Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-39575 http://linux.oracle.com/errata/ELSA-2026-39575.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: cifs-utils-7.0-5.el8_10.x86_64.rpm cifs-utils-devel-7.0-5.el8_10.i686.rpm cifs-utils-devel-7.0-5.el8_10.x86_64.rpm pam_cifscreds-7.0-5.el8_10.x86_64.rpm aarch64: cifs-utils-7.0-5.el8_10.aarch64.rpm cifs-utils-devel-7.0-5.el8_10.aarch64.rpm pam_cifscreds-7.0-5.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/cifs-utils-7.0-5.el8_10.src.rpm Related CVEs: CVE-2026-12505 Description of changes: [7.0-5] - resolves: RHEL-192933 - fix krb5 mount regression [7.0-4] - cifs.upcall: remove getpwuid dependency - cifs.upcall: fix compiler warning with -Wvla - Resolves: RHEL-185759 - Fix CVE-2026-12505 [7.0-3] - docs: update echo_interval description - Resolves: RHEL-80397 [7.0-2] - mount.cifs.rst: add missing reference for sssd - mount.cifs.rst: update section about xattr/acl support - Resolves: RHEL-41059 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50373 http://linux.oracle.com/errata/ELSA-2026-50373.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-core-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-debug-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-debug-core-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-devel-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-doc-5.15.0-322.203.3.2.el9uek.noarch.rpm kernel-uek-modules-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-container-5.15.0-322.203.3.2.el9uek.x86_64.rpm kernel-uek-container-debug-5.15.0-322.203.3.2.el9uek.x86_64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-322.203.3.2.el9uek.src.rpm Related CVEs: CVE-2022-50073 CVE-2025-10263 CVE-2026-31657 CVE-2026-46331 CVE-2026-52943 Description of changes: [5.15.0-322.203.3.2] - KVM: x86/mmu: Ensure hugepage is in by slot before checking max mapping level (Sean Christopherson) [Orabug: 39673886] - KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673886] - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Sean Christopherson) [Orabug: 39673886] - KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [Orabug: 39673886] - KVM: x86/mmu: Always pass 0 for @quadrant when gptes are 8 bytes (Paolo Bonzini) [Orabug: 39673886] - KVM: x86/mmu: Derive shadow MMU page role from parent (Paolo Bonzini) [Orabug: 39673886] - KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (DavidMatlack) [Orabug: 39673886] - KVM: x86/mmu: Use a bool for direct (David Matlack) [Orabug: 39673886] - net/sched: act_pedit: free pedit keys on bail from offset check (Pedro Tammela) [Orabug: 39668793] - net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) [Orabug: 39668793] {CVE-2026-46331} - net/sched: act_pedit: rate limit datapath messages (Pedro Tammela) [Orabug: 39668793] - net/sched: act_pedit: check static offsets a priori (Pedro Tammela) [Orabug: 39668793] [5.15.0-322.203.3.1] - net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39648952] {CVE-2026-52943} [5.15.0-322.203.3] - arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39548689] {CVE-2025-10263} - arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39548689] - ARM: uek: Disable CONFIG_NVIDIA_CARMEL_CNP_ERRATUM (Boris Ostrovsky) [Orabug: 39548689] - arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39548689] - arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39548689] - arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39548689] - net/rds: Make "rds_send_xmit" fairer (Gerd Rausch) [Orabug: 39532945] - net/rds: Schedule rds_send_worker if there's more work to do (Gerd Rausch) [Orabug: 39532945] - Revert "rds: Change return code from rds_send_xmit() when lock is taken" (Gerd Rausch) [Orabug: 39532945] - Revert "Reapply "rds: ib: Make sure receives are posted before connection is up"" (Gerd Rausch) [Orabug: 39532945] - Revert "rds: ib: Make sure a QP in INIT state is transitioned to ERR" (Gerd Rausch) [Orabug: 39532945] - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-> dev is null (Cezar Bulinaru) [Orabug: 39526881] {CVE-2022-50073} - mmc: dwcmshc_bf3_hw_reset: Log eMMC reset calls (Satyansh Shukla) [Orabug: 39333650] - arm64: dts: pensando: drop elba penfw firmware node (Tom Saeger) [Orabug: 39522954] - batman-adv: hold claim backbonegateways by reference (Haoze Xie) [Orabug: 39262374] {CVE-2026-31657} - rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39179363] [5.15.0-322.203.2] - LTS version: v5.15.203 (Vijayendra Suman) - io_uring/poll: correctly handle io_poll_add() return value on update (Jens Axboe) - ksmbd: Fix dangling pointer in krb_authenticate (Sean Heelan) - ksmbd: Fix refcount leak when invalid session is found on session lookup (Namjae Jeon) - Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (Luiz Augusto von Dentz) - i2c: cp2615: fix serial string NULL-deref at probe (Johan Hovold) - i2c: cp2615: replace deprecated strncpy with strscpy (Justin Stitt) - ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() (Namjae Jeon) - ksmbd: fix potencial OOB in get_file_all_info() for compound requests (Namjae Jeon) - tracing: Fix potential deadlock in cpu hotplug with osnoise (Luo Haiyang) - x86/cpu: Enable FSGSBASE early in cpu_init_exception_handling() (Nikunj A Dadhania) - mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (Jinjiang Tu) - scsi: target: tcm_loop: Drain commands in target_reset handler (Josef Bacik) - net: macb: Move devm_{free,request}_irq() out of spin lock area (Kevin Hao) - dmaengine: sh: rz-dmac: Protect the driver specific lists (Claudiu Beznea) - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (Claudiu Beznea) - xfs: save ailp before dropping the AIL lock in push callbacks (Yuto Ohnuki) - ext4: fix use-after-free in update_super_work when racing with umount (Jiayuan Chen) - ext4: fix the might_sleep() warnings in kvfree() (Zqiang) - ext4: publish jinode after initialization (Li Chen) - usb: gadget: uvc: fix NULL pointer dereference during unbind race (Jimmy Hu) - usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (Kuen-Han Tsai) - usb: gadget: f_hid: move list and spinlock inits from bind to alloc (Michael Zimmermann) - net: rfkill: prevent unlimited numbers of rfkill events from being created(Greg Kroah-Hartman) - seg6: separate dst_cache for input and output paths in seg6 lwtunnel (Andrea Mayer) - Revert "mptcp: add needs_id for netlink appending addr" (Matthieu Baerts (NGI0)) - xen/privcmd: unregister xenstore notifier on module exit (GuoHan Zhao) - netlink: add nla be16/32 types to minlen array (Florian Westphal) - rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING) (David Howells) - rxrpc: fix reference count leak in rxrpc_server_keyring() (Luxiao Xu) - net: stmmac: fix integer underflow in chain mode (Tyllis Xu) - net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure (Pengpeng Hou) - mmc: vub300: fix NULL-deref on disconnect (Johan Hovold) - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (Sebastian Brzezinka) - net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (David Carlier) - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (Muhammad Alifa Ramdhan) - batman-adv: reject oversized global TT response buffers (Ruide Cao) - nfc: pn533: allocate rx skb before consuming bytes (Pengpeng Hou) - arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges (Shawn Guo) - arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity (Shawn Guo) - wifi: brcmsmac: Fix dma_free_coherent() size (Thomas Fourier) - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (Oleh Konko) - netfilter: nft_ct: fix use-after-free in timeout object destroy (Tuan Do) - apparmor: fix race between freeing data and fs accessing it (John Johansen) - apparmor: fix race on rawdata dereference (John Johansen) - apparmor: fix differential encoding verification (John Johansen) - apparmor: fix unprivileged local user can do privileged policy management (John Johansen) - apparmor: Fix double free of ns_name in aa_replace_profiles() (John Johansen) - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (Massimiliano Pellizzer) - apparmor: fix side-effect bug in match_char() macro usage (Massimiliano Pellizzer) -apparmor: fix: limit the number of levels of policy namespaces (John Johansen) - apparmor: replace recursive profile removal with iterative approach (Massimiliano Pellizzer) - apparmor: fix memory leak in verify_header (Massimiliano Pellizzer) - apparmor: validate DFA start states are in bounds in unpack_pdb (Massimiliano Pellizzer) - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (Nuno Sa) - gpiolib: cdev: fix uninitialised kfifo (Kent Gibson) - media: uvcvideo: Use heuristic to find stream entity (Ricardo Ribalda) - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (Thadeu Lima de Souza Cascardo) - Input: uinput - take event lock when submitting FF request "event" (Dmitry Torokhov) - Input: uinput - fix circular locking dependency with ff-core (Mikhail Gavrilov) - mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen) - xfrm_user: fix info leak in build_report() (Greg Kroah-Hartman) - wifi: rt2x00usb: fix devres lifetime (Johan Hovold) - lib/crypto: chacha: Zeroize permuted_state before it leaves scope (Eric Biggers) - wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free (Alexander Popov) - io_uring/tctx: work around xa_store() allocation error issue (Jens Axboe) - usb: gadget: f_uac1_legacy: validate control request size (Taegu Ha) - usb: gadget: f_rndis: Protect RNDIS options with mutex (Kuen-Han Tsai) - usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (Kuen-Han Tsai) - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser (Navaneeth K) - smb: client: Fix refcount leak for cifs_sb_tlink (Shuhao Fu) - net: mctp: Don't access ifa_index when missing (Matt Johnston) - fbcon: Set fb_display[i]-> mode to NULL when the mode is released (Quanmin Yan) - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (Marc Kleine-Budde) - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (Marc Kleine-Budde) - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) - usb:gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (Sebastian Urban) - USB: dummy-hcd: Fix interrupt synchronization error (Alan Stern) - USB: dummy-hcd: Fix locking/synchronization error (Alan Stern) - thunderbolt: Fix property read in nhi_wake_supported() (Konrad Dybcio) - net: ftgmac100: fix ring allocation unwind on open failure (Yufan Chen) - vxlan: validate ND option lengths in vxlan_na_create (Yang Yang) - netfilter: ipset: drop logically empty buckets in mtype_del (Yifan Wu) - comedi: me4000: Fix potential overrun of firmware buffer (Ian Abbott) - comedi: me_daq: Fix potential overrun of firmware buffer (Ian Abbott) - comedi: ni_atmio16d: Fix invalid clean-up after failed attach (Ian Abbott) - comedi: Reinit dev-> spinlock between attachments to low-level drivers (Ian Abbott) - comedi: dt2815: add hardware detection to prevent crash (Deepanshu Kartikey) - cdc-acm: new quirk for EPSON HMD (Oliver Neukum) - bridge: br_nd_send: validate ND option lengths (Yang Yang) - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (Claudiu Beznea) - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (Claudiu Beznea) - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (Claudiu Beznea) - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (Claudiu Beznea) - usb: cdns3: gadget: fix state inconsistency on gadget init failure (Yongchao Wu) - usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (Yongchao Wu) - usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (Juno Choi) - usb: ehci-brcm: fix sleep during atomic (Justin Chen) - usb: usbtmc: Flush anchored URBs in usbtmc_release (Heitor Alves de Siqueira) - usb: ulpi: fix double free in ulpi_register_interface() error path (Guangshuo Li) - usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (Miao Li) - iio: gyro: mpu3050: Fix out-of-sequence free_irq() (Ethan Tidmore) - iio: gyro: mpu3050: Move iio_device_register() to correct location(Ethan Tidmore) - iio: gyro: mpu3050: Fix irq resource leak (Ethan Tidmore) - iio: gyro: mpu3050: Fix incorrect free_irq() variable (Ethan Tidmore) - iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (Francesco Lavra) - iio: light: vcnl4035: fix scan buffer on big-endian (David Lechner) - iio: dac: ad5770r: fix error return in ad5770r_read_raw() (Antoniu Miclaus) - Input: xpad - add support for Razer Wolverine V3 Pro (Zoltan Illes) - Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (Christoffer Sandberg) - Input: synaptics-rmi4 - fix a locking bug in an error path (Bart Van Assche) - USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (JP Hein) - USB: serial: option: add support for Rolling Wireless RW135R-GL (Wanquan Zhong) - USB: serial: io_edgeport: add support for Blackbox IC135A (Frej Drejhammar) - drm/ast: dp501: Fix initialization of SCU2C (Thomas Zimmermann) - hwmon: (occ) Fix division by zero in occ_show_power_1() (Sanman Pradhan) - MIPS: Fix the GCC version check for __multi3' workaround (Maciej W. Rozycki) - Bluetooth: SMP: force responder MITM requirements before building the pairing response (Oleh Konko) - Bluetooth: SMP: derive legacy responder STK authentication from MITM state (Oleh Konko) - ALSA: ctxfi: Fix missing SPDIFI1 index handling (Takashi Iwai) - ALSA: caiaq: fix stack out-of-bounds read in init_card (Berk Cem Goksel) - USB: serial: option: add MeiG Smart SRM825WN (Ernestas Kulik) - wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (Yasuaki Torimaru) - drm/ioc32: stop speculation on the drm_compat_ioctl path (Greg Kroah-Hartman) - riscv: kgdb: fix several debug register assignment bugs (Paul Walmsley) - hwmon: (occ) Fix missing newline in occ_show_extended() (Sanman Pradhan) - hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (Sanman Pradhan) - hwmon: (pxe1610) Check return value of page-select write in probe (Sanman Pradhan) - bpf: reject direct access to nullable PTR_TO_BUF pointers (QiTang) - ipv6: avoid overflows in ip6_datagram_send_ctl() (Eric Dumazet) - net/sched: cls_flow: fix NULL pointer dereference on shared blocks (Xiang Mei) - net/sched: cls_fw: fix NULL pointer dereference on shared blocks (Xiang Mei) - net/x25: Fix overflow when accumulating packets (Martin Schiller) - net/x25: Fix potential double free of skb (Martin Schiller) - net/mlx5: Avoid "No data available" when FW version queries fail (Saeed Mahameed) - net: macb: properly unregister fixed rate clocks (Fedor Pchelkin) - net: macb: fix clk handling on PCI glue driver removal (Fedor Pchelkin) - Bluetooth: MGMT: validate LTK enc_size on load (Keenan Dong) - netfilter: nf_tables: reject immediate NF_QUEUE verdict (Pablo Neira Ayuso) - netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (Pablo Neira Ayuso) - netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (Qi Tang) - netfilter: nf_conntrack_helper: pass helper to expect cleanup (Qi Tang) - netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attr (Florian Westphal) - netfilter: x_tables: ensure names are nul-terminated (Florian Westphal) - netfilter: nfnetlink_log: account for netlink header size (Florian Westphal) - netfilter: flowtable: strictly check for maximum number of actions (Pablo Neira Ayuso) - net: ipv6: flowlabel: defer exclusive option free until RCU teardown (Zhengchuan Liang) - bpf: Fix regsafe() for pointers to packet (Alexei Starovoitov) - net: xilinx: axienet: Correct BD length masks to match AXIDMA IP spec (Suraj Gupta) - NFC: pn533: bound the UART receive buffer (Pengpeng Hou) - net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (Yochai Eisenrich) - ipv6: prevent possible UaF in addrconf_permanent_addr() (Paolo Abeni) - net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (Xiang Mei) - bridge: br_nd_send: linearize skb before parsing ND options (Yang Yang) - ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (Eric Dumazet) - ipv6: icmp: clear skb2-> cb[]in ip6_err_gen_icmpv6_unreach() (Eric Dumazet) - tg3: Fix race for querying speed/duplex (Thomas Bogendoerfer) - net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (Yochai Eisenrich) - net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak (Jiayuan Chen) - crypto: af-alg - fix NULL pointer dereference in scatterwalk (Norbert Szetei) - dt-bindings: auxdisplay: ht16k33: Use unevaluatedProperties to fix common property warning (Frank