Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 147 articles for you...
100

SUSE Kernel Security Patch Released for Important Issue 2026-1573-1

An update that solves 40 vulnerabilities, contains one feature and has 17 security fixes can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1573-1 Release Date: 2026-04-23T15:52:41Z Rating: important References: * bsc#1226591 * bsc#1243208 * bsc#1245728 * bsc#1251135 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1252803 * bsc#1253049 * bsc#1253129 * bsc#1255687 * bsc#1256504 * bsc#1256647 * bsc#1256690 * bsc#1257466 * bsc#1257472 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257773 * bsc#1257777 * bsc#1258280 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258476 * bsc#1259188 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259866 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260500 * bsc#1260562 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261496 * bsc#1261498 * jsc#PED-15582 Cross-References: * CVE-2024-38542 * CVE-2025-39998 * CVE-2025-68794 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23215 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23259 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23386 * CVE-2026-23398 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23259 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23259 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N *CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Real Time Module 15-SP7 An update that solves 40 vulnerabilities, contains one feature and has 17 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t-> paused, not just clear it (bsc#1257682). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-> domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalidpointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23259: io_uring/rw: free potentially allocated iovec on cache put failure (bsc#1259866). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-> nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULLdereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: boards: fix unmet dependency on PINCTRL (git-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix uncheckedclk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: cs42l43: Report insert for exotic peripherals (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: ISO: Fix defer tests being unstable (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (git-fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req (git- fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Bluetooth: qca: fix ROM version reading on WCN3998 chips (git-fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos invmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP(git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). *RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans)" changes (bsc#1257506). * Revert "drm/i915/display: Add quirk to skip retraining of dp link" (bsc#1253129). * Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug" (git-fixes). * USB: add QUIRK_NO_BOS for video capture several devices (stable-fixes). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correctsuperblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * cifs: Fix locking usage for tcon fields (git-fixes). * cifs: force interface update before a fresh session setup (git-fixes). * cifs: make default value of retrans as zero (git-fixes). * cifs: some missing initializations on replay (git-fixes). * comedi: Reinit dev-> spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * cpufreq/amd-pstate: Remove the redundant verify() function (bsc#1252803). * cpufreq/amd-pstate: Set the initial min_freq to lowest_nonlinear_freq (bsc#1252803). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine:xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Do not skip unrelated mode changes in DSC validation (git- fixes). * drm/amd/display: Fallback to boot snapshot for dispclk (stable-fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END} (git-fixes). * drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14 (git-fixes). * drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x (stable-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amd: fix dcn 2.01 check (git-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub4.1.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes). * drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB (git-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix kernel-doc comments for some LUT properties (git-fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: fix gpu idle power consumption issue for gfx v12 (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/amdgpu: prevent immediate PASID reuse case (stable-fixes). * drm/amdkfd: Unreservebo if queue update failed (git-fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/exynos/vidi: Remove redundant error handling in vidi_get_modes() (stable-fixes). * drm/exynos: vidi: fix to avoid directly dereferencing user pointer (stable- fixes). * drm/exynos: vidi: use ctx-> lock to protect struct vidi_context member variables related to memory alloc/free (stable-fixes). * drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). * drm/i915/dp: Use crtc_state-> enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic state (git-fixes). * drm/i915/dsc: Add Selective Update register definitions (stable-fixes). * drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). * drm/i915/dsi: Do not do DSC horizontal timing adjustments in command mode (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/imagination: Fix deadlock in soft reset sequence (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/msm: Fix dma_free_attrs() buffer size (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes). * drm/xe/oa: Allow reading after disabling OA stream (git-fixes). * drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). * drm/xe: Do not preempt fence signaling CS instructions (git-fixes). * drm/xe: Open-code GGTT MMIO access protection (git-fixes). * drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read onbig-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment (git-fixes). * mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations (stable-fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd:qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx-> remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mana: Null service_wq on setup error to prevent double destroy (git- fixes). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). * nvme: expose active quirks in sysfs (bsc#1243208). Refresh: * nvme: fix memory leak in quirks_param_set() (bsc#1243208). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failurefor devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * s390/debug: Pass in and enforce output buffer size for format handlers (jsc#PED-15582). * scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). * scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * smb: client: add proper locking around ses-> iface_last_update (git-fixes). * smb: client: fix broken multichannel with krb5+signing (git-fixes). * smb: client: fix cifs_pick_channel when channels are equally loaded (git- fixes). * smb: client: fix in-place encryption corruption in SMB2_write() (git-fixes). * smb: client: fix krb5 mount with username option (git-fixes). * smb: client: prevent races in -> query_interfaces() (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl:qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: core: new quirk to handle devices with zero configurations (stable- fixes). * usb: core: phy: avoid double use of 'usb3-phy' (git-fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt ingeth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * vhost: fix caching attributes of MMIO regions by setting them explicitly (git-fixes). * vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 (git-fixes). * watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). * wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (git-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd:unregister xenstore notifier on module exit (git-fixes). * xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1573=1 * SUSE Real Time Module 15-SP7 zypper in -t patch SUSE-SLE-Module-RT-15-SP7-2026-1573=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_11-debugsource-1-150700.1.3.1 * kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1 * kernel-livepatch-6_4_0-150700_7_37-rt-debuginfo-1-150700.1.3.1 * SUSE Real Time Module 15-SP7 (x86_64) * dlm-kmp-rt-6.4.0-150700.7.37.2 * dlm-kmp-rt-debuginfo-6.4.0-150700.7.37.2 * kernel-syms-rt-6.4.0-150700.7.37.1 * cluster-md-kmp-rt-debuginfo-6.4.0-150700.7.37.2 * kernel-rt-devel-debuginfo-6.4.0-150700.7.37.2 * kernel-rt-devel-6.4.0-150700.7.37.2 * ocfs2-kmp-rt-6.4.0-150700.7.37.2 * kernel-rt-debugsource-6.4.0-150700.7.37.2 * ocfs2-kmp-rt-debuginfo-6.4.0-150700.7.37.2 * cluster-md-kmp-rt-6.4.0-150700.7.37.2 * gfs2-kmp-rt-6.4.0-150700.7.37.2 * kernel-rt-debuginfo-6.4.0-150700.7.37.2 * gfs2-kmp-rt-debuginfo-6.4.0-150700.7.37.2 * SUSE Real Time Module 15-SP7 (noarch) * kernel-devel-rt-6.4.0-150700.7.37.2 * kernel-source-rt-6.4.0-150700.7.37.2 * SUSE Real Time Module 15-SP7 (nosrc x86_64) * kernel-rt-6.4.0-150700.7.37.2 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71231.html *https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23215.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23259.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html *https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1243208 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1252803 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1255687 * https://bugzilla.suse.com/show_bug.cgi?id=1256504 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258476 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 *https://bugzilla.suse.com/show_bug.cgi?id=1259866 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://jira.suse.com/browse/PED-15582 . SUSE 2026-1573-1 addresses 40 vulnerabilities in the kernel, enhancing overall system security.. SUSE Kernel Security System Updates Buffer Overflow Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 23, 2026 Important SuSE
100

