SUSE-SU-2025:4505-1

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912).
• CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow() (bsc#1251786).
• CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888).
• CVE-2025-37916: pdscore: remove write-after-free of clientid (bsc#1243474).
• CVE-2025-38359: s390/mm: Fix inatomic() handling in dosecurestorageaccess() (bsc#1247076).
• CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079).
• CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCIUTRLNEXUS_TYPE (bsc#1249547).
• CVE-2025-39805: net: macb: fix unregisternetdev call order in macbremove() (bsc#1249982).
• CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176).
• CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptpocpwatchdog (bsc#1250252).
• CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2synctstamp() (bsc#1251120).
• CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063).
• CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue (bsc#1252303).
• CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681).
• CVE-2025-40027: net/9p: fix double req put in p9fdcancelled (bsc#1252763).
• CVE-2025-40030: pinctrl: check the return value of pinmuxops::getfunction_name() (bsc#1252773).
• CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817).
• CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
• CVE-2025-40048: uiohvgeneric: Let userspace take care of interrupt mask (bsc#1252862).
• CVE-2025-40055: ocfs2: fix double free in userclusterconnect() (bsc#1252821).
• CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809).
• CVE-2025-40064: smc: Fix use-after-free in _pnetfindbasendev() (bsc#1252845).
• CVE-2025-40070: pps: fix warning in ppsregistercdev when register device fail (bsc#1252836).
• CVE-2025-40074: ipv4: start using dstdevrcu() (bsc#1252794).
• CVE-2025-40075: tcpmetrics: use dstdevnetrcu() (bsc#1252795).
• CVE-2025-40083: net/sched: schqfq: Fix null-deref in aggdequeue (bsc#1252912).
• CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41getacpimutestate() (bsc#1252917).
• CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928).
• CVE-2025-40139: smc: Use _skdstget() and dstdevrcu() in in smcclcprfxset() (bsc#1253409).
• CVE-2025-40149: tls: Use _skdstget() and dstdevrcu() in getnetdevforsock() (bsc#1253355).
• CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403).
• CVE-2025-40168: smc: Use _skdstget() and dstdevrcu() in smcclcprfxmatch() (bsc#1253427).
• CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416).
• CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421).
• CVE-2025-40176: tls: wait for pending async decryptions if tlsstrpmsg_hold fails (bsc#1253425).
• CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).

The following non-security bugs were fixed:

• ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes).
• ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes).
• ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes).
• ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes).
• ACPI: SBS: Fix present test in acpibatteryread() (git-fixes).
• ACPI: property: Return present device nodes only on fwnode interface (stable-fixes).
• ACPI: scan: Add Intel CVS ACPI HIDs to acpiignoredep_ids (stable-fixes).
• ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes).
• ACPICA: dispatcher: Use acpidsclearoperands() in acpidscallcontrol_method() (stable-fixes).
• ALSA: hda: Fix missing pointer check in hdacomponentmanager_init function (git-fixes).
• ALSA: serial-generic: remove shared static buffer (stable-fixes).
• ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes).
• ALSA: usb-audio: Fix NULL pointer dereference in sndusbmixercontrolsbadd (git-fixes).
• ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes).
• ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes).
• ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
• ALSA: usb-audio: do not log messages meant for 1810c when initializing 1824c (git-fixes).
• ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes).
• ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes).
• ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
• ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes).
• ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes).
• ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xpbehwparamsfixup() (stable-fixes).
• ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes).
• ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes).
• Bluetooth: 6lowpan: Do not hold spin lock over sleeping functions (git-fixes).
• Bluetooth: 6lowpan: add missing l2capchanlock() (git-fixes).
• Bluetooth: 6lowpan: fix BDADDRLE vs ADDRLE_DEV address type confusion (git-fixes).
• Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes).
• Bluetooth: L2CAP: export l2capchanhold for modules (stable-fixes).
• Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes).
• Bluetooth: SCO: Fix UAF on scoconnfree (stable-fixes).
• Bluetooth: bcsp: receive data only if registered (stable-fixes).
• Bluetooth: btrtl: Fix memory leak in rtlbtparsefirmware_v2() (git-fixes).
• Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes).
• Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes).
• Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes).
• Documentation: ACPI: i2c-muxes: fix I2C device references (git-fixes).
• Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
• HID: amd_sfh: Stop sensor before starting (git-fixes).
• HID: hid-ntrig: Prevent memory leak in ntrigreportversion() (git-fixes).
• HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes).
• HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes).
• HID: uclogic: Fix potential memory leak in error path (git-fixes).
• Input: atmelmxtts - allow reset GPIO to sleep (stable-fixes).
• Input: imxsckey - fix memory corruption on unload (git-fixes).
• Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes).
• KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes).
• KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes).
• KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes).
• KVM: SVM: Emulate PERFCNTRGLOBALSTATUSSET for PerfMonV2 (git-fixes).
• KVM: SVM: Mark VMCBLBR dirty when MSRIA32_DEBUGCTLMSR is updated (git-fixes).
• KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes).
• KVM: SVM: Track per-vCPU IRTEs using kvmkernelirqfd structure (git-fixes).
• KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes).
• KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes).
• KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
• KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes).
• KVM: VMX: Preserve host's DEBUGCTLMSRFREEZEIN_SMM while running the guest (git-fixes).
• KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes).
• KVM: nVMX: Check vmcs12->guestia32debugctl on nested VM-Enter (git-fixes).
• KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes).
• KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes).
• KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes).
• KVM: x86: Do not treat ENTER and LEAVE as branches, because they are not (git-fixes).
• KVM: x86: Drop kvmx86ops.setdr6() in favor of a new KVMRUN flag (git-fixes).
• NFS4: Fix state renewals missing after boot (git-fixes).
• NFS: check if suid/sgid was cleared after a write as needed (git-fixes).
• NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes).
• NFSD: Skip close replay processing if XDR encoding fails (git-fixes).
• NFSD: free copynotify stateid in nfs4freeol_stateid() (git-fixes).
• NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes).
• NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
• PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes).
• PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes).
• PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
• PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes).
• PCI: dwc: Verify the single eDMA IRQ in dwpcieedmairqverify() (stable-fixes).
• PCI: j721e: Fix incorrect error message in probe() (git-fixes).
• PCI: rcar-host: Convert struct rcarmsi masklock into raw spinlock (git-fixes).
• PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes).
• RDMA/bnxt_re: Do not fail destroy QP and cleanup debugfs earlier (git-fixes).
• RDMA/bnxtre: Fix a potential memory leak in destroygsi_sqp (git-fixes).
• RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes).
• RDMA/hns: Fix the modification of maxsendsge (git-fixes).
• RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes).
• RDMA/irdma: Fix SD index calculation (git-fixes).
• RDMA/irdma: Set irdmacq cqnum field during CQ create (git-fixes).
• Revert 'drm/tegra: dsi: Clear enable register if powered by bootloader' (git-fixes).
• Revert 'wifi: ath10k: avoid unnecessary wait for service ready message' (git-fixes).
• accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes).
• accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes).
• accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes).
• accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes).
• acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes).
• amd/amdkfd: resolve a race in amdgpuamdkfddevicefinisw (stable-fixes).
• block: avoid possible overflow for chunksectors check in blkstack_limits() (git-fixes).
• block: fix kobject double initialization in add_disk (git-fixes).
• btrfs: abort transaction on failure to add link to inode (git-fixes).
• btrfs: avoid pagelockend underflow in btrfspunchholelock_range() (git-fix).
• btrfs: avoid using fixed char array size for tree names (git-fix).
• btrfs: do not update lastlogcommit when logging inode due to a new name (git-fixes).
• btrfs: fix COW handling in rundelallocnocow() (git-fix).
• btrfs: fix inode leak on failure to add link to inode (git-fixes).
• btrfs: make btrfscleardelalloc_extent() free delalloc reserve (git-fix).
• btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes).
• btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix).
• btrfs: rename err to ret in btrfs_link() (git-fixes).
• btrfs: run btrfserrorcommit_super() early (git-fix).
• btrfs: scrub: put bio after errors in scrubraid56parity_stripe() (git-fix).
• btrfs: scrub: put bio after errors in scrubraid56parity_stripe() (git-fixes).
• btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes).
• btrfs: set inode flag BTRFSINODECOPY_EVERYTHING when logging new name (git-fixes).
• btrfs: simplify error handling logic for btrfs_link() (git-fixes).
• btrfs: tree-checker: add dev extent item checks (git-fix).
• btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix).
• btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix).
• btrfs: tree-checker: reject BTRFSFTUNKNOWN dir type (git-fix).
• btrfs: tree-checker: validate dref root and objectid (git-fix).
• btrfs: use smpmbafteratomic() when forcing COW in creatependingsnapshot() (git-fixes).
• char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes).
• char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes).
• char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes).
• cramfs: Verify inode mode when loading from disk (git-fixes).
• crypto: aspeed - fix double free caused by devm (git-fixes).
• crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes).
• crypto: hisilicon/qm - Fix device reference leak in qmgetqos_value (git-fixes).
• crypto: iaa - Do not clobber req->base.data (git-fixes).
• crypto: qat - use kcalloc() in qatuclomapobjsfrom_mof() (stable-fixes).
• dmaengine: dw-edma: Set status for callback_result (stable-fixes).
