Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 15 Jul 2026 URL: https://advisories.mageia.org/MGAA-2026-0050.html Type: bugfix Affected Mageia releases: 10 Description: neovim erred when started, because of a missing dependency on lua5.1-lpeg. This update fixes the issue. References: - https://bugs.mageia.org/show_bug.cgi?id=35817 SRPMS: - 10/core/neovim-0.11.5-1.1.mga10 . A security update for Mageia affecting neovim due to a missing dependency is addressed in this advisory.. neovim security update, Mageia bugfix advisory, software dependency issues. . Severity: Important. LinuxSecurity.com Team
An update that solves 25 vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:2902-1 Release Date: 2026-07-13T15:45:10Z Rating: important References: * bsc#1256615 * bsc#1260524 * bsc#1262759 * bsc#1263094 * bsc#1263118 * bsc#1263177 * bsc#1263670 * bsc#1264094 * bsc#1264252 * bsc#1264253 * bsc#1264567 * bsc#1264849 * bsc#1265117 * bsc#1265127 * bsc#1265197 * bsc#1265945 * bsc#1266015 * bsc#1266265 * bsc#1267206 * bsc#1267698 * bsc#1267723 * bsc#1267893 * bsc#1268662 * bsc#1269023 * bsc#1269495 Cross-References: * CVE-2025-71089 * CVE-2026-23393 * CVE-2026-31505 * CVE-2026-31533 * CVE-2026-31570 * CVE-2026-31586 * CVE-2026-31685 * CVE-2026-31758 * CVE-2026-43025 * CVE-2026-43027 * CVE-2026-43037 * CVE-2026-43120 * CVE-2026-43190 * CVE-2026-43366 * CVE-2026-43437 * CVE-2026-43494 * CVE-2026-43501 * CVE-2026-45970 * CVE-2026-46120 * CVE-2026-46173 * CVE-2026-46227 * CVE-2026-46243 * CVE-2026-52909 * CVE-2026-52943 * CVE-2026-53362 CVSS scores: * CVE-2025-71089 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31505 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2026-31533 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31570 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N * CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31586 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31685 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H * CVE-2026-31758 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H * CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43120 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N *CVE-2026-43120 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43190 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-43366 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43437 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43494 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43501 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46173 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52909 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-53362 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux EnterpriseReal Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: * CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615). * CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260524). * CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (bsc#1263094). * CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1262759). * CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel() (bsc#1263118). * CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (bsc#1263177). * CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263670). * CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release (bsc#1264094). * CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new expectations (bsc#1264253). * CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect cleanup (bsc#1264252). * CVE-2026-43037: ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (bsc#1265197). * CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr (bsc#1264567). * CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264849). * CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle (bsc#1265117). * CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (bsc#1265127). * CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945). * CVE-2026-43501: ipv6: rpl: reserve mac_len headroom whenrecompressed SRH grows (bsc#1266015). * CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267206). * CVE-2026-46120: ip6_gre: Use cached t-> net in ip6erspan_changelink() (bsc#1267893). * CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task (bsc#1267723). * CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267698). * CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (CIFSwitch) (bsc#1266265). * CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device (bsc#1268662). * CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers (bsc#1269023). * CVE-2026-53362: ipv6: account for fraggap on the paged allocation path (bsc#1269495). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2911=1 SUSE-2026-2913=1 SUSE-2026-2912=1 SUSE-2026-2917=1 SUSE-2026-2908=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2916=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-2915=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-2902=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2906=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2904=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-2898=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2903=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2905=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-2901=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2907=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2908=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-2911=1 SUSE-SLE-Module-Live- Patching-15-SP6-2026-2913=1SUSE-SLE-Module-Live-Patching-15-SP6-2026-2912=1 SUSE-SLE-Module-Live-Patching-15-SP6-2026-2917=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_22-rt-10-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-18-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-19-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-11-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-19-150700.3.1 * kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-10-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-11-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-18-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-19-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-19-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-10-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-18-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-9-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-19-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-11-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-19-150700.2.1 * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-9-150700.2.2 * kernel-livepatch-SLE15-SP7_Update_8-debugsource-9-150700.2.2 * kernel-livepatch-6_4_0-150700_53_25-default-9-150700.2.2 *kernel-livepatch-SLE15-SP7_Update_7-debugsource-9-150700.2.2 * kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-9-150700.2.2 * kernel-livepatch-6_4_0-150700_53_28-default-9-150700.2.2 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_17-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-14-150600.2.2 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-11-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-11-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-11-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-14-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-18-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-14-150600.2.2 * kernel-livepatch-6_4_0-150600_23_78-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-18-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-18-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_17-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-14-150600.2.2 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-11-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-11-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-11-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-14-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-18-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-14-150600.2.2 *kernel-livepatch-6_4_0-150600_23_78-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-18-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-18-150600.2.2 ## References: * https://www.suse.com/security/cve/CVE-2025-71089.html * https://www.suse.com/security/cve/CVE-2026-23393.html * https://www.suse.com/security/cve/CVE-2026-31505.html * https://www.suse.com/security/cve/CVE-2026-31533.html * https://www.suse.com/security/cve/CVE-2026-31570.html * https://www.suse.com/security/cve/CVE-2026-31586.html * https://www.suse.com/security/cve/CVE-2026-31685.html * https://www.suse.com/security/cve/CVE-2026-31758.html * https://www.suse.com/security/cve/CVE-2026-43025.html * https://www.suse.com/security/cve/CVE-2026-43027.html * https://www.suse.com/security/cve/CVE-2026-43037.html * https://www.suse.com/security/cve/CVE-2026-43120.html * https://www.suse.com/security/cve/CVE-2026-43190.html * https://www.suse.com/security/cve/CVE-2026-43366.html * https://www.suse.com/security/cve/CVE-2026-43437.html * https://www.suse.com/security/cve/CVE-2026-43494.html * https://www.suse.com/security/cve/CVE-2026-43501.html * https://www.suse.com/security/cve/CVE-2026-45970.html * https://www.suse.com/security/cve/CVE-2026-46120.html * https://www.suse.com/security/cve/CVE-2026-46173.html * https://www.suse.com/security/cve/CVE-2026-46227.html * https://www.suse.com/security/cve/CVE-2026-46243.html * https://www.suse.com/security/cve/CVE-2026-52909.html * https://www.suse.com/security/cve/CVE-2026-52943.html * https://www.suse.com/security/cve/CVE-2026-53362.html * https://bugzilla.suse.com/show_bug.cgi?id=1256615 * https://bugzilla.suse.com/show_bug.cgi?id=1260524 * https://bugzilla.suse.com/show_bug.cgi?id=1262759 * https://bugzilla.suse.com/show_bug.cgi?id=1263094 *https://bugzilla.suse.com/show_bug.cgi?id=1263118 * https://bugzilla.suse.com/show_bug.cgi?id=1263177 * https://bugzilla.suse.com/show_bug.cgi?id=1263670 * https://bugzilla.suse.com/show_bug.cgi?id=1264094 * https://bugzilla.suse.com/show_bug.cgi?id=1264252 * https://bugzilla.suse.com/show_bug.cgi?id=1264253 * https://bugzilla.suse.com/show_bug.cgi?id=1264567 * https://bugzilla.suse.com/show_bug.cgi?id=1264849 * https://bugzilla.suse.com/show_bug.cgi?id=1265117 * https://bugzilla.suse.com/show_bug.cgi?id=1265127 * https://bugzilla.suse.com/show_bug.cgi?id=1265197 * https://bugzilla.suse.com/show_bug.cgi?id=1265945 * https://bugzilla.suse.com/show_bug.cgi?id=1266015 * https://bugzilla.suse.com/show_bug.cgi?id=1266265 * https://bugzilla.suse.com/show_bug.cgi?id=1267206 * https://bugzilla.suse.com/show_bug.cgi?id=1267698 * https://bugzilla.suse.com/show_bug.cgi?id=1267723 * https://bugzilla.suse.com/show_bug.cgi?id=1267893 * https://bugzilla.suse.com/show_bug.cgi?id=1268662 * https://bugzilla.suse.com/show_bug.cgi?id=1269023 * https://bugzilla.suse.com/show_bug.cgi?id=1269495 . SUSE Linux Enterprise 15 SP7 issues critical kernel security update to address 25 vulnerabilities efficiently and securely.. SUSE Linux, kernel security, threat mitigation, important updates, vulnerability patching. . Severity: Important. LinuxSecurity.com Team