Li) - btrfs: reject root items with drop_progress and zero drop_level (ZhengYuan Huang) - HID: multitouch: Check to ensure report responses match the request (Lee Jones) - objtool: Fix Clang jump table detection (Josh Poimboeuf) - btrfs: don't take device_list_mutex when querying zone info (Johannes Thumshirn) - atm: lec: fix use-after-free in sock_def_readable() (Deepanshu Kartikey) - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (Benoît Sevens) - futex: Clear stale exiting pointer in futex_lock_pi() retry path (Davidlohr Bueso) - dmaengine: xilinx_dma: Fix reset related timeout with two-channel AXIDMA (Tomi Valkeinen) - dmaengine: xilinx_dma: Program interrupt delay timeout (Radhey Shyam Pandey) - dmaengine: idxd: Fix freeing the allocated ida too late (Vinicius Costa Gomes) - btrfs: fix lost error when running device stats on multiple devices fs (Filipe Manana) - btrfs: fix super block offset in error message in btrfs_validate_super() (Mark Harmstone) - dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (Marek Vasut) - dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (Marek Vasut) - dmaengine: xilinx: xilinx_dma: Fix dma_device directions (Marek Vasut) - phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (Felix Gu) - ext4: always drain queued discard work in ext4_mb_release() (Theodore Ts'o) - ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (Baokun Li) - ext4: reject mount if bigalloc with s_first_data_block != 0 (HelenKoike) - ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (Ye Bin) - ext4: make recently_deleted() properly work with lazy itable initialization (Jan Kara) - ext4: convert inline data to extents when truncate exceeds inline size (Deepanshu Kartikey) - xfs: stop reclaim before pushing AIL during unmount (Yuto Ohnuki) - jbd2: gracefully abort on checkpointing state corruptions (Milos Nikic) - scsi: ses: Handle positive SCSI error from ses_recv_diag() (Greg Kroah-Hartman) - scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (Tyllis Xu) - alarmtimer: Fix argument order in alarm_timer_forward() (Zhan Xusheng) - erofs: add GFP_NOIO in the bio completion if needed (Jiucheng Xu) - virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (xietangxin) - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (Yuchan Nam) - cpufreq: conservative: Reset requested_freq on limits change (Viresh Kumar) - can: gw: fix OOB heap access in cgw_csum_crc8_rel() (Ali Norouzi) - s390/barrier: Make array_index_mask_nospec() __always_inline (Vasily Gorbik) - s390/syscalls: Add spectre boundary for syscall dispatch table (Greg Kroah-Hartman) - spi: spi-fsl-lpspi: fix teardown order issue (UAF) (Marc Kleine-Budde) - ASoC: adau1372: Fix clock leak on PLL lock failure (Jihed Chaibi) - ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (Jihed Chaibi) - sysctl: fix uninitialized variable in proc_do_large_bitmap (Marc Buerg) - hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (Sanman Pradhan) - ACPI: EC: Fix ECDT probe ordering issues (Hans de Goede) - ACPI: EC: Fix EC address space handler unregistration (Hans de Goede) - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (Hans de Goede) - ACPICA: include/acpi/acpixf.h: Fix indentation (Hans de Goede) - ASoC: Intel: catpt: Fix the device initialization (Cezary Rojewski) - drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (Samasth NorwayAnanda) - x86/efi: efi_unmap_boot_services: fix calculation of ranges_to_free size (Mike Rapoport (Microsoft)) - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (Yihang Li) - RDMA/irdma: Return EINVAL for invalid arp index error (Tatyana Nikolova) - RDMA/irdma: Fix deadlock during netdev reset with active connections (Anil Samal) - RDMA/irdma: Remove reset check from irdma_modify_qp_to_err() (Tatyana Nikolova) - RDMA/irdma: Clean up unnecessary dereference of event-> cm_node (Ivan Barrera) - RDMA/irdma: Remove a NOP wait_event() in irdma_modify_qp_roce() (Tatyana Nikolova) - RDMA/irdma: Update ibqp state to error if QP is already in error state (Tatyana Nikolova) - RDMA/rw: Fall back to direct SGE on MR pool exhaustion (Chuck Lever) - regmap: Synchronize cache for the page selector (Andy Shevchenko) - net: macb: use the current queue number for stats (Paolo Valerio) - netfilter: ctnetlink: use netlink policy range checks (David Carlier) - netlink: allow be16 and be32 types in all uint policy checks (Florian Westphal) - netlink: introduce bigendian integer types (Florian Westphal) - netfilter: nft_payload: reject out-of-range attributes via policy (Florian Westphal) - netlink: introduce NLA_POLICY_MAX_BE (Florian Westphal) - netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (Weiming Shi) - netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (Ren Wei) - netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (Weiming Shi) - Bluetooth: btusb: clamp SCO altsetting table indices (Pengpeng Hou) - Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (Hyunwoo Kim) - dma-mapping: add missing inline for dma_free_attrs (Miguel Ojeda) - net: enetc: fix the output issue of 'ethtool --show-ring' (Wei Fang) - net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) - platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (Alok Tiwari) - rtnetlink: count IFLA_INFO_SLAVE_KIND in if_nlmsg_size (SabrinaDubroca) - net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (Qi Tang) - openvswitch: validate MPLS set/set_masked payload length (Yang Yang) - nfc: nci: fix circular locking dependency in nci_close_device (Jakub Kicinski) - ionic: fix persistent MAC address override on PF (Mohammad Heib) - pinctrl: mediatek: common: Fix probe failure for devices without EINT (Luca Leonardo Scorcia) - Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (Helen Koike) - Bluetooth: hci_ll: Fix firmware leak on error path (Anas Iqbal) - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (Hyunwoo Kim) - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (Hyunwoo Kim) - can: statistics: add missing atomic access in hot path (Oliver Hartkopp) - af_key: validate families in pfkey_send_migrate() (Eric Dumazet) - esp: fix skb leak with espintcp and async crypto (Sabrina Dubroca) - xfrm: Fix the usage of skb-> sk (Steffen Klassert) - xfrm: call xdo_dev_state_delete during state update (Sabrina Dubroca) - ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (Uzair Mughal) - dma-buf: Include ioctl.h in UAPI header (Isaac J. Manjarres) - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (Mark Brown) - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (Mark Brown) - module: Fix kernel panic when a symbol st_shndx is out of bounds (Ihor Solodrai) - HID: mcp2221: cancel last I2C command on read error (Romain Sioen) - net: usb: r8152: add TRENDnet TUC-ET2G (Valentin Spreckels) - HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (Günther Noack) - HID: magicmouse: fix battery reporting for Apple Magic Trackpad 2 (Julius Lehmann) - nvme-pci: ensure we're polling a polled queue (Keith Busch) - platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (Hans de Goede) - platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (LeifSkunberg) - nvme-pci: cap queue creation to used queues (Keith Busch) - platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (Peter Metz) - HID: asus: avoid memory leak in asus_report_fixup() (Günther Noack) - bpf: Release module BTF IDR before module unload (Kumar Kartikeya Dwivedi) - sh: platform_early: remove pdev-> driver_override check (Danilo Krummrich) - xen/privcmd: add boot control for restricted usage in domU (Juergen Gross) - xen/privcmd: restrict usage in unprivileged domU (Juergen Gross) - netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (Florian Westphal) - netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal) - tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure (Josh Law) - lib/bootconfig: check xbc_init_node() return in override path (Josh Law) - drm/i915/gt: Check set_default_submission() before deferencing (Rahul Bukte) - ksmbd: fix use-after-free of share_conf in compound request (Hyunwoo Kim) - mtd: rawnand: brcmnand: skip DMA during panic write (Kamal Dasu) - mtd: rawnand: serialize