SUSE Linux 15 SP5 Kernel Live Patch 28 Vital Security Update 2026-1248-1

An update that solves six vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1248-1 Release Date: 2026-04-10T11:04:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1246=1 SUSE-2026-1248=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1246=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1248=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_28-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_29-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-12-150500.2.1 *kernel-livepatch-5_14_21-150500_55_113-default-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-12-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_28-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-12-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x) * kernel-livepatch-SLE15-SP5_Update_29-debugsource-12-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 . Update for SUSE Linux Kernel resolves six important security issues; apply as needed for system protection.. SUSE Linux, Kernel Update, Security Patch, Live Patching, System Security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 10, 2026 Important SuSE
202

openSUSE Leap 15.5 StrongSwan Important Integer Underflow Vuln 2026-0978-1

An update that solves one vulnerability and has one security fix can now be installed.. # Security update for strongswan Announcement ID: SUSE-SU-2026:0978-1 Release Date: 2026-03-23T16:46:25Z Rating: important References: * bsc#1256442 * bsc#1259472 Cross-References: * CVE-2026-25075 CVSS scores: * CVE-2026-25075 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25075 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25075 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP (bsc#1259472). Other bug fixes: -Fix rpm scripts to not break swanctl.conf use (bsc#1256442): * Guard rpm migration scripts migrating strongswan.service using ipsec.conf on less than 5.8 to strongswan-starter.service by checking the ipsec.service alias provider. * Call systemd macros for both, strongswan-starter and the strongswan service. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-978=1 *SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-978=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-978=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-978=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-978=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * strongswan-debugsource-5.9.11-150500.5.14.1 * strongswan-5.9.11-150500.5.14.1 * strongswan-nm-5.9.11-150500.5.14.1 * strongswan-ipsec-5.9.11-150500.5.14.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.14.1 * strongswan-libs0-5.9.11-150500.5.14.1 * strongswan-sqlite-5.9.11-150500.5.14.1 * strongswan-mysql-5.9.11-150500.5.14.1 * strongswan-debuginfo-5.9.11-150500.5.14.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.14.1 * strongswan-nm-debuginfo-5.9.11-150500.5.14.1 * strongswan-sqlite-debuginfo-5.9.11-150500.5.14.1 * strongswan-mysql-debuginfo-5.9.11-150500.5.14.1 * strongswan-hmac-5.9.11-150500.5.14.1 * openSUSE Leap 15.5 (noarch) * strongswan-doc-5.9.11-150500.5.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * strongswan-debugsource-5.9.11-150500.5.14.1 * strongswan-5.9.11-150500.5.14.1 * strongswan-ipsec-5.9.11-150500.5.14.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.14.1 * strongswan-libs0-5.9.11-150500.5.14.1 * strongswan-debuginfo-5.9.11-150500.5.14.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.14.1 * strongswan-hmac-5.9.11-150500.5.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * strongswan-doc-5.9.11-150500.5.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * strongswan-debugsource-5.9.11-150500.5.14.1 * strongswan-5.9.11-150500.5.14.1 * strongswan-ipsec-5.9.11-150500.5.14.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.14.1 * strongswan-libs0-5.9.11-150500.5.14.1 * strongswan-debuginfo-5.9.11-150500.5.14.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.14.1 * strongswan-hmac-5.9.11-150500.5.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * strongswan-doc-5.9.11-150500.5.14.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.9.11-150500.5.14.1 * strongswan-5.9.11-150500.5.14.1 * strongswan-ipsec-5.9.11-150500.5.14.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.14.1 * strongswan-libs0-5.9.11-150500.5.14.1 * strongswan-debuginfo-5.9.11-150500.5.14.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.14.1 * strongswan-hmac-5.9.11-150500.5.14.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * strongswan-doc-5.9.11-150500.5.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * strongswan-debugsource-5.9.11-150500.5.14.1 * strongswan-5.9.11-150500.5.14.1 * strongswan-ipsec-5.9.11-150500.5.14.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.14.1 * strongswan-libs0-5.9.11-150500.5.14.1 * strongswan-debuginfo-5.9.11-150500.5.14.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.14.1 * strongswan-hmac-5.9.11-150500.5.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * strongswan-doc-5.9.11-150500.5.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25075.html * https://bugzilla.suse.com/show_bug.cgi?id=1256442 * https://bugzilla.suse.com/show_bug.cgi?id=1259472 . Update available for strongswan fixing critical integer underflow issue. Important patching recommended for systems.. strongswan update, openSUSE security, integer underflow patch, SUSE advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 24, 2026 Important OpenSUSE
202

openSUSE Leap 15.3 glibc Important Security Update 2026-0896-1