An update that solves 65 vulnerabilities can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:2914-1 Release Date: 2026-07-13T14:56:44Z Rating: important References: * bsc#1255616 * bsc#1259891 * bsc#1261604 * bsc#1262655 * bsc#1262674 * bsc#1263072 * bsc#1263123 * bsc#1263169 * bsc#1263560 * bsc#1263563 * bsc#1263573 * bsc#1263993 * bsc#1263996 * bsc#1264033 * bsc#1264039 * bsc#1264065 * bsc#1264073 * bsc#1264088 * bsc#1264236 * bsc#1264254 * bsc#1264261 * bsc#1264294 * bsc#1264337 * bsc#1264414 * bsc#1264437 * bsc#1264449 * bsc#1264618 * bsc#1264734 * bsc#1264748 * bsc#1265113 * bsc#1265421 * bsc#1265629 * bsc#1266397 * bsc#1266847 * bsc#1266899 * bsc#1266928 * bsc#1266929 * bsc#1266971 * bsc#1267430 * bsc#1267437 * bsc#1267458 * bsc#1267473 * bsc#1267635 * bsc#1267637 * bsc#1267684 * bsc#1267920 * bsc#1267968 * bsc#1267993 * bsc#1268037 * bsc#1269033 * bsc#1269100 * bsc#1269103 * bsc#1269135 * bsc#1269137 * bsc#1269159 * bsc#1269195 * bsc#1269386 * bsc#1269397 * bsc#1269398 * bsc#1269506 * bsc#1269574 * bsc#1269690 * bsc#1269786 * bsc#1269904 * bsc#1270059 Cross-References: * CVE-2023-53995 * CVE-2026-23255 * CVE-2026-23451 * CVE-2026-31462 * CVE-2026-31499 * CVE-2026-31502 * CVE-2026-31580 * CVE-2026-31592 * CVE-2026-31670 * CVE-2026-31677 * CVE-2026-31680 * CVE-2026-31773 * CVE-2026-31781 * CVE-2026-43035 * CVE-2026-43036 * CVE-2026-43043 * CVE-2026-43047 * CVE-2026-43051 * CVE-2026-43080 * CVE-2026-43089 * CVE-2026-43093 * CVE-2026-43112 * CVE-2026-43117 * CVE-2026-43139 * CVE-2026-43233 * CVE-2026-43279 * CVE-2026-43284 * CVE-2026-43336 * CVE-2026-43456 * CVE-2026-43472 * CVE-2026-43492 * CVE-2026-45840 * CVE-2026-45912 * CVE-2026-45948 * CVE-2026-45960 * CVE-2026-46028 * CVE-2026-46065 * CVE-2026-46069 * CVE-2026-46082 * CVE-2026-46124 *CVE-2026-46133 * CVE-2026-46253 * CVE-2026-46254 * CVE-2026-46266 * CVE-2026-46275 * CVE-2026-46299 * CVE-2026-46320 * CVE-2026-46328 * CVE-2026-46331 * CVE-2026-52918 * CVE-2026-52923 * CVE-2026-52954 * CVE-2026-52955 * CVE-2026-52957 * CVE-2026-52962 * CVE-2026-52972 * CVE-2026-53040 * CVE-2026-53041 * CVE-2026-53075 * CVE-2026-53148 * CVE-2026-53150 * CVE-2026-53194 * CVE-2026-53253 * CVE-2026-53287 * CVE-2026-53359 CVSS scores: * CVE-2023-53995 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53995 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23255 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23451 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23451 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23451 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31462 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31462 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31462 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31499 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31499 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31499 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31502 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31502 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31502 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31580 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H *CVE-2026-31580 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31592 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31592 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31592 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31670 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31670 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31677 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31677 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31677 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31680 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31680 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31680 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31773 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31781 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43035 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43036 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43036 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43043 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43043 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43043 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43047 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43047 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43051 ( NVD ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43080 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43089 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43089 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43093 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43093 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43112 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43112 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-43112 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43117 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43117 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43117 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43139 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43139 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-43233 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43233 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-43279 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43279 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43336 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-43336 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43336 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43456 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43456 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43472 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43472 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43492 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43492 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43492 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45840 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2026-45840 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-45840 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45912 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45912 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45912 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45948 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45960 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45960 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46028 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46028 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46065 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46065 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46069 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46069 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46082 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46124 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46124 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-46133 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46133 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46253 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46254 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46254 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46266 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46266 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-46275 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46275 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46299 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46299 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46320 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-46320 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-46320 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-46328 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H *CVE-2026-46328 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H * CVE-2026-46331 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46331 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46331 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52918 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-52918 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52918 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52923 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-52923 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52923 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52923 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-52954 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-52954 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-52955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-52955 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52955 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-52957 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-52957 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-52957 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-52962 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-52962 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-52972 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-52972 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52972 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-53040 ( SUSE ): 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53040 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-53041 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-53041 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-53075 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2026-53075 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-53148 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-53148 ( SUSE ): 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-53148 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-53148 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-53150 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-53150 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-53150 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53194 ( SUSE ): 6.1 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-53194 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-53194 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-53253 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-53253 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-53287 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53287 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-53359 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-53359 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security *SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 65 vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2023-53995: net: ipv4: fix one memleak in __inet_del_ifa() (bsc#1255616). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23451: bonding: prevent potential infinite loop in bond_header_parse() (bsc#1261604). * CVE-2026-31462: drm/amdgpu: prevent immediate PASID reuse case (bsc#1262655). * CVE-2026-31499: Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() (bsc#1262674). * CVE-2026-31502: team: fix header_ops type confusion with non-Ethernet ports (bsc#1263072). * CVE-2026-31592: KVM: SEV: Protect _all_ of sev_mem_enc_register_region() with kvm-> lock (bsc#1263123). * CVE-2026-31670: net: rfkill: prevent unlimited numbers of rfkill events from being created (bsc#1263573). * CVE-2026-31677: crypto: af_alg - limit RX SG extraction by receive buffer budget (bsc#1263560). * CVE-2026-31680: net: ipv6: flowlabel: defer exclusive option free until RCU teardown (bsc#1263563). * CVE-2026-31773: Bluetooth: SMP: derive legacy responder STK authentication from MITM state (bsc#1264039). * CVE-2026-31781: drm/ioc32: stop speculation on the drm_compat_ioctl path (bsc#1264033). * CVE-2026-43035: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (bsc#1263996). * CVE-2026-43036: net: use skb_header_pointer() for TCPv4 GSO frag_off check (bsc#1263993). * CVE-2026-43043: crypto: af-alg - fix NULL pointer dereference in scatterwalk (bsc#1264088). * CVE-2026-43047: HID: multitouch: Check to ensure report responses match the request (bsc#1264073). * CVE-2026-43051: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (bsc#1264065). * CVE-2026-43080: l2tp: Droplarge packets with UDP encap (bsc#1264236). * CVE-2026-43089: xfrm_user: fix info leak in build_mapping() (bsc#1264261). * CVE-2026-43093: xsk: tighten UMEM headroom validation to account for tailroom and min frame (bsc#1264254). * CVE-2026-43112: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (bsc#1264437). * CVE-2026-43117: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1264414). * CVE-2026-43139: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() (bsc#1264294). * CVE-2026-43233: netfilter: nf_conntrack_h323: fix OOB read in decode_choice() (bsc#1264337). * CVE-2026-43279: ALSA: usb-audio: Add sanity check for OOB writes at silencing (bsc#1264618). * CVE-2026-43336: lib/crypto: chacha: Zeroize permuted_state before it leaves scope (bsc#1265113). * CVE-2026-43456: bonding: fix type confusion in bond_setup_by_slave() (bsc#1264734). * CVE-2026-43472: unshare: fix unshare_fs() handling (bsc#1264748). * CVE-2026-43492: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (bsc#1265629). * CVE-2026-45840: openvswitch: cap upcall PID array size and pre-size vport replies (bsc#1266397). * CVE-2026-45912: ext4: don't cache extent during splitting extent (bsc#1266899). * CVE-2026-45948: ext4: fix memory leak in ext4_ext_shift_extents() (bsc#1266929). * CVE-2026-45960: hfsplus: return error when node already exists in hfs_bnode_create (bsc#1266971). * CVE-2026-46028: crypto: algif_aead - snapshot IV for async AEAD requests (bsc#1267430). * CVE-2026-46065: fbdev: defio: Disconnect deferred I/O from the lifetime of struct (bsc#1267458). * CVE-2026-46069: wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() (bsc#1267437). * CVE-2026-46082: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (bsc#1267473). * CVE-2026-46124: isofs: validate block number from NFS file handle in isofs_export_iget (bsc#1266847). * CVE-2026-46133: RDMA/rxe:Reject unknown opcodes before ICRC processing (bsc#1266928). * CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old() (bsc#1267635). * CVE-2026-46254: AppArmor: Allow apparmor to handle unaligned dfa tables (bsc#1267637). * CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (bsc#1267684). * CVE-2026-46275: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths (bsc#1267968). * CVE-2026-46299: hfsplus: fix held lock freed on hfsplus_fill_super() (bsc#1267920). * CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp() (bsc#1267993). * CVE-2026-46328: apparmor: fix rlimit for posix cpu timers (bsc#1268037). * CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache (bsc#1265421). * CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100). * CVE-2026-52923: ipc: limit next_id allocation to the valid ID range (bsc#1269033). * CVE-2026-52954: libceph: handle rbtree insertion error in decode_choose_args() (bsc#1269137). * CVE-2026-52955: libceph: Fix potential out-of-bounds access in crush_decode() (bsc#1269159). * CVE-2026-52957: libceph: Fix potential null-ptr-deref in decode_choose_args() (bsc#1269103). * CVE-2026-52962: ceph: fix a buffer leak in __ceph_setxattr() (bsc#1269135). * CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000 (bsc#1269195). * CVE-2026-53040: ocfs2: validate bg_bits during freefrag scan (bsc#1269397). * CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full (bsc#1269398). * CVE-2026-53075: ppp: require CAP_NET_ADMIN in target netns for unattached ioctls (bsc#1269690). * CVE-2026-53148: thunderbolt: Clamp XDomain response data copy to allocation size (bsc#1269786). * CVE-2026-53150: thunderbolt: Reject zero-length property entries in validator (bsc#1269386). * CVE-2026-53194: USB: serial: kl5kusb105: fix bulk-out buffer overflow (bsc#1269904). *CVE-2026-53253: Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (bsc#1269574). * CVE-2026-53287: audit: fix incorrect inheritable capability in CAPSET records (bsc#1269506). * CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected role (bsc#1270059). The following non security issues were fixed: * btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file() (git-fixes). * libceph: add non-asserting rbtree insertion helper (bsc#1269137). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-2914=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-2914=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2914=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.320.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 nosrc ppc64le s390x x86_64) * kernel-default-4.12.14-122.320.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gfs2-kmp-default-debuginfo-4.12.14-122.320.1 * cluster-md-kmp-default-4.12.14-122.320.1 * kernel-syms-4.12.14-122.320.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.320.1 * gfs2-kmp-default-4.12.14-122.320.1 * ocfs2-kmp-default-4.12.14-122.320.1 * dlm-kmp-default-debuginfo-4.12.14-122.320.1 * kernel-default-debuginfo-4.12.14-122.320.1 * dlm-kmp-default-4.12.14-122.320.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.320.1 *kernel-default-base-debuginfo-4.12.14-122.320.1 * kernel-default-debugsource-4.12.14-122.320.1 * kernel-default-base-4.12.14-122.320.1 * kernel-default-devel-4.12.14-122.320.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * kernel-source-4.12.14-122.320.1 * kernel-macros-4.12.14-122.320.1 * kernel-devel-4.12.14-122.320.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x) * kernel-default-man-4.12.14-122.320.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * cluster-md-kmp-default-4.12.14-122.320.1 * kernel-default-devel-debuginfo-4.12.14-122.320.1 * gfs2-kmp-default-debuginfo-4.12.14-122.320.1 * kernel-syms-4.12.14-122.320.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.320.1 * dlm-kmp-default-debuginfo-4.12.14-122.320.1 * kernel-default-debuginfo-4.12.14-122.320.1 * gfs2-kmp-default-4.12.14-122.320.1 * ocfs2-kmp-default-4.12.14-122.320.1 * dlm-kmp-default-4.12.14-122.320.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.320.1 * kernel-default-base-debuginfo-4.12.14-122.320.1 * kernel-default-debugsource-4.12.14-122.320.1 * kernel-default-base-4.12.14-122.320.1 * kernel-default-devel-4.12.14-122.320.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * kernel-macros-4.12.14-122.320.1 * kernel-source-4.12.14-122.320.1 * kernel-devel-4.12.14-122.320.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (nosrc x86_64) * kernel-default-4.12.14-122.320.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-kgraft-4.12.14-122.320.1 * kgraft-patch-4_12_14-122_320-default-1-8.3.1 * kernel-default-kgraft-devel-4.12.14-122.320.1 * kernel-default-debuginfo-4.12.14-122.320.1 * kernel-default-debugsource-4.12.14-122.320.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.320.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53995.html *https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23451.html * https://www.suse.com/security/cve/CVE-2026-31462.html * https://www.suse.com/security/cve/CVE-2026-31499.html * https://www.suse.com/security/cve/CVE-2026-31502.html * https://www.suse.com/security/cve/CVE-2026-31580.html * https://www.suse.com/security/cve/CVE-2026-31592.html * https://www.suse.com/security/cve/CVE-2026-31670.html * https://www.suse.com/security/cve/CVE-2026-31677.html * https://www.suse.com/security/cve/CVE-2026-31680.html * https://www.suse.com/security/cve/CVE-2026-31773.html * https://www.suse.com/security/cve/CVE-2026-31781.html * https://www.suse.com/security/cve/CVE-2026-43035.html * https://www.suse.com/security/cve/CVE-2026-43036.html * https://www.suse.com/security/cve/CVE-2026-43043.html * https://www.suse.com/security/cve/CVE-2026-43047.html * https://www.suse.com/security/cve/CVE-2026-43051.html * https://www.suse.com/security/cve/CVE-2026-43080.html * https://www.suse.com/security/cve/CVE-2026-43089.html * https://www.suse.com/security/cve/CVE-2026-43093.html * https://www.suse.com/security/cve/CVE-2026-43112.html * https://www.suse.com/security/cve/CVE-2026-43117.html * https://www.suse.com/security/cve/CVE-2026-43139.html * https://www.suse.com/security/cve/CVE-2026-43233.html * https://www.suse.com/security/cve/CVE-2026-43279.html * https://www.suse.com/security/cve/CVE-2026-43284.html * https://www.suse.com/security/cve/CVE-2026-43336.html * https://www.suse.com/security/cve/CVE-2026-43456.html * https://www.suse.com/security/cve/CVE-2026-43472.html * https://www.suse.com/security/cve/CVE-2026-43492.html * https://www.suse.com/security/cve/CVE-2026-45840.html * https://www.suse.com/security/cve/CVE-2026-45912.html * https://www.suse.com/security/cve/CVE-2026-45948.html * https://www.suse.com/security/cve/CVE-2026-45960.html * https://www.suse.com/security/cve/CVE-2026-46028.html *https://www.suse.com/security/cve/CVE-2026-46065.html * https://www.suse.com/security/cve/CVE-2026-46069.html * https://www.suse.com/security/cve/CVE-2026-46082.html * https://www.suse.com/security/cve/CVE-2026-46124.html * https://www.suse.com/security/cve/CVE-2026-46133.html * https://www.suse.com/security/cve/CVE-2026-46253.html * https://www.suse.com/security/cve/CVE-2026-46254.html * https://www.suse.com/security/cve/CVE-2026-46266.html * https://www.suse.com/security/cve/CVE-2026-46275.html * https://www.suse.com/security/cve/CVE-2026-46299.html * https://www.suse.com/security/cve/CVE-2026-46320.html * https://www.suse.com/security/cve/CVE-2026-46328.html * https://www.suse.com/security/cve/CVE-2026-46331.html * https://www.suse.com/security/cve/CVE-2026-52918.html * https://www.suse.com/security/cve/CVE-2026-52923.html * https://www.suse.com/security/cve/CVE-2026-52954.html * https://www.suse.com/security/cve/CVE-2026-52955.html * https://www.suse.com/security/cve/CVE-2026-52957.html * https://www.suse.com/security/cve/CVE-2026-52962.html * https://www.suse.com/security/cve/CVE-2026-52972.html * https://www.suse.com/security/cve/CVE-2026-53040.html * https://www.suse.com/security/cve/CVE-2026-53041.html * https://www.suse.com/security/cve/CVE-2026-53075.html * https://www.suse.com/security/cve/CVE-2026-53148.html * https://www.suse.com/security/cve/CVE-2026-53150.html * https://www.suse.com/security/cve/CVE-2026-53194.html * https://www.suse.com/security/cve/CVE-2026-53253.html * https://www.suse.com/security/cve/CVE-2026-53287.html * https://www.suse.com/security/cve/CVE-2026-53359.html * https://bugzilla.suse.com/show_bug.cgi?id=1255616 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1261604 * https://bugzilla.suse.com/show_bug.cgi?id=1262655 * https://bugzilla.suse.com/show_bug.cgi?id=1262674 * https://bugzilla.suse.com/show_bug.cgi?id=1263072 *https://bugzilla.suse.com/show_bug.cgi?id=1263123 * https://bugzilla.suse.com/show_bug.cgi?id=1263169 * https://bugzilla.suse.com/show_bug.cgi?id=1263560 * https://bugzilla.suse.com/show_bug.cgi?id=1263563 * https://bugzilla.suse.com/show_bug.cgi?id=1263573 * https://bugzilla.suse.com/show_bug.cgi?id=1263993 * https://bugzilla.suse.com/show_bug.cgi?id=1263996 * https://bugzilla.suse.com/show_bug.cgi?id=1264033 * https://bugzilla.suse.com/show_bug.cgi?id=1264039 * https://bugzilla.suse.com/show_bug.cgi?id=1264065 * https://bugzilla.suse.com/show_bug.cgi?id=1264073 * https://bugzilla.suse.com/show_bug.cgi?id=1264088 * https://bugzilla.suse.com/show_bug.cgi?id=1264236 * https://bugzilla.suse.com/show_bug.cgi?id=1264254 * https://bugzilla.suse.com/show_bug.cgi?id=1264261 * https://bugzilla.suse.com/show_bug.cgi?id=1264294 * https://bugzilla.suse.com/show_bug.cgi?id=1264337 * https://bugzilla.suse.com/show_bug.cgi?id=1264414 * https://bugzilla.suse.com/show_bug.cgi?id=1264437 * https://bugzilla.suse.com/show_bug.cgi?id=1264449 * https://bugzilla.suse.com/show_bug.cgi?id=1264618 * https://bugzilla.suse.com/show_bug.cgi?id=1264734 * https://bugzilla.suse.com/show_bug.cgi?id=1264748 * https://bugzilla.suse.com/show_bug.cgi?id=1265113 * https://bugzilla.suse.com/show_bug.cgi?id=1265421 * https://bugzilla.suse.com/show_bug.cgi?id=1265629 * https://bugzilla.suse.com/show_bug.cgi?id=1266397 * https://bugzilla.suse.com/show_bug.cgi?id=1266847 * https://bugzilla.suse.com/show_bug.cgi?id=1266899 * https://bugzilla.suse.com/show_bug.cgi?id=1266928 * https://bugzilla.suse.com/show_bug.cgi?id=1266929 * https://bugzilla.suse.com/show_bug.cgi?id=1266971 * https://bugzilla.suse.com/show_bug.cgi?id=1267430 * https://bugzilla.suse.com/show_bug.cgi?id=1267437 * https://bugzilla.suse.com/show_bug.cgi?id=1267458 * https://bugzilla.suse.com/show_bug.cgi?id=1267473 * https://bugzilla.suse.com/show_bug.cgi?id=1267635 *https://bugzilla.suse.com/show_bug.cgi?id=1267637 * https://bugzilla.suse.com/show_bug.cgi?id=1267684 * https://bugzilla.suse.com/show_bug.cgi?id=1267920 * https://bugzilla.suse.com/show_bug.cgi?id=1267968 * https://bugzilla.suse.com/show_bug.cgi?id=1267993 * https://bugzilla.suse.com/show_bug.cgi?id=1268037 * https://bugzilla.suse.com/show_bug.cgi?id=1269033 * https://bugzilla.suse.com/show_bug.cgi?id=1269100 * https://bugzilla.suse.com/show_bug.cgi?id=1269103 * https://bugzilla.suse.com/show_bug.cgi?id=1269135 * https://bugzilla.suse.com/show_bug.cgi?id=1269137 * https://bugzilla.suse.com/show_bug.cgi?id=1269159 * https://bugzilla.suse.com/show_bug.cgi?id=1269195 * https://bugzilla.suse.com/show_bug.cgi?id=1269386 * https://bugzilla.suse.com/show_bug.cgi?id=1269397 * https://bugzilla.suse.com/show_bug.cgi?id=1269398 * https://bugzilla.suse.com/show_bug.cgi?id=1269506 * https://bugzilla.suse.com/show_bug.cgi?id=1269574 * https://bugzilla.suse.com/show_bug.cgi?id=1269690 * https://bugzilla.suse.com/show_bug.cgi?id=1269786 * https://bugzilla.suse.com/show_bug.cgi?id=1269904 * https://bugzilla.suse.com/show_bug.cgi?id=1270059 . SUSE Linux kernel patch addresses 65 security flaws, enhancing system safety. Stay updated with this important advisory.. SUSE Kernel Security Patch, Linux Kernel Vulnerability, SUSE Security Update. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-36879 http://linux.oracle.com/errata/ELSA-2026-36879.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat-9.0.117-2.el9_8.noarch.rpm tomcat-admin-webapps-9.0.117-2.el9_8.noarch.rpm tomcat-docs-webapp-9.0.117-2.el9_8.noarch.rpm tomcat-el-3.0-api-9.0.117-2.el9_8.noarch.rpm tomcat-jsp-2.3-api-9.0.117-2.el9_8.noarch.rpm tomcat-lib-9.0.117-2.el9_8.noarch.rpm tomcat-servlet-4.0-api-9.0.117-2.el9_8.noarch.rpm tomcat-webapps-9.0.117-2.el9_8.noarch.rpm aarch64: tomcat-9.0.117-2.el9_8.noarch.rpm tomcat-admin-webapps-9.0.117-2.el9_8.noarch.rpm tomcat-docs-webapp-9.0.117-2.el9_8.noarch.rpm tomcat-el-3.0-api-9.0.117-2.el9_8.noarch.rpm tomcat-jsp-2.3-api-9.0.117-2.el9_8.noarch.rpm tomcat-lib-9.0.117-2.el9_8.noarch.rpm tomcat-servlet-4.0-api-9.0.117-2.el9_8.noarch.rpm tomcat-webapps-9.0.117-2.el9_8.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/tomcat-9.0.117-2.el9_8.src.rpm Related CVEs: CVE-2026-29146 CVE-2026-34486 Description of changes: [1:9.0.117-2] - Resolves: RHEL-183992 Remove tomcat clustering JAR from RPM builds - Exclude i686 architecture from build _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-35891 http://linux.oracle.com/errata/ELSA-2026-35891.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-devel-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-docs-24.18.0-1.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-full-i18n-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-libs-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm npm-11.16.0-1.24.18.0.1.module+el9.8.0+90946+13dc792a.noarch.rpm v8-13.6-devel-13.6.233.17-1.24.18.0.1.module+el9.8.0+90946+13dc792a.x86_64.rpm aarch64: nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-devel-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-docs-24.18.0-1.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-full-i18n-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-libs-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm npm-11.16.0-1.24.18.0.1.module+el9.8.0+90946+13dc792a.noarch.rpm v8-13.6-devel-13.6.233.17-1.24.18.0.1.module+el9.8.0+90946+13dc792a.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.src.rpm RelatedCVEs: CVE-2026-6733 CVE-2026-6734 CVE-2026-9678 CVE-2026-9697 CVE-2026-11525 CVE-2026-12151 CVE-2026-42338 CVE-2026-48615 CVE-2026-48618 CVE-2026-48619 CVE-2026-48928 CVE-2026-48930 CVE-2026-48933 CVE-2026-48934 CVE-2026-48935 Description of changes: nodejs [1:24.18.0-1] - Update to version 24.18.0 nodejs-nodemon [3.0.3-3] - Keep BR on just npm [3.0.3-2] - Fix BR for nodejs-npm nodejs-packaging [2021.06-6] - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121569 [2021.06-5] - nodejs.req to properly detect bundled deps _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50387 http://linux.oracle.com/errata/ELSA-2026-50387.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-container-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-core-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-322.203.3.3.el9uek.noarch.rpm kernel-uek-modules-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek64k-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek64k-core-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek64k-devel-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek64k-modules-5.15.0-322.203.3.3.el9uek.aarch64.rpm kernel-uek64k-modules-extra-5.15.0-322.203.3.3.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-322.203.3.3.el9uek.src.rpm Related CVEs: CVE-2026-43499 Description of changes: [5.15.0-322.203.3.3] - locking/rtmutex: Skip remove_waiter() when waiter is not enqueued (Davidlohr Bueso) [Orabug: 39706512] - rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39706512] {CVE-2026-43499} [5.15.0-322.203.3.2] - KVM: x86/mmu: Ensure hugepage is in by slot before checking max mapping level (Sean Christopherson) [Orabug: 39673886] - KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673886] - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Sean Christopherson) [Orabug: 39673886] - KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [Orabug: 39673886] - KVM: x86/mmu: Always pass 0 for @quadrant when gptes are 8 bytes (Paolo Bonzini) [Orabug: 39673886] - KVM: x86/mmu: Derive shadow MMU page role from parent (Paolo Bonzini) [Orabug: 39673886] - KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (David Matlack) [Orabug: 39673886] - KVM: x86/mmu: Use a bool for direct (David Matlack) [Orabug: 39673886] - net/sched: act_pedit: free pedit keys on bail from offset check (Pedro Tammela) [Orabug: 39668793] - net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) [Orabug: 39668793] {CVE-2026-46331} - net/sched: act_pedit: rate limit datapath messages (Pedro Tammela) [Orabug: 39668793] - net/sched: act_pedit: check static offsets a priori (Pedro Tammela) [Orabug: 39668793] [5.15.0-322.203.3.1] - net: skbuff: fix missing zerocopy reference in pskb_carve helpers (Minh Nguyen) [Orabug: 39648952] {CVE-2026-52943} [5.15.0-322.203.3] - arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39548689] {CVE-2025-10263} - arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39548689] - ARM: uek: Disable CONFIG_NVIDIA_CARMEL_CNP_ERRATUM (Boris Ostrovsky) [Orabug: 39548689] - arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39548689] - arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39548689] - arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39548689] - net/rds: Make "rds_send_xmit" fairer (Gerd Rausch) [Orabug: 39532945] - net/rds: Schedule rds_send_worker if there's more work to do (Gerd Rausch) [Orabug: 39532945] - Revert "rds: Change return code from rds_send_xmit() when lock is taken" (Gerd Rausch) [Orabug: 39532945] - Revert "Reapply "rds: ib: Make sure receives are posted before connection isup"" (Gerd Rausch) [Orabug: 39532945] - Revert "rds: ib: Make sure a QP in INIT state is transitioned to ERR" (Gerd Rausch) [Orabug: 39532945] - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-> dev is null (Cezar Bulinaru) [Orabug: 39526881] {CVE-2022-50073} - mmc: dwcmshc_bf3_hw_reset: Log eMMC reset calls (Satyansh Shukla) [Orabug: 39333650] - arm64: dts: pensando: drop elba penfw firmware node (Tom Saeger) [Orabug: 39522954] - batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262374] {CVE-2026-31657} - rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39179363] [5.15.0-322.203.2] - LTS