SUSE-SU-2025:0564-1

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-40980: dropmonitor: replace spinlock by rawspinlock (bsc#1227937).
• CVE-2024-46858: mptcp: pm: Fix uaf in _timerdelete_sync (bsc#1231088).
• CVE-2024-49948: net: add more sanity checks to qdiscpktlen_init() (bsc#1232161).
• CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101).
• CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
• CVE-2024-50251: netfilter: nftpayload: sanitize offset and length before calling skbchecksum() (bsc#1233248).
• CVE-2024-50258: net: fix crash when config small gsomaxsize/gsoipv4max_size (bsc#1233221).
• CVE-2024-50304: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnel_find() (bsc#1233522).
• CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070).
• CVE-2024-53187: iouring: check for overflows in iopin_pages (bsc#1234947).
• CVE-2024-53203: usb: typec: fix potential array underflow in ucsiccgsync_control() (bsc#1235001).
• CVE-2024-56592: bpf: Call freehtabelem() after htabunlockbucket() (bsc#1235244).
• CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
• CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
• CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21linkencoder_create' (bsc#1235487).
• CVE-2024-56610: kcsan: Turn reportfilterlistlock into a raw_spinlock (bsc#1235390).
• CVE-2024-56633: tcpbpf: Fix the skmemuncharge logic in tcpbpf_sendmsg (bsc#1235485).
• CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtg_check() (bsc#1235430).
• CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
• CVE-2024-56665: bpf,perf: Fix invalid progarray access in perfeventdetachbpf_prog (bsc#1235489).
• CVE-2024-56679: octeontx2-pf: handle otx2mboxgetrsp errors in otx2common.c (bsc#1235498).
• CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418).
• CVE-2024-56707: octeontx2-pf: handle otx2mboxgetrsp errors in otx2dmac_flt.c (bsc#1235545).
• CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612).
• CVE-2024-56725: octeontx2-pf: handle otx2mboxgetrsp errors in otx2dcbnl.c (bsc#1235578).
• CVE-2024-56726: octeontx2-pf: handle otx2mboxget_rsp errors in cn10k.c (bsc#1235582).
• CVE-2024-56727: octeontx2-pf: handle otx2mboxgetrsp errors in otx2flows.c (bsc#1235583).
• CVE-2024-56728: octeontx2-pf: handle otx2mboxgetrsp errors in otx2ethtool.c (bsc#1235656).
• CVE-2024-56763: tracing: Prevent bad count for tracingcpumaskwrite (bsc#1235638).
• CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941).
• CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914).
• CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim() (bsc#1235948).
• CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127).
• CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192).
• CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctpassociationinit() (bsc#1236182).
• CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247).
• CVE-2025-21652: ipvlan: Fix use-after-free in ipvlangetiflink() (bsc#1236160).
• CVE-2025-21653: netsched: clsflow: validate TCAFLOWRSHIFT attribute (bsc#1236161).
• CVE-2025-21655: iouring/eventfd: ensure ioeventfd_signal() defers another RCU period (bsc#1236163).
• CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260).
• CVE-2025-21664: dm thin: make getfirstthin use rcu-safe list first function (bsc#1236262).
• CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684).
• CVE-2025-21666: vsock: prevent null-ptr-deref in vsock*[hasdata|has_space] (bsc#1236680).
• CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681).
• CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682).
• CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683).
• CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685).
• CVE-2025-21673: smb: client: fix double free of TCPServerInfo::hostname (bsc#1236689).
• CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688).
• CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694).
• CVE-2025-21676: net: fec: handle pagepooldevallocpages error (bsc#1236696).
• CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698).
• CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702).
• CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703).

The following non-security bugs were fixed:

• ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
• ACPI: fan: cleanup resources in the error path of .probe() (git-fixes).
• ACPI: property: Fix return value for nval == 0 in acpidataprop_read() (git-fixes).
• ACPI: resource: acpidevirq_override(): Check DMI match last (stable-fixes).
• ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes).
• ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes).
• ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes).
• ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686).
• ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes).
• ALSA: seq: Make dependency on UMP clearer (git-fixes).
• ALSA: seq: remove redundant 'tristate' for SNDSEQUMP_CLIENT (stable-fixes).
• ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes).
• ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes).
• ASoC: Intel: avs: Abstract IPC handling (stable-fixes).
