Stay Vigilant with Timely Linux Security Advisories

security advisorykernel updatesystem reliability

Oracle Linux 9 ELSA-2025-20320 critical update: Kernel Changes

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-20320 http://linux.oracle.com/errata/ELSA-2025-20320.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-container-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-core-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-308.179.6.el9uek.noarch.rpm kernel-uek-modules-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek64k-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek64k-core-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek64k-modules-5.15.0-308.179.6.el9uek.aarch64.rpm kernel-uek64k-modules-extra-5.15.0-308.179.6.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-308.179.6.el9uek.src.rpm Related CVEs: CVE-2024-25742 CVE-2024-25743 CVE-2024-25744 CVE-2024-56583 Description of changes: [5.15.0-308.179.6.el9uek] - net: bridge: IP defragmentation failing for jumboframes (Venkat Venkatsubra) [Orabug: 37847171] - uek-rpm: remove .el9 from shim version (Samasth Norway Ananda) [Orabug: 37834731] - RDS: avoid using offlined CPU during reconnect (Arumugam Kolappan) [Orabug: 37783021] - net/mlx5e: Rely on reqid in IPsec tunnel mode (Leon Romanovsky) [Orabug: 37710815] - net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (Leon Romanovsky) [Orabug: 37710815] - net/mlx5: Clear port selectstructure when fail to create (Mark Zhang) [Orabug: 37710815] - net/mlx5: SF, Fix add port error handling (Chris Mi) [Orabug: 37710815] - net/mlx5: Fix variable not being completed when function returns (Chenguang Zhao) [Orabug: 37710815] - net/mlx5e: Keep netdev when leave switchdev for devlink set legacy only (Jianbo Liu) [Orabug: 37710815] - net/mlx5e: Skip restore TC rules for vport rep without loaded flag (Jianbo Liu) [Orabug: 37710815] - net/mlx5e: macsec: Maintain TX SA from encoding_sa (Dragos Tatulea) [Orabug: 37710815] - net/mlx5e: Remove workaround to avoid syndrome for internal port (Jianbo Liu) [Orabug: 37710815] - net/mlx5e: SD, Use correct mdev to build channel param (Tariq Toukan) [Orabug: 37710815] - mlxsw: spectrum_acl_flex_keys: Use correct key block on Spectrum-4 (Ido Schimmel) [Orabug: 37710815] - net/mlx5e: clear xdp features on non-uplink representors (William Tu) [Orabug: 37710815] - net/mlx5: Fix msix vectors to respect platform limit (Parav Pandit) [Orabug: 37710815] - mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (Ido Schimmel) [Orabug: 37710815] - mlxsw: spectrum_ptp: Add missing verification before pushing Tx header (Amit Cohen) [Orabug: 37710815] - net/mlx5e: Don't call cleanup on profile rollback failure (Cosmin Ratiu) [Orabug: 37710815] - net/mlx5: Fix command bitmask initialization (Shay Drory) [Orabug: 37710815] - net/mlx5: Check for invalid vector index on EQ creation (Maher Sanalla) [Orabug: 37710815] - mlxsw: spectrum_acl_flex_keys: Constify struct mlxsw_afk_element_inst (Christophe JAILLET) [Orabug: 37710815] - net: Fix netns for ip_tunnel_init_flow() (Xiao Liang) [Orabug: 37710815] - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (Ido Schimmel) [Orabug: 37710815] - ip_tunnel: annotate data-races around t-> parms.link (Eric Dumazet) [Orabug: 37710815] - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (Ido Schimmel) [Orabug: 37710815] - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev()(Ido Schimmel) [Orabug: 37710815] - net/mlx5e: SHAMPO, Fix overflow of hd_per_wq (Dragos Tatulea) [Orabug: 37710815] - net/mlx5e: SHAMPO, Increase timeout to improve latency (Dragos Tatulea) [Orabug: 37710815] - net/mlx5: Verify support for scheduling element and TSAR type (Carolina Jubran) [Orabug: 37710815] - net/mlx5e: Enable remove flow for hard packet limit (Jianbo Liu) [Orabug: 37710815] - net/mlx5: Use set number of max EQs (Daniel Jurgens) [Orabug: 37710815] - net/mlx5: IFC updates for SF max IO EQs (Daniel Jurgens) [Orabug: 37710815] - net/mlx5e: Approximate IPsec per-SA payload data bytes count (Leon Romanovsky) [Orabug: 37710815] - net/mlx5e: Present succeeded IPsec SA bytes and packet (Leon Romanovsky) [Orabug: 37710815] - net/mlx5: Use max_num_eqs_24b capability if set (Daniel Jurgens) [Orabug: 37710815] - net/mlx5: IFC updates for changing max EQs (Daniel Jurgens) [Orabug: 37710815] - net/mlx5: Correct TASR typo into TSAR (Cosmin Ratiu) [Orabug: 37710815] - net/mlx5e: SHAMPO, Re-enable HW-GRO (Yoray Zack) [Orabug: 37710815] - net/mlx5e: SHAMPO, Use KSMs instead of KLMs (Yoray Zack) [Orabug: 37710815] - net/mlx5e: Fix netif state handling (Shay Drory) [Orabug: 37710815] - net/mlx5e: RSS, Block XOR hash with over 128 channels (Carolina Jubran) [Orabug: 37710815] - net/mlx5: Support matching on l4_type for ttc_table (Jianbo Liu) [Orabug: 37710815] - net/mlx5: Enable SD feature (Tariq Toukan) [Orabug: 37710815] - net/mlx5e: Block TLS device offload on combined SD netdev (Tariq Toukan) [Orabug: 37710815] - net/mlx5e: Support per-mdev queue counter (Tariq Toukan) [Orabug: 37710815] - net/mlx5e: Support cross-vhca RSS (Tariq Toukan) [Orabug: 37710815] - net/mlx5e: Let channels be SD-aware (Tariq Toukan) [Orabug: 37710815] - net/mlx5e: Connect mlx5 IPsec statistics with XFRM core (Leon Romanovsky) [Orabug: 37710815] - xfrm: get global statistics from the offloaded device (Leon Romanovsky) [Orabug: 37710815] - RDS: avoid queueing delayed work on an offlined cpu (Praveen KumarKannoju) [Orabug: 37260584] [Orabug: 37551309] - uek-rpm/kernel-uek.spec: Set DEFAULTKERNEL correctly during %postun (Vijay Kumar) [Orabug: 37376706] [5.15.0-308.179.5.el9uek] - net: usb: usbnet: restore usb%d name exception for local mac addresses (Dominique Martinet) - usbnet:fix NPE during rx_complete (Ying Lu) - bpf: Use preempt_count() directly in bpf_send_signal_common() (Hou Tao) - jfs: fix slab-out-of-bounds read in ea_get() (Qasim Ijaz) - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (John Keeping) - ksmbd: fix multichannel connection failure (Namjae Jeon) - rds: Tear down the copy-from-user cache before destroying rds_wq (HÃ¥kon Bugge) [Orabug: 37716901] [5.15.0-308.179.4.el9uek] - Check concurrency before THP creation for file mappings in fault path (Prakash Sangappa) [Orabug: 37608058] - rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity (HÃ¥kon Bugge) [Orabug: 37747825] [5.15.0-308.179.3.el9uek] - uek-rpm: Build Bluefield 3 kernel for OL9 (Dave Kleikamp) [Orabug: 37763488] - uek-rpm: Add emb3 config and core list for OL9 (Dave Kleikamp) [Orabug: 37763488] - udf: Fix directory iteration for longer tail extents (Jan Kara) [Orabug: 37761829] - uek-rpm: install the perf exec dir (Stephen Brennan) [Orabug: 37757734] - perf probe: Improve log for long event name failure (Leo Yan) [Orabug: 37752593] - perf probe: Check group string length (Leo Yan) [Orabug: 37752593] - perf probe: Use the MAX_EVENT_NAME_LEN macro (Leo Yan) [Orabug: 37752593] - perf probe-event: Better error message for a too-long probe name (Dima Kogan) [Orabug: 37752593] - rds: ib: Do not attempt to insert RDMA exthdr twice (HÃ¥kon Bugge) [Orabug: 37721762] - x86/sev: Harden #VC instruction emulation somewhat (Borislav Petkov (AMD)) [Orabug: 37687865] {CVE-2024-25743} {CVE-2024-25742} - x86/entry: Do not allow external 0x80 interrupts (Thomas Gleixner) [Orabug: 37687865] {CVE-2024-25743} {CVE-2024-25742} - x86/entry: Convert INT 0x80 emulation to IDTENTRY (Thomas Gleixner) [Orabug: 37687865] {CVE-2024-25743} {CVE-2024-25742} - x86/entry: Fixup objtool/ibt validation (Peter Zijlstra) [Orabug: 37687865] {CVE-2024-25743} {CVE-2024-25742} - x86/sev: Mark the code returning to user space as syscall gap (Lai Jiangshan) [Orabug: 37687865] {CVE-2024-25743} {CVE-2024-25742} - rds: ib: Fix racy send affinity work cancellation (HÃ¥kon Bugge) [Orabug: 37607469] - sched/deadline: Fix warning in migrate_enable for boosted tasks (Wander Lairson Costa) [Orabug: 37433838] {CVE-2024-56583} - x86/coco: Disable 32-bit emulation by default on TDX and SEV (Kirill A. Shutemov) [Orabug: 36298741] {CVE-2024-25744} - x86/ia32: State that IA32 emulation is disabled (Borislav Petkov (AMD)) [Orabug: 36298741] {CVE-2024-25744} - x86: Make IA32_EMULATION boot time configurable (Nikolay Borisov) [Orabug: 36298741] {CVE-2024-25744} - x86: Remove toolchain check for X32 ABI capability (Masahiro Yamada) [Orabug: 36298741] {CVE-2024-25744} - x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() (Nikolay Borisov) [Orabug: 36298741] {CVE-2024-25744} - x86/elf: Make loading of 32bit processes depend on ia32_enabled() (Nikolay Borisov) [Orabug: 36298741] {CVE-2024-25744} - x86/entry: Compile entry_SYSCALL32_ignore() unconditionally (Nikolay Borisov) [Orabug: 36298741] {CVE-2024-25744} - x86/entry: Rename ignore_sysret() (Nikolay Borisov) [Orabug: 36298741] {CVE-2024-25744} - x86: Introduce ia32_enabled() (Nikolay Borisov) [Orabug: 36298741] {CVE-2024-25744} - x86: Fix misspelled Kconfig symbols (Lukas Bulwahn) [Orabug: 36298741] {CVE-2024-25744} [5.15.0-308.179.2.el9uek] - LTS version: v5.15.179 (Vijayendra Suman) - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (Jakub Kicinski) - kbuild: userprogs: use correct lld when