lock/unlock against other NAND operations (Kamal Dasu) - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (Christophe JAILLET) - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (Sanman Pradhan) - icmp: fix NULL pointer dereference in icmp_tag_validation() (Weiming Shi) - net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths (Anas Iqbal) - net: mvpp2: guard flow control update with global_tx_fc in buffer switching (Muhammad Hammad Ijaz) - nfnetlink_osf: validate individual option lengths in fingerprints (Weiming Shi) - net: bonding: fix NULL deref in bond_debug_rlb_hash_show (Xiang Mei) - udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (Xiang Mei) - net: macb: fix uninitialized rx_fs_lock (Fedor Pchelkin) - wifi: mac80211: fix NULL deref in mesh_matches_local() (Xiang Mei) - igc: fix missing update of skb-> tail in igc_xmit_frame() (Kohei Enju) - net: usb: aqc111: Donot perform PM inside suspend callback (Nikola Z. Ivanov) - net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (Jiayuan Chen) - net/smc: Fix slab-out-of-bounds issue in fallback (Wen Gu) - net/smc: Only save the original clcsock callback functions (Wen Gu) - PM: runtime: Fix a race condition related to device removal (Bart Van Assche) - sched: idle: Consolidate the handling of two special cases (Rafael J. Wysocki) - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (Dipayaan Roy) - net: bcmgenet: increase WoL poll timeout (Justin Chen) - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (Jenny Guanni Qu) - netfilter: xt_time: use unsigned int for monthday bit shift (Jenny Guanni Qu) - netfilter: xt_CT: drop pending enqueued packets on template removal (Pablo Neira Ayuso) - netfilter: nft_ct: drop pending enqueued packets on removal (Pablo Neira Ayuso) - netfilter: nft_ct: add seqadj extension for natted connections (Andrii Melnychenko) - netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (Jenny Guanni Qu) - netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (Lukas Johannes Möller) - netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (Hyunwoo Kim) - netfilter: ctnetlink: remove refcounting in expectation dumpers (Florian Westphal) - net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (Jiayuan Chen) - Bluetooth: qca: fix ROM version reading on WCN3998 chips (Dmitry Baryshkov) - Bluetooth: HIDP: Fix possible UAF (Luiz Augusto von Dentz) - Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (Christian Eggers) - Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (Christian Eggers) - Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (Christian Eggers) - firmware: arm_scpi: Fix device_node reference leak in probe path (Felix Gu) - of: Add cleanup.h based auto release via __free(device_node) markings (Jonathan Cameron) - wifi: mac80211: Fixstatic_branch_dec() underflow for aql_disable. (Kuniyuki Iwashima) - soc: fsl: qbman: fix race condition in qman_destroy_fq (Richard Genoud) - btrfs: tree-checker: fix misleading root drop_level error message (ZhengYuan Huang) - batman-adv: avoid OGM aggregation when skb tailroom is insufficient (Yang Yang) - pmdomain: bcm: bcm2835-power: Increase ASB control timeout (Maíra Canal) - mptcp: pm: avoid sending RM_ADDR over same subflow (Matthieu Baerts (NGI0)) - drm/amd/display: Use GFP_ATOMIC in dc_create_stream_for_sink (Natalie Vock) - net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (Andrew Lunn) - smb: client: Don't log plaintext credentials in cifs_set_cifscreds (Thorsten Blum) - RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (Jason Gunthorpe) - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (Daniil Dulov) - wifi: cfg80211: move scan done work to wiphy work (Johannes Berg) - wifi: libertas: fix use-after-free in lbs_free_adapter() (Daniel Hodges) - ext4: always allocate blocks only from groups inode can use (Jan Kara) - ksmbd: fix null pointer dereference error in generate_encryptionkey (Namjae Jeon) - ext4: fix dirtyclusters double decrement on fs shutdown (Brian Foster) - ext4: drop extent cache when splitting extent fails (Zhang Yi) - ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O (Zhang Yi) - ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths (Fedor Pchelkin) - drm/exynos: vidi: use ctx-> lock to protect struct vidi_context member variables related to memory alloc/free (Jeongjun Park) - drm/exynos: vidi: fix to avoid directly dereferencing user pointer (Jeongjun Park) - drm/exynos: vidi: use priv-> vidi_dev for ctx lookup in vidi_connection_ioctl() (Jeongjun Park) - net: Handle napi_schedule() calls from non-interrupt (Frederic Weisbecker) - net: stmmac: dwmac-loongson: Set clk_csr_i to 100-150MHz (Huacai Chen) - drm/radeon: apply state adjust rules to some additional HAINAN vairants (Alex Deucher) -serial: uartlite: fix PM runtime usage count underflow on probe (Maciej Andrzejewski ICEYE) - serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (Ilpo Järvinen) - serial: 8250: Fix TX deadlock when using DMA (Raul E Rangel) - serial: 8250_pci: add support for the AX99100 (Martin Roukala (né Peres)) - iommu/vt-d: Fix intel iommu iotlb sync hardlockup and retry (Guanghui Feng) - mtd: Avoid boot crash in RedBoot partition table parser (Finn Thain) - mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (Chen Ni) - mtd: rawnand: pl353: make sure optimal timings are applied (Olivier Sobrie) - mmc: sdhci: fix timing selection for 1-bit bus width (Luke Wang) - mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (Matthew Schwartz) - Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (Lukas Johannes Möller) - Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (Lukas Johannes Möller) - net: macb: fix use-after-free access to PTP clock (Fedor Pchelkin) - NFC: nxp-nci: allow GPIOs to sleep (Ian Ray) - nvdimm/bus: Fix potential use after free in asynchronous initialization (Ira Weiny) - sunrpc: fix cache_request leak in cache_release (Jeff Layton) - driver: iio: add missing checks on iio_info's callback access (Julien Stephan) - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (Jens Axboe) - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() (Eric Dumazet) - bpf: Forget ranges when refining tnum after JSET (Paul Chaignon) - i3c: mipi-i3c-hci: Add missing TID field to no-op command descriptor (Adrian Hunter) - i3c: mipi-i3c-hci: Restart DMA ring correctly after dequeue abort (Adrian Hunter) - i3c: mipi-i3c-hci: Use ETIMEDOUT instead of ETIME for timeout errors (Adrian Hunter) - iio: imu: inv_icm42600: fix odr switch to the same value (Jean-Baptiste Maneyrol) - iio: gyro: mpu3050-i2c: fix pm_runtime error handling (Antoniu Miclaus) - iio: gyro: mpu3050-core: fix pm_runtime error handling (Antoniu Miclaus) - iio:chemical: bme680: Fix measurement wait duration calculation (Chris Spencer) - iio: potentiometer: mcp4131: fix double application of wiper shift (Lukas Schmid) - iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (Antoniu Miclaus) - iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (Antoniu Miclaus) - iio: dac: ds4424: reject -128 RAW value (Oleksij Rempel) - btrfs: abort transaction on failure to update root in the received subvol ioctl (Filipe Manana) - lib/bootconfig: check bounds before writing in __xbc_open_brace() (Josh Law) - lib/bootconfig: fix snprintf truncation check in xbc_node_compose_key_after() (Josh Law) - x86/apic: Disable x2apic on resume if the kernel expects so (Shashank Balaji) - lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error (Josh Law) - xfs: fix undersized l_iclog_roundoff values (Darrick J. Wong) - tracing: Fix trace_buf_size= cmdline parameter with sizes > = 2G (Calvin Owens) - drm/amdgpu: Fix use-after-free race in VM acquire (Alysa Liu) - net: ethernet: arc: emac: quiesce interrupts before requesting IRQ (Fan Wu) - net: ncsi: fix skb leak in error paths (Jian Zhang) - parisc: Fix initial page table creation for boot (Helge Deller) - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (Sanman Pradhan) - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (Dave Airlie) - parisc: Increase initial mapping to 64 MB with KALLSYMS (Helge Deller) - batman-adv: Avoid double-rtnl_lock ELP metric worker (Sven Eckelmann) - ice: fix retry for AQ command 0x06EE (Jakub Staniszewski) - net: mana: Ring doorbell at 4 CQ wraparounds (Long Li) - media: dvb-net: fix OOB access in ULE extension header tables (Ariel Silver) - staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (Greg Kroah-Hartman) - staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie (Luka Gejak) - irqchip/gic-v3-its: Limit number of per-device MSIs to the range the ITS supports (Marc Zyngier) - device property: Allowsecondary lookup in fwnode_get_next_child_node() (Andy Shevchenko) - time/jiffies: Mark jiffies_64_to_clock_t() notrace (Steven Rostedt) - time: add kernel-doc in time.c (Randy Dunlap) - ceph: fix i_nlink underrun during async unlink (Max Kellermann) - libceph: admit message frames only in CEPH_CON_S_OPEN state (Ilya Dryomov) - libceph: Use u32 for non-negative values in ceph_monmap_decode() (Raphael Zimmer) - libceph: prevent potential out-of-bounds reads in process_message_header() (Ilya Dryomov) - libceph: reject preamble if control segment is empty (Ilya Dryomov) - libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (Raphael Zimmer) - tipc: fix divide-by-zero in tipc_sk_filter_connect() (Mehul Rao) - mmc: core: Avoid bitfield RMW for claim/retune flags (Penghe Geng) - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (Felix Gu) - mm/tracing: rss_stat: ensure curr is false from kthread context (Kalesh Singh) - usb: image: mdc800: kill download URB on timeout (Ziyi Guo) - usb: mdc800: handle signal and read racing (Oliver Neukum) - usb: renesas_usbhs: fix use-after-free in ISR during device removal (Fan Wu) - usb: class: cdc-wdm: fix reordering issue in read code path (Oliver Neukum) - USB: core: Limit the length of unkillable synchronous timeouts (Alan Stern) - USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (Alan Stern) - USB: usbcore: Introduce usb_bulk_msg_killable() (Alan Stern) - usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (Marc Zyngier) - usb: core: don't power off roothub PHYs if phy_set_mode() fails (Gabor Juhos) - usb: misc: uss720: properly clean up reference in uss720_probe() (Greg Kroah-Hartman) - usb: yurex: fix race in probe (Oliver Neukum) - usb: xhci: Fix memory leak in xhci_disable_slot() (Zilin Guan) - usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (Christoffer Sandberg) - net: usb: lan78xx: skip LTM configuration for LAN7850 (Oleksij Rempel) - net: usb: lan78xx: fix silent drop of packets with checksum errors(Oleksij Rempel) - cgroup: fix race between task migration and iteration (Qingye Zhao) - octeontx2-af: devlink: fix NIX RAS reporter recovery condition (Alok Tiwari) - ASoC: detect empty DMI strings (Casey Connolly) - ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (Chen Ni) - ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (Ben Dooks) - e1000/e1000e: Fix leak in DMA error cleanup (Matt Vollrath) - i40e: fix src IP mask checks and memcpy argument names in cloud filter (Alok Tiwari) - nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set (Sungwoo Kim) - regulator: pca9450: Correct interrupt type (Peng Fan) - regulator: pca9450: Make IRQ optional (Frieder Schrempf) - netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (Yuan Tan) - netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (Hyunwoo Kim) - netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path (Hyunwoo Kim) - netfilter: x_tables: guard option walkers against 1-byte tail reads (David Dull) - netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() (Jenny Guanni Qu) - can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (Wenyuan Li) - serial: caif: hold tty-> link reference in ldisc_open and ser_release (Shuangpeng Bai) - ASoC: soc-core: flush delayed work before removing DAIs and widgets (matteo.cotifava) - ASoC: core: Do not call link_exit() on uninitialized rtd objects (Amadeusz Sławiński) - ASoC: core: Exit all links before removing their components (Cezary Rojewski) - ASoC: soc-core: accept zero format at snd_soc_runtime_set_dai_fmt() (Kuninori Morimoto) - ASoC: soc-core: drop delayed_work_pending() check before flush (matteo.cotifava) - net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (Weiming Shi) - net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery (Gal Pressman) - bonding: handle BOND_LINK_FAIL, BOND_LINK_BACK as valid link states (Hangbin Liu) - xprtrdma: Decrementre_receiving on the early exit paths (Eric Badger) - powerpc: 83xx: km83xx: Fix keymile vendor prefix (J. Neuschäfer) - remoteproc: sysmon: Correct subsys_name_len type in QMI request (Bjorn Andersson) - powerpc/uaccess: Fix inline assembly for clang build on PPC32 (Christophe Leroy (CS GROUP)) - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (Takashi Iwai) - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (Takashi Iwai) - scsi: ses: Fix devices attaching to different hosts (Tomas Henzl) - ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (Sofia Schneider) - unshare: fix unshare_fs() handling (Al Viro) - scsi: mpi3mr: Add NULL checks when resetting request and reply queues (Ranjan Kumar) - ACPI: PM: Save NVS memory on Lenovo G70-35 (Piotr Mazek) - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (Jan Kiszka) - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) - net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (Jiayuan Chen) - net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (Fernando Fernandez Mancera) - net: stmmac: Fix error handling in VLAN add and delete paths (Ovidiu Panait) - nfc: rawsock: cancel tx_work before socket teardown (Jakub Kicinski) - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (Jakub Kicinski) - nfc: nci: free skb on nci_transceive early error paths (Jakub Kicinski) - net: nfc: nci: Fix zero-length proprietary notifications (Ian Ray) - net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (Koichiro Den) - amd-xgbe: fix sleep while atomic on suspend/resume (Raju Rangoju) - ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (Jakub Kicinski) - xen/acpi-processor: fix _CST detection using undersized evaluation buffer (David Thomson) - indirect_call_wrapper: do not reevaluate function pointer (Eric Dumazet) - wifi: wlcore: Fix a locking bug (Bart Van Assche) - can: mcp251x: fix deadlock in error path ofmcp251x_open (Alban Bedel) - can: bcm: fix locking for bcm_op runtime updates (Oliver Hartkopp) - atm: lec: fix null-ptr-deref in lec_arp_clear_vccs (Jiayuan Chen) - dpaa2-switch: do not clear any interrupts automatically (Ioana Ciornei) - net: dpaa2-switch: serialize changes to priv-> mac with a mutex (Vladimir Oltean) - net: dpaa2-switch replace direct MAC access with dpaa2_switch_port_has_mac() (Vladimir Oltean) - net: dpaa2-switch: assign port_priv-> mac after dpaa2_mac_connect() call (Vladimir Oltean) - net: dpaa2: replace dpaa2_mac_is_type_fixed() with dpaa2_mac_is_type_phy() (Vladimir Oltean) - net: ethernet: ti: am65-cpsw-nuss/cpsw-ale: Fix multicast entry handling in ALE table (Chintan Vankar) - platform/x86: thinkpad_acpi: Fix errors reading battery thresholds (Jonathan Teh) - selftests: mptcp: more stable simult_flows tests (Paolo Abeni) - drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() (Lars Ellenberg) - Squashfs: check metadata block offset is within range (Phillip Lougher) - net/sched: ets: fix divide by zero in the offload path (Davide Caratti) - IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() (Jason Gunthorpe) - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (Vahagn Vardanian) - wifi: radiotap: reject radiotap with unknown bits (Johannes Berg) - ALSA: usb-audio: Use correct version for UAC3 header validation (Jun Seo) - platform/x86: dell-wmi: Add audio/mic mute key codes (Kurt Borja) - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (Thorsten Blum) - x86/efi: defer freeing of boot services memory (Mike Rapoport (Microsoft)) - HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (Greg Kroah-Hartman) - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (Greg Kroah-Hartman) - can: ucan: Fix infinite loop from zero-length messages (Greg Kroah-Hartman) - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (Greg Kroah-Hartman) - net: usb: pegasus: validate USB endpoints(Greg Kroah-Hartman) - net: usb: kalmia: validate USB endpoints (Greg Kroah-Hartman) - net: usb: kaweth: validate USB endpoints (Greg Kroah-Hartman) - nfc: pn533: properly drop the usb interface reference on disconnect (Greg Kroah-Hartman) - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (Jens Axboe) - eventpoll: Fix integer overflow in ep_loop_check_proc() (Jann Horn) - net: arcnet: com20020-pci: fix support for 2.5Mbit cards (Ethan Nelson-Moore) - ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (Takashi Iwai) - fbcon: check return value of con2fb_acquire_newinfo() (Andrey Vatoropin) - fbcon: move more common code into fb_open() (Daniel Vetter) - fbcon: Extract fbcon_open/release helpers (Daniel Vetter) - fbcon: Use delayed work for cursor (Daniel Vetter) - ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths (Namjae Jeon) - ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (Takashi Iwai) - usb: cdns3: fix role switching during resume (Thomas Richard (TI)) - usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (Théo Lebrun) - usb: cdns3: remove redundant if branch (Hongyu Xie) - clk: tegra: tegra124-emc: fix device leak on set_rate() (Johan Hovold) - mfd: omap-usb-host: Fix OF populate on driver rebind (Johan Hovold) - mfd: omap-usb-host: Convert to platform remove callback returning void (Uwe Kleine-König) - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (Johan Hovold) - mfd: qcom-pm8xxx: Convert to platform remove callback returning void (Uwe Kleine-König) - mfd: qcom-pm8xxx: switch away from using chained IRQ handlers (Dmitry Baryshkov) - drm/tegra: dsi: fix device leak on probe (Johan Hovold) - ata: libata-scsi: refactor ata_scsi_translate() (Damien Le Moal) - ata: libata: remove pointless VPRINTK() calls (Hannes Reinecke) - ata: libata-scsi: drop DPRINTK calls for cdb translation (Hannes Reinecke) - scsi: ata: Call scsi_done() directly (Bart Van Assche) - ARM: omap2: Fix reference count leaks in omap_control_init()(Wentao Liang) - ARM: OMAP2+: add missing of_node_put before break and return (Wang Qing) - memory: mtk-smi: fix device leak on larb probe (Johan Hovold) - memory: mtk-smi: Convert to platform remove callback returning void (Uwe Kleine-König) - bpf: Fix stack-out-of-bounds write in devmap (Kohei Enju) - btrfs: fix incorrect key offset in error message in check_dev_extent_item() (Mark Harmstone) - ALSA: usb-audio: Use inclusive terms (Takashi Iwai) - ALSA: usb-audio: Cap the packet size pre-calculations (Takashi Iwai) - scsi: ufs: core: Move link recovery for hibern8 exit failure to wl_resume (Peter Wang) - scsi: ufs: core: Always initialize the UIC done completion (Bart Van Assche) - scsi: lpfc: Properly set WC for DPP mapping (Mathias Krause) - ARM: clean up the memset64() C wrapper (Thomas Weißschuh) [5.15.0-322.202.1] - scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker (Michael Bommarito) [Orabug: 39446044] - scsi: scsi_transport_fc: Widen FPIN pname walker counter to u32 (Michael Bommarito) [Orabug: 39446044] - scsi: target: iscsi: Fix CRC overread and double-free in iscsit_handle_text_cmd() (Michael Bommarito) [Orabug: 39446044] - scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf (Michael Bommarito) [Orabug: 39446044] - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (Frederick Lawler) [Orabug: 39390378] - net: sched: act_api: implement generic walker and search for tc action (Zhengchao Shao) [Orabug: 39342047] - btrfs: reserve extra space for the free space tree (Josef Bacik) [Orabug: 39281379] - btrfs: include the free space tree in the global rsv minimum calculation (Josef Bacik) [Orabug: 39281379] _______________________________________________ El-errata mailing list
Update to 3.27.1 It fixes CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648 and CVE-2026-55827.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-78a12ffec8 2026-07-04 01:06:18.979228+00:00 -------------------------------------------------------------------------------- Name : freerdp Product : Fedora 43 Version : 3.27.1 Release : 1.fc43 URL : http://www.freerdp.com/ Summary : Free implementation of the Remote Desktop Protocol (RDP) Description : The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox. -------------------------------------------------------------------------------- Update Information: Update to 3.27.1 It fixes CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648 and CVE-2026-55827. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2026 Ondrej Holy - 2:3.27.1-1 - Update to 3.27.1 (CVE-2026-55191, CVE-2026-55192, CVE-2026-55193, CVE-2026-55194, CVE-2026-55648, CVE-2026-55827) Resolves: rhbz#2488900 * Fri Jun 12 2026 Yaakov Selkowitz - 2:3.26.0-8 - Rebuilt for openssl 4.0 * Mon Jun 8 2026 František Zatloukal - 2:3.26.0-7 - Rebuilt for icu 78.3 * Thu Jun 4 2026 Ondrej Holy - 2:3.26.0-6 - Enable uriparser support on RHEL * Tue May 26 2026 Yaakov Selkowitz - 2:3.26.0-5 - Drop multilib-rpm-config usage on RHEL -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-78a12ffec8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More detailson the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical updates for FreeRDP address multiple exploits, ensuring Fedora 43 users are secured against potential threats.. Fedora security patch, FreeRDP update, remote desktop vulnerability, Fedora 43 security. . Severity: Critical. LinuxSecurity.com Team
An update that solves 29 vulnerabilities and has one bug fix can now be installed.. openSUSE security update: security update for mozillafirefox ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21043-1 Rating: important References: * bsc#1268071 Cross-References: * CVE-2026-12289 * CVE-2026-12290 * CVE-2026-12291 * CVE-2026-12292 * CVE-2026-12294 * CVE-2026-12295 * CVE-2026-12296 * CVE-2026-12297 * CVE-2026-12298 * CVE-2026-12299 * CVE-2026-12302 * CVE-2026-12304 * CVE-2026-12305 * CVE-2026-12306 * CVE-2026-12307 * CVE-2026-12308 * CVE-2026-12309 * CVE-2026-12310 * CVE-2026-12311 * CVE-2026-12312 * CVE-2026-12313 * CVE-2026-12314 * CVE-2026-12315 * CVE-2026-12324 * CVE-2026-12325 * CVE-2026-12327 * CVE-2026-12328 * CVE-2026-12329 * CVE-2026-12330 CVSS scores: * CVE-2026-12290 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-12291 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12292 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-12294 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12295 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12296 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12297 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-12298 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12299 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-12302 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-12304 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12305 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-12306 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12307 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12308 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-12309 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-12310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12311 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12312 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12313 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-12314 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-12315 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12324 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-12325 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-12327 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12328 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-12330 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 29 vulnerabilities and has one bug fix can now be installed. Description: This update for MozillaFirefox fixes the following issue Update to Firefox 140.12.0 ESR (MFSA 2026-58, bsc#1268071): - CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. - CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12291: Use-after-free in the Networking: HTTP component. - CVE-2026-12292: Incorrect boundary conditions in the Web Audio component. - CVE-2026-12294: Sandbox escape in the DOM: Workers component. - CVE-2026-12295: Sandbox escape in the DOM: Navigation component. - CVE-2026-12296: Sandbox escape in the Security: Process Sandboxing component. - CVE-2026-12297: Sandbox escape due to incorrect boundary conditions in the Networking component. - CVE-2026-12298: Memory safety bug fixed in Firefox ESR140.12. - CVE-2026-12299: JIT miscompilation in the DOM: Core & HTML component. - CVE-2026-12302: Mitigation bypass in the DOM: Security component. - CVE-2026-12304: Same-origin policy bypass in the Networking: Cookies component. - CVE-2026-12305: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12306: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12307: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12308: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12309: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12310: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12311: Information disclosure, sandbox escape in the Security: Process Sandboxing component. - CVE-2026-12312: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12313: Information disclosure, sandbox escape in the Security: Process Sandboxing component. - CVE-2026-12314: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12315: Mitigation bypass in the DOM: Security component. - CVE-2026-12324: Incorrect boundary conditions in the Graphics: CanvasWebGL component. - CVE-2026-12325: Denial-of-service in the Graphics: ImageLib component. - CVE-2026-12327: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. - CVE-2026-12328: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152. - CVE-2026-12329: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12330: Incorrect boundary conditions in the Internationalization component. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1056=1 Package List: - openSUSE Leap 16.0: MozillaFirefox-140.12.0-160000.1.1 MozillaFirefox-branding-upstream-140.12.0-160000.1.1 MozillaFirefox-devel-140.12.0-160000.1.1 MozillaFirefox-translations-common-140.12.0-160000.1.1 MozillaFirefox-translations-other-140.12.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-12289.html * https://www.suse.com/security/cve/CVE-2026-12290.html * https://www.suse.com/security/cve/CVE-2026-12291.html * https://www.suse.com/security/cve/CVE-2026-12292.html * https://www.suse.com/security/cve/CVE-2026-12294.html * https://www.suse.com/security/cve/CVE-2026-12295.html * https://www.suse.com/security/cve/CVE-2026-12296.html * https://www.suse.com/security/cve/CVE-2026-12297.html * https://www.suse.com/security/cve/CVE-2026-12298.html * https://www.suse.com/security/cve/CVE-2026-12299.html * https://www.suse.com/security/cve/CVE-2026-12302.html * https://www.suse.com/security/cve/CVE-2026-12304.html * https://www.suse.com/security/cve/CVE-2026-12305.html * https://www.suse.com/security/cve/CVE-2026-12306.html * https://www.suse.com/security/cve/CVE-2026-12307.html * https://www.suse.com/security/cve/CVE-2026-12308.html * https://www.suse.com/security/cve/CVE-2026-12309.html * https://www.suse.com/security/cve/CVE-2026-12310.html * https://www.suse.com/security/cve/CVE-2026-12311.html * https://www.suse.com/security/cve/CVE-2026-12312.html * https://www.suse.com/security/cve/CVE-2026-12313.html * https://www.suse.com/security/cve/CVE-2026-12314.html * https://www.suse.com/security/cve/CVE-2026-12315.html * https://www.suse.com/security/cve/CVE-2026-12324.html * https://www.suse.com/security/cve/CVE-2026-12325.html * https://www.suse.com/security/cve/CVE-2026-12327.html * https://www.suse.com/security/cve/CVE-2026-12328.html * https://www.suse.com/security/cve/CVE-2026-12329.html * https://www.suse.com/security/cve/CVE-2026-12330.html . Update for MozillaFirefox on openSUSE addresses 29 issues including essential security fixes and enhancements.. MozillaFirefox security update, openSUSE advisory, important security fixes,software vulnerabilities, risk management. . Severity: Important. LinuxSecurity.com Team
An update that solves seven vulnerabilities and has one fix can now be installed.. # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22276-1 Release Date: 2026-06-25T11:19:45Z Rating: important References: * bsc#1260907 * bsc#1261640 * bsc#1263088 * bsc#1263108 * bsc#1263902 * bsc#1266229 * bsc#1267625 * bsc#1268282 Cross-References: * CVE-2026-23278 * CVE-2026-31402 * CVE-2026-31504 * CVE-2026-31554 * CVE-2026-31694 * CVE-2026-43503 * CVE-2026-46323 CVSS scores: * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43503 ( SUSE ): 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907). * CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640). * CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088). * CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108). * CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902). * CVE-2026-43503: final dirty.frag related fixes (bsc#1266229). * CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282). * net/sched: fix pedit partial COW leading to page cache (bsc#1267625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1068=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-14-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-14-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-14-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-31402.html * https://www.suse.com/security/cve/CVE-2026-31504.html *https://www.suse.com/security/cve/CVE-2026-31554.html * https://www.suse.com/security/cve/CVE-2026-31694.html * https://www.suse.com/security/cve/CVE-2026-43503.html * https://www.suse.com/security/cve/CVE-2026-46323.html * https://bugzilla.suse.com/show_bug.cgi?id=1260907 * https://bugzilla.suse.com/show_bug.cgi?id=1261640 * https://bugzilla.suse.com/show_bug.cgi?id=1263088 * https://bugzilla.suse.com/show_bug.cgi?id=1263108 * https://bugzilla.suse.com/show_bug.cgi?id=1263902 * https://bugzilla.suse.com/show_bug.cgi?id=1266229 * https://bugzilla.suse.com/show_bug.cgi?id=1267625 * https://bugzilla.suse.com/show_bug.cgi?id=1268282 . Critical kernel security patch for SUSE fixes 7 issues to enhance security and stability.. SUSE Linux Patch, Kernel Security Update, Vulnerability Management. . Severity: Important. LinuxSecurity.com Team
An update that solves six vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22042-1 Release Date: 2026-06-02T18:38:15Z Rating: important References: * bsc#1259798 * bsc#1260563 * bsc#1260908 * bsc#1264096 * bsc#1265224 * bsc#1265384 Cross-References: * CVE-2025-54518 * CVE-2026-23243 * CVE-2026-23274 * CVE-2026-23317 * CVE-2026-46300 * CVE-2026-46333 CVSS scores: * CVE-2025-54518 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-54518 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563). * CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224). * CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-879=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_5-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-6-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-debuginfo-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54518.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-46300.html * https://www.suse.com/security/cve/CVE-2026-46333.html * https://bugzilla.suse.com/show_bug.cgi?id=1259798 *https://bugzilla.suse.com/show_bug.cgi?id=1260563 * https://bugzilla.suse.com/show_bug.cgi?id=1260908 * https://bugzilla.suse.com/show_bug.cgi?id=1264096 * https://bugzilla.suse.com/show_bug.cgi?id=1265224 * https://bugzilla.suse.com/show_bug.cgi?id=1265384 . SUSE Linux kernel update resolves six important security issues. Recommended installation via YaST or zypper.. SUSE Linux Security Update. . Severity: Important. LinuxSecurity.com Team