• ASoC: Intel: avs: Do not readq() u32 registers (git-fixes).
• ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes).
• ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes).
• ASoC: acp: Support microphone from Lenovo Go S (stable-fixes).
• ASoC: rockchip: i2stdm: Re-add the setsysclk callback (git-fixes).
• ASoC: samsung: Add missing depends on I2C (git-fixes).
• ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes).
• ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes).
• ASoC: wm8994: Add depends on MFD core (stable-fixes).
• Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes).
• Bluetooth: L2CAP: handle NULL sock pointer in l2capsockalloc (git-fixes).
• Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes).
• EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693).
• HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes).
• HID: fix generic desktop D-Pad controls (git-fixes).
• HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes).
• HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes).
• HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes).
• Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes).
• Input: bbnsm_pwrkey - add remove hook (git-fixes).
• Input: davinci-keyscan - remove leftover header (git-fixes).
• Input: xpad - add QH Electronics VID/PID (stable-fixes).
• Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes).
• Input: xpad - add support for Nacon Pro Compact (stable-fixes).
• Input: xpad - add support for wooting two he (arm) (stable-fixes).
• Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes).
• Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes).
• KVM: Allow page-sized MMU caches to be initialized with custom 64-bit values (jsc#PED-6143).
• KVM: x86/mmu: Add Suppress VE bit to EPT shadowmmiomask/shadowpresentmask (jsc#PED-6143).
• KVM: x86/mmu: Allow non-zero value for non-present SPTE and removed SPTE (jsc#PED-6143).
• KVM: x86/mmu: Replace hardcoded value 0 for the initial value for SPTE (jsc#PED-6143).
• KVM: x86/mmu: Track shadow MMIO value on a per-VM basis (jsc#PED-6143).
• NFC: nci: Add bounds checking in ncihcicreate_pipe() (git-fixes).
• NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes).
• NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes).
• PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes).
• PCI: dwc: Always stop link in the dwpciesuspend_noirq (git-fixes).
• PCI: dwc: ep: Prevent changing BAR size/flags in pciepcset_bar() (git-fixes).
• PCI: dwc: ep: Write BARMASK before iATU registers in pciepcsetbar() (git-fixes).
• PCI: endpoint: Destroy the EPC device in devmpciepc_destroy() (git-fixes).
• PCI: endpoint: Finish virtual EP removal in pciepfremove_vepf() (git-fixes).
• PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes).
• PCI: endpoint: pci-epf-test: Set dmachanrx pointer to NULL on error (git-fixes).
• PCI: imx6: Deassert appsreset in imxpciedeassertcore_reset() (git-fixes).
• PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes).
• PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes).
• PCI: rcar-ep: Fix incorrect variable used when calling devmrequestmem_region() (git-fixes).
• PM: hibernate: Add error handling for syscore_suspend() (git-fixes).
• RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes)
• RDMA/bnxtre: Fix to export port num to ibquery_qp (git-fixes)
• RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes)
• RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes)
• RDMA/mlx5: Fix implicit ODP use after free (git-fixes)
• RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes)
• RDMA/rxe: Fix mismatched maxmsgsz (git-fixes)
• RDMA/rxe: Fix the warning '_rxecleanup+0x12c/0x170 [rdma_rxe]' (git-fixes)
• RDMA/srp: Fix error handling in srpaddport (git-fixes)
• Remove 'iommu/arm-smmu: Defer probe of clients after smmu device bound', reverted by upstream.
• Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes).
• Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes).
• Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes).
• Revert 'Disable ceph'.
• USB: serial: quatech2: fix null-ptr-deref in qt2processread_urb() (git-fixes).
• VFS: use systemunboundwq for delayed_mntput (bsc#1234683).
• VMCI: fix reference to ioctl-number.rst (git-fixes).
• afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes).
• afs: Fix cleanup of immediately failed async calls (git-fixes).
• afs: Fix directory format encoding struct (git-fixes).
• afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes).
• arm64/sme: Move storage of regsmidr to _cpuinfostorecpu() (git-fixes)
• arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes)
• arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) Update arm64 default configuration file
• arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes)
• arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes)
• arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes)
• arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes)
• arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes)
• ata: libata-core: Set ATAQCFLAGRTFFILLED in fillresult_tf() (stable-fixes).
• bus: mhi: host: Free mhibuf vector inside mhiallocbhietable() (git-fixes).