version: v5.15.203 (Vijayendra Suman) - io_uring/poll: correctly handle io_poll_add() return value on update (Jens Axboe) - ksmbd: Fix dangling pointer in krb_authenticate (Sean Heelan) - ksmbd: Fix refcount leak when invalid session is found on session lookup (Namjae Jeon) - Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (Luiz Augusto von Dentz) - i2c: cp2615: fix serial string NULL-deref at probe (Johan Hovold) - i2c: cp2615: replace deprecated strncpy with strscpy (Justin Stitt) - ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() (Namjae Jeon) - ksmbd: fix potencial OOB in get_file_all_info() for compound requests (Namjae Jeon) - tracing: Fix potential deadlock in cpu hotplug with osnoise (Luo Haiyang) - x86/cpu: Enable FSGSBASE early in cpu_init_exception_handling() (Nikunj A Dadhania) - mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (Jinjiang Tu) - scsi: target: tcm_loop: Drain commands in target_reset handler (Josef Bacik) - net: macb: Move devm_{free,request}_irq() out of spin lock area (Kevin Hao) - dmaengine: sh: rz-dmac: Protect the driver specific lists (Claudiu Beznea) - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (Claudiu Beznea) - xfs: save ailp before dropping the AIL lock in push callbacks (Yuto Ohnuki) - ext4: fix use-after-free inupdate_super_work when racing with umount (Jiayuan Chen) - ext4: fix the might_sleep() warnings in kvfree() (Zqiang) - ext4: publish jinode after initialization (Li Chen) - usb: gadget: uvc: fix NULL pointer dereference during unbind race (Jimmy Hu) - usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (Kuen-Han Tsai) - usb: gadget: f_hid: move list and spinlock inits from bind to alloc (Michael Zimmermann) - net: rfkill: prevent unlimited numbers of rfkill events from being created (Greg Kroah-Hartman) - seg6: separate dst_cache for input and output paths in seg6 lwtunnel (Andrea Mayer) - Revert "mptcp: add needs_id for netlink appending addr" (Matthieu Baerts (NGI0)) - xen/privcmd: unregister xenstore notifier on module exit (GuoHan Zhao) - netlink: add nla be16/32 types to minlen array (Florian Westphal) - rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING) (David Howells) - rxrpc: fix reference count leak in rxrpc_server_keyring() (Luxiao Xu) - net: stmmac: fix integer underflow in chain mode (Tyllis Xu) - net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure (Pengpeng Hou) - mmc: vub300: fix NULL-deref on disconnect (Johan Hovold) - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (Sebastian Brzezinka) - net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (David Carlier) - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (Muhammad Alifa Ramdhan) - batman-adv: reject oversized global TT response buffers (Ruide Cao) - nfc: pn533: allocate rx skb before consuming bytes (Pengpeng Hou) - arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges (Shawn Guo) - arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity (Shawn Guo) - wifi: brcmsmac: Fix dma_free_coherent() size (Thomas Fourier) - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (Oleh Konko) - netfilter: nft_ct: fix use-after-free in timeout object destroy (Tuan Do) - apparmor: fix race between freeing data and fsaccessing it (John Johansen) - apparmor: fix race on rawdata dereference (John Johansen) - apparmor: fix differential encoding verification (John Johansen) - apparmor: fix unprivileged local user can do privileged policy management (John Johansen) - apparmor: Fix double free of ns_name in aa_replace_profiles() (John Johansen) - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (Massimiliano Pellizzer) - apparmor: fix side-effect bug in match_char() macro usage (Massimiliano Pellizzer) - apparmor: fix: limit the number of levels of policy namespaces (John Johansen) - apparmor: replace recursive profile removal with iterative approach (Massimiliano Pellizzer) - apparmor: fix memory leak in verify_header (Massimiliano Pellizzer) - apparmor: validate DFA start states are in bounds in unpack_pdb (Massimiliano Pellizzer) - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (Nuno Sa) - gpiolib: cdev: fix uninitialised kfifo (Kent Gibson) - media: uvcvideo: Use heuristic to find stream entity (Ricardo Ribalda) - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (Thadeu Lima de Souza Cascardo) - Input: uinput - take event lock when submitting FF request "event" (Dmitry Torokhov) - Input: uinput - fix circular locking dependency with ff-core (Mikhail Gavrilov) - mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen) - xfrm_user: fix info leak in build_report() (Greg Kroah-Hartman) - wifi: rt2x00usb: fix devres lifetime (Johan Hovold) - lib/crypto: chacha: Zeroize permuted_state before it leaves scope (Eric Biggers) - wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free (Alexander Popov) - io_uring/tctx: work around xa_store() allocation error issue (Jens Axboe) - usb: gadget: f_uac1_legacy: validate control request size (Taegu Ha) - usb: gadget: f_rndis: Protect RNDIS options with mutex (Kuen-Han Tsai) - usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (Kuen-Han Tsai) - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser(Navaneeth K) - smb: client: Fix refcount leak for cifs_sb_tlink (Shuhao Fu) - net: mctp: Don't access ifa_index when missing (Matt Johnston) - fbcon: Set fb_display[i]-> mode to NULL when the mode is released (Quanmin Yan) - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (Marc Kleine-Budde) - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (Marc Kleine-Budde) - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) - usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (Sebastian Urban) - USB: dummy-hcd: Fix interrupt synchronization error (Alan Stern) - USB: dummy-hcd: Fix locking/synchronization error (Alan Stern) - thunderbolt: Fix property read in nhi_wake_supported() (Konrad Dybcio) - net: ftgmac100: fix ring allocation unwind on open failure (Yufan Chen) - vxlan: validate ND option lengths in vxlan_na_create (Yang Yang) - netfilter: ipset: drop logically empty buckets in mtype_del (Yifan Wu) - comedi: me4000: Fix potential overrun of firmware buffer (Ian Abbott) - comedi: me_daq: Fix potential overrun of firmware buffer (Ian Abbott) - comedi: ni_atmio16d: Fix invalid clean-up after failed attach (Ian Abbott) - comedi: Reinit dev-> spinlock between attachments to low-level drivers (Ian Abbott) - comedi: dt2815: add hardware detection to prevent crash (Deepanshu Kartikey) - cdc-acm: new quirk for EPSON HMD (Oliver Neukum) - bridge: br_nd_send: validate ND option lengths (Yang Yang) - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (Claudiu Beznea) - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (Claudiu Beznea) - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (Claudiu Beznea) - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (Claudiu Beznea) - usb: cdns3: gadget: fix state inconsistency on gadget init failure (Yongchao Wu) - usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (Yongchao Wu) - usb: dwc2: gadget: Fixspin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (Juno Choi) - usb: ehci-brcm: fix sleep during atomic (Justin Chen) - usb: usbtmc: Flush anchored URBs in usbtmc_release (Heitor Alves de Siqueira) - usb: ulpi: fix double free in ulpi_register_interface() error path (Guangshuo Li) - usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (Miao Li) - iio: gyro: mpu3050: Fix out-of-sequence free_irq() (Ethan Tidmore) - iio: gyro: mpu3050: Move iio_device_register() to correct location (Ethan Tidmore) - iio: gyro: mpu3050: Fix irq resource leak (Ethan Tidmore) - iio: gyro: mpu3050: Fix incorrect free_irq() variable (Ethan Tidmore) - iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (Francesco Lavra) - iio: light: vcnl4035: fix scan buffer on big-endian (David Lechner) - iio: dac: ad5770r: fix error return in ad5770r_read_raw() (Antoniu Miclaus) - Input: xpad - add support for Razer Wolverine V3 Pro (Zoltan Illes) - Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (Christoffer Sandberg) - Input: synaptics-rmi4 - fix a locking bug in an error path (Bart Van Assche) - USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (JP Hein) - USB: serial: option: add support for Rolling Wireless RW135R-GL (Wanquan Zhong) - USB: serial: io_edgeport: add support for Blackbox IC135A (Frej Drejhammar) - drm/ast: dp501: Fix initialization of SCU2C (Thomas Zimmermann) - hwmon: (occ) Fix division by zero in occ_show_power_1() (Sanman Pradhan) - MIPS: Fix the GCC version check for __multi3' workaround (Maciej W. Rozycki) - Bluetooth: SMP: force responder MITM requirements before building the pairing response (Oleh Konko) - Bluetooth: SMP: derive legacy responder STK authentication from MITM state (Oleh Konko) - ALSA: ctxfi: Fix missing SPDIFI1 index handling (Takashi Iwai) - ALSA: caiaq: fix stack out-of-bounds read in init_card (Berk Cem Goksel) - USB: serial: option: add MeiG Smart SRM825WN (Ernestas Kulik) - wifi: wilc1000: fix u8 overflow in SSID scan buffer sizecalculation (Yasuaki Torimaru) - drm/ioc32: stop speculation on the drm_compat_ioctl path (Greg Kroah-Hartman) - riscv: kgdb: fix several debug register assignment bugs (Paul Walmsley) - hwmon: (occ) Fix missing newline in occ_show_extended() (Sanman Pradhan) - hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (Sanman Pradhan) - hwmon: (pxe1610) Check return value of page-select write in probe (Sanman Pradhan) - bpf: reject direct access to nullable PTR_TO_BUF pointers (Qi Tang) - ipv6: avoid overflows in ip6_datagram_send_ctl() (Eric Dumazet) - net/sched: cls_flow: fix NULL pointer dereference on shared blocks (Xiang Mei) - net/sched: cls_fw: fix NULL pointer dereference on shared blocks (Xiang Mei) - net/x25: Fix overflow when accumulating packets (Martin Schiller) - net/x25: Fix potential double free of skb (Martin Schiller) - net/mlx5: Avoid "No data available" when FW version queries fail (Saeed Mahameed) - net: macb: properly unregister fixed rate clocks (Fedor Pchelkin) - net: macb: fix clk handling on PCI glue driver removal (Fedor Pchelkin) - Bluetooth: MGMT: validate LTK enc_size on load (Keenan Dong) - netfilter: nf_tables: reject immediate NF_QUEUE verdict (Pablo Neira Ayuso) - netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (Pablo Neira Ayuso) - netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (Qi Tang) - netfilter: nf_conntrack_helper: pass helper to expect cleanup (Qi Tang) - netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attr (Florian Westphal) - netfilter: x_tables: ensure names are nul-terminated (Florian Westphal) - netfilter: nfnetlink_log: account for netlink header size (Florian Westphal) - netfilter: flowtable: strictly check for maximum number of actions (Pablo Neira Ayuso) - net: ipv6: flowlabel: defer exclusive option free until RCU teardown (Zhengchuan