linking through clang (Thomas WeiÃschuh) - vsock: Orphan socket after transport release (Michal Luczaj) - vsock: Keep the binding until socket destruction (Michal Luczaj) - bpf, vsock: Invoke proto::close on close() (Michal Luczaj) - media: uvcvideo: Removedangling pointers (Ricardo Ribalda) - media: uvcvideo: Fix crash during unbind if gpio unit is in use (Ricardo Ribalda) - nilfs2: handle errors that nilfs_prepare_chunk() may return (Ryusuke Konishi) - nilfs2: eliminate staggered calls to kunmap in nilfs_rename (Ryusuke Konishi) - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link (Ryusuke Konishi) - spi-mxs: Fix chipselect glitch (Ralf Schlatterbeck) - mtd: rawnand: cadence: fix unchecked dereference (Niravkumar L Rabara) - md: select BLOCK_LEGACY_AUTOLOAD (NeilBrown) - media: uvcvideo: Avoid returning invalid controls (Ricardo Ribalda) - media: uvcvideo: Avoid invalid memory access (Ricardo Ribalda) - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (Haoyu Li) - eeprom: digsy_mtc: Make GPIO lookup table match the device (Andy Shevchenko) - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (Manivannan Sadhasivam) - slimbus: messaging: Free transaction ID in delayed interrupt scenario (Visweswara Tanuku) - intel_th: pci: Add Panther Lake-P/U support (Alexander Shishkin) - intel_th: pci: Add Panther Lake-H support (Alexander Shishkin) - intel_th: pci: Add Arrow Lake support (Pawel Chmielewski) - mei: me: add panther lake P DID (Alexander Usyskin) - Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (Michal Pecio) - xhci: pci: Fix indentation in the PCI device ID definitions (Andy Shevchenko) - usb: gadget: Check bmAttributes only if configuration is valid (Prashanth K) - usb: gadget: Fix setting self-powered state on suspend (Marek Szyprowski) - usb: gadget: Set self-powered based on MaxPower and bmAttributes (Prashanth K) - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (AngeloGioacchino Del Regno) - usb: typec: ucsi: increase timeout for PPM reset operations (Fedor Pchelkin) - usb: dwc3: gadget: Prevent irq storm when TH re-executes (Badhri Jagan Sridharan) - usb:renesas_usbhs: Flush the notify_hotplug_work (Claudiu Beznea) - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (Miao Li) - usb: hub: lack of clearing xHC resources (Pawel Laszczak) - usb: renesas_usbhs: Use devm_usb_get_phy() (Claudiu Beznea) - usb: renesas_usbhs: Call clk_put() (Claudiu Beznea) - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" (Christian Heusel) - gpio: rcar: Fix missing of_node_put() call (Fabrizio Castro) - net: ipv6: fix missing dst ref drop in ila lwtunnel (Justin Iurman) - net: ipv6: fix dst ref loop in ila lwtunnel (Justin Iurman) - sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (Zecheng Li) - net-timestamp: support TCP GSO case for a few missing flags (Jason Xing) - exfat: fix soft lockup in exfat_clear_bitmap (Namjae Jeon) - x86/sgx: Fix size overflows in sgx_encl_create() (Jarkko Sakkinen) - vlan: enforce underlying device type (Oscar Maes) - ppp: Fix KMSAN uninit-value warning with bpf (Jiayuan Chen) - net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (Peiyang Wang) - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink (Nikolay Aleksandrov) - drm/sched: Fix preprocessor guard (Philipp Stanner) - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (Xinghuo Chen) - llc: do not use skb_get() before dev_queue_xmit() (Eric Dumazet) - ALSA: usx2y: validate nrpacks module parameter on probe (Murad Masimov) - hwmon: (ad7314) Validate leading zero bits and return error (Erik Schumacher) - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (Maud Spierings) - hwmon: (pmbus) Initialise page count in pmbus_identify() (Titus Rwantare) - caif_virtio: fix wrong pointer check in cfv_probe() (Vitaliy Shevtsov) - net: gso: fix ownership in __udp_gso_segment (Antoine Tenart) - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (Meir Elisha) - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (Zhang Lixu) - HID:google: fix unused variable warning under !CONFIG_ACPI (Yu-Chun Lin) - wifi: iwlwifi: limit printed string from FW file (Johannes Berg) - mm: don't skip arch_sync_kernel_mappings() in error paths (Ryan Roberts) - mm/page_alloc: fix uninitialized variable (Hao Zhang) - block: fix conversion of GPT partition name to 7-bit (Olivier Gayot) - s390/traps: Fix test_monitor_call() inline assembly (Heiko Carstens) - rapidio: fix an API misues when rio_add_net() fails (Haoxiang Li) - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (Haoxiang Li) - wifi: nl80211: reject cooked mode if it is set along with other flags (Vitaliy Shevtsov) - wifi: cfg80211: regulatory: improve invalid hints checking (Nikita Zhandarovich) - x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 (Ahmed S. Darwish) - x86/cpu: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish) - x86/cacheinfo: Validate CPUID leaf 0x2 EDX output (Ahmed S. Darwish) - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (Mingcong Bai) - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (Richard Thier) - ALSA: hda/realtek: update ALC222 depop optimize (Kailang Yang) - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist (Hoku Ishibe) - gpio: aggregator: protect driver attr handlers against module unload (Koichiro Den) - gpio: rcar: Use raw_spinlock to protect register access (Niklas SÃ¶derlund) - HID: appleir: Fix potential NULL dereference at raw event handle (Daniil Dulov) - Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" (Rob Herring (Arm)) - drm/amdgpu: disable BAR resize on Dell G5 SE (Alex Deucher) - drm/amdgpu: Check extended configuration space register when system uses large bar (Ma Jun) - smb: client: Add check for next_buffer in receive_encrypted_standard() (Haoxiang Li) - pfifo_tail_enqueue: Drop new packet when sch-> limit == 0 (Quang Le) - intel_idle: Handle older CPUs, which stop the TSC in deeper C states, correctly (Thomas Gleixner) - sched/core: Preventrescheduling when interrupts are disabled (Thomas Gleixner) - vmlinux.lds: Ensure that const vars with relocations are mapped R/O (Ard Biesheuvel) - mptcp: always handle address removal under msk socket lock (Paolo Abeni) - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (Kaustabh Chakraborty) - phy: tegra: xusb: reset VBUS & ID OVERRIDE (BH Hsieh) - net: enetc: correct the xdp_tx statistics (Wei Fang) - net: enetc: update UDP checksum when updating originTimestamp field (Wei Fang) - net: enetc: fix the off-by-one issue in enetc_map_tx_buffs() (Wei Fang) - usbnet: gl620a: fix endpoint checking in genelink_bind() (Nikita Zhandarovich) - i2c: npcm: disable interrupt enable bit before devm_request_irq (Tyrone Ting) - drm/amd/display: Fix HPD after gpu reset (Roman Li) - perf/core: Fix low freq setting via IOC_PERIOD (Kan Liang) - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (Dmitry Panchenko) - ftrace: Avoid potential division by zero in function_stat_show() (Nikolay Kuratov) - x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems (Russell Senior) - net: ipv6: fix dst ref loop on input in rpl lwt (Justin Iurman) - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (Justin Iurman) - net: ipv6: fix dst ref loop on input in seg6 lwt (Justin Iurman) - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (Justin Iurman) - include: net: add static inline dst_dev_overhead() to dst.h (Justin Iurman) - seg6: add support for SRv6 H.L2Encaps.Red behavior (Andrea Mayer) - seg6: add support for SRv6 H.Encaps.Red behavior (Andrea Mayer) - net/mlx5: IRQ, Fix null string in debug print (Shay Drory) - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. (Harshal Chaudhari) - tcp: Defer ts_recent changes until req is owned (Wang Hai) - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (Philo Lu) - ASoC: es8328: fix route from DAC to output (Nicolas Frattaroli) - net: cadence: macb: Synchronize stats calculations (Sean Anderson) - afs: Fix the server_listto unuse a displaced server rather than putting it (David Howells) - afs: Make it possible to find the volumes that are using a server (David Howells) - afs: remove variable nr_servers (Colin Ian King) - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (Luiz Augusto von Dentz) - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (Takashi Iwai) - sunrpc: suppress warnings for unused procfs functions (Arnd Bergmann) - RDMA/mlx5: Fix bind QP error cleanup flow (Patrisious Haddad) - scsi: core: Clear driver private data when retrying request (Ye Bin) - scsi: core: Don't memset() the entire scsi_cmnd in scsi_init_command() (Christoph Hellwig) - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (Vasiliy Kovalev) - ovl: pass ofs to creation operations (Christian Brauner) - ovl: use wrappers to all vfs_*xattr() calls (Amir Goldstein) - IB/mlx5: Set and get correct qp_num for a DCT QP (Mark Zhang) - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (Patrick Bellasi) - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (Niravkumar L Rabara) - mtd: rawnand: cadence: use dma_map_resource for sdma address (Niravkumar L Rabara) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (Niravkumar L Rabara) - acct: block access to