SUSE-SU-2026:21284-1

CVE-2025-39753: gfs2: Set .migratefolio in gfs2{rgrp,meta}_aops (bsc#1249590).
CVE-2025-39964: crypto: afalg - Disallow concurrent writes in afalg_sendmsg (bsc#1251966).
CVE-2025-40099: cifs: parsedfsreferrals: prevent oob on malformed input (bsc#1252911).
CVE-2025-40103: smb: client: Fix refcount leak for cifssbtlink (bsc#1252924).
CVE-2025-40230: mm: prevent poison consumption when splitting THP (bsc#1254817).
CVE-2025-68173: ftrace: Fix softlockup in ftracemoduleenable (bsc#1255311).
CVE-2025-68186: ring-buffer: Do not warn in ringbuffermapgetreader() when reader catches up (bsc#1255144).
CVE-2025-68292: mm/memfd: fix information leak in hugetlb folios (bsc#1255148).
CVE-2025-68295: smb: client: fix memory leak in cifsconstructtcon() (bsc#1255129).
CVE-2025-68329: tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs (bsc#1255490).
CVE-2025-68371: scsi: smartpqi: Fix device resources accessed after device removal (bsc#1255572).
CVE-2025-68745: scsi: qla2xxx: Clear cmds after chip reset (bsc#1255721).
CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).
CVE-2025-68810: KVM: Disallow toggling KVMMEMGUEST_MEMFD on an existing memslot (bsc#1256679).
CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).
CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).
CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
CVE-2025-71134: mm/page_alloc: change all pageblocks migrate type on coalescing (bsc#1256732).
CVE-2025-71161: dm-verity: disable recursive forward error correction (bsc#1257174).
CVE-2025-71184: btrfs: tracepoints: use btrfsrootid() to get the id of a root (bsc#1257635).
CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686).
CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).
CVE-2026-22979: net: fix memory leak in skbsegmentlist for GRO packets (bsc#1257228).
CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec (bsc#1257209).
CVE-2026-23003: ip6tunnel: use skbvlaninetprepare() in __ip6tnlrcv() (bsc#1257246).
CVE-2026-23004: dst: fix races in rt6uncachedlistdel() and rtdeluncachedlist() (bsc#1257231).
CVE-2026-23010: ipv6: Fix use-after-free in inet6addrdel() (bsc#1257332).
CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).
CVE-2026-23022: idpf: fix memory leak in idpfvccore_deinit() (bsc#1257581).
CVE-2026-23023: idpf: fix memory leak in idpfvportrel() (bsc#1257556).
CVE-2026-23024: idpf: fix memory leak of flow steer list on rmmod (bsc#1257572).
CVE-2026-23035: net/mlx5e: Pass netdev to mlx5edestroynetdev instead of priv (bsc#1257559).
CVE-2026-23042: idpf: fix aux device unplugging when rdma is not supported by vport (bsc#1257705).
CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
CVE-2026-23053: NFS: Fix a deadlock involving nfsreleasefolio() (bsc#1257718).
CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
CVE-2026-23066: rxrpc: Fix recvmsg() unconditional requeue (bsc#1257726).
CVE-2026-23068: spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805).
CVE-2026-23069: vsock/virtio: fix potential underflow in virtiotransportget_credit() (bsc#1257755).
CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709).
CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
CVE-2026-23083: tools: ynl-gen: use big-endian netlink attribute types (bsc#1257745).
CVE-2026-23084: be2net: Fix NULL pointer dereference in becmdgetmacfrom_list (bsc#1257830).
CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).
CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).
CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
CVE-2026-23097: migrate: correct lock ordering for hugetlb file folios (bsc#1257815).
CVE-2026-23099: bonding: limit BONDMODE8023AD to Ethernet devices (bsc#1257816).
CVE-2026-23100: mm/hugetlb: fix hugetlbpmdshared() (bsc#1257817).
CVE-2026-23102: arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772).
CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
CVE-2026-23105: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfrom_ag (bsc#1257775).
CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).
CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).
CVE-2026-23111: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate() (bsc#1258181).
CVE-2026-23112: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec (bsc#1258184).
CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).
CVE-2026-23119: bonding: provide a net pointer to __skbflowdissect() (bsc#1258273).
CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
CVE-2026-23139: netfilter: nfconncount: update lastgc only when GC has been performed (bsc#1258304).
CVE-2026-23141: btrfs: send: check for inline extents in rangeisholeinparent() (bsc#1258377).
CVE-2026-23142: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (bsc#1258289).
CVE-2026-23144: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (bsc#1258290).
CVE-2026-23148: nvmet: fix race in nvmetbiodone() leading to NULL pointer dereference (bsc#1258258).
CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
CVE-2026-23161: mm/shmem, swap: fix race of truncate and swap entry split (bsc#1258355).
CVE-2026-23166: ice: Fix NULL pointer dereference in icevsisetnapiqueues (bsc#1258272).
CVE-2026-23169: mptcp: fix race in mptcppmnlflushaddrs_doit() (bsc#1258389).
CVE-2026-23171: bonding: fix use-after-free due to enslave fail after slave array update (bsc#1258349).
CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).
CVE-2026-23179: nvmet-tcp: fixup hang in nvmettcplistendataready() (bsc#1258394).
CVE-2026-23189: ceph: fix NULL pointer dereference in cephmdsauth_match() (bsc#1258308).
CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321).
CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).
CVE-2026-23209: macvlan: fix error recovery in macvlancommonnewlink() (bsc#1258518).
CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517).
CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).
CVE-2026-23223: xfs: fix UAF in xchkbtreecheckblockowner (bsc#1258483).
CVE-2026-23224: erofs: fix UAF issue for file-backed mounts w/ directio option (bsc#1258461).