Liang) - bpf: Fix regsafe() for pointers to packet (Alexei Starovoitov) - net: xilinx: axienet: Correct BD length masks to match AXIDMA IPspec (Suraj Gupta) - NFC: pn533: bound the UART receive buffer (Pengpeng Hou) - net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (Yochai Eisenrich) - ipv6: prevent possible UaF in addrconf_permanent_addr() (Paolo Abeni) - net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (Xiang Mei) - bridge: br_nd_send: linearize skb before parsing ND options (Yang Yang) - ip6_tunnel: clear skb2-> cb[] in ip4ip6_err() (Eric Dumazet) - ipv6: icmp: clear skb2-> cb[] in ip6_err_gen_icmpv6_unreach() (Eric Dumazet) - tg3: Fix race for querying speed/duplex (Thomas Bogendoerfer) - net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (Yochai Eisenrich) - net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak (Jiayuan Chen) - crypto: af-alg - fix NULL pointer dereference in scatterwalk (Norbert Szetei) - dt-bindings: auxdisplay: ht16k33: Use unevaluatedProperties to fix common property warning (Frank Li) - btrfs: reject root items with drop_progress and zero drop_level (ZhengYuan Huang) - HID: multitouch: Check to ensure report responses match the request (Lee Jones) - objtool: Fix Clang jump table detection (Josh Poimboeuf) - btrfs: don't take device_list_mutex when querying zone info (Johannes Thumshirn) - atm: lec: fix use-after-free in sock_def_readable() (Deepanshu Kartikey) - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (Benoît Sevens) - futex: Clear stale exiting pointer in futex_lock_pi() retry path (Davidlohr Bueso) - dmaengine: xilinx_dma: Fix reset related timeout with two-channel AXIDMA (Tomi Valkeinen) - dmaengine: xilinx_dma: Program interrupt delay timeout (Radhey Shyam Pandey) - dmaengine: idxd: Fix freeing the allocated ida too late (Vinicius Costa Gomes) - btrfs: fix lost error when running device stats on multiple devices fs (Filipe Manana) - btrfs: fix super block offset in error message in btrfs_validate_super() (Mark Harmstone) - dmaengine: xilinx: xilinx_dma: Fix unmaskedresidue subtraction (Marek Vasut) - dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (Marek Vasut) - dmaengine: xilinx: xilinx_dma: Fix dma_device directions (Marek Vasut) - phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (Felix Gu) - ext4: always drain queued discard work in ext4_mb_release() (Theodore Ts'o) - ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (Baokun Li) - ext4: reject mount if bigalloc with s_first_data_block != 0 (Helen Koike) - ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (Ye Bin) - ext4: make recently_deleted() properly work with lazy itable initialization (Jan Kara) - ext4: convert inline data to extents when truncate exceeds inline size (Deepanshu Kartikey) - xfs: stop reclaim before pushing AIL during unmount (Yuto Ohnuki) - jbd2: gracefully abort on checkpointing state corruptions (Milos Nikic) - scsi: ses: Handle positive SCSI error from ses_recv_diag() (Greg Kroah-Hartman) - scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (Tyllis Xu) - alarmtimer: Fix argument order in alarm_timer_forward() (Zhan Xusheng) - erofs: add GFP_NOIO in the bio completion if needed (Jiucheng Xu) - virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (xietangxin) - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (Yuchan Nam) - cpufreq: conservative: Reset requested_freq on limits change (Viresh Kumar) - can: gw: fix OOB heap access in cgw_csum_crc8_rel() (Ali Norouzi) - s390/barrier: Make array_index_mask_nospec() __always_inline (Vasily Gorbik) - s390/syscalls: Add spectre boundary for syscall dispatch table (Greg Kroah-Hartman) - spi: spi-fsl-lpspi: fix teardown order issue (UAF) (Marc Kleine-Budde) - ASoC: adau1372: Fix clock leak on PLL lock failure (Jihed Chaibi) - ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (Jihed Chaibi) - sysctl: fix uninitialized variable in proc_do_large_bitmap (Marc Buerg) - hwmon: (adm1177) fix sysfsABI violation and current unit conversion (Sanman Pradhan) - ACPI: EC: Fix ECDT probe ordering issues (Hans de Goede) - ACPI: EC: Fix EC address space handler unregistration (Hans de Goede) - ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (Hans de Goede) - ACPICA: include/acpi/acpixf.h: Fix indentation (Hans de Goede) - ASoC: Intel: catpt: Fix the device initialization (Cezary Rojewski) - drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (Samasth Norway Ananda) - x86/efi: efi_unmap_boot_services: fix calculation of ranges_to_free size (Mike Rapoport (Microsoft)) - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (Yihang Li) - RDMA/irdma: Return EINVAL for invalid arp index error (Tatyana Nikolova) - RDMA/irdma: Fix deadlock during netdev reset with active connections (Anil Samal) - RDMA/irdma: Remove reset check from irdma_modify_qp_to_err() (Tatyana Nikolova) - RDMA/irdma: Clean up unnecessary dereference of event-> cm_node (Ivan Barrera) - RDMA/irdma: Remove a NOP wait_event() in irdma_modify_qp_roce() (Tatyana Nikolova) - RDMA/irdma: Update ibqp state to error if QP is already in error state (Tatyana Nikolova) - RDMA/rw: Fall back to direct SGE on MR pool exhaustion (Chuck Lever) - regmap: Synchronize cache for the page selector (Andy Shevchenko) - net: macb: use the current queue number for stats (Paolo Valerio) - netfilter: ctnetlink: use netlink policy range checks (David Carlier) - netlink: allow be16 and be32 types in all uint policy checks (Florian Westphal) - netlink: introduce bigendian integer types (Florian Westphal) - netfilter: nft_payload: reject out-of-range attributes via policy (Florian Westphal) - netlink: introduce NLA_POLICY_MAX_BE (Florian Westphal) - netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (Weiming Shi) - netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (Ren Wei) - netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (Weiming Shi) - Bluetooth: btusb: clampSCO altsetting table indices (Pengpeng Hou) - Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (Hyunwoo Kim) - dma-mapping: add missing inline for dma_free_attrs (Miguel Ojeda) - net: enetc: fix the output issue of 'ethtool --show-ring' (Wei Fang) - net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) - platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (Alok Tiwari) - rtnetlink: count IFLA_INFO_SLAVE_KIND in if_nlmsg_size (Sabrina Dubroca) - net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (Qi Tang) - openvswitch: validate MPLS set/set_masked payload length (Yang Yang) - nfc: nci: fix circular locking dependency in nci_close_device (Jakub Kicinski) - ionic: fix persistent MAC address override on PF (Mohammad Heib) - pinctrl: mediatek: common: Fix probe failure for devices without EINT (Luca Leonardo Scorcia) - Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (Helen Koike) - Bluetooth: hci_ll: Fix firmware leak on error path (Anas Iqbal) - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (Hyunwoo Kim) - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (Hyunwoo Kim) - can: statistics: add missing atomic access in hot path (Oliver Hartkopp) - af_key: validate families in pfkey_send_migrate() (Eric Dumazet) - esp: fix skb leak with espintcp and async crypto (Sabrina Dubroca) - xfrm: Fix the usage of skb-> sk (Steffen Klassert) - xfrm: call xdo_dev_state_delete during state update (Sabrina Dubroca) - ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (Uzair Mughal) - dma-buf: Include ioctl.h in UAPI header (Isaac J. Manjarres) - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (Mark Brown) - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (Mark Brown) - module: Fix kernel panic when a symbol st_shndx is out of bounds (Ihor Solodrai) - HID: mcp2221: cancel last I2C command on read error(Romain Sioen) - net: usb: r8152: add TRENDnet TUC-ET2G (Valentin Spreckels) - HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (Günther Noack) - HID: magicmouse: fix battery reporting for Apple Magic Trackpad 2 (Julius Lehmann) - nvme-pci: ensure we're polling a polled queue (Keith Busch) - platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (Hans de Goede) - platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (Leif Skunberg) - nvme-pci: cap queue creation to used queues (Keith Busch) - platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (Peter Metz) - HID: asus: avoid memory leak in asus_report_fixup() (Günther Noack) - bpf: Release module BTF IDR before module unload (Kumar Kartikeya Dwivedi) - sh: platform_early: remove pdev-> driver_override check (Danilo Krummrich) - xen/privcmd: add boot control for restricted usage in domU (Juergen Gross) - xen/privcmd: restrict usage in unprivileged domU (Juergen Gross) - netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (Florian Westphal) - netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal) - tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure (Josh Law) - lib/bootconfig: check xbc_init_node() return in override path (Josh Law) - drm/i915/gt: Check set_default_submission() before deferencing (Rahul Bukte) - ksmbd: fix use-after-free of share_conf in compound request (Hyunwoo Kim) - mtd: rawnand: brcmnand: skip DMA during panic write (Kamal Dasu) - mtd: rawnand: serialize lock/unlock against other NAND operations (Kamal Dasu) - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (Christophe JAILLET) - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (Sanman Pradhan) - icmp: fix NULL pointer dereference in icmp_tag_validation() (Weiming Shi) - net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths (Anas Iqbal) - net: mvpp2: guard flow control update with global_tx_fc in bufferswitching (Muhammad Hammad Ijaz) - nfnetlink_osf: validate individual option lengths in fingerprints (Weiming Shi) - net: bonding: fix NULL deref in bond_debug_rlb_hash_show (Xiang Mei) - udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (Xiang Mei) - net: macb: fix uninitialized rx_fs_lock (Fedor Pchelkin) - wifi: mac80211: fix NULL deref in mesh_matches_local() (Xiang Mei) - igc: fix missing update of skb-> tail in igc_xmit_frame() (Kohei Enju) - net: usb: aqc111: Do not perform PM inside suspend callback (Nikola Z. Ivanov) - net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (Jiayuan Chen) - net/smc: Fix slab-out-of-bounds issue in fallback (Wen Gu) - net/smc: Only save the original clcsock callback functions (Wen Gu) - PM: runtime: Fix a race condition related to device removal (Bart Van Assche) - sched: idle: Consolidate the handling of two special cases (Rafael J. Wysocki) - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (Dipayaan Roy) - net: bcmgenet: increase WoL poll timeout (Justin Chen) - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (Jenny Guanni Qu) - netfilter: xt_time: use unsigned int for monthday bit shift (Jenny Guanni Qu) - netfilter: xt_CT: drop pending enqueued packets on template removal (Pablo Neira Ayuso) - netfilter: nft_ct: drop pending enqueued packets on