kernel internal filesystems (Christian Brauner) - acct: perform last write from workqueue (Christian Brauner) - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (John Veness) - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (Haoxiang Li) - drop_monitor: fix incorrect initialization order (Gavrilov Ilia) - tee: optee: Fix supplicant wait loop (Sumit Garg) - bpf: skip non exist keys in generic_map_lookup_batch (Yan Zhai) - nvme/ioctl: add missing space in err message (Caleb Sander Mateos) - power: supply: da9150-fg: fix potential overflow (Andrey Vatoropin) - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (Breno Leitao) - net: Add non-RCU dev_getbyhwaddr() helper (Breno Leitao) - flow_dissector: Fix port rangekey handling in BPF conversion (Cong Wang) - flow_dissector: Fix handling of mixed port and port-range keys (Cong Wang) - geneve: Suppress list corruption splat in geneve_destroy_tunnels(). (Kuniyuki Iwashima) - geneve: Fix use-after-free in geneve_find_dev(). (Kuniyuki Iwashima) - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (Christophe Leroy) - ALSA: hda/realtek: Fixup ALC225 depop procedure (Kailang Yang) - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (Christophe Leroy) - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (Michael Ellerman) - USB: gadget: f_midi: f_midi_complete to call queue_work (Jill Donahue) - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (Selvarasu Ganesan) - usb: dwc3: Increase DWC3 controller halt timeout (Wesley Cheng) - batman-adv: Drop unmanaged ELP metric worker (Sven Eckelmann) - batman-adv: Drop initialization of flexible ethtool_link_ksettings (Sven Eckelmann) - media: uvcvideo: Only save async fh if success (Ricardo Ribalda) - media: uvcvideo: Refactor iterators (Ricardo Ribalda) - media: uvcvideo: Set error_idx during ctrl_commit errors (Ricardo Ribalda) - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (Krzysztof Kozlowski) - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (Uwe Kleine-KÃ¶nig) - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (Krzysztof Kozlowski) - soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled() (AngeloGioacchino Del Regno) - kfence: skip __GFP_THISNODE allocations on NUMA systems (Marco Elver) - kfence: enable check kfence canary on panic via boot param (huangshaobo) - kfence: allow use of a deferrable timer (Marco Elver) - tpm: Change to kvalloc() in eventlog/acpi.c (Jarkko Sakkinen) - tpm: Use managed allocation for bios event log (Eddie James) - arm64: dts: mediatek: mt8183: Disable DSI display output by default (Chen-Yu Tsai) - ASoC: renesas: rz-ssi: Add a check for negative sample_space(Dan Carpenter) - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (Thomas Zimmermann) - drm/probe-helper: Create a HPD IRQ event helper for a single connector (Maxime Ripard) - ksmbd: fix integer overflows on 32 bit systems (Dan Carpenter) - memcg: fix soft lockup in the OOM process (Chen Ridong) - mm: update mark_victim tracepoints fields (Carlos Galo) - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (Dan Carpenter) - crypto: testmgr - some more fixes to RSA test vectors (Ignat Korchagin) - crypto: testmgr - populate RSA CRT parameters in RSA test vectors (Ignat Korchagin) - crypto: testmgr - fix version number of RSA tests (lei he) - crypto: testmgr - Fix wrong test case of RSA (Lei He) - crypto: testmgr - fix wrong key length for pkcs1pad (Lei He) - arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings (Catalin Marinas) - pps: Fix a use-after-free (Calvin Owens) - btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana) - x86/i8253: Disable PIT timer 0 when not in use (David Woodhouse) - f2fs: fix to wait dio completion (Chao Yu) - ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus (Romain Naour) - parport_pc: add support for ASIX AX99100 (Jiaqing Zhao) - serial: 8250_pci: add support for ASIX AX99100 (Jiaqing Zhao) - can: ems_pci: move ASIX AX99100 ids to pci_ids.h (Jiaqing Zhao) - nilfs2: protect access to buffers with no active references (Ryusuke Konishi) - nilfs2: do not force clear folio if buffer is referenced (Ryusuke Konishi) - nilfs2: do not output warnings when clearing dirty buffers (Ryusuke Konishi) - alpha: replace hardcoded stack offsets with autogenerated ones (Ivan Kokshaysky) - kdb: Do not assume write() callback available (John Ogness) - drm/v3d: Stop active perfmon if it is being destroyed (Christian Gmeiner) - drm/tidss: Clear the interrupt status for interrupts being disabled (Devarsh Thakkar) - drm/tidss: Fix issue in irq handling causing irq-flood issue (Tomi Valkeinen) - ipv6: mcast: add RCU protection to mld_newpack()(Eric Dumazet) - ndisc: extend RCU protection in ndisc_send_skb() (Eric Dumazet) - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Eric Dumazet) - arp: use RCU protection in arp_xmit() (Eric Dumazet) - neighbour: use RCU protection in __neigh_notify() (Eric Dumazet) - neighbour: delete redundant judgment statements (Li Zetao) - ndisc: use RCU protection in ndisc_alloc_skb() (Eric Dumazet) - ipv6: use RCU protection in ip6_default_advmss() (Eric Dumazet) - ipv4: use RCU protection in __ip_rt_update_pmtu() (Eric Dumazet) - net: ipv4: Cache pmtu for all packet paths if multipath enabled (Vladimir Vdovin) - selftest: net: Test IPv4 PMTU exceptions with DSCP and ECN (Guillaume Nault) - Namespaceify mtu_expires sysctl (xu xin) - Namespaceify min_pmtu sysctl (xu xin) - ipv4: use RCU protection in inet_select_addr() (Eric Dumazet) - ipv4: use RCU protection in rt_is_expired() (Eric Dumazet) - net: add dev_net_rcu() helper (Eric Dumazet) - ipv4: add RCU protection to ip4_dst_hoplimit() (Eric Dumazet) - clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (Waiman Long) - clocksource: Use pr_info() for "Checking clocksource synchronization" message (Waiman Long) - clocksource: Replace cpumask_weight() with cpumask_empty() (Yury Norov) - btrfs: fix hole expansion when writing at an offset beyond EOF (Filipe Manana) - mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw() (Wentao Liang) - arm64: Handle .ARM.attributes section in linker scripts (Nathan Chancellor) - regmap-irq: Add missing kfree() (Jiasheng Jiang) - partitions: mac: fix handling of bogus partition table (Jann Horn) - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (Wentao Liang) - alpha: align stack for page fault and user unaligned trap handlers (Ivan Kokshaysky) - serial: 8250: Fix fifo underflow on flush (John Keeping) - cgroup: fix race between fork and cgroup.kill (Shakeel Butt) - efi: Avoid cold plugged memory for placing the kernel (Ard Biesheuvel) - alpha: makestack 16-byte aligned (most cases) (Ivan Kokshaysky) - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (Alexander HÃ¶lzl) - can: c_can: fix unbalanced runtime PM disable in error path (Krzysztof Kozlowski) - USB: serial: option: drop MeiG Smart defines (Johan Hovold) - USB: serial: option: fix Telit Cinterion FN990A name (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FN990B compositions (Fabio Porcedda) - USB: serial: option: add MeiG Smart SLM828 (Chester A. Unal) - usb: cdc-acm: Fix handling of oversized fragments (Jann Horn) - usb: cdc-acm: Check control transfer buffer size before access (Jann Horn) - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (Marek Vasut) - USB: hub: Ignore non-compliant devices with too many configs or interfaces (Alan Stern) - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (John Keeping) - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (Mathias Nyman) - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (Lei Huang) - usb: core: fix pipe creation for get_bMaxPacketSize0 (Stefan Eichenberger) - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (Huacai Chen) - usb: dwc2: gadget: remove of_node reference upon udc_stop (Fabrice Gasnier) - usb: gadget: udc: renesas_usb3: Fix compiler warning (Guo Ren) - usb: roles: set switch registered flag early on (Elson Roy Serrao) - perf/x86/intel: Ensure LBRs are disabled when a CPU is starting (Sean Christopherson) - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (Sean Christopherson) - batman-adv: Ignore neighbor throughput metrics in error case (Sven Eckelmann) - batman-adv: fix panic during interface removal (Andy Strohman) - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (Hans de Goede) - orangefs: fix a oob in orangefs_debug_write (Mike Marshall) - Grab mm lock before grabbing pt lock (Maksym Planeta) - vfio/pci: Enable iowrite64 and ioread64 for vfio pci (Ramesh Thomas) -PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (Takashi Iwai) - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (Edward Adam Davis) - media: cxd2841er: fix 64-bit division on gcc-9 (Arnd Bergmann) - x86/xen: allow larger contiguous memory regions in PV guests (Juergen Gross) - xen: remove a confusing comment on auto-translated guest I/O (Petr Tesarik) - gpio: bcm-kona: Add missing newline to dev_err format string (Artur Weber) - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (Artur Weber) - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (Artur Weber) - drm/i915/selftests: avoid using uninitialized context (Krzysztof