• dmaengine: mvxor: match allocwc and free_wc (stable-fixes).
• drm/amd/display: Add AVI infoframe copy in copystreamupdatetostream (stable-fixes).
• drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
• drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
• drm/amd/display: Fix NULL deref in debugfs odmcombinesegments (git-fixes).
• drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
• drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes).
• drm/amd/display: add more cyan skillfish devices (stable-fixes).
• drm/amd/display: ensure committing streams is seamless (stable-fixes).
• drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes).
• drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes).
• drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
• drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
• drm/amd: Avoid evicting resources at S5 (stable-fixes).
• drm/amd: Fix suspend failure with secure display TA (git-fixes).
• drm/amd: add more cyan skillfish PCI ids (stable-fixes).
• drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes).
• drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes).
• drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes).
• drm/amdgpu: Use memduparrayuser in amdgpucswaitfencesioctl (stable-fixes).
• drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes).
• drm/amdgpu: do not enable SMU on cyan skillfish (stable-fixes).
• drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
• drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes).
• drm/amdkfd: Tie UNMAPLATENCY to queuepreemption (stable-fixes).
• drm/amdkfd: fix vram allocation failure for a special case (stable-fixes).
• drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes).
• drm/bridge: cdns-dsi: Do not fail on MIPIDSIMODEVIDEOBURST (stable-fixes).
• drm/bridge: cdns-dsi: Fix REGWAKEUPTIME value (stable-fixes).
• drm/bridge: display-connector: do not set OP_DETECT for DisplayPorts (stable-fixes).
• drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes).
• drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes).
• drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes).
• drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes).
• drm/msm: make sure to not queue up recovery more than once (stable-fixes).
• drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes).
• drm/sched: Fix deadlock in drmschedentitykilljobs_cb (git-fixes).
• drm/tegra: Add call to put_pid() (git-fixes).
• drm/tegra: dc: Fix reference leak in tegradccouple() (git-fixes).
• drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes).
• drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes).
• drm/vmwgfx: Validate command header size against SVGACMDMAX_DATASIZE (git-fixes).
• exfat: limit log print for IO error (git-fixes).
• extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes).
• extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes).
• fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes).
• fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes).
• fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes).
• fbdev: pvr2fb: Fix leftover reference to ONCHIPNRDMA_CHANNELS (stable-fixes).
• hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes).
• hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes).
• hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
• hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes).
• hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes).
• hwmon: sy7636a: add alias (stable-fixes).
• iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes).
• iio: adc: spearadc: mask SPEARADC_STATUS channel and avg sample before setting register (stable-fixes).
• ima: do not clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes).
• iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes).
• isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes).
• jfs: Verify inode mode when loading from disk (git-fixes).
• jfs: fix uninitialized waitqueue in transaction manager (git-fixes).
• kABI fix for KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes).
• kabi/severities: drop xfertoguestmodehandle_work.
• lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes).
• md/raid1: fix data lost for writemostly rdev (git-fixes).
• md: fix mssing blktrace bio split events (git-fixes).
• media: adv7180: Add missing lock in suspend callback (stable-fixes).
• media: adv7180: Do not write format to device in set_fmt (stable-fixes).
• media: adv7180: Only validate format in querystd (stable-fixes).
• media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes).
• media: fix uninitialized symbol warnings (stable-fixes).
• media: i2c: Kconfig: Ensure a dependency on HAVECLK for VIDEOCAMERA_SENSOR (stable-fixes).
• media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes).
• media: imon: make send_packet() more robust (stable-fixes).
• media: ov08x40: Fix the horizontal flip control (stable-fixes).
• media: redrat3: use int type to store negative error codes (stable-fixes).
• media: uvcvideo: Use heuristic to find stream entity (git-fixes).
• memstick: Add timeout to prevent indefinite waiting (stable-fixes).
• mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes).
• mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes).
• mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
• mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
• minixfs: Verify inode mode when loading from disk (git-fixes).
• mm/mminit: fix hash table order logging in alloclargesystemhash() (git-fixes).
• mm/secretmem: fix use-after-free race in fault handler (git-fixes).
• mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
• mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes).
• mmc: sdhci-of-dwcmshc: Change DLLSTRBINTAPNUM_DEFAULT to 0x4 (git-fixes).
• mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
• mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes).
• mtdchar: fix integer overflow in read/write ioctls (git-fixes).
• net/mana: fix warning in the writer of client oob (git-fixes).
• net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779).
• net: nfc: nci: Increase NCIDATATIMEOUT to 3000 ms (stable-fixes).
• net: phy: clear link parameters on admin link down (stable-fixes).
• net: phy: fixedphy: let fixedphyunregister free the phydevice (stable-fixes).
• net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes).