An update that solves 10 vulnerabilities can now be installed.. # Security update for mariadb Announcement ID: SUSE-SU-2026:2284-1 Release Date: 2026-06-05T12:16:05Z Rating: critical References: * bsc#1259176 * bsc#1266435 * bsc#1266437 * bsc#1266438 * bsc#1266439 * bsc#1266440 * bsc#1266442 * bsc#1266814 * bsc#1266815 * bsc#1267542 Cross-References: * CVE-2026-34303 * CVE-2026-3494 * CVE-2026-44168 * CVE-2026-44170 * CVE-2026-44171 * CVE-2026-44172 * CVE-2026-44173 * CVE-2026-48163 * CVE-2026-48165 * CVE-2026-49261 CVSS scores: * CVE-2026-34303 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3494 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3494 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3494 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3494 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-44168 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-44168 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-44170 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44171 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44171 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44172 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-44173 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2026-44173 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L * CVE-2026-48163 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-48163 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-48165 ( SUSE): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-48165 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-49261 ( SUSE ): 9.4 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-49261 ( SUSE ): 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Galera for Ericsson 15 SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for mariadb fixes the following issues: * CVE-2026-3494: audit plugin comment handling bypass (bsc#1259176). * CVE-2026-34303: mysql: optimizer unspecified vulnerability (bsc#1266435). * CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side (bsc#1266442). * CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via unsanitized URL (bsc#1266440). * CVE-2026-44171: path traversal in mbstream (bsc#1266439). * CVE-2026-44172: mysql_real_escape_string() incorrectly handled big5 (bsc#1266438). * CVE-2026-44173: FILE privilege was not checked for subqueries in the FROM clause (bsc#1266437). * CVE-2026-48163: wsrep SST unsafe parameter handling on the donor side (bsc#1266815). * CVE-2026-48165: unsafe usage of `wsrep_sst_receive_address` values on the joiner side (bsc#1266814). * CVE-2026-49261: unsafe parameter handling in `wsrep_notify_cmd` (bsc#1267542). Changes for mariadb: * Update to 10.11.18: https://mariadb.com/docs/release-notes/community- server/10.11/10.11.18 https://mariadb.com/docs/release-notes/community- server/changelogs/10.11/10.11.18 * Update to 10.11.17: https://mariadb.com/docs/release-notes/community- server/10.11/10.11.17 https://mariadb.com/docs/release-notes/community- server/changelogs/10.11/10.11.17 https://mariadb.com/docs/release- notes/community-server/10.11/10.11.16 https://mariadb.com/docs/release- notes/community-server/changelogs/10.11/10.11.16 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Galera for Ericsson 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-ERICSSON-2026-2284=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2284=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2284=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2284=1 ## Package List: * Galera for Ericsson 15 SP6 (x86_64) * mariadb-debugsource-10.11.18-150600.4.20.1 * mariadb-debuginfo-10.11.18-150600.4.20.1 * mariadb-galera-10.11.18-150600.4.20.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * mariadb-debugsource-10.11.18-150600.4.20.1 * mariadb-tools-10.11.18-150600.4.20.1 * libmariadbd19-10.11.18-150600.4.20.1 * mariadb-10.11.18-150600.4.20.1 * libmariadbd19-debuginfo-10.11.18-150600.4.20.1 * mariadb-client-10.11.18-150600.4.20.1 * mariadb-client-debuginfo-10.11.18-150600.4.20.1 * mariadb-tools-debuginfo-10.11.18-150600.4.20.1 * libmariadbd-devel-10.11.18-150600.4.20.1 * mariadb-debuginfo-10.11.18-150600.4.20.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * mariadb-errormessages-10.11.18-150600.4.20.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * mariadb-debugsource-10.11.18-150600.4.20.1 * mariadb-rpm-macros-10.11.18-150600.4.20.1 * mariadb-test-10.11.18-150600.4.20.1 * mariadb-tools-10.11.18-150600.4.20.1 * mariadb-test-debuginfo-10.11.18-150600.4.20.1 * libmariadbd19-10.11.18-150600.4.20.1 * mariadb-10.11.18-150600.4.20.1 * mariadb-bench-debuginfo-10.11.18-150600.4.20.1 *libmariadbd19-debuginfo-10.11.18-150600.4.20.1 * mariadb-client-10.11.18-150600.4.20.1 * mariadb-client-debuginfo-10.11.18-150600.4.20.1 * mariadb-bench-10.11.18-150600.4.20.1 * mariadb-tools-debuginfo-10.11.18-150600.4.20.1 * libmariadbd-devel-10.11.18-150600.4.20.1 * mariadb-debuginfo-10.11.18-150600.4.20.1 * mariadb-galera-10.11.18-150600.4.20.1 * openSUSE Leap 15.6 (noarch) * mariadb-errormessages-10.11.18-150600.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * mariadb-debugsource-10.11.18-150600.4.20.1 * mariadb-tools-10.11.18-150600.4.20.1 * libmariadbd19-10.11.18-150600.4.20.1 * mariadb-10.11.18-150600.4.20.1 * libmariadbd19-debuginfo-10.11.18-150600.4.20.1 * mariadb-client-10.11.18-150600.4.20.1 * mariadb-client-debuginfo-10.11.18-150600.4.20.1 * mariadb-tools-debuginfo-10.11.18-150600.4.20.1 * libmariadbd-devel-10.11.18-150600.4.20.1 * mariadb-debuginfo-10.11.18-150600.4.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * mariadb-errormessages-10.11.18-150600.4.20.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34303.html * https://www.suse.com/security/cve/CVE-2026-3494.html * https://www.suse.com/security/cve/CVE-2026-44168.html * https://www.suse.com/security/cve/CVE-2026-44170.html * https://www.suse.com/security/cve/CVE-2026-44171.html * https://www.suse.com/security/cve/CVE-2026-44172.html * https://www.suse.com/security/cve/CVE-2026-44173.html * https://www.suse.com/security/cve/CVE-2026-48163.html * https://www.suse.com/security/cve/CVE-2026-48165.html * https://www.suse.com/security/cve/CVE-2026-49261.html * https://bugzilla.suse.com/show_bug.cgi?id=1259176 * https://bugzilla.suse.com/show_bug.cgi?id=1266435 * https://bugzilla.suse.com/show_bug.cgi?id=1266437 * https://bugzilla.suse.com/show_bug.cgi?id=1266438 * https://bugzilla.suse.com/show_bug.cgi?id=1266439 *https://bugzilla.suse.com/show_bug.cgi?id=1266440 * https://bugzilla.suse.com/show_bug.cgi?id=1266442 * https://bugzilla.suse.com/show_bug.cgi?id=1266814 * https://bugzilla.suse.com/show_bug.cgi?id=1266815 * https://bugzilla.suse.com/show_bug.cgi?id=1267542 . Critical update for OpenSUSE 15.6 mariadb addresses 10 significant issues exposed in recent security advisories.. mariadb update, openSUSE security, critical exploit, system vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
An update that solves six vulnerabilities can now be installed.. # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21979-1 Release Date: 2026-06-02T09:18:01Z Rating: important References: * bsc#1259798 * bsc#1260563 * bsc#1260908 * bsc#1264096 * bsc#1265224 * bsc#1265384 Cross-References: * CVE-2025-54518 * CVE-2026-23243 * CVE-2026-23274 * CVE-2026-23317 * CVE-2026-46300 * CVE-2026-46333 CVSS scores: * CVE-2025-54518 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-54518 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563). * CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224). * CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-864=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_26-rt-debuginfo-6-160000.1.1 * kernel-livepatch-6_12_0-160000_26-rt-6-160000.1.1 * kernel-livepatch-SLE16-RT_Update_5-debugsource-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54518.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-46300.html * https://www.suse.com/security/cve/CVE-2026-46333.html * https://bugzilla.suse.com/show_bug.cgi?id=1259798 * https://bugzilla.suse.com/show_bug.cgi?id=1260563 *https://bugzilla.suse.com/show_bug.cgi?id=1260908 * https://bugzilla.suse.com/show_bug.cgi?id=1264096 * https://bugzilla.suse.com/show_bug.cgi?id=1265224 * https://bugzilla.suse.com/show_bug.cgi?id=1265384 . Important SUSE Linux kernel security update resolves six vulnerabilities, essential for system integrity.. SUSE Linux, Kernel Update, Security Patch, Local Root Exploit, System Integrity. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.