An update that solves four vulnerabilities can now be installed.. # Security update for glibc Announcement ID: SUSE-SU-2026:0896-1 Release Date: 2026-03-13T15:25:51Z Rating: important References: * bsc#1246965 * bsc#1256766 * bsc#1256822 * bsc#1257005 Cross-References: * CVE-2025-15281 * CVE-2025-8058 * CVE-2026-0861 * CVE-2026-0915 CVSS scores: * CVE-2025-15281 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-15281 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-15281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-8058 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H * CVE-2025-8058 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H * CVE-2025-8058 ( NVD ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0861 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0861 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0915 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-0915 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-0915 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues: * CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766) * CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822) * CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005) * CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-896=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-896=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-896=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-896=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-896=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-896=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -tpatch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-896=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-896=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-896=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-896=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-896=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-896=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-896=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-896=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-896=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-896=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 * glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * glibc-devel-32bit-2.31-150300.98.1 *glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 * glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * glibc-devel-32bit-2.31-150300.98.1 * glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 *glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * glibc-devel-32bit-2.31-150300.98.1 * glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 * glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * glibc-devel-32bit-2.31-150300.98.1 * glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 * SUSE LinuxEnterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 * glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * glibc-devel-32bit-2.31-150300.98.1 * glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 * glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * glibc-devel-32bit-2.31-150300.98.1 * glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 * glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * glibc-devel-32bit-2.31-150300.98.1 * glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 *glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586 i686) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * openSUSE Leap 15.3 (noarch) * glibc-html-2.31-150300.98.1 * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * openSUSE Leap 15.3 (x86_64) * glibc-devel-32bit-2.31-150300.98.1 * glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-devel-static-32bit-2.31-150300.98.1 * glibc-profile-32bit-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 * glibc-utils-32bit-2.31-150300.98.1 * glibc-utils-32bit-debuginfo-2.31-150300.98.1 * openSUSE Leap 15.3 (aarch64_ilp32) * glibc-devel-64bit-2.31-150300.98.1 * glibc-64bit-2.31-150300.98.1 * glibc-devel-64bit-debuginfo-2.31-150300.98.1 *glibc-utils-64bit-debuginfo-2.31-150300.98.1 * glibc-utils-64bit-2.31-150300.98.1 * glibc-64bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-64bit-debuginfo-2.31-150300.98.1 * glibc-profile-64bit-2.31-150300.98.1 * glibc-devel-static-64bit-2.31-150300.98.1 * glibc-locale-base-64bit-2.31-150300.98.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 *glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * glibc-locale-base-debuginfo-2.31-150300.98.1 * glibc-profile-2.31-150300.98.1 * glibc-utils-src-debugsource-2.31-150300.98.1 * glibc-devel-debuginfo-2.31-150300.98.1 * glibc-extra-debuginfo-2.31-150300.98.1 * glibc-locale-base-2.31-150300.98.1 * glibc-2.31-150300.98.1 * glibc-locale-2.31-150300.98.1 * glibc-extra-2.31-150300.98.1 * nscd-debuginfo-2.31-150300.98.1 * glibc-devel-static-2.31-150300.98.1 * glibc-debugsource-2.31-150300.98.1 * glibc-debuginfo-2.31-150300.98.1 * glibc-utils-debuginfo-2.31-150300.98.1 * nscd-2.31-150300.98.1 * glibc-utils-2.31-150300.98.1 * glibc-devel-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * glibc-lang-2.31-150300.98.1 * glibc-i18ndata-2.31-150300.98.1 * glibc-info-2.31-150300.98.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * glibc-devel-32bit-2.31-150300.98.1 * glibc-locale-base-32bit-2.31-150300.98.1 * glibc-32bit-debuginfo-2.31-150300.98.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.98.1 * glibc-32bit-2.31-150300.98.1 * glibc-devel-32bit-debuginfo-2.31-150300.98.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15281.html * https://www.suse.com/security/cve/CVE-2025-8058.html * https://www.suse.com/security/cve/CVE-2026-0861.html * https://www.suse.com/security/cve/CVE-2026-0915.html * https://bugzilla.suse.com/show_bug.cgi?id=1246965 * https://bugzilla.suse.com/show_bug.cgi?id=1256766 * https://bugzilla.suse.com/show_bug.cgi?id=1256822 * https://bugzilla.suse.com/show_bug.cgi?id=1257005 . SUSE updates glibc to address four important issues affecting systemswith openSUSE. Immediate action recommended.. glibc update openSUSE vulnerabilities patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 13, 2026 Important OpenSUSE
217