• net: tcp: send zero-window ACK when no memory (bsc#1253779).
• net: usb: qmiwwan: initialize MAC header offset in qmimuxrx_fixup (git-fixes).
• nfs4setupreaddir(): insufficient locking for ->dparent->dinode dereferencing (git-fixes).
• nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223).
• nfsd: fix return error codes for nfsdmapnametoid (bsc#1232223).
• nouveau/firmware: Add missing kfree() of nvkmfalconfw::boot (git-fixes).
• perf script: add --addr2line option (bsc#1247509).
• phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes).
• phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes).
• phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes).
• pinctrl: s32cc: fix uninitialized memory in s32pinctrldesc (git-fixes).
• pinctrl: s32cc: initialize gpiopinconfig::list after kmalloc() (git-fixes).
• pinctrl: single: fix bias pull up/down handling in pinconfigset (stable-fixes).
• platform/x86/intel/speedselectif: Convert PCIBIOS_* return codes to errnos (git-fixes).
• power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
• power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes).
• power: supply: sbs-charger: Support multiple devices (stable-fixes).
• powerpc: export MIN RMA size (bsc#1236743).
• powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743, bsc#1252269).
• regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes).
• rtc: rx8025: fix incorrect register reference (git-fixes).
• s390/mm,fault: simplify kfence fault handling (bsc#1247076).
• scsi: Fix sasuserscan() to handle wildcard and multi-channel scans (git-fixes).
• scsi: aacraid: Stop using PCIIRQAFFINITY (git-fixes).
• scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes).
• scsi: hpsa: Fix potential memory leak in hpsabigpassthru_ioctl() (git-fixes).
• scsi: libfc: Prevent integer overflow in fcfcprecv_data() (git-fixes).
• scsi: mpi3mr: Correctly handle ATA device errors (git-fixes).
• scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes).
• scsi: mpt3sas: Correctly handle ATA device errors (git-fixes).
• scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes).
• scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes).
• scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
• selftests/bpf: Close fd in error path in droponreuseport (git-fixes).
• selftests/bpf: Close obj in error path in xdpadjusttail (git-fixes).
• selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes).
• selftests/bpf: Fix missing BUILDBUGON() declaration (git-fixes).
• selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes).
• selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
• selftests/bpf: Mitigate sockmapktls disconnectafter_delete failure (git-fixes).
• selftests/bpf: Use pidt consistently in testprogs.c (git-fixes).
• selftests/bpf: fix signedness bug in redir_partial() (git-fixes).
• serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes).
• serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes).
• soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes).
• soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
• soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes).
• spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
• spi: loopback-test: Do not use %pK through printk (stable-fixes).
• spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
• strparser: Fix signed/unsigned mismatch bug (git-fixes).
• tcpbpf: Call skmsgfree() when tcpbpfsendverdict() fails to allocate psock->cork (bsc#1250705).
• thunderbolt: Use ispciehp instead of ishotplug_bridge (stable-fixes).
• tools/cpupower: Fix incorrect size in cpuidlestatedisable() (stable-fixes).
• tools/cpupower: fix error return value in cpupowerwritesysfs() (stable-fixes).
• tools/power x86energyperf_policy: Enhance HWP enable (stable-fixes).
• tools/power x86energyperf_policy: Fix incorrect fopen mode usage (stable-fixes).
• tools/power x86energyperf_policy: Prefer driver HWP limits (stable-fixes).
• tools: lib: thermal: do not preserve owner in install (stable-fixes).
• tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes).
• uiohvgeneric: Query the ringbuffer size for device (git-fixes).
• usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
• usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes).
• usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes).
• usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes).
• usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes).
• usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes).
• usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes).
• video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes).
• watchdog: s3c2410wdt: Fix maxtimeout being calculated larger (stable-fixes).
• wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
• wifi: ath11k: zero init info->status in wmiprocessmgmttxcomp() (git-fixes).
• wifi: ath12k: Increase DPREOCMDRINGSIZE to 256 (stable-fixes).
• wifi: mac80211: Fix HE capabilities element check (stable-fixes).
• wifi: mac80211: reject address change while connecting (git-fixes).
• wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes).
• wifi: mac80211hwsim: Limit destroyon_close radio removal to netgroup (git-fixes).
• wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes).
• wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
• wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes).
• wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes).
• wifi: zd1211rw: fix potential memory leak in _zdusbenablerx() (git-fixes).
• x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
• x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
• x86/CPU/AMD: Add missing terminator for zen5rdseedmicrocode (git-fixes).
• x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
• x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
• x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
• x86/bugs: Report correct retbleed mitigation status (git-fixes).
• x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
• xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes).
• xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes).
• xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes).
• xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes).
• xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes).