SUSE-SU-2026:21114-1

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).
• CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare (bsc#1249998).
• CVE-2025-39998: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow (bsc#1252073).
• CVE-2025-40201: kernel/sys.c: fix the racy usage of tasklock(tsk->groupleader) in sys_prlimit64() paths (bsc#1253455).
• CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
• CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
• CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
• CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865).
• CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889).
• CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchipusb2phyprobe() (bsc#1257561).
• CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
• CVE-2026-23069: vsock/virtio: fix potential underflow in virtiotransportget_credit() (bsc#1257755).
• CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
• CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
• CVE-2026-23120: l2tp: avoid one data-race in l2tptunneldel_work() (bsc#1258280).
• CVE-2026-23125: sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT (bsc#1258293).
• CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
• CVE-2026-23140: bpf, testrun: Subtract size of xdpframe from allowed metadata size (bsc#1258305).
• CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
• CVE-2026-23169: mptcp: fix race in mptcppmnlflushaddrs_doit() (bsc#1258389).
• CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
• CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount() (bsc#1258414).
• CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
• CVE-2026-23204: net/sched: clsu32: use skbheaderpointercareful() (bsc#1258340).
• CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount() (bsc#1258447).
• CVE-2026-23231: netfilter: nftables: fix use-after-free in nftables_addchain() (bsc#1259188).
• CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
• CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumad_write (bsc#1259797).
• CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
• CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
• CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
• CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
• CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
• CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
• CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
• CVE-2026-23281: wifi: libertas: fix use-after-free in lbsfreeadapter() (bsc#1260464).
• CVE-2026-23292: scsi: target: Fix recursive locking in __configfsopenfile() (bsc#1260500).
• CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
• CVE-2026-23304: ipv6: fix NULL pointer deref in ip6rtgetdevrcu() (bsc#1260544).
• CVE-2026-23317: drm/vmwgfx: Return the correct value in vmwtranslateptr functions (bsc#1260562).
• CVE-2026-23319: bpf: Fix a UAF issue in bpftrampolinelinkcgroupshim (bsc#1260735).
• CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdmacreateuser_ah() (bsc#1260550).
• CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
• CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
• CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
• CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
• CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
• CVE-2026-23386: gve: fix incorrect buffer cleanup in gvetxcleanpendingpackets for QPL (bsc#1260799).
• CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONN_REQ (bsc#1260580).
• CVE-2026-23398: icmp: fix NULL pointer dereference in icmptagvalidation() (bsc#1260730).
• CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412).
• CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
• CVE-2026-23414: tls: Purge asynchold in tlsdecryptasyncwait() (bsc#1261496).
• CVE-2026-23419: net/rds: Fix circular locking dependency in rdstcptune (bsc#1261507).
• CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).

The following non-security bugs were fixed:

• ACPI: EC: clean up handlers on probe failure in acpiecsetup() (git-fixes).
• ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).
• ACPI: OSL: fix __iomem type on return from acpiosmapgenericaddress() (git-fixes).
• ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).
• ACPI: processor: Fix previous acpiprocessorerrata_piix4() fix (git-fixes).
• ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).
• ALSA: firewire-lib: fix uninitialized local variable (git-fixes).
• ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).
• ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes).
• ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).
• ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).
• ALSA: hda: cs35l56: Fix signedness error in cs35l56hdaposture_put() (git-fixes).
• ALSA: pci: hda: use sndkcontrolchip() (stable-fixes).
• ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain() (git-fixes).
• ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes).
• ASoC: Intel: catpt: Fix the device initialization (git-fixes).
• ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes).
• ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).
• ASoC: adau1372: Fix unchecked clkprepareenable() return value (git-fixes).
• ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes).
• ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes).
• ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).
• ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).
• ASoC: detect empty DMI strings (git-fixes).
• ASoC: ep93xx: Fix unchecked clkprepareenable() and add rollback on failure (git-fixes).
• ASoC: fsleasrc: Fix event generation in fsleasrciec958put_bits() (stable-fixes).
• ASoC: fsleasrc: Fix event generation in fsleasrciec958set_reg() (stable-fixes).
• ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes).
• ASoC: soc-core: drop delayedworkpending() check before flush (git-fixes).
• ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes).
• Bluetooth: HIDP: Fix possible UAF (git-fixes).
• Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes).
• Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockready_cb (git-fixes).
• Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).
• Bluetooth: L2CAP: Fix type confusion in l2capecredreconf_rsp() (git-fixes).
• Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser (git-fixes).
• Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access (git-fixes).
• Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddata_rcv() (git-fixes).
• Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git-fixes).
• Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes).
• Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitor_complete (git-fixes).
• Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).
• Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).
• Bluetooth: Remove 3 repeated macro definitions (stable-fixes).
• Bluetooth: SCO: Fix use-after-free in scorecvframe() due to missing sock_hold (git-fixes).
• Bluetooth: SCO: fix race conditions in scosockconnect() (git-fixes).
• Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes).
• Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes).
• Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).
• Bluetooth: btintel: serialize btintelhwerror() with hcireqsync_lock (git-fixes).
• Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).
• Bluetooth: hcievent: fix potential UAF in hcileremoteconnparamreq_evt (git-fixes).
• Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).
• Bluetooth: hcisync: Fix hcilecreateconn_sync (git-fixes).
• Bluetooth: hcisync: Remove remaining dependencies of hcirequest (stable-fixes).
• Bluetooth: hcisync: call destroy in hcicmdsyncrun if immediate (git-fixes).
• Drivers: hv: fix missing kernel-doc description for 'size' in requestarrinit() (git-fixes).
• Drivers: hv: remove stale comment (git-fixes).
• Drivers: hv: vmbus: Clean up sscanf format specifier in targetcpustore() (git-fixes).
• Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
• Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
• HID: Add HIDCLAIMEDINPUT guards in raw_event callbacks missing them (stable-fixes).
• HID: apple: avoid memory leak in applereportfixup() (stable-fixes).
• HID: asus: avoid memory leak in asusreportfixup() (stable-fixes).
• HID: magicmouse: avoid memory leak in magicmousereportfixup() (stable-fixes).
• HID: mcp2221: cancel last I2C command on read error (stable-fixes).
• Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).
• KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
• NFC: nxp-nci: allow GPIOs to sleep (git-fixes).
• NFC: pn533: bound the UART receive buffer (git-fixes).
• PCI: Update BAR # and window messages (stable-fixes).
• PCI: hv: Correct a comment (git-fixes).
• PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
• PCI: hv: Remove unused field pcibus in struct hvpcibus_device (git-fixes).
• PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
• PM: runtime: Fix a race condition related to device removal (git-fixes).
• RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
• RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
• RDMA/mana_ib: Add device statistics support (git-fixes).
• RDMA/mana_ib: Add device-memory support (git-fixes).
• RDMA/mana_ib: Add port statistics support (git-fixes).
• RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
• RDMA/manaib: Add support of manaib for RNIC and ETH nic (git-fixes).
• RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
• RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
• RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
• RDMA/mana_ib: Create and destroy RC QP (git-fixes).
• RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
• RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
• RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
• RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
• RDMA/mana_ib: Extend modify QP (git-fixes).
• RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
• RDMA/mana_ib: Fix error code in probe() (git-fixes).
• RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
• RDMA/mana_ib: Fix missing ret value (git-fixes).
• RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
• RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
• RDMA/mana_ib: Implement port parameters (git-fixes).
• RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
• RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
• RDMA/manaib: Introduce manaibgetnetdev helper function (git-fixes).
• RDMA/manaib: Introduce manaibinstallcq_cb helper function (git-fixes).
• RDMA/manaib: Introduce mdevto_gc helper function (git-fixes).
• RDMA/mana_ib: Modify QP state (git-fixes).
• RDMA/manaib: Process QP error events in manaib (git-fixes).
• RDMA/manaib: Query featureflags bitmask from FW (git-fixes).
• RDMA/mana_ib: Set correct device into ib (git-fixes).
• RDMA/mana_ib: Take CQ type from the device type (git-fixes).
• RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
• RDMA/mana_ib: UD/GSI work requests (git-fixes).
• RDMA/manaib: Use numcompvectors of ibdevice (git-fixes).
• RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
• RDMA/manaib: Use struct manaib_queue for CQs (git-fixes).
• RDMA/manaib: Use struct manaib_queue for RAW QPs (git-fixes).
• RDMA/manaib: Use struct manaib_queue for WQs (git-fixes).
• RDMA/mana_ib: add additional port counters (bsc#1251135).
• RDMA/mana_ib: add support of multiple ports (bsc#1251135).
• RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
• RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
• RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
• RDMA/mana_ib: create kernel-level CQs (git-fixes).