Oracle Linux 10 ELSA-2026-3361 Firefox Important Security Advisory

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-3361 http://linux.oracle.com/errata/ELSA-2026-3361.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-140.8.0-2.0.1.el10_1.x86_64.rpm aarch64: firefox-140.8.0-2.0.1.el10_1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/firefox-140.8.0-2.0.1.el10_1.src.rpm Related CVEs: CVE-2026-2447 CVE-2026-2757 CVE-2026-2758 CVE-2026-2759 CVE-2026-2760 CVE-2026-2761 CVE-2026-2762 CVE-2026-2763 CVE-2026-2764 CVE-2026-2765 CVE-2026-2766 CVE-2026-2767 CVE-2026-2768 CVE-2026-2769 CVE-2026-2770 CVE-2026-2771 CVE-2026-2772 CVE-2026-2773 CVE-2026-2774 CVE-2026-2775 CVE-2026-2776 CVE-2026-2777 CVE-2026-2778 CVE-2026-2779 CVE-2026-2780 CVE-2026-2781 CVE-2026-2782 CVE-2026-2783 CVE-2026-2784 CVE-2026-2785 CVE-2026-2786 CVE-2026-2787 CVE-2026-2788 CVE-2026-2789 CVE-2026-2790 CVE-2026-2791 CVE-2026-2792 CVE-2026-2793 Description of changes: [140.8.0-2.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [140.8.0-2] - Update to 140.8.0 ESR _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 10 updates for firefox address important security issues and vulnerabilities. Install updated rpms promptly.. Oracle Linux 10 Firefox Important Updates Security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 26, 2026 Important Oracle
202

openSUSE 15 SP5 Kernel Important Security Update 2026-0535-1

An update that solves four vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:0535-1 Release Date: 2026-02-15T11:04:07Z Rating: important References: * bsc#1249205 * bsc#1249455 * bsc#1249480 * bsc#1250314 Cross-References: * CVE-2023-53321 * CVE-2025-38111 * CVE-2025-38352 * CVE-2025-39742 CVSS scores: * CVE-2023-53321 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53321 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-53321 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-53321 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-38111 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38111 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38111 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-38352 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38352 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39742 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39742 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel5.14.21-150500.55.113 fixes various security issues The following security issues were fixed: * CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250314). * CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1249455). * CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205). * CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249480). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-538=1 SUSE-2026-535=1 SUSE-2026-536=1 SUSE-2026-537=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-538=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-535=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-536=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-537=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_23-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_22-debugsource-18-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-18-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5(ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_23-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_22-debugsource-18-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-11-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-debuginfo-18-150500.2.1 * kernel-livepatch-5_14_21-150500_55_94-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_91-default-18-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53321.html * https://www.suse.com/security/cve/CVE-2025-38111.html * https://www.suse.com/security/cve/CVE-2025-38352.html * https://www.suse.com/security/cve/CVE-2025-39742.html * https://bugzilla.suse.com/show_bug.cgi?id=1249205 * https://bugzilla.suse.com/show_bug.cgi?id=1249455 * https://bugzilla.suse.com/show_bug.cgi?id=1249480 * https://bugzilla.suse.com/show_bug.cgi?id=1250314 . Learn about openSUSE security update 2026:0535-1 addressing four important vulnerabilities in the kernel.. openSUSE Kernel Update 2026:0535-1 Security Patching. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 16, 2026 Important OpenSUSE
217