Karas) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (Radu Rendec) - team: better TEAM_OPTION_TYPE_STRING validation (Eric Dumazet) - vrf: use RCU protection in l3mdev_l3_out() (Eric Dumazet) - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (Eric Dumazet) - HID: multitouch: Add NULL check in mt_input_configured (Charles Han) - NFSD: fix hang in nfsd4_shutdown_callback (Dai Ngo) - nfsd: clear acl_access/acl_default after releasing them (Li Lingfeng) - tty: xilinx_uartps: split sysrq handling (Sean Anderson) - mptcp: prevent excessive coalescing on receive (Paolo Abeni) - ocfs2: check dir i_size in ocfs2_find_entry (Su Yue) - memory: tegra20-emc: Correct memory device mask (Dmitry Osipenko) - gpio: xilinx: remove excess kernel doc (Bartosz Golaszewski) - net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling (Paul Fertser) - MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static (WangYuli) - ptp: Ensure info-> enable callback is always set (Thomas WeiÃschuh) - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (Milos Reljin) - net/ncsi: wait for the last response to Deselect Package before configuring channel (Paul Fertser) - misc: fastrpc: Fix registered buffer page address (Ekansh Gupta) - mtd: onenand: Fix uninitialized retlen in do_otp_read() (Ivan Stepchenko) - NFC: nci:Add bounds checking in nci_hci_create_pipe() (Dan Carpenter) - nilfs2: fix possible int overflows in nilfs_fiemap() (Nikita Zhandarovich) - ocfs2: handle a symlink read error correctly (Matthew Wilcox (Oracle)) - pnfs/flexfiles: retry getting layout segment for reads (Mike Snitzer) - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) - nvmem: core: improve range check for nvmem_cell_write() (Jennifer Berringer) - nvmem: qcom-spmi-sdam: Set size in struct nvmem_config (Luca Weiss) - crypto: qce - unregister previously registered algos in error path (Bartosz Golaszewski) - crypto: qce - fix goto jump in error path (Bartosz Golaszewski) - media: uvcvideo: Remove redundant NULL assignment (Ricardo Ribalda) - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (Ricardo Ribalda) - media: ccs: Fix cleanup order in ccs_probe() (Mehdi Djait) - media: ccs: Fix CCS static data parsing for large block sizes (Sakari Ailus) - media: ov5640: fix get_light_freq on auto (Sam Bobrowicz) - media: mc: fix endpoint iteration (Cosmin Tanislav) - soc: qcom: smem_state: fix missing of_node_put in error path (Krzysztof Kozlowski) - iio: light: as73211: fix channel handling in only-color triggered buffer (Javier Carrasco) - media: ccs: Clean up parsed CCS static data on parse failure (Sakari Ailus) - xfs: Add error handling for xfs_reflink_cancel_cow_range (Wentao Liang) - crypto: qce - fix priority to be less than ARMv8 CE (Eric Biggers) - arm64: dts: qcom: sm8350: Fix MPSS memory length (Krzysztof Kozlowski) - x86/boot: Use '-std=gnu11' to fix build with GCC 15 (Nathan Chancellor) - kbuild: Move -Wenum-enum-conversion to W=2 (Nathan Chancellor) - scsi: qla2xxx: Move FCE Trace buffer allocation to user control (Quinn Tran) - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (Georg Gottleuber) - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (Georg Gottleuber) - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (Zijun Hu) - ALSA: hda/realtek: Enable headset mic on Positivo C6400(Edson Juliano Drosdeck) - mips/math-emu: fix emulation of the prefx instruction (Mateusz JoÅczyk) - dm-crypt: track tag_offset in convert_context (Hou Tao) - dm-crypt: don't update io-> sector after kcryptd_crypt_write_io_submit() (Hou Tao) - powerpc/pseries/eeh: Fix get PE state translation (Narayana Murty N) - MIPS: Loongson64: remove ROM Size unit in boardinfo (Kexy Biscuit) - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (Claudiu Beznea) - serial: sh-sci: Drop __initdata macro for port_cfg (Claudiu Beznea) - soc: qcom: socinfo: Avoid out of bounds read of serial number (Stephan Gerhold) - usb: gadget: f_tcm: Don't prepare BOT write request twice (Thinh Nguyen) - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (Thinh Nguyen) - usb: gadget: f_tcm: Decrement command ref count on cleanup (Thinh Nguyen) - usb: gadget: f_tcm: Translate error to sense (Thinh Nguyen) - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (Marcel Hamer) - wifi: rtlwifi: rtl8821ae: Fix media status report (Bitterblue Smith) - HID: hid-sensor-hub: don't use stale platform-data on remove (Heiko Stuebner) - of: reserved-memory: Fix using wrong number of cells to get property 'alignment' (Zijun Hu) - of: Fix of_find_node_opts_by_path() handling of alias+path+options (Zijun Hu) - of: Correct child specifier used as input of the 2nd nexus node (Zijun Hu) - perf bench: Fix undefined behavior in cmpworker() (Kuan-Wei Chiu) - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (Nathan Chancellor) - blk-cgroup: Fix class @block_class's subsystem refcount leakage (Zijun Hu) - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (Anastasia Belova) - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (Satya Priya Kakitapalli) - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (Luca Weiss) - clk: qcom: clk-alpha-pll: fix alpha mode configuration (Gabor Juhos) - clk: sunxi-ng: a100: enable MMC clock reparenting (Cody Eksal) - Bluetooth: L2CAP: acceptzero as a special value for MTU auto-selection (Fedor Pchelkin) - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin) - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (Ville SyrjÃ¤lÃ¤) - drm/komeda: Add check for komeda_get_layer_fourcc_list() (Haoxiang Li) - drm/amd/pm: Mark MM activity as unsupported (Lijo Lazar) - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (David Hildenbrand) - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (Sean Christopherson) - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (Jakob Unterwurzacher) - binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan Carpenter) - m68k: vga: Fix I/O defines (Thomas Zimmermann) - s390/futex: Fix FUTEX_OP_ANDN implementation (Heiko Carstens) - drm/modeset: Handle tiled displays in pan_display_atomic. (Maarten Lankhorst) - leds: lp8860: Write full EEPROM, not only half of it (Alexander Sverdlin) - cpufreq: s3c64xx: Fix compilation warning (Viresh Kumar) - tun: revert fix group permission check (Willem de Bruijn) - net: rose: lock the socket in rose_bind() (Eric Dumazet) - net: atlantic: fix warning during hot unplug (Jacob Moroni) - gpio: pca953x: Improve interrupt support (Mark Tomlinson) - udp: gso: do not drop small packets when PMTU reduces (Yan Zhai) - tg3: Disable tg3 PCIe AER on system reboot (Lenny Szubowicz) - gpu: drm_dp_cec: fix broken CEC adapter properties check (Hans Verkuil) - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (Prasad Pandit) - nvme: handle connectivity loss in nvme_set_queue_count (Daniel Wagner) - usb: xhci: Fix NULL pointer dereference on certain command aborts (Michal Pecio) - usb: xhci: Add timeout argument in address_device USB HCD callback (Hardik Gajjar) - xfs: don't over-report free space or inodes in statvfs (Darrick J. Wong) - xfs: report realtime block quota limits on realtime directories (Darrick J. Wong) - gpio: xilinx: Convert gpio_lock to raw spinlock (Sean Anderson) - net/ncsi: fix locking in Get MAC Address handling(Paul Fertser) - net/ncsi: Add NC-SI 1.2 Get MC MAC Address command (Peter Delevoryas) - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (Joe Hattori) - usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning void (Uwe Kleine-KÃ¶nig) - usb: chipidea: ci_hdrc_imx: use dev_err_probe() (Alexander Stein) - x86/mm: Don't disable PCID when INVLPG has been fixed by microcode (Xi Ruoyao) - platform/x86: acer-wmi: Ignore AC events (Armin Wolf) - Input: allocate keycode for phone linking (Illia Ostapyshyn) - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (Liu Ye) - tipc: re-order conditions in tipc_crypto_key_rcv() (Dan Carpenter) - mmc: sdhci-msm: Correctly set the load for the regulator (Yuanjie Yang) - net: wwan: iosm: Fix hibernation by re-binding the driver around it (Maciej S. Szmigiero) - APEI: GHES: Have GHES honor the panic= setting (Borislav Petkov) - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (Randolph Ha) - wifi: iwlwifi: avoid memory leak (Miri Korenblit) - net/mlx5: use do_aux_work for PHC overflow checks (Vadim Fedorenko) - HID: Wacom: Add PCI Wacom device support (Even Xu) - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (Hans de Goede) - tomoyo: don't emit warning in tomoyo_write_control() (Tetsuo Handa) - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (Dmitry Antipov) - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (Shawn Lin) - tun: fix group permission check (Stas Sergeev) - safesetid: check size of policy writes (Leo Stone) - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (Kuan-Wei Chiu) - x86/amd_nb: Restrict init function to AMD-based systems (Yazen Ghannam) - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (Carlos Llamas) - sched: Don't try to catch up excess steal time. (Suleiman Souhlal) - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (Josef Bacik) - btrfs: fix data race when accessing theinode's disk_i_size at btrfs_drop_extents() (Hao-ran