SUSE-SU-2025:0853-1: important: Security update for the Linux Kernel
openSUSE-SU-2025:14887-1: moderate: tailscale-1.80.3-2.1 on GA media
openSUSE-SU-2025:14881-1: moderate: forgejo-runner-6.2.2-3.1 on GA media
openSUSE-SU-2025:14885-1: moderate: python313-3.13.2-3.1 on GA media
openSUSE-SU-2025:14882-1: moderate: bsdtar-3.7.7-3.1 on GA media
openSUSE-SU-2025:14880-1: moderate: ffmpeg-4-4.4.5-7.1 on GA media
SUSE-SU-2025:0856-1: important: Security update for the Linux Kernel
SUSE-SU-2025:0855-1: important: Security update for the Linux Kernel
SUSE-SU-2025:0857-1: important: Security update for build
SUSE-SU-2025:0858-1: important: Security update for rubygem-rack-1_6
SUSE-SU-2025:0853-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2025:0853-1
Release Date: 2025-03-13T10:40:03Z
Rating: important
References:
* bsc#1208995
* bsc#1220946
* bsc#1225742
* bsc#1232472
* bsc#1232919
* bsc#1233701
* bsc#1233749
* bsc#1234154
* bsc#1234650
* bsc#1234853
* bsc#1234891
* bsc#1234963
* bsc#1235054
* bsc#1235061
* bsc#1235073
* bsc#1235111
* bsc#1236133
* bsc#1236289
* bsc#1236576
* bsc#1236661
* bsc#1236677
* bsc#1236757
* bsc#1236758
* bsc#1236760
* bsc#1236761
* bsc#1236777
* bsc#1236951
* bsc#1237025
* bsc#1237028
* bsc#1237139
* bsc#1237316
* bsc#1237693
* bsc#1238033
Cross-References:
* CVE-2022-49080
* CVE-2023-1192
* CVE-2023-52572
* CVE-2024-50115
* CVE-2024-53135
* CVE-2024-53173
* CVE-2024-53226
* CVE-2024-53239
* CVE-2024-56539
* CVE-2024-56548
* CVE-2024-56605
* CVE-2024-57948
* CVE-2025-21647
* CVE-2025-21690
* CVE-2025-21692
* CVE-2025-21699
CVSS scores:
* CVE-2022-49080 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52572 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
* CVE-2023-52572 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50115 ( SUSE ): 4.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-53135 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53135 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53226 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53226 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53226 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53239 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56539 ( SUSE ): 8.6
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-56548 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56548 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56605 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57948 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57948 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21647 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21647 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21690 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21690 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21690 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21699 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21699 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21699 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5
An update that solves 16 vulnerabilities and has 17 security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
* CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace
(bsc#1238033).
* CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode)
behind CONFIG_BROKEN (bsc#1234154).
* CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in
hns_roce_map_mr_sg() (bsc#1236576)
* CVE-2024-57948: mac802154: check local interfaces before deleting sdata list
(bsc#1236677).
* CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow
fairness counts (bsc#1236133).
* CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial
of service (bsc#1237025).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
* CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA
flag (bsc#1237139).
The following non-security bugs were fixed:
* NFSD: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701
bsc#1232472).
* cpufreq/amd-pstate: Only print supported EPP values for performance governor
(bsc#1236777).
* iavf: fix the waiting time for initial reset (bsc#1235111).
* ice: add ice_adapter for shared data across PFs on the same NIC
(bsc#1235111).
* ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111).
* ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111).
* idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
* ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
* kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
* net: Fix undefined behavior in netdev name allocation (bsc#1233749).
* net: avoid UAF on deleted altname (bsc#1233749).
* net: check for altname conflicts when changing netdev's netns (bsc#1233749).
* net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
* net: do not send a MOVE event when netdev changes netns (bsc#1233749).
* net: do not use input buffer of __dev_alloc_name() as a scratch space
(bsc#1233749).
* net: fix ifname in netlink ntf during netns move (bsc#1233749).
* net: fix removing a namespace with conflicting altnames (bsc#1233749).
* net: free altname using an RCU callback (bsc#1233749).
* net: introduce a function to check if a netdev name is in use (bsc#1233749).
* net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
* net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
* net: mana: Cleanup "mana" debugfs dir after cleanup of all children
(bsc#1236760).
* net: mana: Enable debugfs files for MANA device (bsc#1236758).
* net: minor __dev_alloc_name() optimization (bsc#1233749).
* net: move altnames together with the netdevice (bsc#1233749).
* net: netvsc: Update default VMBus channels (bsc#1236757).
* net: reduce indentation of __dev_alloc_name() (bsc#1233749).
* net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
* net: remove else after return in dev_prep_valid_name() (bsc#1233749).
* net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
* rcu: Remove rcu_is_idle_cpu() (bsc#1236289).
* scsi: storvsc: Set correct data length for sending SCSI command without
payload (git-fixes).
* x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289).
* x86/aperfmperf: Integrate the fallback code from show_cpuinfo()
(bsc#1236289).
* x86/aperfmperf: Make parts of the frequency invariance code unconditional
(bsc#1236289).
* x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct
(bsc#1236289).
* x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289).
* x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289).
* x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289).
* x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289).
* x86/aperfmperf: Store aperf/mperf data for cpu frequency reads
(bsc#1236289).
* x86/aperfmperf: Untangle Intel and AMD frequency invariance init
(bsc#1236289).
* x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289).
* x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289).
* x86/smp: Remove unnecessary assignment to local var freq_scale
(bsc#1236289).
* x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
* x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951).
* x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
* xen/swiotlb: relax alignment requirements (bsc#1236951).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-853=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-853=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.88.1
* kernel-source-rt-5.14.21-150500.13.88.1
* openSUSE Leap 15.5 (x86_64)
* kernel-rt-optional-5.14.21-150500.13.88.1
* gfs2-kmp-rt-5.14.21-150500.13.88.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.88.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.88.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.88.1
* kernel-rt_debug-vdso-5.14.21-150500.13.88.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.88.1
* reiserfs-kmp-rt-5.14.21-150500.13.88.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.88.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.88.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.88.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.88.1
* ocfs2-kmp-rt-5.14.21-150500.13.88.1
* kernel-rt_debug-devel-5.14.21-150500.13.88.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.88.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.88.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.88.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.88.1
* kernel-rt-extra-5.14.21-150500.13.88.1
* kernel-rt-vdso-5.14.21-150500.13.88.1
* cluster-md-kmp-rt-5.14.21-150500.13.88.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.88.1
* kselftests-kmp-rt-5.14.21-150500.13.88.1
* kernel-syms-rt-5.14.21-150500.13.88.1
* kernel-rt-devel-5.14.21-150500.13.88.1
* kernel-rt-livepatch-5.14.21-150500.13.88.1
* kernel-rt-debugsource-5.14.21-150500.13.88.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.88.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.88.1
* kernel-rt-debuginfo-5.14.21-150500.13.88.1
* dlm-kmp-rt-5.14.21-150500.13.88.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.88.1
* kernel-rt_debug-5.14.21-150500.13.88.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-devel-rt-5.14.21-150500.13.88.1
* kernel-source-rt-5.14.21-150500.13.88.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.88.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debugsource-5.14.21-150500.13.88.1
* kernel-rt-debuginfo-5.14.21-150500.13.88.1
## References:
* https://www.suse.com/security/cve/CVE-2022-49080.html
* https://www.suse.com/security/cve/CVE-2023-1192.html
* https://www.suse.com/security/cve/CVE-2023-52572.html
* https://www.suse.com/security/cve/CVE-2024-50115.html
* https://www.suse.com/security/cve/CVE-2024-53135.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53226.html
* https://www.suse.com/security/cve/CVE-2024-53239.html
* https://www.suse.com/security/cve/CVE-2024-56539.html
* https://www.suse.com/security/cve/CVE-2024-56548.html
* https://www.suse.com/security/cve/CVE-2024-56605.html
* https://www.suse.com/security/cve/CVE-2024-57948.html
* https://www.suse.com/security/cve/CVE-2025-21647.html
* https://www.suse.com/security/cve/CVE-2025-21690.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21699.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208995
* https://bugzilla.suse.com/show_bug.cgi?id=1220946
* https://bugzilla.suse.com/show_bug.cgi?id=1225742
* https://bugzilla.suse.com/show_bug.cgi?id=1232472
* https://bugzilla.suse.com/show_bug.cgi?id=1232919
* https://bugzilla.suse.com/show_bug.cgi?id=1233701
* https://bugzilla.suse.com/show_bug.cgi?id=1233749
* https://bugzilla.suse.com/show_bug.cgi?id=1234154
* https://bugzilla.suse.com/show_bug.cgi?id=1234650
* https://bugzilla.suse.com/show_bug.cgi?id=1234853
* https://bugzilla.suse.com/show_bug.cgi?id=1234891
* https://bugzilla.suse.com/show_bug.cgi?id=1234963
* https://bugzilla.suse.com/show_bug.cgi?id=1235054
* https://bugzilla.suse.com/show_bug.cgi?id=1235061
* https://bugzilla.suse.com/show_bug.cgi?id=1235073
* https://bugzilla.suse.com/show_bug.cgi?id=1235111
* https://bugzilla.suse.com/show_bug.cgi?id=1236133
* https://bugzilla.suse.com/show_bug.cgi?id=1236289
* https://bugzilla.suse.com/show_bug.cgi?id=1236576
* https://bugzilla.suse.com/show_bug.cgi?id=1236661
* https://bugzilla.suse.com/show_bug.cgi?id=1236677
* https://bugzilla.suse.com/show_bug.cgi?id=1236757
* https://bugzilla.suse.com/show_bug.cgi?id=1236758
* https://bugzilla.suse.com/show_bug.cgi?id=1236760
* https://bugzilla.suse.com/show_bug.cgi?id=1236761
* https://bugzilla.suse.com/show_bug.cgi?id=1236777
* https://bugzilla.suse.com/show_bug.cgi?id=1236951
* https://bugzilla.suse.com/show_bug.cgi?id=1237025
* https://bugzilla.suse.com/show_bug.cgi?id=1237028
* https://bugzilla.suse.com/show_bug.cgi?id=1237139
* https://bugzilla.suse.com/show_bug.cgi?id=1237316
* https://bugzilla.suse.com/show_bug.cgi?id=1237693
* https://bugzilla.suse.com/show_bug.cgi?id=1238033
openSUSE-SU-2025:14887-1: moderate: tailscale-1.80.3-2.1 on GA media
# tailscale-1.80.3-2.1 on GA media
Announcement ID: openSUSE-SU-2025:14887-1
Rating: moderate
Cross-References:
* CVE-2025-22869
CVSS scores:
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the tailscale-1.80.3-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* tailscale 1.80.3-2.1
* tailscale-bash-completion 1.80.3-2.1
* tailscale-fish-completion 1.80.3-2.1
* tailscale-zsh-completion 1.80.3-2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-22869.html
openSUSE-SU-2025:14881-1: moderate: forgejo-runner-6.2.2-3.1 on GA media
# forgejo-runner-6.2.2-3.1 on GA media
Announcement ID: openSUSE-SU-2025:14881-1
Rating: moderate
Cross-References:
* CVE-2025-22869
CVSS scores:
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the forgejo-runner-6.2.2-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* forgejo-runner 6.2.2-3.1
* forgejo-runner-bash-completion 6.2.2-3.1
* forgejo-runner-fish-completion 6.2.2-3.1
* forgejo-runner-zsh-completion 6.2.2-3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-22869.html
openSUSE-SU-2025:14885-1: moderate: python313-3.13.2-3.1 on GA media
# python313-3.13.2-3.1 on GA media
Announcement ID: openSUSE-SU-2025:14885-1
Rating: moderate
Cross-References:
* CVE-2025-1795
CVSS scores:
* CVE-2025-1795 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-1795 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python313-3.13.2-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python313 3.13.2-3.1
* python313-32bit 3.13.2-3.1
* python313-curses 3.13.2-3.1
* python313-dbm 3.13.2-3.1
* python313-idle 3.13.2-3.1
* python313-tk 3.13.2-3.1
* python313-x86-64-v3 3.13.2-3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-1795.html
openSUSE-SU-2025:14882-1: moderate: bsdtar-3.7.7-3.1 on GA media
# bsdtar-3.7.7-3.1 on GA media
Announcement ID: openSUSE-SU-2025:14882-1
Rating: moderate
Cross-References:
* CVE-2025-1632
* CVE-2025-25724
CVSS scores:
* CVE-2025-1632 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-1632 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-25724 ( SUSE ): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-25724 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the bsdtar-3.7.7-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* bsdtar 3.7.7-3.1
* libarchive-devel 3.7.7-3.1
* libarchive13 3.7.7-3.1
* libarchive13-32bit 3.7.7-3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-1632.html
* https://www.suse.com/security/cve/CVE-2025-25724.html
openSUSE-SU-2025:14880-1: moderate: ffmpeg-4-4.4.5-7.1 on GA media
# ffmpeg-4-4.4.5-7.1 on GA media
Announcement ID: openSUSE-SU-2025:14880-1
Rating: moderate
Cross-References:
* CVE-2020-22021
* CVE-2022-48434
CVSS scores:
* CVE-2020-22021 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2022-48434 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the ffmpeg-4-4.4.5-7.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* ffmpeg-4 4.4.5-7.1
* ffmpeg-4-libavcodec-devel 4.4.5-7.1
* ffmpeg-4-libavdevice-devel 4.4.5-7.1
* ffmpeg-4-libavfilter-devel 4.4.5-7.1
* ffmpeg-4-libavformat-devel 4.4.5-7.1
* ffmpeg-4-libavresample-devel 4.4.5-7.1
* ffmpeg-4-libavutil-devel 4.4.5-7.1
* ffmpeg-4-libpostproc-devel 4.4.5-7.1
* ffmpeg-4-libswresample-devel 4.4.5-7.1
* ffmpeg-4-libswscale-devel 4.4.5-7.1
* ffmpeg-4-private-devel 4.4.5-7.1
* libavcodec58_134 4.4.5-7.1
* libavcodec58_134-32bit 4.4.5-7.1
* libavdevice58_13 4.4.5-7.1
* libavdevice58_13-32bit 4.4.5-7.1
* libavfilter7_110 4.4.5-7.1
* libavfilter7_110-32bit 4.4.5-7.1
* libavformat58_76 4.4.5-7.1
* libavformat58_76-32bit 4.4.5-7.1
* libavresample4_0 4.4.5-7.1
* libavresample4_0-32bit 4.4.5-7.1
* libavutil56_70 4.4.5-7.1
* libavutil56_70-32bit 4.4.5-7.1
* libpostproc55_9 4.4.5-7.1
* libpostproc55_9-32bit 4.4.5-7.1
* libswresample3_9 4.4.5-7.1
* libswresample3_9-32bit 4.4.5-7.1
* libswscale5_9 4.4.5-7.1
* libswscale5_9-32bit 4.4.5-7.1
## References:
* https://www.suse.com/security/cve/CVE-2020-22021.html
* https://www.suse.com/security/cve/CVE-2022-48434.html
SUSE-SU-2025:0856-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2025:0856-1
Release Date: 2025-03-13T15:46:58Z
Rating: important
References:
* bsc#1012628
* bsc#1215199
* bsc#1219367
* bsc#1222672
* bsc#1222803
* bsc#1225606
* bsc#1225742
* bsc#1225981
* bsc#1227937
* bsc#1228521
* bsc#1230235
* bsc#1230438
* bsc#1230439
* bsc#1230497
* bsc#1231432
* bsc#1231912
* bsc#1231920
* bsc#1231949
* bsc#1232159
* bsc#1232198
* bsc#1232201
* bsc#1232299
* bsc#1232508
* bsc#1232520
* bsc#1232919
* bsc#1233028
* bsc#1233109
* bsc#1233483
* bsc#1233749
* bsc#1234070
* bsc#1234853
* bsc#1234857
* bsc#1234891
* bsc#1234894
* bsc#1234895
* bsc#1234896
* bsc#1234963
* bsc#1235032
* bsc#1235054
* bsc#1235061
* bsc#1235073
* bsc#1235435
* bsc#1235485
* bsc#1235592
* bsc#1235599
* bsc#1235609
* bsc#1235932
* bsc#1235933
* bsc#1236113
* bsc#1236114
* bsc#1236115
* bsc#1236122