• cpufreq: ACPI: Fix max-frequency computation (git-fixes).
• cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes).
• cpufreq: amd-pstate: remove global header file (git-fixes).
• cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes).
• cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes).
• cpufreq: intelpstate: Make hwpnotify_lock a raw spinlock (git-fixes).
• cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes).
• cpufreq: intelpstate: fix pstate limits enforcement for adjustperf call back (git-fixes).
• cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes).
• cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes).
• cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes).
• cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes).
• cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes).
• cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes).
• cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes).
• cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes).
• cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes).
• cpufreq: qcom: Fix qcomcpufreqhwrecalcrate() to query LUT if LMh IRQ is not available (git-fixes).
• cpufreq: qcom: Implement clkops::determinerate() for qcom_cpufreq* clocks (git-fixes).
• cpuidle: Avoid potential overflow in integer multiplication (git-fixes).
• cpupower: fix TSC MHz calculation (git-fixes).
• crypto: caam - use JobR's space to access page 0 regs (git-fixes).
• crypto: hisilicon/sec2 - fix for aead icv error (git-fixes).
• crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes).
• crypto: hisilicon/sec2 - optimize the error return process (stable-fixes).
• crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes).
• crypto: ixp4xx - fix OF node reference leaks in initixpcrypto() (git-fixes).
• crypto: qce - fix goto jump in error path (git-fixes).
• crypto: qce - fix priority to be less than ARMv8 CE (git-fixes).
• crypto: qce - unregister previously registered algos in error path (git-fixes).
• devcoredump: cleanup some comments (git-fixes).
• dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes).
• docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes).
• driver core: class: Fix wild pointer dereferences in API classdeviter_next() (git-fixes).
• drivers/cardreader/rtsxusb: Restore interrupt based detection (git-fixes).
• drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes).
• drm/amd/pm: Fix an error handling path in vega10enableseedcforcestallconfig() (git-fixes).
• drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes).
• drm/amdgpu: Fix potential NULL pointer dereference in atomctrlgetsmcsclkrange_table (git-fixes).
• drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes).
• drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759).
• drm/amdgpu: simplify return statement in amdgpuraseeprom_init (git-fixes).
• drm/amdgpu: tear down ttm range manager for doorbell in amdgputtmfini() (git-fixes).
• drm/bridge: it6505: Change definition of AUXFIFOMAX_SIZE (git-fixes).
• drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes).
• drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes).
• drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes).
• drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes).
• drm/i915/pmu: Fix zero delta busyness issue (git-fixes).
• drm/komeda: Add check for komedagetlayerfourcclist() (git-fixes).
• drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094)
• drm/msm/dp: set safetoexit_level before printing it (git-fixes).
• drm/msm/dpu: link DSPP2/3 blocks on SC8180X (git-fixes).
• drm/msm/dpu: link DSPP2/3 blocks on SM8150 (git-fixes).
• drm/msm/dpu: link DSPP2/3 blocks on SM8250 (git-fixes).
• drm/msm/dpu: link DSPP2/3 blocks on SM8350 (git-fixes).
• drm/msm/dpu: link DSPP2/3 blocks on SM8550 (git-fixes).
• drm/msm: Check return value of ofdmaconfigure() (git-fixes).
• drm/msm: do not clean up priv->kms prematurely (git-fixes).
• drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes).
• drm/rockchip: cdn-dp: Use drmconnectorhelperhpdirq_event() (git-fixes).
• drm/rockchip: move output interface related definition to rockchipdrmdrv.h (stable-fixes).
• drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes).
• drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes).
• drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes).
• drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes).
• drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes).
• drm/rockchip: vop2: include rockchipdrmdrv.h (git-fixes).
• drm/rockchip: vop2: set bg dly and prescan dly at vop2postconfig (stable-fixes).
• drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes).
• drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes).
• drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes).
• drm/v3d: Stop active perfmon if it is being destroyed (git-fixes).
• fbdev: omapfb: Fix an OF node leak in dssofportgetparent_device() (git-fixes).
• firmware: iscsiibft: fix ISCSIIBFT Kconfig entry (git-fixes).
• futex: Do not include process MM in futex key on no-MMU (git-fixes).
• genirq: Make handleenforceirqctx() unconditionally available (git-fixes).