Zheng) - btrfs: fix use-after-free when attempting to join an aborted transaction (Filipe Manana) - btrfs: output the reason for open_ctree() failure (Qu Wenruo) - usb: gadget: f_tcm: Don't free command immediately (Thinh Nguyen) - media: uvcvideo: Fix double free in error path (Laurent Pinchart) - mptcp: consolidate suboption status (Paolo Abeni) - usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS (Kyle Tso) - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (Jos Wang) - usb: dwc3: core: Defer the probe until USB power supply ready (Kyle Tso) - usb: gadget: f_tcm: Fix Get/SetInterface return value (Thinh Nguyen) - drivers/card_reader/rtsx_usb: Restore interrupt based detection (Sean Rhodes) - net: usb: rtl8150: enable basic endpoint checking (Nikita Zhandarovich) - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (Lianqin Hu) - ktest.pl: Check kernelrelease return in get_version (Ricardo B. Marliere) - netfilter: nf_tables: reject mismatching sum of field_len with set key length (Pablo Neira Ayuso) - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Chuck Lever) - hexagon: Fix unbalanced spinlock in die() (Lin Yujun) - hexagon: fix using plain integer as NULL pointer warning in cmpxchg (Willem de Bruijn) - kconfig: fix memory leak in sym_warn_unmet_dep() (Masahiro Yamada) - kconfig: WERROR unmet symbol dependency (Sergey Senozhatsky) - kconfig: deduplicate code in conf_read_simple() (Masahiro Yamada) - kconfig: remove unused code for S_DEF_AUTO in conf_read_simple() (Masahiro Yamada) - kconfig: require a space after '#' for valid input (Masahiro Yamada) - kconfig: add warn-unknown-symbols sanity check (Sergey Senozhatsky) - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (Masahiro Yamada) - genksyms: fix memory leak when the same symbol is read from *.symref file (Masahiro Yamada) - genksyms: fix memory leak when the same symbol is added from source (Masahiro Yamada) - net: sh_eth:Fix missing rtnl lock in suspend/resume path (Kory Maincent) - bgmac: reduce max frame size to support just MTU 1500 (RafaÅ MiÅecki) - vsock: Allow retrying on connect() failure (Michal Luczaj) - perf trace: Fix runtime error of index out of bounds (Howard Chu) - ptp: Properly handle compat ioctls (Thomas WeiÃschuh) - net: davicom: fix UAF in dm9000_drv_remove (Chenyuan Yang) - net: netdevsim: try to close UDP port harness races (Jakub Kicinski) - net: rose: fix timer races against user threads (Eric Dumazet) - PM: hibernate: Add error handling for syscore_suspend() (Wentao Liang) - ipmr: do not call mr_mfc_uses_dev() for unres entries (Eric Dumazet) - net: fec: implement TSO descriptor cleanup (Dheeraj Reddy Jonnalagadda) - gpio: mxc: remove dead code after switch to DT-only (Ahmad Fatoum) - net: hns3: fix oops when unload drivers paralleling (Jian Shen) - ubifs: skip dumping tnc tree when zroot is null (pangliyuan) - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (Oleksij Rempel) - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (Joe Hattori) - xfrm: replay: Fix the update of replay_esn-> oseq_hi for GSO (Jianbo Liu) - tools/bootconfig: Fix the wrong format specifier (Luo Yifan) - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (Olga Kornievskaia) - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (Olga Kornievskaia) - module: Extend the preempt disabled section in dereference_symbol_descriptor(). (Sebastian Andrzej Siewior) - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (Su Yue) - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (Guixin Liu) - scsi: mpt3sas: Set ioc-> manu_pg11.EEDPTagMode directly to 1 (Paul Menzel) - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (King Dix) - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (Joe Hattori) - mtd: hyperbus: hbmc-am654: fix an OF node reference leak (Joe Hattori) - mtd: hyperbus: hbmc-am654: Convert to platform remove callback returningvoid (Uwe Kleine-KÃ¶nig) - mtd: hyperbus: Make hyperbus_unregister_device() return void (Uwe Kleine-KÃ¶nig) - media: uvcvideo: Propagate buf-> error to userspace (Ricardo Ribalda) - media: camif-core: Add check for clk_enable() (Jiasheng Jiang) - media: mipi-csis: Add check for clk_enable() (Jiasheng Jiang) - media: i2c: ov9282: Correct the exposure offset (Dave Stevenson) - media: i2c: imx412: Add missing newline to prints (Luca Weiss) - media: marvell: Add check for clk_enable() (Jiasheng Jiang) - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (Zijun Hu) - media: lmedm04: Handle errors for lme2510_int_read (Chen Ni) - media: rc: iguanair: handle timeouts (Oliver Neukum) - efi: sysfb_efi: fix W=1 warnings when EFI is not set (Randy Dunlap) - of: reserved-memory: Do not make kmemleak ignore freed address (Zijun Hu) - memblock: drop memblock_free_early_nid() and memblock_free_early() (Mike Rapoport) - xen/x86: free_p2m_page: use memblock_free_ptr() to free a virtual pointer (Mike Rapoport) - RDMA/mlx5: Fix indirect mkey ODP page count (Michael Guralnik) - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (Michael Guralnik) - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (Joe Hattori) - ARM: dts: mediatek: mt7623: fix IR nodename (RafaÅ MiÅecki) - arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts (Vladimir Zapolskiy) - arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280 properties (Neil Armstrong) - arm64: dts: qcom: sm8350: correct sleep clock frequency (Dmitry Baryshkov) - arm64: dts: qcom: sm8250: correct sleep clock frequency (Dmitry Baryshkov) - arm64: dts: qcom: sm6125: correct sleep clock frequency (Dmitry Baryshkov) - arm64: dts: qcom: sc7280: correct sleep clock frequency (Dmitry Baryshkov) - arm64: dts: qcom: msm8994: correct sleep clock frequency (Dmitry Baryshkov) - arm64: dts: qcom: msm8916: correct sleep clock frequency (Dmitry Baryshkov) - arm64: dts: qcom: msm8994: Describe USB interrupts (KonradDybcio) - arm64: dts: qcom: msm8996: Fix up USB3 interrupts (Konrad Dybcio) - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage settings (Chen-Yu Tsai) - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (Joe Hattori) - memory: tegra20-emc: Support matching timings by LPDDR2 configuration (Dmitry Osipenko) - memory: Add LPDDR2-info helpers (Dmitry Osipenko) - arm64: dts: mediatek: mt8183: willow: Support second source touchscreen (Hsin-Te Yuan) - arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen (Hsin-Te Yuan) - arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names (Chen-Yu Tsai) - arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names (Chen-Yu Tsai) - arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property (Chen-Yu Tsai) - arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property (Chen-Yu Tsai) - rdma/cxgb4: Prevent potential integer overflow on 32bit (Dan Carpenter) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (Leon Romanovsky) - arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A (Val Packett) - arm64: dts: mediatek: mt8516: add i2c clock-div property (Val Packett) - arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks (Fabien Parent) - arm64: dts: mediatek: mt8516: fix wdt irq type (Val Packett) - arm64: dts: mediatek: mt8516: fix GICv2 range (Val Packett) - arm64: dts: mt8183: set DMIC one-wire mode on Damu (Hsin-Yi Wang) - ARM: at91: pm: change BU Power Switch to automatic mode (Nicolas Ferre) - padata: avoid UAF for reorder_work (Chen Ridong) - padata: add pd get/put refcnt helper (Chen Ridong) - padata: fix UAF in padata_reorder (Chen Ridong) - bpf: Send signals asynchronously if !preemptible (Puranjay Mohan) - perf report: Fix misleading help message about --demangle (Jiachen Zhang) - perf top: Don't complain about lack of vmlinux when not resolving some kernel samples (Arnaldo Carvalho de Melo) - padata: fix sysfs store callback check (ThomasWeiÃschuh) - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (Joe Hattori) - crypto: hisilicon/sec2 - fix for aead invalid authsize (Wenkai Lin) - crypto: hisilicon/sec2 - fix for aead icv error (Wenkai Lin) - crypto: hisilicon/sec2 - optimize the error return process (Chenghai Huang) - crypto: hisilicon/sec - delete redundant blank lines (Kai Ye) - crypto: hisilicon/sec - add some comments for soft fallback (Kai Ye) - ktest.pl: Remove unused declarations in run_bisect_test function (Ba Jing) - ASoC: renesas: rz-ssi: Use only the proper amount of dividers (Claudiu Beznea) - perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info() (Zhongqiu Han) - perf header: Fix one memory leakage in process_bpf_prog_info() (Zhongqiu Han) - perf header: Fix one memory leakage in process_bpf_btf() (Zhongqiu Han) - ASoC: sun4i-spdif: Add clock multiplier settings (George Lander) - libbpf: Fix segfault due to libelf functions not setting errno (Quentin Monnet) - net/rose: prevent integer overflows in rose_setsockopt() (Nikita Zhandarovich) - tcp_cubic: fix incorrect HyStart round start detection (Mahdi Arghavani) - net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (Roger Quadros) - netfilter: nft_flow_offload: update tcp state flags under lock (Florian Westphal) - net: sched: Disallow replacing of child qdisc from one parent to another (Jamal Hadi Salim) - net: avoid race