* bsc#1236123
* bsc#1236133
* bsc#1236138
* bsc#1236199
* bsc#1236200
* bsc#1236203
* bsc#1236205
* bsc#1236573
* bsc#1236575
* bsc#1236576
* bsc#1236591
* bsc#1236661
* bsc#1236677
* bsc#1236681
* bsc#1236682
* bsc#1236684
* bsc#1236689
* bsc#1236700
* bsc#1236702
* bsc#1236752
* bsc#1236759
* bsc#1236821
* bsc#1236822
* bsc#1236896
* bsc#1236897
* bsc#1236952
* bsc#1236967
* bsc#1236994
* bsc#1237007
* bsc#1237017
* bsc#1237025
* bsc#1237028
* bsc#1237045
* bsc#1237126
* bsc#1237132
* bsc#1237139
* bsc#1237155
* bsc#1237158
* bsc#1237159
* bsc#1237232
* bsc#1237234
* bsc#1237325
* bsc#1237356
* bsc#1237415
* bsc#1237452
* bsc#1237504
* bsc#1237521
* bsc#1237558
* bsc#1237562
* bsc#1237563
* bsc#1237848
* bsc#1237849
* bsc#1237879
* bsc#1237889
* bsc#1237891
* bsc#1237901
* bsc#1237950
* bsc#1238214
* bsc#1238303
* bsc#1238347
* bsc#1238368
* bsc#1238509
* bsc#1238525
* bsc#1238570
* bsc#1238739
* bsc#1238751
* bsc#1238753
* bsc#1238759
* bsc#1238860
* bsc#1238863
* bsc#1238877
* jsc#PED-10028
* jsc#PED-11253
* jsc#PED-12094
* jsc#PED-348
Cross-References:
* CVE-2023-52924
* CVE-2023-52925
* CVE-2024-26708
* CVE-2024-26810
* CVE-2024-40980
* CVE-2024-41055
* CVE-2024-44974
* CVE-2024-45009
* CVE-2024-45010
* CVE-2024-47701
* CVE-2024-49884
* CVE-2024-49950
* CVE-2024-50029
* CVE-2024-50036
* CVE-2024-50073
* CVE-2024-50085
* CVE-2024-50115
* CVE-2024-50142
* CVE-2024-50185
* CVE-2024-50294
* CVE-2024-53123
* CVE-2024-53147
* CVE-2024-53173
* CVE-2024-53176
* CVE-2024-53177
* CVE-2024-53178
* CVE-2024-53226
* CVE-2024-53239
* CVE-2024-56539
* CVE-2024-56548
* CVE-2024-56568
* CVE-2024-56579
* CVE-2024-56605
* CVE-2024-56633
* CVE-2024-56647
* CVE-2024-56720
* CVE-2024-57889
* CVE-2024-57948
* CVE-2024-57994
* CVE-2025-21636
* CVE-2025-21637
* CVE-2025-21638
* CVE-2025-21639
* CVE-2025-21640
* CVE-2025-21647
* CVE-2025-21665
* CVE-2025-21667
* CVE-2025-21668
* CVE-2025-21673
* CVE-2025-21680
* CVE-2025-21681
* CVE-2025-21684
* CVE-2025-21687
* CVE-2025-21688
* CVE-2025-21689
* CVE-2025-21690
* CVE-2025-21692
* CVE-2025-21697
* CVE-2025-21699
* CVE-2025-21700
* CVE-2025-21705
* CVE-2025-21715
* CVE-2025-21716
* CVE-2025-21719
* CVE-2025-21724
* CVE-2025-21725
* CVE-2025-21728
* CVE-2025-21767
* CVE-2025-21790
* CVE-2025-21795
* CVE-2025-21799
* CVE-2025-21802
CVSS scores:
* CVE-2023-52924 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-52924 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-52925 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2023-52925 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52925 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26708 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26708 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26810 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26810 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-40980 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-40980 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-41055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-41055 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-44974 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2024-44974 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-44974 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45009 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-45009 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45010 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-45010 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47701 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-47701 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2024-47701 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49884 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-49950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-49950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50029 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50036 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50036 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50073 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50073 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2024-50073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50115 ( SUSE ): 4.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-50142 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50142 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-50142 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-50294 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53123 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53123 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53147 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53147 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53176 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53176 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53177 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53177 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53177 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53178 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53178 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53226 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53226 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53226 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-53239 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56539 ( SUSE ): 8.6
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-56548 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56548 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56568 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56568 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56568 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56579 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56579 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56579 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56605 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56633 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56633 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56647 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56647 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56720 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56720 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56720 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-57889 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57889 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-57948 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-57948 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-57994 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21636 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21636 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21637 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21637 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21638 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21638 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21638 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21639 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21639 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21640 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21640 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21647 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21647 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21665 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21665 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21665 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21667 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21667 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21667 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21668 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21668 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-21673 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21673 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-21673 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21680 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21680 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21680 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21681 ( SUSE ): 8.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2025-21681 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2025-21681 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21684 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21684 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21684 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21687 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21687 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21687 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21688 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21688 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21689 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21689 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21690 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21690 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21690 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21697 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-21697 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21699 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21699 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21699 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21700 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21700 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21705 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21715 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21715 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21716 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21716 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21719 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21724 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21725 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21767 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21790 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21795 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21799 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21802 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* Development Tools Module 15-SP6
* Legacy Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6
An update that solves 72 vulnerabilities, contains four features and has 51
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security
bugfixes.
The following security bugs were fixed:
* CVE-2024-26708: mptcp: fix inconsistent state on fastopen race
(bsc#1222672).
* CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock
(bsc#1227937).
* CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp
(bsc#1230235).
* CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req
(bsc#1230438).
* CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available
(bsc#1230439).
* CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync
(bsc#1231949).
* CVE-2024-50036: net: do not delay dst_entries_add() in dst_release()
(bsc#1231912).
* CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
(bsc#1232508).
* CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when
sel.family is unset (bsc#1233028).
* CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption
(bsc#1233109).
* CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls
(bsc#1233483).
* CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
* CVE-2024-53147: exfat: fix out-of-bounds access of directory entries
(bsc#1234857).
* CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop
their dentry (bsc#1234894).
* CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error
paths (bsc#1234896).
* CVE-2024-53178: smb: Do not leak cfid when reconnect races with
open_cached_dir (bsc#1234895).
* CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device
bound (bsc#1235032).
* CVE-2024-56633: selftests/bpf: Add apply_bytes test to
test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485).
* CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug
(bsc#1235435).
* CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data
(bsc#1235592).
* CVE-2024-57994: ptr_ring: do not block hard interrupts in
ptr_ring_resize_multiple() (bsc#1237901).
* CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using
current->nsproxy (bsc#1236113).
* CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy
(bsc#1236114).
* CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy
(bsc#1236115).
* CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy
(bsc#1236122).
* CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
(bsc#1236123).
* CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow
fairness counts (bsc#1236133).
* CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits
(bsc#1236684).
* CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits
(bsc#1236681).
* CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition
(bsc#1236682).
* CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname
(bsc#1236689).
* CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries
(bsc#1236700).
* CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with
carrier (bsc#1236702).
* CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls
(bsc#1237045).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
* CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one
parent to another (bsc#1237159).
* CVE-2025-21728: bpf: Send signals asynchronously if !preemptible
(bsc#1237879).
* CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525).
* CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889).
* CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump()
(bsc#1237891).
* CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries
(bsc#1238860).
* CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in
iova_bitmap_offset_to_index() (bsc#1238863).
* CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877).
* CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling
get_random_u32() in atomic context (bsc#1238509).
* CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value
(bsc#1238753).
* CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759).
* CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in
am65_cpsw_nuss_remove_tx_chns() (bsc#1238739).
* CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling
(bsc#1238751).
The following non-security bugs were fixed:
* ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
* ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read()
(git-fixes).
* ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V
(stable-fixes).
* ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes).
* ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes).
* ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes).
* ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes).
* ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes).
* ALSA: hda: Add error check for snd_ctl_rename_id() in
snd_hda_create_dig_out_ctls() (git-fixes).
* ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes).
* ALSA: seq: Make dependency on UMP clearer (git-fixes).
* ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-
fixes).
* ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-
fixes).
* ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-
fixes).
* APEI: GHES: Have GHES honor the panic= setting (stable-fixes).
* ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
* ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
* ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
* ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
(stable-fixes).
* ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes).
* ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-
fixes).
* ASoC: amd: Add ACPI dependency to fix build error (stable-fixes).
* ASoC: es8328: fix route from DAC to output (git-fixes).
* ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes).
* ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-
fixes).
* Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes).
* Bluetooth: MGMT: Fix slab-use-after-free Read in
mgmt_remove_adv_monitor_sync (stable-fixes).
* Fix memory-hotplug regression (bsc#1237504).
* Grab mm lock before grabbing pt lock (git-fixes).
* HID: Wacom: Add PCI Wacom device support (stable-fixes).
* HID: hid-steam: Add Deck IMU support (stable-fixes).
* HID: hid-steam: Add gamepad-only mode switched to by holding options
(stable-fixes).
* HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes).
* HID: hid-steam: Clean up locking (stable-fixes).
* HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-
fixes).
* HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-
fixes).
* HID: hid-steam: Fix cleanup in probe() (git-fixes).
* HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes).
* HID: hid-steam: Move hidraw input (un)registering to work (git-fixes).
* HID: hid-steam: Update list of identifiers from SDL (stable-fixes).
* HID: hid-steam: remove pointless error message (stable-fixes).
* HID: hid-thrustmaster: fix stack-out-of-bounds read in
usb_check_int_endpoints() (git-fixes).
* HID: multitouch: Add NULL check in mt_input_configured (git-fixes).
* IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes)
* Input: allocate keycode for phone linking (stable-fixes).
* KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is
cleared (git-fixes).
* KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes).
* KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset()
(jsc#PED-348 git-fixes).
* KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes).
* KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-
fixes).
* KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes).
* KVM: arm64: Flush hyp bss section after initialization of variables in bss
(git-fixes).
* KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes)
* KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes).
* KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes).
* KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled
(jsc#PED-348 git-fixes).
* KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes
bsc#1237155).
* KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE
(git-fixes).
* KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes).
* KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX
(git-fixes).
* KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes).
* KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes).
* KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-
fixes).
* KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-
fixes).
* KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
(git-fixes).
* KVM: x86: Unconditionally set irr_pending when updating APICv state
(jsc#PED-348).
* KVM: x86: Zero out PV features cache when the CPUID leaf is not present
(git-fixes).
* PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes).
* PCI: Use downstream bridges for distributing resources (bsc#1237325).
* PCI: hookup irq_get_affinity callback (bsc#1236896).
* PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-
fixes).
* PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes).
* RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
(git-fixes)
* RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes)
* RDMA/efa: Reset device on probe failure (git-fixes)
* RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes)
* RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes).
* RDMA/mlx5: Fix AH static rate parsing (git-fixes)
* RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes)
* RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-
fixes)
* RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes)
* RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
* RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes)
* RDMA/rxe: Improve newline in printing messages (git-fixes)
* Revert "blk-throttle: Fix IO hang for a corner case" (git-fixes).
* Revert "drm/amd/display: Use HW lock mgr for PSR1" (stable-fixes).
* USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-
fixes).
* USB: Fix the issue of task recovery failure caused by USB status when S4
wakes up (git-fixes).
* USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes).
* USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes).
* USB: hub: Ignore non-compliant devices with too many configs or interfaces
(stable-fixes).
* USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes).
* USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes).
* USB: serial: option: add MeiG Smart SLM828 (stable-fixes).
* USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes).
* USB: serial: option: drop MeiG Smart defines (stable-fixes).
* USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes).
* Update "drm/mgag200: Added support for the new device G200eH5"
(jsc#PED-12094).
* Use gcc-13 for build on SLE16 (jsc#PED-10028).
* acct: block access to kernel internal filesystems (git-fixes).
* acct: perform last write from workqueue (git-fixes).
* add nf_tables for iptables non-legacy network handling This is needed for
example by docker on the Alpine Linux distribution, but can also be used on
openSUSE.
* af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
(bsc#1237849).
* amdgpu/pm/legacy: fix suspend/resume issues (git-fixes).
* arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes)
* arm64: Handle .ARM.attributes section in linker scripts (git-fixes)
* arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes)
* ata: libata-sff: Ensure that we cannot write outside the allocated buffer
(stable-fixes).
* batman-adv: Drop unmanaged ELP metric worker (git-fixes).
* batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes).
* batman-adv: fix panic during interface removal (git-fixes).
* bio-integrity: do not restrict the size of integrity metadata (git-fixes).
* blk-cgroup: Fix class @block_class's subsystem refcount leakage
(bsc#1237558).
* blk-cgroup: Properly propagate the iostat update up the hierarchy
(bsc#1225606).
* blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-
fixes).
* blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-
fixes).
* blk-mq: add number of queue calc helper (bsc#1236897).
* blk-mq: create correct map for fallback case (bsc#1236896).
* blk-mq: do not count completed flush data request as inflight in case of
quiesce (git-fixes).
* blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896).
* blk-mq: issue warning when offlining hctx with online isolcpus
(bsc#1236897).
* blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes).
* blk-mq: register cpuhp callback after hctx is added to xarray table (git-
fixes).
* blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897).
* blk_iocost: remove some duplicate irq disable/enables (git-fixes).
* block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes).
* block: Clear zone limits for a non-zoned stacked queue (git-fixes).
* block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes).
* block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes).
* block: Fix page refcounts for unaligned buffers in __bio_release_pages()
(git-fixes).
* block: Provide bdev_open_* functions (git-fixes).
* block: Remove special-casing of compound pages (git-fixes).
* block: Set memalloc_noio to false on device_add_disk() error path (git-
fixes).
* block: add a disk_has_partscan helper (git-fixes).
* block: add a partscan sysfs attribute for disks (git-fixes).
* block: add check of 'minors' and 'first_minor' in device_add_disk() (git-
fixes).
* block: avoid to reuse `hctx` not removed from cpuhp callback list (git-
fixes).
* block: change rq_integrity_vec to respect the iterator (git-fixes).
* block: copy back bounce buffer to user-space correctly in case of split
(git-fixes).
* block: ensure we hold a queue reference when using queue limits (git-fixes).
* block: fix and simplify blkdevparts= cmdline parsing (git-fixes).
* block: fix bio_split_rw_at to take zone_write_granularity into account (git-
fixes).
* block: fix integer overflow in BLKSECDISCARD (git-fixes).
* block: fix missing dispatching request when queue is started or unquiesced
(git-fixes).
* block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-
fixes).
* block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding
(git-fixes).
* block: fix sanity checks in blk_rq_map_user_bvec (git-fixes).
* block: propagate partition scanning errors to the BLKRRPART ioctl (git-
fixes).
* block: remove the blk_flush_integrity call in blk_integrity_unregister (git-
fixes).
* block: retry call probe after request_module in blk_request_module (git-
fixes).
* block: return unsigned int from bdev_io_min (git-fixes).
* block: sed-opal: avoid possible wrong address reference in
read_sed_opal_key() (git-fixes).
* block: support to account io_ticks precisely (git-fixes).
* block: use the right type for stub rq_integrity_vec() (git-fixes).
* bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes).
* bnxt_en: Refactor bnxt_ptp_init() (git-fixes).
* bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes).
* btrfs: fix defrag not merging contiguous extents due to merged extent maps
(bsc#1237232).
* btrfs: fix extent map merging not happening for adjacent extents
(bsc#1237232).
* can: c_can: fix unbalanced runtime PM disable in error path (git-fixes).
* can: ctucanfd: handle skb allocation failure (git-fixes).
* can: etas_es58x: fix potential NULL pointer dereference on udev->serial
(git-fixes).
* can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
length zero (git-fixes).
* chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes).
* cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE
session (git-fixes).
* cifs: Remove intermediate object of failed create reparse call (git-fixes).
* cifs: commands that are retried should have replay flag set (bsc#1231432).
* cifs: fix potential null pointer use in destroy_workqueue in init_cifs error
path (bsc#1231432).
* cifs: helper function to check replayable error codes (bsc#1231432).
* cifs: new mount option called retrans (bsc#1231432).
* cifs: open_cached_dir should not rely on primary channel (bsc#1231432).
* cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes).
* cifs: update desired access while requesting for directory lease (git-
fixes).
* cifs: update the same create_guid on replay (git-fixes).
* clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-
fixes).
* clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes).
* clk: mediatek: mt2701-img: add missing dummy clk (git-fixes).
* clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes).
* clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-
fixes).
* clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes).
* clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes).
* clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes).
* clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes).
* clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes).
* clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable()
(git-fixes).
* clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes).
* cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562).
* cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562).
* cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
* cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-
fixes).
* cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
* cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
* cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
* cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
* cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
* cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
* cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
* cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
* cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
* cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is
not available (git-fixes).
* cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks
(git-fixes).
* cpufreq: s3c64xx: Fix compilation warning (stable-fixes).
* crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
* crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
* crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
* cxgb4: Avoid removal of uninserted tid (git-fixes).
* cxgb4: use port number to set mac addr (git-fixes).
* devlink: avoid potential loop in devlink_rel_nested_in_notify_work()
(bsc#1237234).
* dlm: fix srcu_read_lock() return type to int (git-fixes).
* doc: update managed_irq documentation (bsc#1236897).
* driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896).
* drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
(stable-fixes).
* drm/amd/pm: Mark MM activity as unsupported (stable-fixes).
* drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-
fixes).
* drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
(git-fixes).
* drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes).
* drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
* drm/amdkfd: only flush the validate MES contex (stable-fixes).
* drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-
fixes).
* drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes).
* drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes).
* drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes).
* drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes).
* drm/i915/dp: Fix error handling during 128b/132b link training (stable-
fixes).
* drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
* drm/i915/guc: Debug print LRC state entries only if the context is pinned
(git-fixes).
* drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
* drm/i915/selftests: avoid using uninitialized context (git-fixes).
* drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes).
* drm/i915: Fix page cleanup on DMA remap failure (git-fixes).
* drm/i915: Make sure all planes in use by the joiner have their crtc included
(stable-fixes).
* drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes).
* drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
* drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes).
* drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes).
* drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-
fixes).
* drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes).
* drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes).
* drm/msm: Avoid rounding up to one jiffy (git-fixes).
* drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes).
* drm/rockchip: move output interface related definition to rockchip_drm_drv.h
(stable-fixes).
* drm/rockchip: vop2: Fix the windows switch between different layers (git-
fixes).
* drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
* drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes).
* drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-
fixes).
* drm/virtio: New fence for every plane update (stable-fixes).
* efi: Avoid cold plugged memory for placing the kernel (stable-fixes).
* efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes).
* eth: gve: use appropriate helper to set xdp_features (git-fixes).
* exfat: convert to ctime accessor functions (git-fixes).
* exfat: fix file being changed by unaligned direct write (git-fixes).
* exfat: fix zero the unwritten part for dio read (git-fixes).
* fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes).
* firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes).
* futex: Do not include process MM in futex key on no-MMU (git-fixes).
* gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes).
* gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes).
* gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-
fixes).
* gpio: pca953x: Improve interrupt support (git-fixes).
* gpio: stmpe: Check return value of stmpe_reg_read in
stmpe_gpio_irq_sync_unlock (git-fixes).
* gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes).
* gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes).
* gup: make the stack expansion warning a bit more targeted (bsc#1238214).
* hfs: Sanity check the root record (git-fixes).
* i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes).
* i2c: ls2x: Fix frequency division register access (git-fixes).
* i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes).
* iavf: allow changing VLAN state without calling PF (git-fixes).
* ice: Skip PTP HW writes during PTP reset procedure (git-fixes).
* ice: add ice_adapter for shared data across PFs on the same NIC
(bsc#1237415).
* ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415).
* ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-
fixes).
* ice: fix incorrect PHY settings for 100 GB/s (git-fixes).
* ice: fix max values for dpll pin phase adjust (git-fixes).
* ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415).
* ice: gather page_count()'s of each frag right before XDP prog call (git-
fixes).
* ice: put Rx buffers after being done with current frame (git-fixes).
* ice: stop storing XDP verdict within ice_rx_buf (git-fixes).
* ice: use internal pf id instead of function number (git-fixes).
* idpf: add read memory barrier when checking descriptor done bit (git-fixes).
* idpf: call set_real_num_queues in idpf_open (bsc#1236661).
* idpf: convert workqueues to unbound (git-fixes).
* idpf: fix VF dynamic interrupt ctl register initialization (git-fixes).
* idpf: fix handling rsc packet with a single segment (git-fixes).
* igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes).
* igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes).
* igc: return early when failing to read EECD register (git-fixes).
* iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes).
* kabi: fix bus type (bsc#1236896).
* kabi: fix group_cpus_evenly (bsc#1236897).
* kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
* kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes).
* kbuild: userprogs: fix bitsize and target detection on clang (git-fixes).
* kernel-source: Also replace bin/env
* lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897).
* lib/group_cpus: let group_cpu_evenly return number initialized masks
(bsc#1236897).
* lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes).
* lib: stackinit: hide never-taken branch from compiler (stable-fixes).
* lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes).
* lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
* locking/lockdep: Avoid creating new name string literals in
lockdep_set_subclass() (git-fixes).
* locking/rwsem: Add __always_inline annotation to __down_write_common() and
inlined callers (git-fixes).
* loop: do not set QUEUE_FLAG_NOMERGES (git-fixes).
* md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes).
* md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes).
* md/md-bitmap: replace md_bitmap_status() with a new helper
md_bitmap_get_stats() (git-fixes).