• RDMA/mana_ib: create/destroy AH (git-fixes).
• RDMA/mana_ib: extend mana QP table (git-fixes).
• RDMA/mana_ib: extend query device (git-fixes).
• RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
• RDMA/manaib: implement getdma_mr (git-fixes).
• RDMA/manaib: implement reqnotify_cq (git-fixes).
• RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
• RDMA/mana_ib: indicate CM support (git-fixes).
• RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
• RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
• RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
• RDMA/mana_ib: request error CQEs when supported (git-fixes).
• RDMA/manaib: set nodeguid (git-fixes).
• RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
• RDMA/manaib: unify manaib functions to support any gdma device (git-fixes).
• Remove "scsi: Fix sasuserscan() to handle wildcard and multi-channel scans" changes (bsc#1257506).
• USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).
• USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).
• USB: dummy-hcd: Fix locking/synchronization error (git-fixes).
• USB: ezcap401 needs USBQUIRKNO_BOS to function on 10gbs usb speed (stable-fixes).
• USB: serial: f81232: fix incomplete serial port generation (stable-fixes).
• USB: usbcore: Introduce usbbulkmsg_killable() (git-fixes).
• USB: usbtmc: Use usbbulkmsg_killable() with user-specified timeouts (git-fixes).
• accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).
• apparmor: Fix double free of nsname in aareplace_profiles() (bsc#1258849).
• apparmor: fix differential encoding verification (bsc#1258849).
• apparmor: fix memory leak in verify_header (bsc#1258849).
• apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
• apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
• apparmor: fix race on rawdata dereference (bsc#1258849).
• apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
• apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
• apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
• apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
• apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
• batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes).
• bonding: do not set usable_slaves for broadcast mode (git-fixes).
• btrfs: fix zero size inode with non-zero size after log replay (git-fixes).
• btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes).
• btrfs: tracepoints: get correct superblock from dentry in event btrfssyncfile() (bsc#1257777).
• can: bcm: fix locking for bcm_op runtime updates (git-fixes).
• can: emsusb: emsusbreadbulk_callback(): check the proper length of a message (git-fixes).
• can: gw: fix OOB heap access in cgwcsumcrc8_rel() (git-fixes).
• can: hi311x: hi3110open(): add check for hi3110power_enable() return value (git-fixes).
• can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).
• can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes).
• can: ucan: Fix infinite loop from zero-length messages (git-fixes).
• can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes).
• comedi: Reinit dev->spinlock between attachments to low-level drivers (git-fixes).
• comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).
• comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).
• comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).
• crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).
• crypto: caam - fix DMA corruption on long hmac keys (git-fixes).
• crypto: caam - fix overflow on long hmac keys (git-fixes).
• dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).
• dmaengine: idxd: Fix leaking event log memory (git-fixes).
• dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).
• dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).
• dmaengine: idxd: Remove usage of the deprecated idasimplexx() API (stable-fixes).
• dmaengine: idxd: fix possible wrong descriptor completion in llistabortdesc() (git-fixes).
• dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
• dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).
• dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).
• dmaengine: xilinx: xilinxdma: Fix dmadevice directions (git-fixes).
• dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes).
• dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).
• drm/amd/display: Add pixelclock to amdppdisplayconfiguration (stable-fixes).
• drm/amd/display: Fix DisplayID not-found handling in parseediddisplayid_vrr() (git-fixes).
• drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).
• drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).
• drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).
• drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).
• drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).
• drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).
• drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).
• drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmit_ib (git-fixes).
• drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).
• drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes).
• drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).
• drm/ast: dp501: Fix initialization of SCU2C (git-fixes).
• drm/bridge: ti-sn65dsi83: fix CHADSICLK_RANGE rounding (git-fixes).
• drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes).
• drm/i915/dp: Use crtcstate->enhancedframing properly on ivb/hsw CPU eDP (git-fixes).
• drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).
• drm/i915/gt: Check setdefaultsubmission() before deferencing (git-fixes).
• drm/ioc32: stop speculation on the drmcompatioctl path (git-fixes).
• drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes).
• drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes).
• drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).
• drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes).
• drm/sched: Fix kernel-doc warning for drmschedjob_done() (git-fixes).
• drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes).
• firmware: armscpi: Fix devicenode reference leak in probe path (git-fixes).
• gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).