between device unregistration and ethnl ops (Antoine Tenart) - net/mlxfw: Drop hard coded max FW flash image size (Maher Sanalla) - net: let net.core.dev_weight always be non-zero (Liu Jian) - selftests/landlock: Fix error message (MickaÃ«l SalaÃ¼n) - clk: analogbits: Fix incorrect calculation of vco rate delta (Bo Gan) - wifi: cfg80211: adjust allocation of colocated AP data (Dmitry Antipov) - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (Ilan Peer) - selftests: harness: fix printing of mismatch values in __EXPECT() (Dmitry V. Levin) - cpufreq: ACPI: Fix max-frequencycomputation (Gautham R. Shenoy) - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (WangYuli) - landlock: Handle weird files (MickaÃ«l SalaÃ¼n) - landlock: Move filesystem helpers and add a new one (MickaÃ«l SalaÃ¼n) - net/smc: fix data error when recvmsg with MSG_PEEK flag (Guangguan Wang) - wifi: wlcore: fix unbalanced pm_runtime calls (Andreas Kemnade) - samples/landlock: Fix possible NULL dereference in parse_path() (Zichen Xie) - regulator: of: Implement the unwind path of of_regulator_match() (Joe Hattori) - team: prevent adding a device which is already a team device lower (Octavian Purdila) - clk: imx8mp: Fix clkout1/2 support (Marek Vasut) - cpufreq: schedutil: Fix superfluous updates caused by need_freq_update (Sultan Alsawaf (unemployed)) - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (Joe Hattori) - dt-bindings: mfd: bd71815: Fix rsense and typos (Matti Vaittinen) - cpupower: fix TSC MHz calculation (He Rongguang) - ACPI: fan: cleanup resources in the error path of .probe() (Joe Hattori) - regulator: dt-bindings: mt6315: Drop regulator-compatible property (Chen-Yu Tsai) - HID: multitouch: fix support for Goodix PID 0x01e9 (Jiri Kosina) - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" (Jiri Kosina) - HID: multitouch: Add support for lenovo Y9000P Touchpad (He Lugang) - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: remove unused check_buddy_priv (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: remove unused dualmac control leftovers (Dmitry Antipov) - wifi: rtlwifi: remove unused timer and related code (Dmitry Antipov) - rtlwifi: replace usage of found with dedicated list iterator variable (Jakob Koschel) - dt-bindings: leds: class-multicolor: Fix path to colordefinitions (Geert Uytterhoeven) - dt-bindings: leds: class-multicolor: reference class directly in multi-led node (Krzysztof Kozlowski) - dt-bindings: leds: Add multicolor PWM LED bindings (Sven Schwermer) - dt-bindings: leds: Optional multi-led unit address (Sven Schwermer) - dt-bindings: leds: Add Qualcomm Light Pulse Generator binding (Bjorn Andersson) - dt-bindings: Another pass removing cases of 'allOf' containing a '$ref' (Rob Herring) - spi: dt-bindings: add schema listing peripheral-specific properties (Pratyush Yadav) - dt-bindings: mmc: controller: clarify the address-cells description (Neil Armstrong) - spi: zynq-qspi: Add check for clk_enable() (Mingwei Zheng) - wifi: rtlwifi: usb: fix workqueue leak when probe fails (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: fix init_sw_vars leak when probe fails (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: wait for firmware loading before releasing memory (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (Thadeu Lima de Souza Cascardo) - wifi: rtlwifi: do not complete firmware loading needlessly (Thadeu Lima de Souza Cascardo) - ipmi: ipmb: Add check devm_kasprintf() returned value (Charles Han) - genirq: Make handle_enforce_irqctx() unconditionally available (Thomas Gleixner) - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (Ivan Stepchenko) - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (Alan Stern) - drm/etnaviv: Fix page property being used for non writecombine buffers (Sui Jingfeng) - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (Peter Zijlstra) - sched/psi: Use task-> psi_flags to clear in CPU migration (Chengming Zhou) - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (David Howells) - select: Fix unbalanced user_access_end() (Christophe Leroy) - partitions: ldm: remove the initial kernel-doc notation (Randy Dunlap) - nvme: Add error check for xa_store innvme_get_effects_log (Keisuke Nishimura) - pstore/blk: trivial typo fixes (Eugen Hristev) - nbd: don't allow reconnect after disconnect (Yu Kuai) - block: retry call probe after request_module in blk_request_module (Yang Erkun) - block: deprecate autoloading based on dev_t (Christoph Hellwig) - fs: fix proc_handler for sysctl_nr_open (Jinliang Zheng) - fs: move fs stat sysctls to file_table.c (Luis Chamberlain) - fs: move inode sysctls to its own file (Luis Chamberlain) - sysctl: share unsigned long const values (Luis Chamberlain) - sysctl: use const for typically used max/min proc sysctls (Xiaoming Ni) - hung_task: move hung_task sysctl interface to hung_task.c (Xiaoming Ni) - afs: Fix directory format encoding struct (David Howells) - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (David Howells) - uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37764001] [5.15.0-308.178.1.el9uek] - perf dso: fix dso__is_kallsyms() check (Stephen Brennan) [Orabug: 37709864] - scsi: storvsc: Set correct data length for sending SCSI command without payload (Long Li) [Orabug: 37681137] - dyndbg: export ddebug_add_module/ddebug_remove_module (Julian Pidancet) [Orabug: 37629344] - kallsyms: add module_kallsyms_on_each_symbol_locked (Julian Pidancet) [Orabug: 37629344] - kallsyms: export module_kallsyms_on_each_symbol (Julian Pidancet) [Orabug: 37629344] - rds: ib: Make traffic_class visible to user-space (HÃ¥kon Bugge) [Orabug: 37350892] - rds: ib: Remove incorrect update of the path record sl and qos_class fields (HÃ¥kon Bugge) [Orabug: 37350892] - selftest/vm: Add -O2 in CFLAGS to Makefile to avoid possible failure (Yifei Liu) [Orabug: 37197150] [5.15.0-307.178.5.el9uek] - net/mlx5: DR, prevent potential error pointer dereference (Dan Carpenter) [Orabug: 37434242] {CVE-2024-56660} - uek-rpm: Set CONFIG_IP6_NF_IPTABLES for ol9/ol8 container kernels (Jonah Palmer) [Orabug: 37703179] - net: hsr: fix fill_frame_info() regression vs VLAN packets (EricDumazet) - f2fs: Introduce linear search for dentries (Daniel Lee) - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (Marco Leogrande) - net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel) - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (Andrew Cooper) - sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke HÃ¸iland-JÃ¸rgensen) - usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (Juergen Gross) - x86/xen: add FRAME_END to xen_hypercall_hvm() (Juergen Gross) - ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao) - usb: dwc3: Set SUSPENDENABLE soon after phy init (Thinh Nguyen) - Revert "btrfs: avoid monopolizing a core when activating a swap file" (Koichiro Den) - Revert "media: uvcvideo: Require entities to have a non-zero unique ID" (Thadeu Lima de Souza Cascardo) - netem: Update sch-> q.qlen before qdisc_tree_reduce_backlog() (Cong Wang) [5.15.0-307.178.4.el9uek] - LTS version: v5.15.178 (Vijayendra Suman) - Input: xpad - add support for wooting two he (arm) (Jack Greiner) - Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto) - Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson) - ALSA: usb-audio: Add delay quirk for USB Audio Device (Lianqin Hu) - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz) - wifi: iwlwifi: add a few rate index validity checks (Anjaneyulu) - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (Easwar Hariharan) - ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (Ido Schimmel) - platform/chrome: cros_ec_typec: Check for EC driver (Akihiko Odaki) - fs/ntfs3: Additional check in ntfs_file_release (Konstantin Komarov) - Bluetooth: RFCOMM: Fix not validating setsockopt user input (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix not validatingsetsockopt user input (Luiz Augusto von Dentz) - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) - net: sched: fix ets qdisc OOB Indexing (Jamal Hadi Salim) - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) - mptcp: don't always assume copied data in mptcp_cleanup_rbuf() (Paolo Abeni) - regmap: detach regmap from dev on regmap_exit (Cosmin Tanislav) - ASoC: samsung: Add missing depends on I2C (Charles Keepax) - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons) - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang) - seccomp: Stub for !CONFIG_SECCOMP (Linus Walleij) - ASoC: samsung: Add missing selects for MFD_WM8994 (Charles Keepax) - ASoC: wm8994: Add depends on MFD core (Charles Keepax) [5.15.0-307.177.3.el9uek] - jbd2: increase maximum transaction size (Jan Kara) [Orabug: 37688920] - net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled (Carolina Jubran) [Orabug: 37534698] - net/mlx5e: Always start IPsec sequence number from 1 (Leon Romanovsky) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: Add support for clock_measure performance block (Shravan Kumar Ramani) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: Add support for monitoring cycle count (Shravan Kumar Ramani) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: incorrect type in assignment (Pei Xiao) [Orabug: 37534698] - net/mlx5e: Disable loopback self-test on multi-PF netdev (Carolina Jubran) [Orabug: 37534698] - net/mlx5: Unregister notifier on eswitch init failure (Cosmin Ratiu) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: Prevent stale command interrupt handling (Michal Wilczynski) [Orabug: 37534698] - net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (Jianbo Liu) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: fix lockdep warning (Luiz Capitulino) [Orabug: 37534698] - net/mlx5: Fix bridge mode operations when there are no VFs (Benjamin Poirier) [Orabug: 37534698] - mmc:sdhci-of-dwcmshc: Add hw_reset() support for BlueField-3 SoC (Liming Sun) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: add dwcmshc_pltfm_data (Chen Wang) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: factor out code into dwcmshc_rk35xx_init (Chen Wang) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: factor out code for th1520_init() (Chen Wang) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: move two rk35xx functions (Chen Wang) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: add common bulk optional clocks support (Chen Wang) [Orabug: 37534698] - net/mlx5e: Take state lock during tx timeout reporter (Dragos Tatulea) [Orabug: 37534698] - net/mlx5: SD, Do not query MPIR register if no sd_group (Tariq Toukan) [Orabug: 37534698] - net/mlx5: Always drain health in shutdown callback (Shay Drory) [Orabug: 37534698] - mmc: dw_mmc-bluefield: Add support for eMMC HW reset (Liming Sun) [Orabug: 37534698] - mmc: dw_mmc: Add support for platform specific eMMC HW reset (Liming Sun) [Orabug: 37534698] - net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (Dragos Tatulea) [Orabug: 37534698] - net/mlx5e: SHAMPO, Fix incorrect page release (Dragos Tatulea) [Orabug: 37534698] - net/mlx5: Do not query MPIR on embedded CPU function (Tariq Toukan) [Orabug: 37534698] - net/mlx5: Reload only IB representors upon lag disable/enable (Maher Sanalla) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: Add tuning support for Sophgo CV1800B and SG200X (Jisheng Zhang) [Orabug: 37534698] - macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst (Rahul Rameshbabu) [Orabug: 37534698] - macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads (Rahul Rameshbabu) [Orabug: 37534698] - net/mlx5e: Prevent deadlock while disabling aRFS (Carolina Jubran) [Orabug: 37534698] - net/mlx5e: Use channel mdev reference instead of global mdev instance for coalescing (Rahul Rameshbabu) [Orabug: 37534698] - net/mlx5: SD, Handle possible devcom ERR_PTR (Tariq Toukan) [Orabug: 37534698] - net/mlx5: DisallowSRIOV switchdev mode when in multi-PF netdev (Tariq Toukan) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: Implement SDHCI CQE support (Sergey Khimich) [Orabug: 37534698] - mmc: cqhci: Add cqhci set_tran_desc() callback (Sergey Khimich) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: fix signedness bugs (Dan Carpenter) [Orabug: 37534698] - net/mlx5e: Create EN core HW resources for all secondary devices (Tariq Toukan) [Orabug: 37534698] - net/mlx5e: Create single netdev per SD group (Tariq Toukan) [Orabug: 37534698] - net/mlx5: SD, Add debugfs (Tariq Toukan) [Orabug: 37534698] - net/mlx5: SD, Add informative prints in kernel log (Tariq Toukan) [Orabug: 37534698] - net/mlx5: SD, Implement steering for primary and secondaries (Tariq Toukan) [Orabug: 37534698] - net/mlx5: SD, Implement devcom communication and primary election (Tariq Toukan) [Orabug: 37534698] - net/mlx5: SD, Implement basic query and instantiation (Tariq Toukan) [Orabug: 37534698] - net/mlx5: SD, Introduce SD lib (Tariq Toukan) [Orabug: 37534698] - net/mlx5: Add MPIR bit in mcam_access_reg (Tariq Toukan) [Orabug: 37534698] - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (David Gow) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: Ignore unsupported performance blocks (Luiz Capitulino) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: mlxbf_pmc_event_list(): make size ptr optional (Luiz Capitulino) [Orabug: 37534698] - mmc: sdhci-of-dwcmshc: Add support for Sophgo CV1800B and SG2002 (Jisheng Zhang) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: Cleanup signed/unsigned mix-up (Shravan Kumar Ramani) [Orabug: 37534698] - platform/mellanox: mlxbf-pmc: Replace uintN_t with kernel-style types (Shravan Kumar Ramani) [Orabug: 37534698] - net: macsec: revert the MAC address if mdo_upd_secy fails (Radu Pirea (NXP OSS)) [Orabug: 37534698] - net: macsec: documentation for macsec_context and macsec_ops (Radu Pirea (NXP OSS)) [Orabug: 37534698] - fortify: Do not cast to "unsigned char" (Kees Cook) [Orabug:37534698] - fortify: Use SIZE_MAX instead of (size_t)-1 (Kees Cook) [Orabug: 37534698] - fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL (Kees Cook) [Orabug: 37534698] - mmc: dw_mmc: Add driver callbacks for data read timeout (MÃ¥rten Lindahl) [Orabug: 37534698] - mmc: dw_mmc-exynos: Add support for ARTPEC-8 (MÃ¥rten Lindahl) [Orabug: 37534698] - mmc: dw_mmc: clean up a debug message (Dan Carpenter) [Orabug: 37534698] - mmc: dw_mmc: exynos: use common_caps (John Keeping) [Orabug: 37534698] - mmc: dw_mmc: add common capabilities to replace caps (John Keeping) [Orabug: 37534698] - mmc: dw_mmc: Allow lower TMOUT value than maximum (MÃ¥rten Lindahl) [Orabug: 37534698] - rds: Make sure transmit path and connection tear-down does not run concurrently (HÃ¥kon Bugge) [Orabug: 36441944] - ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt) [Orabug: 36252756] - ice: virtchnl rss hena support (Md Fahad Iqbal Polash) [Orabug: 36252756] - ice: Add support Flex RXD (Michal Jaron) [Orabug: 36252756] [5.15.0-307.177.2.el9uek] - uek-rpm: Enable CONFIG_MICROSOFT_MANA as module in aarch64 (Vijayendra Suman) [Orabug: 37647393] - rtc: add new RTC_FEATURE_ALARM_WAKEUP_ONLY feature (Alexandre Belloni) [Orabug: 37631796] - thermal: core: Drop excessive lockdep_assert_held() calls (Rafael J. Wysocki) [Orabug: 37631796] - thermal: core: Introduce thermal_cooling_device_update() (Rafael J. Wysocki) [Orabug: 37631796] - thermal: core: Introduce thermal_cooling_device_present() (Rafael J. Wysocki) [Orabug: 37631796] - thermal: sysfs: Reuse cdev-> max_state (Viresh Kumar) [Orabug: 37631796] - rtc: efi: Enable SET/GET WAKEUP services as optional (Shanker Donthineni) [Orabug: 37631796] - rtc: efi: Add wakeup support (Riwen Lu) [Orabug: 37631796] - rtc: efi: switch to RTC_FEATURE_UPDATE_INTERRUPT (Alexandre Belloni) [Orabug: 37631796] - rtc: add BSM parameter (Alexandre Belloni) [Orabug: 37631796] - rtc: add correction parameter (Alexandre Belloni) [Orabug: 37631796] - rtc: addparameter ioctl (Alexandre Belloni) [Orabug: 37631796] - rtc: expose correction feature (Alexandre Belloni) [Orabug: 37631796] - rtc: add alarm related features (Alexandre Belloni) [Orabug: 37631796] - rtc: efi: switch to devm_rtc_allocate_device (Alexandre Belloni) [Orabug: 37631796] - cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao) [Orabug: 37621589] - rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (HÃ¥kon Bugge) [Orabug: 37586089] - bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (Michael Chan) [Orabug: 37434220] {CVE-2024-56656} - bnxt_en: Fix receive ring space parameters when XDP is active (Shravya KN) [Orabug: 37433562] {CVE-2024-53209} - bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (Aleksandr Mishin) [Orabug: 37070333] {CVE-2024-40919} - bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (Vikas Gupta) [Orabug: 37070270] {CVE-2024-35972} - bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (Somnath Kotur) [Orabug: 37070266] {CVE-2024-44984} [5.15.0-307.177.1.el9uek] - nvmet: always initialize cqe.result (Daniel Wagner) [Orabug: 36897348] {CVE-2024-41079} - nvmet-auth: complete a request only after freeing the dhchap pointers (Maurizio Lombardi) [Orabug: 36897348] {CVE-2024-41079} - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Justin Tee) [Orabug: 37116505] {CVE-2024-46842} - netdevsim: use cond_resched() in nsim_dev_trap_report_work() (Eric Dumazet) [Orabug: 37264120] {CVE-2024-50155} - nvmet-auth: assign dh_key to NULL after kfree_sensitive (Vitaliy Shevtsov) [Orabug: 37268555] {CVE-2024-50215} - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (Oleksij Rempel) [Orabug: 37433573] {CVE-2024-53213} - PCI/MSI: Handle lack of irqdomain gracefully (Thomas Gleixner) [Orabug: 37452651] {CVE-2024-56760} - selftests: rtnetlink: update netdevsim ipsec output format (Hangbin Liu) [Orabug: 37547931] - netdevsim: print humanreadable IP address (Hangbin Liu) [Orabug: 37547931] - uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619141] - Add __init annotation to pensando_efi_mem_reserve (Joseph Dobosenski) [Orabug: 37619785] _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . New Oracle Linux 9 kernel update available: essential corrections for networking reliability, enhancements in performance metrics, along with vital security updates.. Oracle Linux kernel update, security advisory Oracle, important changes kernel, Linux network fix. . Severity: Critical. LinuxSecurity.com Team

