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes).
• net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes).
• net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes).
• net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes).
• netpoll: Use rcuaccesspointer() in netpollpolllock (git-fixes).
• nfs: add missing selections of CONFIG_CRC32 (git-fixes).
• nfsd: decrease sccount directly if fail to queue dlrecall (git-fixes).
• ntb: reduce stack usage in idtscanmws (stable-fixes).
• ntbhwamd: Add NTB PCI ID for new gen CPU (stable-fixes).
• nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes).
• nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).
• nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes).
• nvme-pci: skip nvmewritesq_db on empty rqlist (git-fixes).
• nvme-tcp: fix possible UAF in nvmetcppoll (git-fixes).
• nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes).
• nvmet-fcloop: swap listaddtail arguments (git-fixes).
• perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)
• perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)
• perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)
• perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)
• phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes).
• pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes).
• platform/x86/amd/pmc: Declare quirkspurious8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes).
• platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes).
• platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes).
• platform/x86: asus-wmi: Fix wlanctrlby_user detection (git-fixes).
• pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes).
• powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010).
• powercap: intelrapltpmi: Enable PMU support (bsc#1241010).
• powerpc/boot: Check for ld-option support (bsc#1215199).
• powerpc/boot: Fix dash warning (bsc#1215199).
• powerpc: Do not use --- in kernel logs (git-fixes).
• pwm: fsl-ftm: Handle clkgetrate() returning 0 (git-fixes).
• pwm: mediatek: Prevent divide-by-zero in pwmmediatekconfig() (git-fixes).
• pwm: rcar: Improve register calculation (git-fixes).
• rpm/check-for-config-changes: Add GCCASMFLAGOUTPUTBROKEN
• rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
• rpm/package-descriptions: Add rt and rt_debug descriptions
• rtc: pcf85063: do a SW reset if POR failed (stable-fixes).
• scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes).
• scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes).
• scsi: iscsi: Fix missing scsihostput() in error path (git-fixes).
• scsi: lpfc: Restore clearing of NLPUNREGINP in ndlp->nlp_flag (git-fixes).
• scsi: mpi3mr: Fix locking in an error path (git-fixes).
• scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).
• scsi: mpt3sas: Reduce log level of ignoredelayremove message to KERN_INFO (git-fixes).
• scsi: scsidebug: Remove a reference to inuse_bm (git-fixes).
• sctp: Fix undefined behavior in left shift operation (git-fixes).
• sctp: add mutual exclusion in procsctpdoudpport() (git-fixes).
• sctp: detect and prevent references to a freed transport in sendmsg (git-fixes).
• sctp: ensure skstate is set to CLOSED if hashing fails in sctplisten_start (git-fixes).
• sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes).
• sctp: fix busy polling (git-fixes).
• sctp: prefer struct_size over open coded arithmetic (git-fixes).
• sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).
• selftests/bpf: Add a few tests to cover (git-fixes).
• selftests/bpf: extend changespktdata with cases w/o subprograms (bsc#1241590).
• selftests/bpf: freplace tests for tracking of changespacketdata (bsc#1241590).
• selftests/bpf: test for changing packet data from global functions (bsc#1241590).
• selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590).
• selftests/futex: futex_waitv wouldblock test should fail (git-fixes).
• selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes).
• serial: msm: Configure correct working mode before starting earlycon (git-fixes).
• serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes).
• smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265).
• sound/virtio: Fix cancelsync warnings on uninitialized workstructs (stable-fixes).
• spi: tegra114: Do not fail setcstiming when delays are zero (git-fixes).
• spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes).
• spi: tegra210-quad: use WARNONONCE instead of WARN_ON for timeouts (stable-fixes).
• splice: remove duplicate noinline from pipeclearnowait (bsc#1242328).
• staging: axis-fifo: Correct handling of txfifodepth for size validation (git-fixes).
• staging: axis-fifo: Remove hardware resets for user errors (git-fixes).
• staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes).
• string: Add loadunalignedzeropad() code path to sized_strscpy() (git-fixes).
• tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes).