• hv/hvkvpdaemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
• hv/hvkvpdaemon: Pass NIC name to hvgetdns_info as well (git-fixes).
• hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes).
• hwmon: (axi-fan-control) Make use of deverrprobe() (stable-fixes).
• hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).
• hwmon: (it87) Check the it87_lock() return value (git-fixes).
• hwmon: (occ) Fix division by zero in occshowpower_1() (git-fixes).
• hwmon: (occ) Fix missing newline in occshowextended() (git-fixes).
• hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes).
• hwmon: (peci/cputemp) Fix off-by-one in cputempisvisible() (git-fixes).
• hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes).
• hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes).
• hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes).
• hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes).
• hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes).
• hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes).
• i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).
• i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).
• i2c: fsi: Fix a potential leak in fsii2cprobe() (git-fixes).
• i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).
• idpf: nullify pointers after they are freed (git-fixes).
• iio: accel: fix ADXL355 temperature signature value (git-fixes).
• iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).
• iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes).
• iio: chemical: sps30i2c: fix buffer size in sps30i2creadmeas() (git-fixes).
• iio: chemical: sps30serial: fix buffer size in sps30serialreadmeas() (git-fixes).
• iio: dac: ad5770r: fix error return in ad5770rreadraw() (git-fixes).
• iio: dac: ds4424: reject -128 RAW value (git-fixes).
• iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).
• iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).
• iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).
• iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).
• iio: gyro: mpu3050: Fix irq resource leak (git-fixes).
• iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).
• iio: gyro: mpu3050: Move iiodeviceregister() to correct location (git-fixes).
• iio: imu: bmi160: Remove potential undefined behavior in bmi160configpin() (git-fixes).
• iio: imu: bno055: fix BNO055SCANCH_COUNT off by one (git-fixes).
• iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).
• iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes).
• iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).
• iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes).
• media: mc, v4l2: serialize REINIT and REQBUFS with reqqueuemutex (git-fixes).
• media: tegra-video: Use accessors for pad config 'try_*' fields (stable-fixes).
• mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes).
• mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).
• mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes).
• mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).
• misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes).
• mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).
• mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).
• mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).
• mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).
• mtd: rawnand: cadence: Fix error check for dmaalloccoherent() in cadencenandinit() (git-fixes).
• mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).
• mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes).
• mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes).
• mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes).
• net/mana: Null service_wq on setup error to prevent double destroy (git-fix).
• net/mlx5: Fix crash when moving to switchdev mode (git-fixes).
• net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect (git-fixes).
• net/x25: Fix overflow when accumulating packets (git-fixes).
• net/x25: Fix potential double free of skb (git-fixes).
• net: mana: Add metadata support for xdp mode (git-fixes).
• net: mana: Add standard counter rxmissederrors (git-fixes).
• net: mana: Add support for auxiliary device servicing events (bsc#1251971).
• net: mana: Change the function signature of managetprimarynetdevrcu (bsc#1256690).
• net: mana: Drop TX skb on postworkrequest failure and unmap resources (git-fixes).
• net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
• net: mana: Fix use-after-free in reset service rescan path (git-fixes).
• net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
• net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
• net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
• net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
• net: mana: Handle unsupported HWC commands (git-fixes).
• net: mana: Implement ndotxtimeout and serialize queue resets per port (bsc#1257472).
• net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
• net: mana: Probe rdma device in mana driver (git-fixes).
• net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
• net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
• net: mana: Support HW link state events (bsc#1253049).
• net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
• net: mana: Use manacleanupport_context() for rxq cleanup (git-fixes).
• net: mana: fix spelling for managdderegiser_irq() (git-fixes).
• net: mana: fix use-after-free in add_adev() error path (git-fixes).
• net: mana: use ethtool string helpers (git-fixes).
• net: nfc: nci: Fix zero-length proprietary notifications (git-fixes).
• net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).
• net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).
• net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).
• net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes).
• net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes).
• net: usb: pegasus: validate USB endpoints (stable-fixes).
• nfc: nci: clear NCIDATAEXCHANGE before calling completion callback (git-fixes).
• nfc: nci: fix circular locking dependency in nciclosedevice (git-fixes).
• nfc: nci: free skb on nci_transceive early error paths (git-fixes).
• nfc: rawsock: cancel tx_work before socket teardown (git-fixes).
• nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes).
• phy: ti: j721e-wiz: Fix device node reference leak in wizgetlanephytypes() (git-fixes).