May 13, 2025 •Critical Oracle

security advisorysecurity issueimportant

SUSE: 2021:2004-1 Critical: Apache2 Security Patch Overview

An update that solves 6 vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2004-1 Rating: important References: #1145740 #1180530 #1182703 #1186922 #1186923 #1186924 #1187017 #1187174 Cross-References: CVE-2019-10092 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618 CVSS scores: CVE-2019-10092 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-10092 (SUSE): 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVE-2020-35452 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2020-35452 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26690 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26691 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30641 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-31618 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux EnterpriseHigh Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has two fixes is now available. Description: This update for apache2 fixes the following issues: - CVE-2021-30641: Fixed MergeSlashes regression (bsc#1187174) - CVE-2021-31618: Fixed NULL pointer dereference on specially crafted HTTP/2 request (bsc#1186924) - CVE-2020-35452: Fixed Single zero byte stack overflow in mod_auth_digest (bsc#1186922) - CVE-2021-26690: Fixed mod_session NULL pointer dereference in parser (bsc#1186923) - CVE-2021-26691: Fixed Heap overflow in mod_session (bsc#1187017) - Fixed potential content spoofing with default error pages (bsc#1182703) - Fixed for an issue when 'gensslcert' does not set CA:True. (bsc#1180530) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2004=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2004=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2004=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2004=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-2004=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2004=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2004=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-2004=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2004=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2004=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2004=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-2004=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-2004=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Manager Server 4.0 (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Manager Retail Branch Server 4.0 (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Manager Proxy 4.0 (noarch): apache2-doc-2.4.33-3.50.1 - SUSEManager Proxy 4.0 (x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): apache2-doc-2.4.33-3.50.1 - SUSELinux Enterprise Server 15-SP1-BCL (x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): apache2-doc-2.4.33-3.50.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE Enterprise Storage 6 (noarch): apache2-doc-2.4.33-3.50.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-2.4.33-3.50.1 apache2-debuginfo-2.4.33-3.50.1 apache2-debugsource-2.4.33-3.50.1 apache2-devel-2.4.33-3.50.1 apache2-prefork-2.4.33-3.50.1 apache2-prefork-debuginfo-2.4.33-3.50.1 apache2-utils-2.4.33-3.50.1 apache2-utils-debuginfo-2.4.33-3.50.1 apache2-worker-2.4.33-3.50.1 apache2-worker-debuginfo-2.4.33-3.50.1 - SUSE CaaS Platform 4.0 (noarch): apache2-doc-2.4.33-3.50.1 References: https://www.suse.com/security/cve/CVE-2019-10092.html https://www.suse.com/security/cve/CVE-2020-35452.html https://www.suse.com/security/cve/CVE-2021-26690.html https://www.suse.com/security/cve/CVE-2021-26691.html https://www.suse.com/security/cve/CVE-2021-30641.html https://www.suse.com/security/cve/CVE-2021-31618.html https://bugzilla.suse.com/1145740 https://bugzilla.suse.com/1180530 https://bugzilla.suse.com/1182703 https://bugzilla.suse.com/1186922 https://bugzilla.suse.com/1186923 https://bugzilla.suse.com/1186924 https://bugzilla.suse.com/1187017 https://bugzilla.suse.com/1187174 . SUSE has released a security update for nginx, tackling five vulnerabilities to enhance overall system integrity and protection.. SUSE Security Update, Apache2 Fixes, System Stability, Security Patch. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2021 •Important SuSE

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

openSUSE libinput Important Local Privilege Escalation Fix 2026-2523-1

SUSE sqlite3 Important Memory Corruption Buffer Overflow Vuln 2026-2527-1

openSUSE libinput Important Local Escalation Fix Vuln 2026-2529-1

SUSE Libinput Important Local Privilege Escalation Vuln 2026-2529-1

openSUSE libinput Important Local Access Disruption 2026-2530-1

SUSE libsolv Important Buffer Overflow & Security Fixes 2026-2531-1

SUSE Linux Kernel Important Buffer Overflow Security Update 2026-2549-1

openSUSE Kernel Important Security Update for CVE-2026-43503 CVE-2026-46323

SUSE Linux Enterprise Kernel Important Security Fixes 2026-2532-1

Refine advisories

Get the latest News and Insights

Community Poll

Does sandboxing completely stop hackers?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Explore Latest Linux Security advisories

Oracle Linux 9 ELSA-2025-20320 critical update: Kernel Changes

SUSE: 2021:2004-1 Critical: Apache2 Security Patch Overview

Get the latest News and Insights

Community Poll

Does sandboxing completely stop hackers?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

openSUSE libinput Important Local Privilege Escalation Fix 2026-2523-1

SUSE sqlite3 Important Memory Corruption Buffer Overflow Vuln 2026-2527-1

openSUSE libinput Important Local Escalation Fix Vuln 2026-2529-1

SUSE Libinput Important Local Privilege Escalation Vuln 2026-2529-1

openSUSE libinput Important Local Access Disruption 2026-2530-1

SUSE libsolv Important Buffer Overflow & Security Fixes 2026-2531-1

SUSE Linux Kernel Important Buffer Overflow Security Update 2026-2549-1

openSUSE Kernel Important Security Update for CVE-2026-43503 CVE-2026-46323

SUSE Linux Enterprise Kernel Important Security Fixes 2026-2532-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

Does sandboxing completely stop hackers?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

Does sandboxing completely stop hackers?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!