• genksyms: fix memory leak when the same symbol is added from source (git-fixes).
• genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes).
• gfs2: Truncate address space when flipping GFS2DIFJDATA flag (git-fixes).
• gpio: mxc: remove dead code after switch to DT-only (git-fixes).
• gpio: pca953x: Improve interrupt support (git-fixes).
• gpu: drmdpcec: fix broken CEC adapter properties check (git-fixes).
• gtp: Use foreachnetdevrcu() in gtpgenldumppdp() (git-fixes).
• hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes).
• hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes).
• ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).
• iio: adc: adsigmadelta: Handle CS assertion as intended in adsdreadregraw() (git-fixes).
• iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes).
• iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes).
• intel_th: core: fix kernel-doc warnings (git-fixes).
• ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes).
• ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes).
• kconfig: fix file name in warnings when loading KCONFIGDEFCONFIGLIST (git-fixes).
• kheaders: Ignore silly-rename files (stable-fixes).
• ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes).
• ktest.pl: Check kernelrelease return in get_version (git-fixes).
• ktest.pl: Fix typo 'accesing' (git-fixes).
• ktest.pl: Fix typo in comment (git-fixes).
• ktest.pl: Remove unused declarations in runbisecttest function (git-fixes).
• ktest: force $buildonly = 1 for 'makewarningsfile' test type (stable-fixes).
• landlock: Handle weird files (git-fixes).
• latencytop: use correct kernel-doc format for func params (git-fixes).
• leds: lp8860: Write full EEPROM, not only half of it (git-fixes).
• leds: netxbig: Fix an OF node reference leak in netxbigledsgetofpdata() (git-fixes).
• lib/inflate.c: remove dead code (git-fixes).
• lockdep: fix deadlock issue between lockdep and rcu (git-fixes).
• locking/lockdep: Avoid creating new name string literals in lockdepsetsubclass() (git-fixes).
• locking/rwsem: Add _alwaysinline annotation to _downwrite_common() and inlined callers (git-fixes).
• mac802154: check local interfaces before deleting sdata list (stable-fixes).
• mailbox: tegra-hsp: Clear mailbox before using message (git-fixes).
• maple_tree: simplify split calculation (git-fixes).
• media: camif-core: Add check for clk_enable() (git-fixes).
• media: ccs: Clean up parsed CCS static data on parse failure (git-fixes).
• media: ccs: Fix CCS static data parsing for large block sizes (git-fixes).
• media: ccs: Fix cleanup order in ccs_probe() (git-fixes).
• media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035i2cmaster_xfer (git-fixes).
• media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes).
• media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes).
• media: i2c: imx412: Add missing newline to prints (git-fixes).
• media: i2c: ov9282: Correct the exposure offset (git-fixes).
• media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes).
• media: imx296: Add standby delay during probe (git-fixes).
• media: lmedm04: Handle errors for lme2510intread (git-fixes).
• media: marvell: Add check for clk_enable() (git-fixes).
• media: mc: fix endpoint iteration (git-fixes).
• media: mipi-csis: Add check for clk_enable() (git-fixes).
• media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes).
• media: ov08x40: Fix hblank out of range issue (git-fixes).
• media: ov5640: fix getlightfreq on auto (git-fixes).
• media: rc: iguanair: handle timeouts (git-fixes).
• media: rkisp1: Fix unused value issue (git-fixes).
• media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes).
• media: uvcvideo: Fix double free in error path (git-fixes).
• media: uvcvideo: Fix event flags in uvcctrlsend_events (git-fixes).
• media: uvcvideo: Only save async fh if success (git-fixes).
• media: uvcvideo: Propagate buf->error to userspace (git-fixes).
• media: uvcvideo: Remove dangling pointers (git-fixes).
• media: uvcvideo: Remove redundant NULL assignment (git-fixes).
• media: uvcvideo: Support partial control reads (git-fixes).
• memory: tegra20-emc: fix an OF node reference bug in tegraemcfindnodebyramcode() (git-fixes).
• misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes).
• misc: fastrpc: Fix copy buffer page size (git-fixes).
• misc: fastrpc: Fix registered buffer page address (git-fixes).
• misc: miscminoralloc to use ida for all dynamic/misc dynamic minors (git-fixes).
• mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)).
• mm/rodatatest: use READONCE() to read const variable (git-fixes).
• mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes)
• mtd: onenand: Fix uninitialized retlen in dootpread() (git-fixes).
• mtd: spinand: Remove writeenableop() in markbad() (git-fixes).
• net/rose: prevent integer overflows in rose_setsockopt() (git-fixes).
• net: mana: Add getlink and getlink_ksettings in ethtool (bsc#1236761).
• net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
• net: mana: Enable debugfs files for MANA device (bsc#1236758).
• net: netvsc: Update default VMBus channels (bsc#1236757).
• net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes).
• net: rose: fix timer races against user threads (git-fixes).
• net: usb: rtl8150: enable basic endpoint checking (git-fixes).
• netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454).
• nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes).
• nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes).
• nvme: Add error check for xastore in nvmegeteffectslog (git-fixes).
• nvme: Add error path for xastore in nvmeinit_effects (git-fixes).
• nvme: fix bogus kzalloc() return check in nvmeiniteffects_log() (git-fixes).
• nvmet: propagate npwg topology (git-fixes).
• padata: add pd get/put refcnt helper (git-fixes).
• padata: avoid UAF for reorder_work (git-fixes).
• padata: fix UAF in padata_reorder (git-fixes).
• pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes).
• pinctrl: samsung: fix fwnode refcount cleanup if platformgetirq_optional() fails (git-fixes).
• pm:cpupower: Add missing powercapsetenabled() stub function (git-fixes).
• power: ip5xxx_power: Fix return value on ADC read errors (git-fixes).
• powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199).
• pps: add an error check in parport_attach (git-fixes).
• pps: remove usage of the deprecated idasimplexx() API (stable-fixes).
• printk: Add isprintklegacy_deferred() (bsc#1236733).
• printk: Defer legacy printing when holding printkcpusync (bsc#1236733).
• pwm: stm32-lp: Add check for clk_enable() (git-fixes).
• pwm: stm32: Add check for clk_enable() (git-fixes).
• r8169: enable SG/TSO on selected chip versions per default (bsc#1235874).
• rcu-tasks: Pull sampling of ->percpudequeuelim out of loop (git-fixes)
• rcu/tree: Defer setting of jiffies during stall reset (git-fixes)
• rcu: Dump memory object info if callback function is invalid (git-fixes)
• rcu: Eliminate rcugpslow_unregister() false positive (git-fixes)
• rcuscale: Move rcuscalewriter() (git-fixes)
• rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes)
• regulator: core: Add missing newline character (git-fixes).
• regulator: of: Implement the unwind path of ofregulatormatch() (git-fixes).
• remoteproc: core: Fix ida_free call while not allocated (git-fixes).
• rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes).
• rtc: zynqmp: Fix optional clock name property (git-fixes).
• samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes).
• sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865).
• sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865).
• scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes).
• seccomp: Stub for !CONFIG_SECCOMP (stable-fixes).
• selftest: media_tests: fix trivial UAF typo (git-fixes).
• selftests/alsa: Fix circular dependency involving global-timer (stable-fixes).
• selftests/futex: pass GNUSOURCE without a value to the compiler (git-fixes).
• selftests/landlock: Fix error message (git-fixes).
• selftests/mm/cow: modify the incorrect checking parameters (git-fixes).
• selftests/powerpc: Fix argument order to timer_sub() (git-fixes).
• selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes).
• selftests: tc-testing: reduce rshift value (stable-fixes).
• selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes).
• selinux: Fix SCTP error inconsistency in selinuxsocketbind() (git-fixes).
• serial: 8250: Adjust the timeout for FIFO mode (git-fixes).
• serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes).
• serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes).
• serial: sh-sci: Drop _initdata macro for portcfg (git-fixes).
• soc: atmel: fix devicenode release in atmelsocdeviceinit() (git-fixes).
• soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes).
• soc: qcom: smem: introduce qcomsmemgetsocid() (git-fixes).
• soc: qcom: smemstate: fix missing ofnode_put in error path (git-fixes).
• soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes).
• soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes).
• spi: zynq-qspi: Add check for clk_enable() (git-fixes).
• srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes)
• srcu: Only accelerate on enqueue time (git-fixes)
• staging: media: imx: fix OF node leak in imxmediaaddofsubdevs() (git-fixes).
• staging: media: max96712: fix kernel oops when removing module (git-fixes).