Oracle Linux 8 Kernel Important Security Update ELSA-2026-50100

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50100 http://linux.oracle.com/errata/ELSA-2026-50100.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: aarch64: kernel-uek-5.4.17-2136.352.5.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.352.5.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.352.5.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.352.5.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.352.5.el8uek.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.352.5.el8uek.src.rpm Related CVEs: CVE-2025-39964 CVE-2025-40022 CVE-2025-40083 CVE-2025-40211 CVE-2025-40248 CVE-2025-40254 CVE-2025-40259 CVE-2025-40263 CVE-2025-40264 CVE-2025-40271 CVE-2025-40275 CVE-2025-40277 CVE-2025-40280 CVE-2025-40281 CVE-2025-40283 CVE-2025-40304 CVE-2025-40308 CVE-2025-40309 CVE-2025-40321 CVE-2025-40322 CVE-2025-40331 CVE-2025-40363 CVE-2025-68185 CVE-2025-68192 CVE-2025-68194 CVE-2025-68229 CVE-2025-68241 CVE-2025-68245 CVE-2025-68312 CVE-2025-68734 Description of changes: [5.4.17-2136.352.5] - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022} [5.4.17-2136.352.4] - arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197] [5.4.17-2136.352.3] - net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278] - net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416] - infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469] - inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469] - infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469] - rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727] - kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727] - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964} - RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622] - x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954] [5.4.17-2136.352.2] - LTS tag: v5.4.302 (Sherry Yang) - Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae) - Input: remove third argument of usb_maxpacket() (Vincent Mailhol) - usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol) - fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271} - pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin) - pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla) - net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245} - net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor) - net:ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon) - ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe) - mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres) - kconfig/nconf: Initialize the default locale at startup (Jakub Horký) - kconfig/mconf: Initialize the default locale at startup (Jakub Horký) - vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248} - s390/ctcm: Fix double-kfree (Aleksei Nikiforov) - net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254} - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan) - MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki) - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229} - scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259} - Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263} - be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264} - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734} - EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara) - EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara) - spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede) - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241} - strparser: Fix signed/unsigned mismatch bug (Nate Karstens) - gcov: add support for GCC 15 (Peter Oberparleiter) - mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs) - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275} - drm/vmwgfx: Validatecommand header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277} - ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang) - regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang) - regulator: fixed: use dev_err_probe for register (Chris Morgan) - Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen) - net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet) - net_sched: remove need_resched() from qdisc_run() (Eric Dumazet) - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman) - net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman) - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N) - wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg) - net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday) - tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280} - tipc: simplify the finalize work queue (Xin Long) - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281} - sctp: get netns from asoc and ep base (Xin Long) - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen) - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen) - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen) - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283} - net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang) - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad) - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb) - NFS4: Fix state renewals missing after boot (Joshua Watt) - compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra) - extcon:adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski) - tracing: Fix memory leaks in create_field_var() (Zilin Guan) - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192} - sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331} - sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler) - net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski) - net: dsa: b53: fix enabling ip multicast (Jonas Gorski) - net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski) - net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas) - net: dsa/b53: change b53_force_port_config() pause argument (Russell King) - net: vlan: sync VLAN features with lower device (Hangbin Liu) - ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko) - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304} - ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus) - 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry) - 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry) - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue) - ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre) - orangefs: fix xattr related buffer overflow... (Mike Marshall) - page_pool: Clamp pool size to max 16K pages (Dragos Tatulea) - Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308} - Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309} - net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun) - nfs4_setup_readdir(): insufficient locking for -> d_parent-> d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185} -NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos) - NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia) - remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold) - sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma) - net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das) - jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane) - jfs: Verify inode mode when loading from disk (Tetsuo Handa) - ipv6: np-> rxpmtu race annotation (Eric Dumazet) - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman) - allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro) - scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee) - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee) - selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng) - net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao) - selftests: Replace sleep with slowwait (David Ahern) - selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern) - media: redrat3: use int type to store negative error codes (Rong Qianfeng) - net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund) - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy) - usb: gadget: f_hid: Fix zero length packet transfer (William Wu) - net: call cond_resched() less often in __release_sock() (Eric Dumazet) - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae) - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay) - dmaengine: dw-edma: Set status for callback_result (Devendra K Verma) - dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev) - dmaengine: sh: setup_xref error handling (Thomas Andreatta) - scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng) - mips: lantiq:xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski) - mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski) - mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski) - media: fix uninitialized symbol warnings (Chelsy Ratnawat) - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin) - extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski) - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim) - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima) - net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch) - char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu) - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni) - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi) - media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194} - net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363} - bridge: Redirect to backup port when port is administratively down (Ido Schimmel) - powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle) - x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov) - media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart) - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae) - selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu) - selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu) - PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives) - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab) - mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann) - mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein) - mfd: stmpe:Remove IRQ domain upon removal (Alexander Stein) - tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown) - tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown) - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar) - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf) - uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa) - clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano) - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel) - tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi) - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede) - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg) - irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel) - arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook) - cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier) - selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière) - ACPI: video: force native for Lenovo 82K8 (Mario Limonciello) - memstick: Add timeout to prevent indefinite waiting (Jiayi Li) - mmc: host: renesas_sdhi: Fix the actual clock (Biju Das) - bpf: Don't use %pK through printk (Thomas Weißschuh) - spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh) - soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel) - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu) - serial: 8250_dw: handle reset control deassert error (Artem Shimko) - serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko) - serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko) - can: gs_usb: increase max interface to U8_MAX (Celeste Liu) - devcoredump: Fix circular locking dependency with devcd-> mutex. (Maarten Lankhorst) - net: ravb: Enforce descriptor type ordering(Lad Prabhakar) - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger) - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321} - net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli) - regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov) - drm/etnaviv: fix flush sequence logic (Tomeu Vizoso) - usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312} - wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain) - ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla) - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin) - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs) - fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322} - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211} - fbdev: atyfb: Check if pll_ops-> init_pll failed (Daniel Palmer) - net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin) - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana) - x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan) - net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083} [5.4.17-2136.352.1] - RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401] - soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154] - soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154] - soc/pensando: psci support (David Clear) [Orabug: 38688154] - soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154] [5.4.17-2136.351.3] - Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366] -fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507] - uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382] - uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382] [5.4.17-2136.351.2] - uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548] - rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486] - uio_hv_generic: Set event for all channels on the device (Long Li) - ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel) - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng) [5.4.17-2136.351.1] - scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482] [5.4.17-2136.350.3] - net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370] [5.4.17-2136.350.2] - LTS tag: v5.4.301 (Alok Tiwari) - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao) - media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann) - NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov) - NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov) - padata: Reset next CPU when reorder sequence wraps around (Xiao Liang) - KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers) - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601819] {CVE-2025-40087} - vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601924] {CVE-2025-40105} - jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi) - ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649223] {CVE-2025-40167} - drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han) - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (Theodore Ts'O) [Orabug: 38649412]{CVE-2025-40198} - spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav) - spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav) - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni) - memory: samsung: exynos-srom: Correct alignment (Krzysztof Kozlowski) - arm64: errata: Apply workarounds for Neoverse-V3AE (Mark Rutland) - arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland) - comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey) - binder: remove "invalid inc weak" check (Alice Ryhl) - xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman) - usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit) - USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu) - USB: serial: option: add Quectel RG255C (Reinhard Speyerer) - USB: serial: option: add UNISOC UIS7720 (Renjun Wang) - net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar) - net: usb: rtl8150: Fix frame padding (Michał Pecio) - ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey) [Orabug: 38730547] {CVE-2025-40233} - MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki) - Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki) - net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang) - sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov) [Orabug: 38730567] {CVE-2025-40240} - arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying) - net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang) - rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck) - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov) - net: add ndo_fdb_del_bulk (Nikolay Aleksandrov) - net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov) - net: netlink: add NLM_F_BULK deleterequest modifier (Nikolay Aleksandrov) - net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov) - net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov) - net: rtnetlink: add msg kind names (Nikolay Aleksandrov) - net: rtnetlink: remove redundant assignment to variable err (Colin Ian King) - m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven) - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li) - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko) - dlm: check for defined force value in dlm_lockspace_release (Alexander Aring) - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko) - hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi) - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko) - hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko) - hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko) - exec: Fix incorrect type for ret (Xichao