The following non security issues were fixed:

ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).
ALSA: usb-audio: fix broken logic in sndaudigy2nxled_update() (git-fixes).
ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).
Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971).
HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455).
HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).
PCI/DOE: Poll DOE Busy bit for up to 1 second in pcidoesend_req() (bsc#1255868).
PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672)
PCI: Add PCIBRIDGENO_ALIAS quirk for ASPEED AST1150 (bsc#1258672)
PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).
Refresh and move upstreamed ath12k patch into sorted section
Update "drm/mgag200: fix mgag200bmcstop_scanout()" bug number (bsc#1258153)
add bugnumber to existing mana change (bsc#1252266).
arm64: contpte: fix setaccessflags() no-op check for SMMU/ATS (bsc#1259329)
bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).
can: bcm: fix locking for bcm_op runtime updates (git-fixes).
clk: qcom: gcc-sm8450: Update the SDCC RCGs to use sharedfloorops (git-fixes).
clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818).
clocksource: Print durations for sync check unconditionally (bsc#1257818).
clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818).
clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818).
dm: Fix deadlock when reloading a multipath table (bsc#1254928).
drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
ext4: fix iloc.bh leak in ext4xattrinodeupdateref (git-fixes).
gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes).
i3c: master: Update hot-join flag only on success (git-fixes).
ktls, sockmap: Fix missing uncharge operation (bsc#1252008).
media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrreg_update() (git-fixes).
modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489).
net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
net: mana: Implement ndotxtimeout and serialize queue resets per port (bsc#1257472).
platform/x86/amd: amd3dvcache: Add AMD 3D V-Cache optimizer driver (jsc#PED-11563).
sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634).
sched/deadline: Fix race in pushdltask() (bsc#1234634).
sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634).
sched/fair: Fix pelt clock sync when entering idle (bsc#1234634).
sched/fair: Fix pelt lost idle time detection (bsc#1234634).
staging: rtl8723bs: fix missing status update on sdioallocirq() failure (stable-fixes).
wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).

References

SUSE-SU-2026:21284-1

Affected packages