• tools: Sync if_xdp.h uapi tooling header (git-fixes).
• tty: xilinx_uartps: split sysrq handling (git-fixes).
• ubifs: skip dumping tnc tree when zroot is null (git-fixes).
• uio: Fix return value of poll (git-fixes).
• uio: uiodmemgenirq: check the return value of devm_kasprintf() (git-fixes).
• usb: chipidea: cihdrcimx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes).
• usb: dwc3-am62: Fix an OF node leak in physysconpll_refclk() (git-fixes).
• usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes).
• usb: gadget: f_tcm: Do not free command immediately (git-fixes).
• usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes).
• usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes).
• usb: gadget: f_tcm: Translate error to sense (git-fixes).
• usb: gadget: ftcm: epautoconfig with fullspeed endpoint (git-fixes).
• usb: host: xhci-plat: Assign sharedhcd->rsrcstart (git-fixes).
• usb: typec: fix pm usage counter imbalance in ucsiccgsync_control() (bsc#1235001)
• usb: typec: tcpm: set SRCSENDCAPABILITIES timeout to PDTSENDER_RESPONSE (git-fixes).
• usbnet: ipheth: break up NCM header size computation (git-fixes).
• usbnet: ipheth: check that DPE points past NCM header (git-fixes).
• usbnet: ipheth: fix DPE OoB read (git-fixes).
• usbnet: ipheth: fix possible overflow in DPE length check (git-fixes).
• usbnet: ipheth: refactor NCM datagram loop (git-fixes).
• usbnet: ipheth: use static NDP16 location in URB (git-fixes).
• vfio/pci: Lock external INTx masking ops (bsc#1222803).
• virtio-mem: check if the config changed before fake offlining memory (git-fixes).
• virtio-mem: convert most offlineandremove_memory() errors to -EBUSY (git-fixes).
• virtio-mem: keep retrying on offlineandremove_memory() errors in Sub Block Mode (SBM) (git-fixes).
• virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes).
• vsock/virtio: cancel close work in the destructor (git-fixes)
• vsock: Keep the binding until socket destruction (git-fixes)
• vsock: reset socket state when de-assigning the transport (git-fixes)
• wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes).
• wifi: ath11k: cleanup struct ath11kmondata (git-fixes).
• wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes).
• wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes).
• wifi: cfg80211: adjust allocation of colocated AP data (git-fixes).
• wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes).
• wifi: mac80211: Fix common size calculation for ML element (git-fixes).
• wifi: mac80211: do not flush non-uploaded STAs (git-fixes).
• wifi: mac80211: fix tid removal during mesh forwarding (git-fixes).
• wifi: mac80211: prohibit deactivating all links (git-fixes).
• wifi: mt76: connac: move mt7615mcudelwtblall to connac (stable-fixes).
• wifi: mt76: mt76uvendorrequest: Do not print error messages when -EPROTO (git-fixes).
• wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes).
• wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes).
• wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes).
• wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes).
• wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes).
• wifi: mt76: mt7915: fix register mapping (git-fixes).
• wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes).
• wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes).
• wifi: mt76: mt7925: fix off by one in mt7925loadclc() (git-fixes).
• wifi: mt76: mt7996: add max mpdu len capability (git-fixes).
• wifi: mt76: mt7996: fix HE Phy capability (git-fixes).
• wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes).
• wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes).
• wifi: mt76: mt7996: fix ldpc setting (git-fixes).
• wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes).
• wifi: mt76: mt7996: fix register mapping (git-fixes).
• wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes).
• wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes).
• wifi: rtlwifi: destroy workqueue at rtldeinitcore (git-fixes).
• wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes).
• wifi: rtlwifi: fix initswvars leak when probe fails (git-fixes).
• wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes).
• wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes).
• wifi: rtlwifi: remove unused checkbuddypriv (git-fixes).
• wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes).
• wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes).
• wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes).
• wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes).
• wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes).
• wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes).
• wifi: wcn36xx: fix channel survey memory allocation size (git-fixes).
• wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes).
• workqueue: Add rcu lock check at the end of work item execution (bsc#1236732).
• xfs: Add error handling for xfsreflinkcancelcowrange (git-fixes).
• xfs: Propagate errors from xfsreflinkcancelcowrange in xfsdaxwriteiomapend (git-fixes).