Zhao) - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko) - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap) - sched/fair: Fix pelt lost idle time detection (Vincent Guittot) - sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar) - sched/fair: Trivial correction of the newidle_balance() comment (Barry Song) - sched: Make newidle_balance() static again (Chen Yu) - tls: don't rely on tx_work during send() (Sabrina Dubroca) - tls: always set record_type in tls_process_cmsg (Sabrina Dubroca) - tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov) - tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet) - amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju) - net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649261] {CVE-2025-40173} - net: dlink: handledma_map_single() failure properly (Moon Yeounsu) - net: dl2k: switch from 'pci_' to 'dma_' API (Christophe Jaillet) - media: pci: ivtv: Add missing check after DMA map (Thomas Fourier) - media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet) - xen/events: Update virq_to_irq on migration (Jason Andryuk) - media: lirc: Fix error handling in lirc_register() (Ma Ke) - media: rc: Directly use ida_free() (Keliu) - drm/exynos: exynos7_drm_decon: remove ctx-> suspended (Kaustabh Chakraborty) - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649463] {CVE-2025-40205} - pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang) - media: cx18: Add missing check after DMA map (Thomas Fourier) - xen/events: Cleanup find_virq() return codes (Jason Andryuk) - cramfs: Verify inode mode when loading from disk (Tetsuo Handa) - fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu) - pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649276] {CVE-2025-40178} - minixfs: Verify inode mode when loading from disk (Tetsuo Handa) - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592033] {CVE-2025-40042} - dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649057] {CVE-2025-40134} - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede) - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko) - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede) - Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649425] {CVE-2025-40200} - Squashfs: add additional inode sanity checking (Phillip Lougher) - media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649399] {CVE-2025-40197} - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski) - fs: udf: fix OOB read inlengthAllocDescs handling (Larshin Sergey) [Orabug: 38592048] {CVE-2025-40044} - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591959] {CVE-2025-40026} - net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591965] {CVE-2025-40027} - ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649330] {CVE-2025-40190} - ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo) - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun) - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia) - x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson) - x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson) - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli) - PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle) - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle) [Orabug: 38730513] {CVE-2025-40219} - rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson) - rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal) - rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal) - mmc: core: SPI mode remove cmd7 (Rex Chen) - mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij) - sparc: fix error handling in scan_one_device() (Ma Ke) - sparc64: fix hugetlb for sun4u (Anthony Yznaga) - sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649451] {CVE-2025-40204} - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum) - parisc: don't reference obsolete termio struct for TC* constants (Sam James) - lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold) - iio: frequency: adf4350: Fix prescaler usage.(Michael Hennerich) - iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng) - iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng) - crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier) - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649367] {CVE-2025-40194} - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu) - media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng) - firmware: meson_sm: fix device leak at probe (Johan Hovold) - xen/manage: Fix suspend error path (Lukas Wunner) - arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold) - ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad) - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang) - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets) - tpm, tpm_tis: Claim locality before writing interrupt registers (Lino Sanfilippo) - crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581456,38705546] {CVE-2025-40019} - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T) - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T) - tools build: Align warning options with perf (Leo Yan) - net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja) - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649579] {CVE-2025-40186} - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649313] {CVE-2025-40187} - drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643546] {CVE-2025-40111} - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter) - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557654] {CVE-2025-40001} - scsi: mvsas: Use sas_task_find_rq()for tagging (John Garry) - scsi: mvsas: Delete mvs_tag_init() (John Garry) - scsi: libsas: Add sas_task_find_rq() (John Garry) - clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari) - clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney) - perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan) - rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring) - perf util: Fix compression checks returning -1 as bool (Yunseong Kim) - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich) - clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni) - pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591981] {CVE-2025-40030} - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592002] {CVE-2025-40035} - mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649150] {CVE-2025-40153} - uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592067] {CVE-2025-40048} - Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592077] {CVE-2025-40049} - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju) - nfp: fix RSS hash key size when RSS is not supported (Kohei Enju) - drivers/base/node: fix double free in register_one_node() (Donet Tom) - ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592110] {CVE-2025-40055} - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649096] {CVE-2025-40140} - RDMA/siw: Always report immediate post SQ errors (Bernard Metzler) - usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea) - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648982] {CVE-2025-40115} - ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug:38581446] {CVE-2025-40018} - NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos) - remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold) - sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher) - sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher) - sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher) - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher) - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher) - IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu) - RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit) - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal) - drivers/base/node: handle error properly in register_one_node() (Donet Tom) - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy) - netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni) - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede) - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai) - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai) - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai) - pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592170] {CVE-2025-40070} - misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King) - usb: gadget: configfs: Correctly set use_os_string at bind (William Wu) - usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao) - tcp: fix __tcp_close() to only send RST when required (Eric Dumazet) - PCI: tegra: Fix devm_kcalloc() argument order for port-> phys allocation (Alok Tiwari) - wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann) - ALSA: lx_core: use int typeto store negative error codes (Rong Qianfeng) - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong) - scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier) - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649567] {CVE-2025-40118} - serial: max310x: Add error checking in probe() (Dan Carpenter) - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter) - drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das) - i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi) - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu) - bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592205] {CVE-2025-40078} - selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil) - pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König) - block: use int to store blk_stack_limits() return value (Rong Qianfeng) - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649026] {CVE-2025-40125} - pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue) - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad) - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li) - regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven) - x86/vdso: Fix output operand size of RDPID (Uros Bizjak) - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592223] {CVE-2025-40081} - driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki) - staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait) - staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait) - perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu) - dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka) - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (BitterblueSmith) - USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li) - media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548027] {CVE-2025-39993} - media: imon: grab lock earlier in imon_ir_change_protocol() (Tetsuo Handa) - media: imon: reorganize serialization (Tetsuo Handa) - media: rc: Add support for another iMON 0xffdc device (Flavius Georgescu) - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou) [Orabug: 38548044] {CVE-2025-39995} - media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548037] {CVE-2025-39994} - media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda) - udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844325] {CVE-2025-22058} - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548051] {CVE-2025-39996} - scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548059] {CVE-2025-39998} - LTS tag: v5.4.300 (Alok Tiwari) - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maciej S. Szmigiero) - mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560482] {CVE-2025-40006} - i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik) - i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547929] {CVE-2025-39969} - i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547938] {CVE-2025-39971} - i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547952,38604168,38604171] {CVE-2025-39973} - i40e: increase max descriptors for XL710 (Justin Bronder) - mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand) - fbcon: Fix OOB access in font allocation (Thomas Zimmermann) - fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547913] {CVE-2025-39967} - i40e: add max boundary check for VF filters(Lukasz Czapnik) [Orabug: 38547923] {CVE-2025-39968} - i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547933] {CVE-2025-39970} - i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547946] {CVE-2025-39972} - drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560496] {CVE-2025-40011} - can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581463] {CVE-2025-40020} - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol) - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol) - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol) - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven) - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov) - usb: core: Add 0x prefix to quirks debug output (Jiayi Li) - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai) - ALSA: usb-audio: Convert comma to semicolon (Chen Ni) - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea) - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea) - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea) - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea) - ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea) - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede) - net: rfkill: gpio: add DT support (Philipp Zabel) - serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve) - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern) - usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel) - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King) - ASoC: wm8974: Correct PLL rate rounding (Charles Keepax) - ASoC: wm8940: Correct typo in controlname (Charles Keepax) - mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier) - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor) - cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503849] {CVE-2025-39945} - net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih) - tcp: Clear tcp_sk(sk)-> fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526388] {CVE-2025-39955} - i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski) - net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu) - cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503892] {CVE-2025-39953} - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven) - wifi: mac80211: fix incorrect type for ret (Liao Yuanhong) - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto) - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461848] {CVE-2025-39883} - phy: ti-pipe3: fix device leak at unbind (Johan Hovold) - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494822] {CVE-2025-39923} - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell) - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa) - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa) - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494787] {CVE-2025-39911} - i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal) - genirq: Provide new interfaces for affinity hints (Thomas Gleixner) - genirq: Export affinity setter for modules (Thomas Gleixner) - genirq/affinity: Add irq_update_affinity_desc() (John Garry) - igb: fix link test skipping when interfaceis admin down (Kohei Enju) - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren) - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda) - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda) - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt) - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin) - mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl) - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello) - mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang) - fuse: prevent overflow in copy_file_range return value (Miklos Szeredi) - fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi) - mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello) - ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461859] {CVE-2025-39885} - EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki) - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock-> cork. (Kuniyuki Iwashima) [Orabug: 38494797] {CVE-2025-39913} - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901604] {CVE-2025-23143} _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 kernel update addresses important security issues. Stay protected with this advisory.. Oracle Linux kernel update security important patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 09, 2026 Important Oracle
203

Mageia 9: isodumper Important Bugfix Issues MGAA-2026-0003

MGAA-2026-0003 - Updated isodumper packages fix bugs. MGAA-2026-0003 - Updated isodumper packages fix bugs Publication date: 07 Jan 2026 URL: https://advisories.mageia.org/MGAA-2026-0003.html Type: bugfix Affected Mageia releases: 9 Description: The current version can't encrypt a partition on a USB device. The current version cannot remove an iso9660 filesystem when formatting a USB device that was previously used to create a LiveUsb. This update fixes the reported issues. References: - https://bugs.mageia.org/show_bug.cgi?id=34877 - https://bugs.mageia.org/show_bug.cgi?id=33657 SRPMS: - 9/core/isodumper-1.61-1.mga9 . Updated isodumper packages for Mageia 9 fix critical partition and filesystem issues.. bugfix update, isodumper, Mageia security, USB encryption, partition issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 07, 2026 Important Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200