• thunderbolt: Scan retimers after device router has been enumerated (stable-fixes).
• tools/hv: update route parsing in kvp daemon (git-fixes).
• tools/power turbostat: Increase CPUSUBSETMAXCPUS to 8192 (bsc#1241175).
• tools/power turbostat: report CoreThr per measurement interval (git-fixes).
• tty: ntty: use uint for space returned by ttywrite_room() (git-fixes).
• ublk: set_params: properly check if parameters can be applied (git-fixes).
• udf: Fix inode_getblk() return value (bsc#1242313).
• udf: Skip parent dir link count update if corrupted (bsc#1242315).
• udf: Verify inode link counts before performing rename (bsc#1242314).
• usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).
• usb: cdnsp: fix L1 resume issue for RTLREVISIONNEW_LPM version (git-fixes).
• usb: chipidea: cihdrcimx: fix call balance of regulator routines (git-fixes).
• usb: chipidea: cihdrcimx: implement usbphyinit() error handling (git-fixes).
• usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes).
• usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes).
• usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes).
• usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).
• usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes).
• usb: gadget: aspeed: Add NULL pointer check in astvhubinit_dev() (stable-fixes).
• usb: gadget: fecm: Add getstatus callback (git-fixes).
• usb: gadget: tegra-xudc: ACK STRC after clearing CTRLRUN (git-fixes).
• usb: host: max3421-hcd: Add missing spideviceid table (stable-fixes).
• usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes).
• usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes).
• usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes).
• usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes).
• usb: typec: tcpm: delay SNKTRYWAITDEBOUNCE to SRCTRYWAIT transition (git-fixes).
• usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes).
• usb: uhci-platform: Make the clock really optional (git-fixes).
• usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes).
• usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes).
• usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).
• vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes).
• vfs: do not mod negative dentry count when on shrinker list (bsc#1242534).
• virtchnl: make proto and filter action count unsigned (git-fixes).
• vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).
• vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394).
• wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes).
• wifi: ath12k: Fix invalid data access in ath12kdprxhundecap_nwifi (stable-fixes).
• wifi: ath12k: Fix invalid entry fetch in ath12kdpmonsrngprocess (stable-fixes).
• wifi: brcm80211: fmac: Add error handling for brcmfusbdl_writeimage() (git-fixes).
• wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes).
• wifi: mac80211: Purge vif txq in ieee80211dostop() (git-fixes).
• wifi: mac80211: Update skb's control block key in ieee80211txdequeue() (git-fixes).
• wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes).
• wifi: plfxlc: Remove erroneous assert in plfxlcmacrelease (git-fixes).
• wifi: wl1251: fix memory leak in wl1251txwork (git-fixes).
• x86/bhi: Do not set BHIDISS in 32-bit mode (bsc#1242778).
• x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
• x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
• x86/bugs: Add RSB mitigation document (git-fixes).
• x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).
• x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes).
• x86/bugs: Fix RSB clearing in indirectbranchprediction_barrier() (git-fixes).
• x86/bugs: Rename entryibpb() to writeibpb() (git-fixes).
• x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
• x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes).
• x86/entry: Fix ORC unwinder for PUSHREGS with saveret=1 (git-fixes).
• x86/hyperv: Fix check of return value from snpsetvmsa() (git-fixes).
• x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes).
• x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).
• x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).
• x86/microcode/AMD: Split loadmicrocodeamd() (git-fixes).
• x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes).
• x86/microcode/intel: Set new revision only after a successful update (git-fixes).
• x86/microcode: Remove the driver announcement and version (git-fixes).
• x86/microcode: Rework early revisions reporting (git-fixes).
• x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
• x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).
• x86/tdx: Fix archsafehalt() execution for TDX VMs (git-fixes).
• x86/uaccess: Improve performance by aligning writes to 8 bytes in copyusergeneric(), on non-FSRM/ERMS CPUs (git-fixes).
• xfs: flush inodegc before swapon (git-fixes).
• xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).
• zappidnsprocesses: clear TIFNOTIFYSIGNAL along with TIFSIGPENDING (bsc#1241167).