• pinctrl: equilibrium: fix warning trace on load (git-fixes).
• pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).
• pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes).
• pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).
• platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes).
• platform/x86: ISST: Correct locked bit width (git-fixes).
• platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git-fixes).
• platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).
• platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmivgbsallow_list (stable-fixes).
• platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes).
• platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes).
• qmiwwan: allow maxmtu above hardmtu to control rxurb_size (git-fixes).
• regmap: Synchronize cache for the page selector (git-fixes).
• regulator: pca9450: Correct interrupt type (git-fixes).
• regulator: pca9450: Make IRQ optional (stable-fixes).
• remoteproc: sysmon: Correct subsysnamelen type in QMI request (git-fixes).
• rename Hyper-v patch files to simplify further SP6-SP7 merges
• s390: Disable ARCHWANTOPTIMIZEHUGETLBVMEMMAP (bsc#1254306).
• scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832).
• scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
• scsi: storvsc: Remove redundant ternary operators (git-fixes).
• selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669).
• selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669).
• selftests/powerpc: make sub-folders buildable on their own (bsc#1261669).
• serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes).
• serial: 8250: Fix TX deadlock when using DMA (git-fixes).
• serial: 8250_pci: add support for the AX99100 (stable-fixes).
• serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).
• soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes).
• soc: fsl: qbman: fix race condition in qmandestroyfq (git-fixes).
• spi: fix statistics allocation (git-fixes).
• spi: fix use-after-free on controller registration failure (git-fixes).
• spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).
• staging: rtl8723bs: properly validate the data in rtwgetie_ex() (stable-fixes).
• tg3: Fix race for querying speed/duplex (bsc#1257183).
• thunderbolt: Fix property read in nhiwakesupported() (git-fixes).
• tools/hv: add a .gitignore file (git-fixes).
• tools/hv: reduce resouce usage in hvgetdns_info helper (git-fixes).
• tools/hv: reduce resource usage in hvkvpdaemon (git-fixes).
• tools: hv: Enable debug logs for hvkvpdaemon (git-fixes).
• tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
• usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).
• usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).
• usb: cdns3: call cdnspowerislost() only once in cdnsresume() (stable-fixes).
• usb: cdns3: fix role switching during resume (git-fixes).
• usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).
• usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes).
• usb: cdns3: remove redundant if branch (stable-fixes).
• usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).
• usb: core: do not power off roothub PHYs if physetmode() fails (git-fixes).
• usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop() (git-fixes).
• usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).
• usb: ehci-brcm: fix sleep during atomic (git-fixes).
• usb: gadget: fmassstorage: Fix potential integer overflow in checkcommandsizeinblocks() (git-fixes).
• usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).
• usb: gadget: fsubset: Fix unbalanced refcnt in gethfree (git-fixes).
• usb: gadget: uether: Fix race between getherdisconnect and eth_stop (git-fixes).
• usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes).
• usb: image: mdc800: kill download URB on timeout (stable-fixes).
• usb: mdc800: handle signal and read racing (stable-fixes).
• usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes).
• usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes).
• usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes).
• usb: ulpi: fix double free in ulpiregisterinterface() error path (git-fixes).
• usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).
• usb: xhci: Fix memory leak in xhcidisableslot() (git-fixes).
• usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes).
• usb: yurex: fix race in probe (stable-fixes).
• wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdev_down (git-fixes).
• wifi: cw1200: Fix locking in error paths (git-fixes).
• wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwlmvmndmatchinfo_handler() (git-fixes).
• wifi: mac80211: Fix staticbranchdec() underflow for aql_disable (git-fixes).
• wifi: mac80211: fix NULL deref in meshmatcheslocal() (git-fixes).
• wifi: mac80211: set default WMM parameters on all links (stable-fixes).
• wifi: mt76: Fix possible oob access in mt76connac2macwritetxwi_80211() (git-fixes).
• wifi: mt76: mt7925: Fix possible oob access in mt7925macwritetxwi80211() (git-fixes).
• wifi: mt76: mt7996: Fix possible oob access in mt7996macwritetxwi80211() (git-fixes).
• wifi: rsi: Do not default to -EOPNOTSUPP in rsimac80211config (git-fixes).
• wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes).
• wifi: wlcore: Fix a locking bug (git-fixes).
• wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes).
• x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
• xen/privcmd: unregister xenstore notifier on module exit (git-fixes).