* md/md-cluster: fix spares warnings for __le64 (git-fixes).
* md/raid0: do not free conf on raid0_run failure (git-fixes).
* md/raid1: do not free conf on raid0_run failure (git-fixes).
* md/raid5: Wait sync io to finish before changing group cnt (git-fixes).
* md: Do not flush sync_work in md_write_start() (git-fixes).
* md: convert comma to semicolon (git-fixes).
* media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes).
* media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes).
* media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a
camera (stable-fixes).
* media: uvcvideo: Implement dual stream quirk to fix loss of usb packets
(stable-fixes).
* media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes).
* mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-
fixes).
* mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes).
* mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes).
* mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes).
* mptcp: export local_address (git-fixes)
* mptcp: fix NL PM announced address accounting (git-fixes)
* mptcp: fix data races on local_id (git-fixes)
* mptcp: fix inconsistent state on fastopen race (bsc#1222672).
* mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
* mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes)
* mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes)
* mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-
fixes)
* mptcp: pm: deny endp with signal + subflow + port (git-fixes)
* mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes)
* mptcp: pm: do not try to create sf if alloc failed (git-fixes)
* mptcp: pm: fullmesh: select the right ID later (git-fixes)
* mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes)
* mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes)
* mptcp: pm: re-using ID of unused flushed subflows (git-fixes)
* mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes)
* mptcp: pm: re-using ID of unused removed subflows (git-fixes)
* mptcp: pm: reduce indentation blocks (git-fixes)
* mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes)
* mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes)
* mptcp: unify pm get_local_id interfaces (git-fixes)
* mptcp: unify pm set_flags interfaces (git-fixes)
* mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes).
* mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes).
* mtd: rawnand: cadence: fix unchecked dereference (git-fixes).
* mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes).
* nbd: Fix signal handling (git-fixes).
* nbd: Improve the documentation of the locking assumptions (git-fixes).
* nbd: do not allow reconnect after disconnect (git-fixes).
* net/mlx5: Correct TASR typo into TSAR (git-fixes).
* net/mlx5: Fix RDMA TX steering prio (git-fixes).
* net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981).
* net/mlx5: SF, Fix add port error handling (git-fixes).
* net/mlx5: Verify support for scheduling element and TSAR type (git-fixes).
* net/mlx5e: Always start IPsec sequence number from 1 (git-fixes).
* net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes).
* net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes).
* net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994).
* net: Fix undefined behavior in netdev name allocation (bsc#1233749).
* net: avoid UAF on deleted altname (bsc#1233749).
* net: check for altname conflicts when changing netdev's netns (bsc#1233749).
* net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
* net: do not send a MOVE event when netdev changes netns (bsc#1233749).
* net: do not use input buffer of __dev_alloc_name() as a scratch space
(bsc#1233749).
* net: fix ifname in netlink ntf during netns move (bsc#1233749).
* net: fix removing a namespace with conflicting altnames (bsc#1233749).
* net: free altname using an RCU callback (bsc#1233749).
* net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
* net: move altnames together with the netdevice (bsc#1233749).
* net: reduce indentation of __dev_alloc_name() (bsc#1233749).
* net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
* net: remove else after return in dev_prep_valid_name() (bsc#1233749).
* net: rose: lock the socket in rose_bind() (git-fixes).
* net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes).
* net: smc: fix spurious error message from __sock_release() (bsc#1237126).
* net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
* net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-
fixes).
* nouveau/svm: fix missing folio unlock + put after
make_device_exclusive_range() (git-fixes).
* null_blk: Do not allow runt zone with zone capacity smaller then zone size
(git-fixes).
* null_blk: Fix missing mutex_destroy() at module removal (git-fixes).
* null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-
fixes).
* null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-
fixes).
* null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
* null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes).
* null_blk: fix validation of block size (git-fixes).
* nvme-fc: use ctrl state getter (git-fixes).
* nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes).
* nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes).
* nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897).
* nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes).
* nvme/ioctl: add missing space in err message (git-fixes).
* nvme: handle connectivity loss in nvme_set_queue_count (git-fixes).
* nvme: make nvme_tls_attrs_group static (git-fixes).
* nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
* nvme: tcp: Fix compilation warning with W=1 (git-fixes).
* nvmet: Fix crash when a namespace is disabled (git-fixes).
* ocfs2: fix incorrect CPU endianness conversion causing mount failure
(bsc#1236138).
* padata: Clean up in padata_do_multithreaded() (bsc#1237563).
* padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
* partitions: ldm: remove the initial kernel-doc notation (git-fixes).
* phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk
(git-fixes).
* phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes).
* phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes).
* pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes).
* platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452).
* platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452).
* platform/x86/intel/tpmi: Add defines to get version information
(bsc#1237452).
* platform/x86: ISST: Ignore minor version change (bsc#1237452).
* platform/x86: acer-wmi: Ignore AC events (stable-fixes).
* platform/x86: int3472: Check for adev == NULL (stable-fixes).
* power: supply: da9150-fg: fix potential overflow (git-fixes).
* powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199).
* powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
(bsc#1215199).
* powerpc/code-patching: Disable KASAN report during patching via temporary mm
(bsc#1215199).
* powerpc/code-patching: Fix KASAN hit by not flagging text patching area as
VM_ALLOC (bsc#1215199).
* powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode
(ltc#210895 bsc#1235933 ltc#210896 bsc#1235932).
* powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967
ltc#210988).
* printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
(bsc#1237950).
* rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes).
* rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes).
* rbd: do not move requests to the running list on errors (git-fixes).
* rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes).
* regmap-irq: Add missing kfree() (git-fixes).
* rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
* s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes
bsc#1236205).
* s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158).
* s390/iucv: fix receive buffer virtual vs physical address confusion (git-
fixes bsc#1236200).
* s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752).
* s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368).
* s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails
(bsc#1236752).
* s390/pci: Ignore RID for isolated VFs (bsc#1236752).
* s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-
fixes bsc#1238368).
* s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752).
* s390/pci: Use topology ID for multi-function devices (bsc#1236752).
* s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199).
* s390/topology: Improve topology detection (bsc#1236591).
* s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes
bsc#1236203).
* scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-
fixes).
* scsi: core: Clear driver private data when retrying request (git-fixes).
* scsi: core: Handle depopulation and restoration in progress (git-fixes).
* scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347).
* scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector()
fails (bsc#1238347).
* scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine
(bsc#1238347).
* scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347).
* scsi: lpfc: Reduce log message generation during ELS ring clean up
(bsc#1238347).
* scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347).
* scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896).
* scsi: storvsc: Set correct data length for sending SCSI command without
payload (git-fixes).
* scsi: use block layer helpers to calculate num of queues (bsc#1236897).
* selftest: hugetlb_dio: fix test naming (git-fixes).
* selftest: mm: Test if hugepage does not get leaked during
__bio_release_pages() (git-fixes).
* selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-
fixes).
* selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-
fixes).
* selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes).
* selftests: hugetlb_dio: check for initial conditions to skip in the start
(git-fixes).
* selftests: hugetlb_dio: fixup check for initial conditions to skip in the
start (git-fixes).
* selftests: mptcp: connect: -f: no reconnect (git-fixes).
* selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes).
* serial: 8250: Fix fifo underflow on flush (git-fixes).
* serial: sc16is7xx: use device_property APIs when configuring irda mode
(stable-fixes).
* smb3: fix creating FIFOs when mounting with "sfu" mount option (git-fixes).
* smb3: request handle caching when caching directories (bsc#1231432).
* smb3: retrying on failed server close (bsc#1231432).
* smb: cached directories can be more than root file handle (bsc#1231432).
* smb: cilent: set reparse mount points as automounts (git-fixes).
* smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes).
* smb: client: Fix minor whitespace errors and warnings (git-fixes).
* smb: client: Fix netns refcount imbalance causing leaks and use-after-free
(git-fixes).
* smb: client: add support for WSL reparse points (git-fixes).
* smb: client: allow creating special files via reparse points (git-fixes).
* smb: client: allow creating symlinks via reparse points (git-fixes).
* smb: client: cleanup smb2_query_reparse_point() (git-fixes).
* smb: client: do not query reparse points twice on symlinks (git-fixes).
* smb: client: extend smb2_compound_op() to accept more commands
(bsc#1231432).
* smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432).
* smb: client: fix OOB in smb2_query_reparse_point() (git-fixes).
* smb: client: fix corruption in cifs_extend_writeback (bsc#1235609).
* smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes).
* smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes).
* smb: client: fix hardlinking of reparse points (git-fixes).
* smb: client: fix missing mode bits for SMB symlinks (git-fixes).
* smb: client: fix possible double free in smb2_set_ea() (git-fixes).
* smb: client: fix potential broken compound request (git-fixes).
* smb: client: fix renaming of reparse points (git-fixes).
* smb: client: get rid of smb311_posix_query_path_info() (git-fixes).
* smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes).
* smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes).
* smb: client: handle path separator of created SMB symlinks (git-fixes).
* smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes).
* smb: client: ignore unhandled reparse tags (git-fixes).
* smb: client: implement ->query_reparse_point() for SMB1 (git-fixes).
* smb: client: instantiate when creating SFU files (git-fixes).
* smb: client: introduce ->parse_reparse_point() (git-fixes).
* smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes).
* smb: client: introduce cifs_sfu_make_node() (git-fixes).
* smb: client: introduce reparse mount option (git-fixes).
* smb: client: make smb2_compound_op() return resp buffer on success
(bsc#1231432).
* smb: client: move most of reparse point handling code to common file (git-
fixes).
* smb: client: move some params to cifs_open_info_data (bsc#1231432).
* smb: client: optimise reparse point querying (git-fixes).
* smb: client: parse owner/group when creating reparse points (git-fixes).
* smb: client: parse reparse point flag in create response (bsc#1231432).
* smb: client: parse uid, gid, mode and dev from WSL reparse points (git-
fixes).
* smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299,
bsc#1235599, bsc#1234896).
* smb: client: reduce number of parameters in smb2_compound_op() (git-fixes).
* smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432).
* smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes).
* smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432).
* smb: client: retry compound request without reusing lease (git-fixes).
* smb: client: return reparse type in /proc/mounts (git-fixes).
* smb: client: reuse file lease key in compound operations (git-fixes).
* smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-
fixes).
* smb: client: set correct file type from NFS reparse points (git-fixes).
* smb: client: stop revalidating reparse points unnecessarily (git-fixes).
* smb: use kernel_connect() and kernel_bind() (git-fixes).
* soc/mediatek: mtk-devapc: Convert to platform remove callback returning void
(stable-fixes).
* soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes).
* soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes).
* soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes).
* soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes).
* soc: qcom: socinfo: move SMEM item struct and defines to a header (git-
fixes).
* spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes).
* spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families
(stable-fixes).
* spi: sn-f-ospi: Fix division by zero (git-fixes).
* tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367).
* tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes).
* tools: fix annoying "mkdir -p ..." logs when building tools in parallel
(git-fixes).
* ublk: fix error code for unsupported command (git-fixes).
* ublk: fix ublk_ch_mmap() for 64K page size (git-fixes).
* ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes).
* ublk: move zone report data out of request pdu (git-fixes).
* usb: cdc-acm: Check control transfer buffer size before access (git-fixes).
* usb: cdc-acm: Fix handling of oversized fragments (git-fixes).
* usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes).
* usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes).
* usb: dwc3: Fix timeout issue during controller enter/exit from halt state
(git-fixes).
* usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes).
* usb: gadget: core: flush gadget workqueue after device removal (git-fixes).
* usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind
retries (git-fixes).
* usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes).
* usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes).
* usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes).
* usb: roles: set switch registered flag early on (git-fixes).
* usb: xhci: Fix NULL pointer dereference on certain command aborts (git-
fixes).
* usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes).
* usbnet: ipheth: document scope of NCM implementation (stable-fixes).
* util_macros.h: fix/rework find_closest() macros (git-fixes).
* vhost/net: Set num_buffers for virtio 1.0 (git-fixes).
* virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues
(bsc#1236896).
* virtio: blk/scsi: use block layer helpers to calculate num of queues
(bsc#1236897).
* virtio: hookup irq_get_affinity callback (bsc#1236896).
* virtio_blk: reverse request order in virtio_queue_rqs (git-fixes).
* wifi: ath12k: fix handling of 6 GHz rules (git-fixes).
* wifi: brcmfmac: Check the return value of of_property_read_string_index()
(stable-fixes).
* wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-
fixes).
* wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
(stable-fixes).
* wifi: iwlwifi: avoid memory leak (stable-fixes).
* wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes).
* wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-
fixes).
* wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
* wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes).
* wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes).
* wifi: rtw89: add crystal_cap check to avoid setting as overflow value
(stable-fixes).
* x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes).
* x86/asm: Make serialize() always_inline (git-fixes).
* x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes).
* x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes).
* x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation
(git-fixes).
* x86/mm: Carve out INVLPG inline asm for use by others (git-fixes).
* x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
* x86/xen: allow larger contiguous memory regions in PV guests (git-fixes).
* x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
* xen/swiotlb: relax alignment requirements (git-fixes).
* xhci: dbgtty: remove kfifo_out() wrapper (git-fixes).
* zram: clear IDLE flag after recompression (git-fixes).
* zram: clear IDLE flag in mark_idle() (git-fixes).
* zram: do not mark idle slots that cannot be idle (git-fixes).
* zram: fix potential UAF of zram table (git-fixes).
* zram: fix uninitialized ZRAM not releasing backing device (git-fixes).
* zram: refuse to use zero sized block device as backing device (git-fixes).
* zram: split memory-tracking and ac-time tracking (git-fixes).
* Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-
fixes).
* Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes).
* arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes)
* arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-
fixes)
* arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes)
* bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-
fixes).
* drm/amd/display: Fix null check for pipe_ctx->plane_state in
resource_build_scaling_params (git-fixes).
* drm/sched: Fix preprocessor guard (git-fixes).
* exfat: do not zero the extended part (bsc#1237356).
* exfat: fix appending discontinuous clusters to empty file (bsc#1237356).
* exfat: fix timing of synchronizing bitmap and inode (bsc#1237356).
* ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497).
* initcall_blacklist: Does not allow kernel_lockdown be blacklisted
(bsc#1237521).
* mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-
fixes)
* packaging: Turn gcc version into config.sh variable.
* rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
* scsi: core: Do not retry I/Os during depopulation (git-fixes).
* scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes).
* scsi: hisi_sas: Directly call register snapshot instead of using workqueue
(git-fixes).
* scsi: hisi_sas: Enable all PHYs that are not disabled by user during
controller reset (git-fixes).
* scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes).
* scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-
fixes).
* scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
(git-fixes).
* scsi: megaraid_sas: Fix for a potential deadlock (git-fixes).
* scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes).
* scsi: mpi3mr: Start controller indexing from 0 (git-fixes).
* scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes).
* scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load
time (jsc#PED-11253).
* scsi: myrb: Remove dead code (git-fixes).
* scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
* scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes).
* scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes).
* scsi: sg: Enable runtime power management (git-fixes).
* scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-
fixes).
* scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes).
* wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes).
* wifi: iwlwifi: limit printed string from FW file (git-fixes).
* wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes).
* wifi: nl80211: reject cooked mode if it is set along with other flags (git-
fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-856=1 openSUSE-SLE-15.6-2025-856=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-856=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-856=1
* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-856=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-856=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.
* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2025-856=1
* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-856=1
## Package List:
* openSUSE Leap 15.6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.42.1
* openSUSE Leap 15.6 (noarch)
* kernel-macros-6.4.0-150600.23.42.1
* kernel-docs-html-6.4.0-150600.23.42.1
* kernel-source-6.4.0-150600.23.42.1
* kernel-devel-6.4.0-150600.23.42.1
* kernel-source-vanilla-6.4.0-150600.23.42.1
* openSUSE Leap 15.6 (nosrc ppc64le x86_64)
* kernel-debug-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (ppc64le x86_64)
* kernel-debug-debuginfo-6.4.0-150600.23.42.2
* kernel-debug-devel-debuginfo-6.4.0-150600.23.42.2
* kernel-debug-debugsource-6.4.0-150600.23.42.2
* kernel-debug-devel-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (x86_64)
* kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.42.2
* kernel-kvmsmall-vdso-6.4.0-150600.23.42.2
* kernel-debug-vdso-6.4.0-150600.23.42.2
* kernel-default-vdso-6.4.0-150600.23.42.2
* kernel-default-vdso-debuginfo-6.4.0-150600.23.42.2
* kernel-debug-vdso-debuginfo-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-6.4.0-150600.23.42.2.150600.12.18.4
* kernel-kvmsmall-devel-6.4.0-150600.23.42.2
* kernel-kvmsmall-debugsource-6.4.0-150600.23.42.2
* kernel-kvmsmall-debuginfo-6.4.0-150600.23.42.2
* kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4
* kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kernel-default-extra-debuginfo-6.4.0-150600.23.42.2
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.42.2
* kernel-default-debugsource-6.4.0-150600.23.42.2
* cluster-md-kmp-default-6.4.0-150600.23.42.2
* kernel-default-optional-debuginfo-6.4.0-150600.23.42.2
* kernel-obs-build-6.4.0-150600.23.42.2
* dlm-kmp-default-debuginfo-6.4.0-150600.23.42.2
* reiserfs-kmp-default-6.4.0-150600.23.42.2
* kernel-obs-build-debugsource-6.4.0-150600.23.42.2
* dlm-kmp-default-6.4.0-150600.23.42.2
* kernel-default-devel-6.4.0-150600.23.42.2
* kselftests-kmp-default-6.4.0-150600.23.42.2
* kernel-default-optional-6.4.0-150600.23.42.2
* kernel-syms-6.4.0-150600.23.42.1
* kernel-default-debuginfo-6.4.0-150600.23.42.2
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.42.2
* kernel-obs-qa-6.4.0-150600.23.42.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.42.2
* kernel-default-livepatch-6.4.0-150600.23.42.2
* kernel-default-devel-debuginfo-6.4.0-150600.23.42.2
* kselftests-kmp-default-debuginfo-6.4.0-150600.23.42.2
* gfs2-kmp-default-6.4.0-150600.23.42.2
* kernel-default-extra-6.4.0-150600.23.42.2
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.42.2
* ocfs2-kmp-default-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-6.4.0-150600.23.42.2
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-1-150600.13.3.4
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-1-150600.13.3.4
* kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4
* openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (s390x)
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.42.2
* kernel-zfcpdump-debugsource-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (nosrc)
* dtb-aarch64-6.4.0-150600.23.42.1
* openSUSE Leap 15.6 (aarch64)
* dtb-altera-6.4.0-150600.23.42.1
* dtb-sprd-6.4.0-150600.23.42.1
* dlm-kmp-64kb-debuginfo-6.4.0-150600.23.42.2
* dtb-hisilicon-6.4.0-150600.23.42.1
* dtb-apple-6.4.0-150600.23.42.1
* dtb-rockchip-6.4.0-150600.23.42.1
* dtb-arm-6.4.0-150600.23.42.1
* dtb-marvell-6.4.0-150600.23.42.1
* gfs2-kmp-64kb-6.4.0-150600.23.42.2
* kernel-64kb-debuginfo-6.4.0-150600.23.42.2
* kernel-64kb-extra-debuginfo-6.4.0-150600.23.42.2
* cluster-md-kmp-64kb-6.4.0-150600.23.42.2
* dtb-allwinner-6.4.0-150600.23.42.1
* dtb-broadcom-6.4.0-150600.23.42.1
* ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.42.2
* cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.42.2
* reiserfs-kmp-64kb-6.4.0-150600.23.42.2
* dtb-lg-6.4.0-150600.23.42.1
* ocfs2-kmp-64kb-6.4.0-150600.23.42.2
* kernel-64kb-optional-6.4.0-150600.23.42.2
* kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.42.2
* dtb-qcom-6.4.0-150600.23.42.1
* gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.42.2
* kernel-64kb-optional-debuginfo-6.4.0-150600.23.42.2
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.42.2
* dtb-xilinx-6.4.0-150600.23.42.1
* dtb-amazon-6.4.0-150600.23.42.1
* dtb-freescale-6.4.0-150600.23.42.1
* dtb-apm-6.4.0-150600.23.42.1
* kernel-64kb-debugsource-6.4.0-150600.23.42.2
* kernel-64kb-extra-6.4.0-150600.23.42.2
* dtb-cavium-6.4.0-150600.23.42.1
* dtb-amd-6.4.0-150600.23.42.1
* dlm-kmp-64kb-6.4.0-150600.23.42.2
* dtb-mediatek-6.4.0-150600.23.42.1
* dtb-nvidia-6.4.0-150600.23.42.1
* dtb-socionext-6.4.0-150600.23.42.1
* dtb-renesas-6.4.0-150600.23.42.1
* kselftests-kmp-64kb-6.4.0-150600.23.42.2
* dtb-amlogic-6.4.0-150600.23.42.1
* kernel-64kb-devel-6.4.0-150600.23.42.2
* dtb-exynos-6.4.0-150600.23.42.1
* reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.42.2
* openSUSE Leap 15.6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.42.2
* Basesystem Module 15-SP6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.42.2
* Basesystem Module 15-SP6 (aarch64)
* kernel-64kb-debugsource-6.4.0-150600.23.42.2
* kernel-64kb-devel-6.4.0-150600.23.42.2
* kernel-64kb-debuginfo-6.4.0-150600.23.42.2
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.42.2
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.42.2
* Basesystem Module 15-SP6 (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150600.23.42.2.150600.12.18.4
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-6.4.0-150600.23.42.2
* kernel-default-debugsource-6.4.0-150600.23.42.2
* kernel-default-debuginfo-6.4.0-150600.23.42.2
* kernel-default-devel-debuginfo-6.4.0-150600.23.42.2
* Basesystem Module 15-SP6 (noarch)
* kernel-devel-6.4.0-150600.23.42.1
* kernel-macros-6.4.0-150600.23.42.1
* Basesystem Module 15-SP6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.42.2
* Basesystem Module 15-SP6 (s390x)
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.42.2
* kernel-zfcpdump-debugsource-6.4.0-150600.23.42.2
* Development Tools Module 15-SP6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.42.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-6.4.0-150600.23.42.2
* kernel-syms-6.4.0-150600.23.42.1
* kernel-obs-build-6.4.0-150600.23.42.2
* Development Tools Module 15-SP6 (noarch)
* kernel-source-6.4.0-150600.23.42.1
* Legacy Module 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.42.2
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.42.2
* kernel-default-debugsource-6.4.0-150600.23.42.2
* reiserfs-kmp-default-6.4.0-150600.23.42.2
* kernel-default-debuginfo-6.4.0-150600.23.42.2
* SUSE Linux Enterprise Live Patching 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.42.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_9-debugsource-1-150600.13.3.4
* kernel-default-debugsource-6.4.0-150600.23.42.2
* kernel-default-livepatch-devel-6.4.0-150600.23.42.2
* kernel-default-livepatch-6.4.0-150600.23.42.2
* kernel-livepatch-6_4_0-150600_23_42-default-1-150600.13.3.4
* kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-1-150600.13.3.4
* kernel-default-debuginfo-6.4.0-150600.23.42.2
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.42.2
* dlm-kmp-default-debuginfo-6.4.0-150600.23.42.2
* kernel-default-debugsource-6.4.0-150600.23.42.2
* cluster-md-kmp-default-6.4.0-150600.23.42.2
* gfs2-kmp-default-6.4.0-150600.23.42.2
* dlm-kmp-default-6.4.0-150600.23.42.2
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.42.2
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.42.2
* ocfs2-kmp-default-6.4.0-150600.23.42.2
* kernel-default-debuginfo-6.4.0-150600.23.42.2
* SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.42.2
* SUSE Linux Enterprise Workstation Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.42.2
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* kernel-default-extra-debuginfo-6.4.0-150600.23.42.2
* kernel-default-debugsource-6.4.0-150600.23.42.2
* kernel-default-debuginfo-6.4.0-150600.23.42.2
* kernel-default-extra-6.4.0-150600.23.42.2
## References:
* https://www.suse.com/security/cve/CVE-2023-52924.html
* https://www.suse.com/security/cve/CVE-2023-52925.html
* https://www.suse.com/security/cve/CVE-2024-26708.html
* https://www.suse.com/security/cve/CVE-2024-26810.html
* https://www.suse.com/security/cve/CVE-2024-40980.html
* https://www.suse.com/security/cve/CVE-2024-41055.html
* https://www.suse.com/security/cve/CVE-2024-44974.html
* https://www.suse.com/security/cve/CVE-2024-45009.html
* https://www.suse.com/security/cve/CVE-2024-45010.html
* https://www.suse.com/security/cve/CVE-2024-47701.html
* https://www.suse.com/security/cve/CVE-2024-49884.html
* https://www.suse.com/security/cve/CVE-2024-49950.html
* https://www.suse.com/security/cve/CVE-2024-50029.html
* https://www.suse.com/security/cve/CVE-2024-50036.html
* https://www.suse.com/security/cve/CVE-2024-50073.html
* https://www.suse.com/security/cve/CVE-2024-50085.html
* https://www.suse.com/security/cve/CVE-2024-50115.html
* https://www.suse.com/security/cve/CVE-2024-50142.html
* https://www.suse.com/security/cve/CVE-2024-50185.html
* https://www.suse.com/security/cve/CVE-2024-50294.html
* https://www.suse.com/security/cve/CVE-2024-53123.html
* https://www.suse.com/security/cve/CVE-2024-53147.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53176.html
* https://www.suse.com/security/cve/CVE-2024-53177.html
* https://www.suse.com/security/cve/CVE-2024-53178.html
* https://www.suse.com/security/cve/CVE-2024-53226.html
* https://www.suse.com/security/cve/CVE-2024-53239.html
* https://www.suse.com/security/cve/CVE-2024-56539.html
* https://www.suse.com/security/cve/CVE-2024-56548.html
* https://www.suse.com/security/cve/CVE-2024-56568.html
* https://www.suse.com/security/cve/CVE-2024-56579.html
* https://www.suse.com/security/cve/CVE-2024-56605.html
* https://www.suse.com/security/cve/CVE-2024-56633.html
* https://www.suse.com/security/cve/CVE-2024-56647.html
* https://www.suse.com/security/cve/CVE-2024-56720.html
* https://www.suse.com/security/cve/CVE-2024-57889.html
* https://www.suse.com/security/cve/CVE-2024-57948.html
* https://www.suse.com/security/cve/CVE-2024-57994.html
* https://www.suse.com/security/cve/CVE-2025-21636.html
* https://www.suse.com/security/cve/CVE-2025-21637.html
* https://www.suse.com/security/cve/CVE-2025-21638.html
* https://www.suse.com/security/cve/CVE-2025-21639.html
* https://www.suse.com/security/cve/CVE-2025-21640.html
* https://www.suse.com/security/cve/CVE-2025-21647.html
* https://www.suse.com/security/cve/CVE-2025-21665.html
* https://www.suse.com/security/cve/CVE-2025-21667.html
* https://www.suse.com/security/cve/CVE-2025-21668.html
* https://www.suse.com/security/cve/CVE-2025-21673.html
* https://www.suse.com/security/cve/CVE-2025-21680.html
* https://www.suse.com/security/cve/CVE-2025-21681.html
* https://www.suse.com/security/cve/CVE-2025-21684.html
* https://www.suse.com/security/cve/CVE-2025-21687.html
* https://www.suse.com/security/cve/CVE-2025-21688.html
* https://www.suse.com/security/cve/CVE-2025-21689.html
* https://www.suse.com/security/cve/CVE-2025-21690.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21697.html
* https://www.suse.com/security/cve/CVE-2025-21699.html
* https://www.suse.com/security/cve/CVE-2025-21700.html
* https://www.suse.com/security/cve/CVE-2025-21705.html
* https://www.suse.com/security/cve/CVE-2025-21715.html
* https://www.suse.com/security/cve/CVE-2025-21716.html
* https://www.suse.com/security/cve/CVE-2025-21719.html
* https://www.suse.com/security/cve/CVE-2025-21724.html
* https://www.suse.com/security/cve/CVE-2025-21725.html
* https://www.suse.com/security/cve/CVE-2025-21728.html
* https://www.suse.com/security/cve/CVE-2025-21767.html
* https://www.suse.com/security/cve/CVE-2025-21790.html
* https://www.suse.com/security/cve/CVE-2025-21795.html
* https://www.suse.com/security/cve/CVE-2025-21799.html
* https://www.suse.com/security/cve/CVE-2025-21802.html
* https://bugzilla.suse.com/show_bug.cgi?id=1012628
* https://bugzilla.suse.com/show_bug.cgi?id=1215199
* https://bugzilla.suse.com/show_bug.cgi?id=1219367
* https://bugzilla.suse.com/show_bug.cgi?id=1222672
* https://bugzilla.suse.com/show_bug.cgi?id=1222803
* https://bugzilla.suse.com/show_bug.cgi?id=1225606
* https://bugzilla.suse.com/show_bug.cgi?id=1225742
* https://bugzilla.suse.com/show_bug.cgi?id=1225981
* https://bugzilla.suse.com/show_bug.cgi?id=1227937
* https://bugzilla.suse.com/show_bug.cgi?id=1228521
* https://bugzilla.suse.com/show_bug.cgi?id=1230235
* https://bugzilla.suse.com/show_bug.cgi?id=1230438
* https://bugzilla.suse.com/show_bug.cgi?id=1230439
* https://bugzilla.suse.com/show_bug.cgi?id=1230497
* https://bugzilla.suse.com/show_bug.cgi?id=1231432
* https://bugzilla.suse.com/show_bug.cgi?id=1231912
* https://bugzilla.suse.com/show_bug.cgi?id=1231920
* https://bugzilla.suse.com/show_bug.cgi?id=1231949
* https://bugzilla.suse.com/show_bug.cgi?id=1232159
* https://bugzilla.suse.com/show_bug.cgi?id=1232198
* https://bugzilla.suse.com/show_bug.cgi?id=1232201
* https://bugzilla.suse.com/show_bug.cgi?id=1232299
* https://bugzilla.suse.com/show_bug.cgi?id=1232508
* https://bugzilla.suse.com/show_bug.cgi?id=1232520
* https://bugzilla.suse.com/show_bug.cgi?id=1232919
* https://bugzilla.suse.com/show_bug.cgi?id=1233028
* https://bugzilla.suse.com/show_bug.cgi?id=1233109
* https://bugzilla.suse.com/show_bug.cgi?id=1233483
* https://bugzilla.suse.com/show_bug.cgi?id=1233749
* https://bugzilla.suse.com/show_bug.cgi?id=1234070
* https://bugzilla.suse.com/show_bug.cgi?id=1234853
* https://bugzilla.suse.com/show_bug.cgi?id=1234857
* https://bugzilla.suse.com/show_bug.cgi?id=1234891
* https://bugzilla.suse.com/show_bug.cgi?id=1234894
* https://bugzilla.suse.com/show_bug.cgi?id=1234895
* https://bugzilla.suse.com/show_bug.cgi?id=1234896
* https://bugzilla.suse.com/show_bug.cgi?id=1234963
* https://bugzilla.suse.com/show_bug.cgi?id=1235032
* https://bugzilla.suse.com/show_bug.cgi?id=1235054
* https://bugzilla.suse.com/show_bug.cgi?id=1235061
* https://bugzilla.suse.com/show_bug.cgi?id=1235073
* https://bugzilla.suse.com/show_bug.cgi?id=1235435
* https://bugzilla.suse.com/show_bug.cgi?id=1235485
* https://bugzilla.suse.com/show_bug.cgi?id=1235592
* https://bugzilla.suse.com/show_bug.cgi?id=1235599
* https://bugzilla.suse.com/show_bug.cgi?id=1235609
* https://bugzilla.suse.com/show_bug.cgi?id=1235932
* https://bugzilla.suse.com/show_bug.cgi?id=1235933
* https://bugzilla.suse.com/show_bug.cgi?id=1236113
* https://bugzilla.suse.com/show_bug.cgi?id=1236114
* https://bugzilla.suse.com/show_bug.cgi?id=1236115
* https://bugzilla.suse.com/show_bug.cgi?id=1236122
* https://bugzilla.suse.com/show_bug.cgi?id=1236123
* https://bugzilla.suse.com/show_bug.cgi?id=1236133
* https://bugzilla.suse.com/show_bug.cgi?id=1236138
* https://bugzilla.suse.com/show_bug.cgi?id=1236199
* https://bugzilla.suse.com/show_bug.cgi?id=1236200
* https://bugzilla.suse.com/show_bug.cgi?id=1236203
* https://bugzilla.suse.com/show_bug.cgi?id=1236205
* https://bugzilla.suse.com/show_bug.cgi?id=1236573
* https://bugzilla.suse.com/show_bug.cgi?id=1236575
* https://bugzilla.suse.com/show_bug.cgi?id=1236576
* https://bugzilla.suse.com/show_bug.cgi?id=1236591
* https://bugzilla.suse.com/show_bug.cgi?id=1236661
* https://bugzilla.suse.com/show_bug.cgi?id=1236677
* https://bugzilla.suse.com/show_bug.cgi?id=1236681
* https://bugzilla.suse.com/show_bug.cgi?id=1236682
* https://bugzilla.suse.com/show_bug.cgi?id=1236684
* https://bugzilla.suse.com/show_bug.cgi?id=1236689
* https://bugzilla.suse.com/show_bug.cgi?id=1236700
* https://bugzilla.suse.com/show_bug.cgi?id=1236702
* https://bugzilla.suse.com/show_bug.cgi?id=1236752
* https://bugzilla.suse.com/show_bug.cgi?id=1236759
* https://bugzilla.suse.com/show_bug.cgi?id=1236821
* https://bugzilla.suse.com/show_bug.cgi?id=1236822
* https://bugzilla.suse.com/show_bug.cgi?id=1236896
* https://bugzilla.suse.com/show_bug.cgi?id=1236897
* https://bugzilla.suse.com/show_bug.cgi?id=1236952
* https://bugzilla.suse.com/show_bug.cgi?id=1236967
* https://bugzilla.suse.com/show_bug.cgi?id=1236994
* https://bugzilla.suse.com/show_bug.cgi?id=1237007
* https://bugzilla.suse.com/show_bug.cgi?id=1237017
* https://bugzilla.suse.com/show_bug.cgi?id=1237025
* https://bugzilla.suse.com/show_bug.cgi?id=1237028
* https://bugzilla.suse.com/show_bug.cgi?id=1237045
* https://bugzilla.suse.com/show_bug.cgi?id=1237126
* https://bugzilla.suse.com/show_bug.cgi?id=1237132
* https://bugzilla.suse.com/show_bug.cgi?id=1237139
* https://bugzilla.suse.com/show_bug.cgi?id=1237155
* https://bugzilla.suse.com/show_bug.cgi?id=1237158
* https://bugzilla.suse.com/show_bug.cgi?id=1237159
* https://bugzilla.suse.com/show_bug.cgi?id=1237232
* https://bugzilla.suse.com/show_bug.cgi?id=1237234
* https://bugzilla.suse.com/show_bug.cgi?id=1237325
* https://bugzilla.suse.com/show_bug.cgi?id=1237356
* https://bugzilla.suse.com/show_bug.cgi?id=1237415
* https://bugzilla.suse.com/show_bug.cgi?id=1237452
* https://bugzilla.suse.com/show_bug.cgi?id=1237504
* https://bugzilla.suse.com/show_bug.cgi?id=1237521
* https://bugzilla.suse.com/show_bug.cgi?id=1237558
* https://bugzilla.suse.com/show_bug.cgi?id=1237562
* https://bugzilla.suse.com/show_bug.cgi?id=1237563
* https://bugzilla.suse.com/show_bug.cgi?id=1237848
* https://bugzilla.suse.com/show_bug.cgi?id=1237849
* https://bugzilla.suse.com/show_bug.cgi?id=1237879
* https://bugzilla.suse.com/show_bug.cgi?id=1237889
* https://bugzilla.suse.com/show_bug.cgi?id=1237891
* https://bugzilla.suse.com/show_bug.cgi?id=1237901
* https://bugzilla.suse.com/show_bug.cgi?id=1237950
* https://bugzilla.suse.com/show_bug.cgi?id=1238214
* https://bugzilla.suse.com/show_bug.cgi?id=1238303
* https://bugzilla.suse.com/show_bug.cgi?id=1238347
* https://bugzilla.suse.com/show_bug.cgi?id=1238368
* https://bugzilla.suse.com/show_bug.cgi?id=1238509
* https://bugzilla.suse.com/show_bug.cgi?id=1238525
* https://bugzilla.suse.com/show_bug.cgi?id=1238570
* https://bugzilla.suse.com/show_bug.cgi?id=1238739
* https://bugzilla.suse.com/show_bug.cgi?id=1238751
* https://bugzilla.suse.com/show_bug.cgi?id=1238753
* https://bugzilla.suse.com/show_bug.cgi?id=1238759
* https://bugzilla.suse.com/show_bug.cgi?id=1238860
* https://bugzilla.suse.com/show_bug.cgi?id=1238863
* https://bugzilla.suse.com/show_bug.cgi?id=1238877
* https://jira.suse.com/browse/PED-10028
* https://jira.suse.com/browse/PED-11253
* https://jira.suse.com/browse/PED-12094
* https://jira.suse.com/browse/PED-348
SUSE-SU-2025:0855-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2025:0855-1
Release Date: 2025-03-13T12:44:07Z
Rating: important
References:
* bsc#1215420
* bsc#1224700
* bsc#1225742
* bsc#1232919
* bsc#1234853
* bsc#1234891
* bsc#1234963
* bsc#1235054
* bsc#1235061
* bsc#1235073
* bsc#1236757
* bsc#1236761
* bsc#1236821
* bsc#1237025
* bsc#1237028
* bsc#1237139
* bsc#1237768
* bsc#1238033
Cross-References:
* CVE-2021-47633
* CVE-2022-49080
* CVE-2023-4244
* CVE-2023-52924
* CVE-2024-35949
* CVE-2024-50115
* CVE-2024-53173
* CVE-2024-53239
* CVE-2024-56539
* CVE-2024-56548
* CVE-2024-56605
* CVE-2025-21690
* CVE-2025-21692
* CVE-2025-21699
CVSS scores:
* CVE-2021-47633 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2021-47633 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2022-49080 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2022-49080 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4244 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52924 ( SUSE ): 1.8
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2023-52924 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50115 ( SUSE ): 4.5
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
* CVE-2024-50115 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:H
* CVE-2024-50115 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-53173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53239 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-53239 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-53239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56539 ( SUSE ): 8.6
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56539 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-56548 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56548 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56548 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56605 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21690 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21690 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21690 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21692 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21692 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-21692 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21699 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21699 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21699 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Availability Extension 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Live Patching 15-SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 Business Critical Linux
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Manager Proxy 4.2
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Server 4.2
An update that solves 14 vulnerabilities and has four security fixes can now be
installed.
## Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
bugfixes.
The following security bugs were fixed:
* CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
(bsc#1237768).
* CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace
(bsc#1238033).
* CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks
(bsc#1224700).
* CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial
of service (bsc#1237025).
* CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
* CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA
flag (bsc#1237139).
The following non-security bugs were fixed:
* net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
* net: netvsc: Update default VMBus channels (bsc#1236757).
* scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-855=1
* SUSE Linux Enterprise Live Patching 15-SP3
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-855=1
* SUSE Linux Enterprise High Availability Extension 15 SP3
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2025-855=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-855=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-855=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-855=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-855=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-855=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-855=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-855=1
## Package List:
* openSUSE Leap 15.3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (noarch)
* kernel-source-5.3.18-150300.59.198.1
* kernel-macros-5.3.18-150300.59.198.1
* kernel-devel-5.3.18-150300.59.198.1
* kernel-source-vanilla-5.3.18-150300.59.198.1
* kernel-docs-html-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (nosrc ppc64le x86_64)
* kernel-kvmsmall-5.3.18-150300.59.198.1
* kernel-debug-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (ppc64le x86_64)
* kernel-kvmsmall-debugsource-5.3.18-150300.59.198.1
* kernel-debug-debugsource-5.3.18-150300.59.198.1
* kernel-kvmsmall-devel-5.3.18-150300.59.198.1
* kernel-debug-debuginfo-5.3.18-150300.59.198.1
* kernel-debug-devel-5.3.18-150300.59.198.1
* kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-debug-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-kvmsmall-debuginfo-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64)
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-default-optional-5.3.18-150300.59.198.1
* cluster-md-kmp-default-5.3.18-150300.59.198.1
* dlm-kmp-default-5.3.18-150300.59.198.1
* kernel-default-livepatch-5.3.18-150300.59.198.1
* ocfs2-kmp-default-5.3.18-150300.59.198.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-default-extra-5.3.18-150300.59.198.1
* kernel-default-base-5.3.18-150300.59.198.1.150300.18.118.1
* kernel-default-extra-debuginfo-5.3.18-150300.59.198.1
* kernel-default-optional-debuginfo-5.3.18-150300.59.198.1
* kernel-obs-build-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* kselftests-kmp-default-5.3.18-150300.59.198.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-syms-5.3.18-150300.59.198.1
* kernel-default-base-rebuild-5.3.18-150300.59.198.1.150300.18.118.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-default-debugsource-5.3.18-150300.59.198.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.198.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-default-devel-5.3.18-150300.59.198.1
* gfs2-kmp-default-5.3.18-150300.59.198.1
* reiserfs-kmp-default-5.3.18-150300.59.198.1
* kernel-obs-build-debugsource-5.3.18-150300.59.198.1
* kselftests-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-obs-qa-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.3.18-150300.59.198.1
* kernel-livepatch-5_3_18-150300_59_198-default-debuginfo-1-150300.7.3.1
* kernel-livepatch-SLE15-SP3_Update_55-debugsource-1-150300.7.3.1
* kernel-livepatch-5_3_18-150300_59_198-default-1-150300.7.3.1
* openSUSE Leap 15.3 (x86_64)
* kernel-livepatch-5_3_18-150300_59_198-preempt-1-150300.7.3.1
* kernel-livepatch-5_3_18-150300_59_198-preempt-debuginfo-1-150300.7.3.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* kernel-preempt-optional-debuginfo-5.3.18-150300.59.198.1
* dlm-kmp-preempt-5.3.18-150300.59.198.1
* dlm-kmp-preempt-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-debuginfo-5.3.18-150300.59.198.1
* kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.198.1
* reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-devel-5.3.18-150300.59.198.1
* ocfs2-kmp-preempt-5.3.18-150300.59.198.1
* reiserfs-kmp-preempt-5.3.18-150300.59.198.1
* gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.198.1
* cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-debugsource-5.3.18-150300.59.198.1
* kernel-preempt-extra-debuginfo-5.3.18-150300.59.198.1
* kselftests-kmp-preempt-5.3.18-150300.59.198.1
* ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-optional-5.3.18-150300.59.198.1
* cluster-md-kmp-preempt-5.3.18-150300.59.198.1
* gfs2-kmp-preempt-5.3.18-150300.59.198.1
* kernel-preempt-extra-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (s390x)
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.198.1
* kernel-zfcpdump-debugsource-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (nosrc)
* dtb-aarch64-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (aarch64)
* dtb-arm-5.3.18-150300.59.198.1
* ocfs2-kmp-64kb-5.3.18-150300.59.198.1
* kernel-64kb-optional-debuginfo-5.3.18-150300.59.198.1
* dtb-freescale-5.3.18-150300.59.198.1
* dlm-kmp-64kb-debuginfo-5.3.18-150300.59.198.1
* dtb-al-5.3.18-150300.59.198.1
* dlm-kmp-64kb-5.3.18-150300.59.198.1
* dtb-exynos-5.3.18-150300.59.198.1
* dtb-hisilicon-5.3.18-150300.59.198.1
* cluster-md-kmp-64kb-5.3.18-150300.59.198.1
* cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.198.1
* gfs2-kmp-64kb-5.3.18-150300.59.198.1
* dtb-marvell-5.3.18-150300.59.198.1
* kselftests-kmp-64kb-5.3.18-150300.59.198.1
* kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.198.1
* kernel-64kb-debugsource-5.3.18-150300.59.198.1
* kernel-64kb-extra-debuginfo-5.3.18-150300.59.198.1
* kernel-64kb-optional-5.3.18-150300.59.198.1
* dtb-nvidia-5.3.18-150300.59.198.1
* kernel-64kb-devel-5.3.18-150300.59.198.1
* dtb-renesas-5.3.18-150300.59.198.1
* dtb-altera-5.3.18-150300.59.198.1
* dtb-lg-5.3.18-150300.59.198.1
* dtb-qcom-5.3.18-150300.59.198.1
* reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.198.1
* dtb-allwinner-5.3.18-150300.59.198.1
* dtb-zte-5.3.18-150300.59.198.1
* dtb-amlogic-5.3.18-150300.59.198.1
* dtb-xilinx-5.3.18-150300.59.198.1
* kernel-64kb-debuginfo-5.3.18-150300.59.198.1
* dtb-apm-5.3.18-150300.59.198.1
* ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.198.1
* dtb-broadcom-5.3.18-150300.59.198.1
* dtb-amd-5.3.18-150300.59.198.1
* kernel-64kb-extra-5.3.18-150300.59.198.1
* gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.198.1
* dtb-cavium-5.3.18-150300.59.198.1
* dtb-mediatek-5.3.18-150300.59.198.1
* reiserfs-kmp-64kb-5.3.18-150300.59.198.1
* dtb-socionext-5.3.18-150300.59.198.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.198.1
* dtb-sprd-5.3.18-150300.59.198.1
* dtb-rockchip-5.3.18-150300.59.198.1
* openSUSE Leap 15.3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Live Patching 15-SP3 (nosrc)
* kernel-default-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64)
* kernel-livepatch-5_3_18-150300_59_198-default-1-150300.7.3.1
* kernel-default-debugsource-5.3.18-150300.59.198.1
* kernel-default-livepatch-devel-5.3.18-150300.59.198.1
* kernel-default-livepatch-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le
s390x x86_64)
* ocfs2-kmp-default-5.3.18-150300.59.198.1
* cluster-md-kmp-default-debuginfo-5.3.18-150300.59.198.1
* gfs2-kmp-default-debuginfo-5.3.18-150300.59.198.1
* dlm-kmp-default-debuginfo-5.3.18-150300.59.198.1
* cluster-md-kmp-default-5.3.18-150300.59.198.1
* gfs2-kmp-default-5.3.18-150300.59.198.1
* kernel-default-debugsource-5.3.18-150300.59.198.1
* ocfs2-kmp-default-debuginfo-5.3.18-150300.59.198.1
* dlm-kmp-default-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc)
* kernel-default-5.3.18-150300.59.198.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.198.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.198.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-64kb-debuginfo-5.3.18-150300.59.198.1
* kernel-64kb-devel-5.3.18-150300.59.198.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc
x86_64)
* kernel-preempt-5.3.18-150300.59.198.1
* kernel-default-5.3.18-150300.59.198.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.198.1
* kernel-default-devel-5.3.18-150300.59.198.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-syms-5.3.18-150300.59.198.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-devel-5.3.18-150300.59.198.1
* reiserfs-kmp-default-5.3.18-150300.59.198.1
* kernel-default-debugsource-5.3.18-150300.59.198.1
* kernel-default-base-5.3.18-150300.59.198.1.150300.18.118.1
* kernel-preempt-debugsource-5.3.18-150300.59.198.1
* kernel-obs-build-debugsource-5.3.18-150300.59.198.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-obs-build-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.198.1
* kernel-devel-5.3.18-150300.59.198.1
* kernel-macros-5.3.18-150300.59.198.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.198.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-64kb-debuginfo-5.3.18-150300.59.198.1
* kernel-64kb-devel-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.3.18-150300.59.198.1
* kernel-syms-5.3.18-150300.59.198.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-default-debugsource-5.3.18-150300.59.198.1
* kernel-default-base-5.3.18-150300.59.198.1.150300.18.118.1
* reiserfs-kmp-default-5.3.18-150300.59.198.1
* kernel-obs-build-debugsource-5.3.18-150300.59.198.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-obs-build-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* kernel-source-5.3.18-150300.59.198.1
* kernel-devel-5.3.18-150300.59.198.1
* kernel-macros-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch nosrc)
* kernel-docs-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-devel-5.3.18-150300.59.198.1
* kernel-preempt-debugsource-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (nosrc s390x)
* kernel-zfcpdump-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (s390x)
* kernel-zfcpdump-debuginfo-5.3.18-150300.59.198.1
* kernel-zfcpdump-debugsource-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le
x86_64)
* kernel-default-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* kernel-default-devel-5.3.18-150300.59.198.1
* kernel-syms-5.3.18-150300.59.198.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-default-debugsource-5.3.18-150300.59.198.1
* kernel-default-base-5.3.18-150300.59.198.1.150300.18.118.1
* reiserfs-kmp-default-5.3.18-150300.59.198.1
* kernel-obs-build-debugsource-5.3.18-150300.59.198.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-obs-build-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* kernel-source-5.3.18-150300.59.198.1
* kernel-devel-5.3.18-150300.59.198.1
* kernel-macros-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-devel-5.3.18-150300.59.198.1
* kernel-preempt-debugsource-5.3.18-150300.59.198.1
* SUSE Enterprise Storage 7.1 (aarch64 nosrc)
* kernel-64kb-5.3.18-150300.59.198.1
* SUSE Enterprise Storage 7.1 (aarch64)
* kernel-64kb-debugsource-5.3.18-150300.59.198.1
* kernel-64kb-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-64kb-debuginfo-5.3.18-150300.59.198.1
* kernel-64kb-devel-5.3.18-150300.59.198.1
* SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64)
* kernel-preempt-5.3.18-150300.59.198.1
* kernel-default-5.3.18-150300.59.198.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* kernel-preempt-debuginfo-5.3.18-150300.59.198.1
* kernel-default-devel-5.3.18-150300.59.198.1
* kernel-preempt-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-syms-5.3.18-150300.59.198.1
* kernel-default-devel-debuginfo-5.3.18-150300.59.198.1
* kernel-preempt-devel-5.3.18-150300.59.198.1
* reiserfs-kmp-default-5.3.18-150300.59.198.1
* kernel-default-debugsource-5.3.18-150300.59.198.1
* kernel-default-base-5.3.18-150300.59.198.1.150300.18.118.1
* kernel-preempt-debugsource-5.3.18-150300.59.198.1
* kernel-obs-build-debugsource-5.3.18-150300.59.198.1
* reiserfs-kmp-default-debuginfo-5.3.18-150300.59.198.1
* kernel-obs-build-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* SUSE Enterprise Storage 7.1 (noarch)
* kernel-source-5.3.18-150300.59.198.1
* kernel-devel-5.3.18-150300.59.198.1
* kernel-macros-5.3.18-150300.59.198.1
* SUSE Enterprise Storage 7.1 (noarch nosrc)
* kernel-docs-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* kernel-default-base-5.3.18-150300.59.198.1.150300.18.118.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.198.1.150300.18.118.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64)
* kernel-default-5.3.18-150300.59.198.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* kernel-default-base-5.3.18-150300.59.198.1.150300.18.118.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.3.18-150300.59.198.1
* kernel-default-debuginfo-5.3.18-150300.59.198.1
## References:
* https://www.suse.com/security/cve/CVE-2021-47633.html
* https://www.suse.com/security/cve/CVE-2022-49080.html
* https://www.suse.com/security/cve/CVE-2023-4244.html
* https://www.suse.com/security/cve/CVE-2023-52924.html
* https://www.suse.com/security/cve/CVE-2024-35949.html
* https://www.suse.com/security/cve/CVE-2024-50115.html
* https://www.suse.com/security/cve/CVE-2024-53173.html
* https://www.suse.com/security/cve/CVE-2024-53239.html
* https://www.suse.com/security/cve/CVE-2024-56539.html
* https://www.suse.com/security/cve/CVE-2024-56548.html
* https://www.suse.com/security/cve/CVE-2024-56605.html
* https://www.suse.com/security/cve/CVE-2025-21690.html
* https://www.suse.com/security/cve/CVE-2025-21692.html
* https://www.suse.com/security/cve/CVE-2025-21699.html
* https://bugzilla.suse.com/show_bug.cgi?id=1215420
* https://bugzilla.suse.com/show_bug.cgi?id=1224700
* https://bugzilla.suse.com/show_bug.cgi?id=1225742
* https://bugzilla.suse.com/show_bug.cgi?id=1232919
* https://bugzilla.suse.com/show_bug.cgi?id=1234853
* https://bugzilla.suse.com/show_bug.cgi?id=1234891
* https://bugzilla.suse.com/show_bug.cgi?id=1234963
* https://bugzilla.suse.com/show_bug.cgi?id=1235054
* https://bugzilla.suse.com/show_bug.cgi?id=1235061
* https://bugzilla.suse.com/show_bug.cgi?id=1235073
* https://bugzilla.suse.com/show_bug.cgi?id=1236757
* https://bugzilla.suse.com/show_bug.cgi?id=1236761
* https://bugzilla.suse.com/show_bug.cgi?id=1236821
* https://bugzilla.suse.com/show_bug.cgi?id=1237025
* https://bugzilla.suse.com/show_bug.cgi?id=1237028
* https://bugzilla.suse.com/show_bug.cgi?id=1237139
* https://bugzilla.suse.com/show_bug.cgi?id=1237768
* https://bugzilla.suse.com/show_bug.cgi?id=1238033
SUSE-SU-2025:0857-1: important: Security update for build
# Security update for build
Announcement ID: SUSE-SU-2025:0857-1
Release Date: 2025-03-13T17:58:42Z
Rating: important
References:
* bsc#1217269
* bsc#1230469
Cross-References:
* CVE-2024-22038
CVSS scores:
* CVE-2024-22038 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2024-22038 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-22038 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Affected Products:
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for build fixes the following issues: \- CVE-2024-22038: Fixed DoS
attacks, information leaks with crafted Git repositories (bnc#1230469)
Other fixes: \- Fixed behaviour when using "\--shell" aka "osc shell" option in
a VM build. Startup is faster and permissions stay intact now.
* fixes for POSIX compatibility for obs-docker-support adn mkbaselibs
* Add support for apk in docker/podman builds
* Add support for 'wget' in Docker images
* Fix debian support for Dockerfile builds
* Fix preinstallimages in containers
* mkosi: add back system-packages used by build-recipe directly
* pbuild: parse the Release files for debian repos
* mkosi: drop most systemd/build-packages deps and use obs_scm directory as
source if present
* improve source copy handling
* Introduce --repos-directory and --containers-directory options
* productcompose: support of building against a baseiso
* preinstallimage: avoid inclusion of build script generated files
* preserve timestamps on sources copy-in for kiwi and productcompose
* alpine package support updates
* tumbleweed config update
* debian: Support installation of foreign architecture packages (required for
armv7l setups)
* Parse unknown timezones as UTC
* Apk (Alpine Linux) format support added
* Implement default value in parameter expansion
* Also support supplements that use & as "and"
* Add workaround for skopeo's argument parser
* add cap-htm=off on power9
* Fixed usage of chown calls
* Remove leading `go` from `purl` locators
* container related:
* Implement support for the new element in kiwi recipes
* Fixes for SBOM and dependencies of multi stage container builds
* obs-docker-support: enable dnf and yum substitutions
* Arch Linux:
* fix file path for Arch repo
* exclude unsupported arch
* Use root as download user
* build-vm-qemu: force sv48 satp mode on riscv64
* mkosi:
* Create .sha256 files after mkosi builds
* Always pass --image-version to mkosi
* General improvements and bugfixes (mkosi, pbuild, appimage/livebuild, obs
work detection, documention, SBOM)
* Support slsa v1 in unpack_slsa_provenance
* generate_sbom: do not clobber spdx supplier
* Harden export_debian_orig_from_git (bsc#1230469)
* SBOM generation:
* Adding golang introspection support
* Adding rust binary introspection support
* Keep track of unknwon licenses and add a "hasExtractedLicensingInfos"
section
* Also normalize licenses for cyclonedx
* Make generate_sbom errors fatal
* general improvements
* Fix noprep building not working because the buildir is removed
* kiwi image: also detect a debian build if /var/lib/dpkg/status is present
* Do not use the Encode module to convert a code point to utf8
* Fix personality syscall number for riscv
* add more required recommendations for KVM builds
* set PACKAGER field in build-recipe-arch
* fix writing _modulemd.yaml
* pbuild: support --release and --baselibs option
* container:
* copy base container information from the annotation into the containerinfo
* track base containers over multiple stages
* always put the base container last in the dependencies
* providing fileprovides in createdirdeps tool
* Introduce buildflag nochecks
* productcompose: support **all** option
* config update: tumbleweed using preinstallexpand
* minor improvements
* tumbleweed build config update
* support the %load macro
* improve container filename generation (docker)
* fix hanging curl calls during build (docker)
* productcompose: fix milestone query
* tumbleweed build config update
* 15.6 build config fixes
* sourcerpm & sourcedep handling fixes
* productcompose:
* Fix milestone handling
* Support bcntsynctag
* Adding debian support to generate_sbom
* Add syscall for personality switch on loongarch64 kernel
* vm-build: ext3 & ext4: fix disk space allocation
* mkosi format updates, not fully working yet
* pbuild exception fixes
* Fixes for current fedora and centos distros
* Don't copy original dsc sources if OBS-DCH-RELEASE set
* Unbreak parsing of sources/patches
* Support ForceMultiVersion in the dockerfile parser
* Support %bcond of rpm 4.17.1
* Add a hack for systemd 255.3, creating an empty /etc/os-release if missing
after preinstall.
* docker: Fix HEAD request in dummyhttpserver
* pbuild: Make docker-nobasepackages expand flag the default
* rpm: Support a couple of builtin rpm macros
* rpm: Implement argument expansion for define/with/bcond...
* Fix multiline macro handling
* Accept -N parameter of %autosetup
* documentation updates
* various code cleanup and speedup work.
* ProductCompose: multiple improvements
* Add buildflags:define_specfile support
* Fix copy-in of git subdirectory sources
* pbuild: Speed up XML parsing
* pubild: product compose support
* generate_sbom: add help option
* podman: enforce runtime=runc
* Implement direct conflicts from the distro config
* changelog2spec: fix time zone handling
* Do not unmount /proc/sys/fs/binfmt_misc before runnint the check scripts
* spec file cleanup
* documentation updates
* productcompose:
* support schema 0.1
* support milestones
* Leap 15.6 config
* SLE 15 SP6 config
* productcompose: follow incompatible flavor syntax change
* pbuild: support for zstd
* fixed handling for cmdline parameters via kernel packages
* productcompose:
* BREAKING: support new schema
* adapt flavor architecture parsing
* productcompose:
* support filtered package lists
* support default architecture listing
* fix copy in binaries in VM builds^
* obsproduct build type got renamed to productcompose
* Support zstd compressed rpm-md meta data (bsc#1217269)
* Added Debian 12 configuration
* First ObsProduct build format support
* fix SLE 15 SP5 build configuration
* Improve user agent handling for obs repositories
* Docker:
* Support flavor specific build descriptions via Dockerfile.$flavor
* support "PlusRecommended" hint to also provide recommended packages
* use the name/version as filename if both are known
* Produce docker format containers by default
* pbuild: Support for signature authentification of OBS resources
* Fix wiping build root for --vm-type podman
* Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the /.buildenv
* build-vm-kvm: use -cpu host on riscv64
* small fixes and cleanups
* Added parser for BcntSyncTag in sources
* pbuild:
* fix dependency expansion for build types other than spec
* Reworked cycle handling code
* add --extra-packs option
* add debugflags option
* Pass-through --buildtool-opt
* Parse Patch and Source lines more accurately
* fix tunefs functionality
* minor bugfixes
* \--vm-type=podman added (supports also root-less builds)
* Also support build constraints in the Dockerfile
* minor fixes
* Add SUSE ALP build config
* BREAKING: Record errors when parsing the project config former behaviour was
undefined
* container: Support compression format configuration option
* Don't setup ccache with --no-init
* improved loongarch64 support
* sbom: SPDX supplier tag added
* kiwi: support different versions per profile
* preinstallimage: fail when recompression fails
* Add support for recommends and supplements dependencies
* Support the "keepfilerequires" expand flag
* add '\--buildtool-opt=OPTIONS' to pass options to the used build tool
* distro config updates
* ArchLinux
* Tumbleweed
* documentation updates
* openSUSE Tumbleweed: sync config and move to suse_version 1699.
* universal post-build hook, just place a file in /usr/lib/build/post_build.d/
* mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3)
* KiwiProduct: add --use-newest-package hint if the option is set
* Dockerfile support:
* export multibuild flavor as argument
* allow parameters in FROM .. scratch lines
* include OS name in build result if != linux
* Workaround directory->symlink usrmerge problems for cross arch sysroot
* multiple fixes for SBOM support
* KIWI VM image SBOM support added
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-857=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-857=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-857=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-857=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-857=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-857=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-857=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-857=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-857=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-857=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-857=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-857=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-857=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-857=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Enterprise Storage 7.1 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* openSUSE Leap 15.6 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-initvm-x86_64-20250306-150200.19.1
* build-initvm-aarch64-20250306-150200.19.1
* build-initvm-s390x-20250306-150200.19.1
* build-mkdrpms-20250306-150200.19.1
* build-initvm-powerpc64le-20250306-150200.19.1
* build-20250306-150200.19.1
* Development Tools Module 15-SP6 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
## References:
* https://www.suse.com/security/cve/CVE-2024-22038.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217269
* https://bugzilla.suse.com/show_bug.cgi?id=1230469
SUSE-SU-2025:0858-1: important: Security update for rubygem-rack-1_6
# Security update for rubygem-rack-1_6
Announcement ID: SUSE-SU-2025:0858-1
Release Date: 2025-03-13T17:58:53Z
Rating: important
References:
* bsc#1237141
* bsc#1239298
Cross-References:
* CVE-2025-25184
* CVE-2025-27610
CVSS scores:
* CVE-2025-25184 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-25184 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-25184 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-27610 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-27610 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-27610 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for rubygem-rack-1_6 fixes the following issues:
* CVE-2025-27610: Fixed improper sanitization of user-supplied paths when
serving files leading to local file inclusion (bsc#1239298).
* CVE-2025-25184: Fixed Rack::CommonLogger log entry manipulation
(bsc#1237141).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-858=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* ruby2.5-rubygem-rack-1_6-1.6.8-150000.3.3.1
* ruby2.5-rubygem-rack-testsuite-1_6-1.6.8-150000.3.3.1
* ruby2.5-rubygem-rack-doc-1_6-1.6.8-150000.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2025-25184.html
* https://www.suse.com/security/cve/CVE-2025-27610.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237141
* https://bugzilla.suse.com/show_bug.cgi?id=1239298