removal (Pablo Neira Ayuso) - netfilter: nft_ct: add seqadj extension for natted connections (Andrii Melnychenko) - netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (Jenny Guanni Qu) - netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (Lukas Johannes Möller) - netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (Hyunwoo Kim) - netfilter: ctnetlink: remove refcounting in expectation dumpers (Florian Westphal) - net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (Jiayuan Chen) - Bluetooth: qca: fix ROM version reading on WCN3998 chips (DmitryBaryshkov) - Bluetooth: HIDP: Fix possible UAF (Luiz Augusto von Dentz) - Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (Christian Eggers) - Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (Christian Eggers) - Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (Christian Eggers) - firmware: arm_scpi: Fix device_node reference leak in probe path (Felix Gu) - of: Add cleanup.h based auto release via __free(device_node) markings (Jonathan Cameron) - wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. (Kuniyuki Iwashima) - soc: fsl: qbman: fix race condition in qman_destroy_fq (Richard Genoud) - btrfs: tree-checker: fix misleading root drop_level error message (ZhengYuan Huang) - batman-adv: avoid OGM aggregation when skb tailroom is insufficient (Yang Yang) - pmdomain: bcm: bcm2835-power: Increase ASB control timeout (Maíra Canal) - mptcp: pm: avoid sending RM_ADDR over same subflow (Matthieu Baerts (NGI0)) - drm/amd/display: Use GFP_ATOMIC in dc_create_stream_for_sink (Natalie Vock) - net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (Andrew Lunn) - smb: client: Don't log plaintext credentials in cifs_set_cifscreds (Thorsten Blum) - RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (Jason Gunthorpe) - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (Daniil Dulov) - wifi: cfg80211: move scan done work to wiphy work (Johannes Berg) - wifi: libertas: fix use-after-free in lbs_free_adapter() (Daniel Hodges) - ext4: always allocate blocks only from groups inode can use (Jan Kara) - ksmbd: fix null pointer dereference error in generate_encryptionkey (Namjae Jeon) - ext4: fix dirtyclusters double decrement on fs shutdown (Brian Foster) - ext4: drop extent cache when splitting extent fails (Zhang Yi) - ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O (Zhang Yi) - ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths (Fedor Pchelkin) - drm/exynos: vidi: use ctx-> lock to protectstruct vidi_context member variables related to memory alloc/free (Jeongjun Park) - drm/exynos: vidi: fix to avoid directly dereferencing user pointer (Jeongjun Park) - drm/exynos: vidi: use priv-> vidi_dev for ctx lookup in vidi_connection_ioctl() (Jeongjun Park) - net: Handle napi_schedule() calls from non-interrupt (Frederic Weisbecker) - net: stmmac: dwmac-loongson: Set clk_csr_i to 100-150MHz (Huacai Chen) - drm/radeon: apply state adjust rules to some additional HAINAN vairants (Alex Deucher) - serial: uartlite: fix PM runtime usage count underflow on probe (Maciej Andrzejewski ICEYE) - serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (Ilpo Järvinen) - serial: 8250: Fix TX deadlock when using DMA (Raul E Rangel) - serial: 8250_pci: add support for the AX99100 (Martin Roukala (né Peres)) - iommu/vt-d: Fix intel iommu iotlb sync hardlockup and retry (Guanghui Feng) - mtd: Avoid boot crash in RedBoot partition table parser (Finn Thain) - mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (Chen Ni) - mtd: rawnand: pl353: make sure optimal timings are applied (Olivier Sobrie) - mmc: sdhci: fix timing selection for 1-bit bus width (Luke Wang) - mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (Matthew Schwartz) - Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (Lukas Johannes Möller) - Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (Lukas Johannes Möller) - net: macb: fix use-after-free access to PTP clock (Fedor Pchelkin) - NFC: nxp-nci: allow GPIOs to sleep (Ian Ray) - nvdimm/bus: Fix potential use after free in asynchronous initialization (Ira Weiny) - sunrpc: fix cache_request leak in cache_release (Jeff Layton) - driver: iio: add missing checks on iio_info's callback access (Julien Stephan) - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (Jens Axboe) - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() (Eric Dumazet) - bpf: Forget ranges when refining tnum after JSET (PaulChaignon) - i3c: mipi-i3c-hci: Add missing TID field to no-op command descriptor (Adrian Hunter) - i3c: mipi-i3c-hci: Restart DMA ring correctly after dequeue abort (Adrian Hunter) - i3c: mipi-i3c-hci: Use ETIMEDOUT instead of ETIME for timeout errors (Adrian Hunter) - iio: imu: inv_icm42600: fix odr switch to the same value (Jean-Baptiste Maneyrol) - iio: gyro: mpu3050-i2c: fix pm_runtime error handling (Antoniu Miclaus) - iio: gyro: mpu3050-core: fix pm_runtime error handling (Antoniu Miclaus) - iio: chemical: bme680: Fix measurement wait duration calculation (Chris Spencer) - iio: potentiometer: mcp4131: fix double application of wiper shift (Lukas Schmid) - iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (Antoniu Miclaus) - iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (Antoniu Miclaus) - iio: dac: ds4424: reject -128 RAW value (Oleksij Rempel) - btrfs: abort transaction on failure to update root in the received subvol ioctl (Filipe Manana) - lib/bootconfig: check bounds before writing in __xbc_open_brace() (Josh Law) - lib/bootconfig: fix snprintf truncation check in xbc_node_compose_key_after() (Josh Law) - x86/apic: Disable x2apic on resume if the kernel expects so (Shashank Balaji) - lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error (Josh Law) - xfs: fix undersized l_iclog_roundoff values (Darrick J. Wong) - tracing: Fix trace_buf_size= cmdline parameter with sizes > = 2G (Calvin Owens) - drm/amdgpu: Fix use-after-free race in VM acquire (Alysa Liu) - net: ethernet: arc: emac: quiesce interrupts before requesting IRQ (Fan Wu) - net: ncsi: fix skb leak in error paths (Jian Zhang) - parisc: Fix initial page table creation for boot (Helge Deller) - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (Sanman Pradhan) - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (Dave Airlie) - parisc: Increase initial mapping to 64 MB with KALLSYMS (Helge Deller) - batman-adv: Avoid double-rtnl_lock ELP metric worker (SvenEckelmann) - ice: fix retry for AQ command 0x06EE (Jakub Staniszewski) - net: mana: Ring doorbell at 4 CQ wraparounds (Long Li) - media: dvb-net: fix OOB access in ULE extension header tables (Ariel Silver) - staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (Greg Kroah-Hartman) - staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie (Luka Gejak) - irqchip/gic-v3-its: Limit number of per-device MSIs to the range the ITS supports (Marc Zyngier) - device property: Allow secondary lookup in fwnode_get_next_child_node() (Andy Shevchenko) - time/jiffies: Mark jiffies_64_to_clock_t() notrace (Steven Rostedt) - time: add kernel-doc in time.c (Randy Dunlap) - ceph: fix i_nlink underrun during async unlink (Max Kellermann) - libceph: admit message frames only in CEPH_CON_S_OPEN state (Ilya Dryomov) - libceph: Use u32 for non-negative values in ceph_monmap_decode() (Raphael Zimmer) - libceph: prevent potential out-of-bounds reads in process_message_header() (Ilya Dryomov) - libceph: reject preamble if control segment is empty (Ilya Dryomov) - libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (Raphael Zimmer) - tipc: fix divide-by-zero in tipc_sk_filter_connect() (Mehul Rao) - mmc: core: Avoid bitfield RMW for claim/retune flags (Penghe Geng) - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (Felix Gu) - mm/tracing: rss_stat: ensure curr is false from kthread context (Kalesh Singh) - usb: image: mdc800: kill download URB on timeout (Ziyi Guo) - usb: mdc800: handle signal and read racing (Oliver Neukum) - usb: renesas_usbhs: fix use-after-free in ISR during device removal (Fan Wu) - usb: class: cdc-wdm: fix reordering issue in read code path (Oliver Neukum) - USB: core: Limit the length of unkillable synchronous timeouts (Alan Stern) - USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (Alan Stern) - USB: usbcore: Introduce usb_bulk_msg_killable() (Alan Stern) - usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (MarcZyngier) - usb: core: don't power off roothub PHYs if phy_set_mode() fails (Gabor Juhos) - usb: misc: uss720: properly clean up reference in uss720_probe() (Greg Kroah-Hartman) - usb: yurex: fix race in probe (Oliver Neukum) - usb: xhci: Fix memory leak in xhci_disable_slot() (Zilin Guan) - usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (Christoffer Sandberg) - net: usb: lan78xx: skip LTM configuration for LAN7850 (Oleksij Rempel) - net: usb: lan78xx: fix silent drop of packets with checksum errors (Oleksij Rempel) - cgroup: fix race between task migration and iteration (Qingye Zhao) - octeontx2-af: devlink: fix NIX RAS reporter recovery condition (Alok Tiwari) - ASoC: detect empty DMI strings (Casey Connolly) - ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (Chen Ni) - ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (Ben Dooks) - e1000/e1000e: Fix leak in DMA error cleanup (Matt Vollrath) - i40e: fix src IP mask checks and memcpy argument names in cloud filter (Alok Tiwari) - nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set (Sungwoo Kim) - regulator: pca9450: Correct interrupt type (Peng Fan) - regulator: pca9450: Make IRQ optional (Frieder Schrempf) - netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (Yuan Tan) - netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (Hyunwoo Kim) - netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path (Hyunwoo Kim) - netfilter: x_tables: guard option walkers against 1-byte tail reads (David Dull) - netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() (Jenny Guanni Qu) - can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (Wenyuan Li) - serial: caif: hold tty-> link reference in ldisc_open and ser_release (Shuangpeng Bai) - ASoC: soc-core: flush delayed work before removing DAIs and widgets (matteo.cotifava) - ASoC: core: Do not call link_exit() on uninitialized rtd objects (Amadeusz Sławiński) - ASoC: core:Exit all links before removing their components (Cezary Rojewski) - ASoC: soc-core: accept zero format at snd_soc_runtime_set_dai_fmt() (Kuninori Morimoto) - ASoC: soc-core: drop delayed_work_pending() check before flush (matteo.cotifava) - net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (Weiming Shi) - net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery (Gal Pressman) - bonding: handle BOND_LINK_FAIL, BOND_LINK_BACK as valid link states (Hangbin Liu) - xprtrdma: Decrement re_receiving on the early exit paths (Eric Badger) - powerpc: 83xx: km83xx: Fix keymile vendor prefix (J. Neuschäfer) - remoteproc: sysmon: Correct subsys_name_len type in QMI request (Bjorn Andersson) - powerpc/uaccess: Fix inline assembly for clang build on PPC32 (Christophe Leroy (CS GROUP)) - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (Takashi Iwai) - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (Takashi Iwai) - scsi: ses: Fix devices attaching to different hosts (Tomas Henzl) - ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (Sofia Schneider) - unshare: fix unshare_fs() handling (Al Viro) - scsi: mpi3mr: Add NULL checks when resetting request and reply queues (Ranjan Kumar) - ACPI: PM: Save NVS memory on Lenovo G70-35 (Piotr Mazek) - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (Jan Kiszka) - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) - net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (Jiayuan Chen) - net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (Fernando Fernandez Mancera) - net: stmmac: Fix error handling in VLAN add and delete paths (Ovidiu Panait) - nfc: rawsock: cancel tx_work before socket teardown (Jakub Kicinski) - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (Jakub Kicinski) - nfc: nci: free skb on nci_transceive early error paths (Jakub Kicinski) - net: nfc: nci: Fix zero-length proprietary notifications (IanRay) - net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (Koichiro Den) - amd-xgbe: fix sleep while atomic on suspend/resume (Raju Rangoju) - ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (Jakub Kicinski) - xen/acpi-processor: fix _CST detection using undersized evaluation buffer (David Thomson) - indirect_call_wrapper: do not reevaluate function pointer (Eric Dumazet) - wifi: wlcore: Fix a locking bug (Bart Van Assche) - can: mcp251x: fix deadlock in error path of mcp251x_open (Alban Bedel) - can: bcm: fix locking for bcm_op runtime updates (Oliver Hartkopp) - atm: lec: fix null-ptr-deref in lec_arp_clear_vccs (Jiayuan Chen) - dpaa2-switch: do not clear any interrupts automatically (Ioana Ciornei) - net: dpaa2-switch: serialize changes to priv-> mac with a mutex (Vladimir Oltean) - net: dpaa2-switch replace direct MAC access with dpaa2_switch_port_has_mac() (Vladimir Oltean) - net: dpaa2-switch: assign port_priv-> mac after dpaa2_mac_connect() call (Vladimir Oltean) - net: dpaa2: replace dpaa2_mac_is_type_fixed() with dpaa2_mac_is_type_phy() (Vladimir Oltean) - net: ethernet: ti: am65-cpsw-nuss/cpsw-ale: Fix multicast entry handling in ALE table (Chintan Vankar) - platform/x86: thinkpad_acpi: Fix errors reading battery thresholds (Jonathan Teh) - selftests: mptcp: more stable simult_flows tests (Paolo Abeni) - drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() (Lars Ellenberg) - Squashfs: check metadata block offset is within range (Phillip Lougher) - net/sched: ets: fix divide by zero in the offload path (Davide Caratti) - IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() (Jason Gunthorpe) - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (Vahagn Vardanian) - wifi: radiotap: reject radiotap with unknown bits (Johannes Berg) - ALSA: usb-audio: Use correct version for UAC3 header validation (Jun Seo) - platform/x86: dell-wmi: Add audio/mic mute key codes (Kurt Borja) - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data(Thorsten Blum) - x86/efi: defer freeing of boot services memory (Mike Rapoport (Microsoft)) - HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (Greg Kroah-Hartman) - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (Greg Kroah-Hartman) - can: ucan: Fix infinite loop from zero-length messages (Greg Kroah-Hartman) - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (Greg Kroah-Hartman) - net: usb: pegasus: validate USB endpoints (Greg Kroah-Hartman) - net: usb: kalmia: validate USB endpoints (Greg Kroah-Hartman) - net: usb: kaweth: validate USB endpoints (Greg Kroah-Hartman) - nfc: pn533: properly drop the usb interface reference on disconnect (Greg Kroah-Hartman) - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (Jens Axboe) - eventpoll: Fix integer overflow in ep_loop_check_proc() (Jann Horn) - net: arcnet: com20020-pci: fix support for 2.5Mbit cards (Ethan Nelson-Moore) - ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (Takashi Iwai) - fbcon: check return value of con2fb_acquire_newinfo() (Andrey Vatoropin) - fbcon: move more common code into fb_open() (Daniel Vetter) - fbcon: Extract fbcon_open/release helpers (Daniel Vetter) - fbcon: Use delayed work for cursor (Daniel Vetter) - ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths (Namjae Jeon) - ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (Takashi Iwai) - usb: cdns3: fix role switching during resume (Thomas Richard (TI)) - usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (Théo Lebrun) - usb: cdns3: remove redundant if branch (Hongyu Xie) - clk: tegra: tegra124-emc: fix device leak on set_rate() (Johan Hovold) - mfd: omap-usb-host: Fix OF populate on driver rebind (Johan Hovold) - mfd: omap-usb-host: Convert to platform remove callback returning void (Uwe Kleine-König) - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (Johan Hovold) - mfd: qcom-pm8xxx: Convert to platform remove callbackreturning void (Uwe Kleine-König) - mfd: qcom-pm8xxx: switch away from using chained IRQ handlers (Dmitry Baryshkov) - drm/tegra: dsi: fix device leak on probe (Johan Hovold) - ata: libata-scsi: refactor ata_scsi_translate() (Damien Le Moal) - ata: libata: remove pointless VPRINTK() calls (Hannes Reinecke) - ata: libata-scsi: drop DPRINTK calls for cdb translation (Hannes Reinecke) - scsi: ata: Call scsi_done() directly (Bart Van Assche) - ARM: omap2: Fix reference count leaks in omap_control_init() (Wentao Liang) - ARM: OMAP2+: add missing of_node_put before break and return (Wang Qing) - memory: mtk-smi: fix device leak on larb probe (Johan Hovold) - memory: mtk-smi: Convert to platform remove callback returning void (Uwe Kleine-König) - bpf: Fix stack-out-of-bounds write in devmap (Kohei Enju) - btrfs: fix incorrect key offset in error message in check_dev_extent_item() (Mark Harmstone) - ALSA: usb-audio: Use inclusive terms (Takashi Iwai) - ALSA: usb-audio: Cap the packet size pre-calculations (Takashi Iwai) - scsi: ufs: core: Move link recovery for hibern8 exit failure to wl_resume (Peter Wang) - scsi: ufs: core: Always initialize the UIC done completion (Bart Van Assche) - scsi: lpfc: Properly set WC for DPP mapping (Mathias Krause) - ARM: clean up the memset64() C wrapper (Thomas Weißschuh) [5.15.0-322.202.1] - scsi: fcoe: Reject FIP descriptors with zero fip_dlen in CVL walker (Michael Bommarito) [Orabug: 39446044] - scsi: scsi_transport_fc: Widen FPIN pname walker counter to u32 (Michael Bommarito) [Orabug: 39446044] - scsi: target: iscsi: Fix CRC overread and double-free in iscsit_handle_text_cmd() (Michael Bommarito) [Orabug: 39446044] - scsi: target: iscsi: Bound iscsi_encode_text_output() appends to rsp_buf (Michael Bommarito) [Orabug: 39446044] - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (Frederick Lawler) [Orabug: 39390378] - net: sched: act_api: implement generic walker and search for tc action (Zhengchao Shao) [Orabug: 39342047] - btrfs: reserve extra spacefor the free space tree (Josef Bacik) [Orabug: 39281379] - btrfs: include the free space tree in the global rsv minimum calculation (Josef Bacik) [Orabug: 39281379] [5.15.0-321.202.5] - Revert "ip6_tunnel: Fix usage of skb_vlan_inet_prepare()" (Harshit Mogalapalli) [Orabug: 39476647] - smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463672] [5.15.0-321.202.4] - tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429143] - tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429143] - tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429143] [5.15.0-321.202.3] - net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368827] {CVE-2026-46300} - net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368827] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384274] {CVE-2026-46333} - mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (David Hildenbrand (Red Hat)) [Orabug: 38474901] - Revert "mm/hugetlb: add option to allows disabling CVE-2025-38085 mitigation" (Samasth Norway Ananda) [Orabug: 38474901] - mm/rmap: fix two comments related to huge_pmd_unshare() (David Hildenbrand (Red Hat)) [Orabug: 38474901] - mm/hugetlb: fix two comments related to huge_pmd_unshare() (David Hildenbrand (Red Hat)) [Orabug: 38474901] - mm/hugetlb: fix hugetlb_pmd_shared() (David Hildenbrand (Red Hat)) [Orabug: 38474901] [5.15.0-321.202.2] - dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler (Guenter Roeck) - Revert "arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on" (Sasha Levin) - ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Ben Hutchings) - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (Gui-Dong Han) - wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enoughheadroom (Guenter Roeck) - sched: idle: Make skipping governor callbacks more consistent (Rafael J. Wysocki) - nvmet-tcp: fix use-before-check of sg in bounds validation (Cengiz Can) - remoteproc: mediatek: Unprepare SCP clock during system suspend (Tzung-Bi Shih) - net: openvswitch: Avoid releasing netdev before teardown completes (Toke Høiland-Jørgensen) - ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (Rafael J. Wysocki) - net: hsr: fix VLAN add unwind on slave errors (Luka Gejak) - x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39327141] {CVE-2025-54518} - xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39342679] {CVE-2026-43284} - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342679] {CVE-2026-43284} - KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking (Maxim Levitsky) [Orabug: 39334996] - KVM: Don't block+unblock when halt-polling is successful (Sean Christopherson) [Orabug: 39334996] - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167616] {CVE-2026-31402} - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) [Orabug: 39103230] {CVE-2026-23270} - exadata: tools: perf: update column to comm_nodigit (Stephen Brennan) [Orabug: 39327019] - perf report: Add comm_nodigit sort key (Stephen Brennan) [Orabug: 39327019] - Revert "tools: perf: add comm_ignore_digit column" (Stephen Brennan) [Orabug: 39327019] _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-37137 http://linux.oracle.com/errata/ELSA-2026-37137.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat-9.0.87-2.el8_10.noarch.rpm tomcat-admin-webapps-9.0.87-2.el8_10.noarch.rpm tomcat-docs-webapp-9.0.87-2.el8_10.noarch.rpm tomcat-el-3.0-api-9.0.87-2.el8_10.noarch.rpm tomcat-jsp-2.3-api-9.0.87-2.el8_10.noarch.rpm tomcat-lib-9.0.87-2.el8_10.noarch.rpm tomcat-servlet-4.0-api-9.0.87-2.el8_10.noarch.rpm tomcat-webapps-9.0.87-2.el8_10.noarch.rpm aarch64: tomcat-9.0.87-2.el8_10.noarch.rpm tomcat-admin-webapps-9.0.87-2.el8_10.noarch.rpm tomcat-docs-webapp-9.0.87-2.el8_10.noarch.rpm tomcat-el-3.0-api-9.0.87-2.el8_10.noarch.rpm tomcat-jsp-2.3-api-9.0.87-2.el8_10.noarch.rpm tomcat-lib-9.0.87-2.el8_10.noarch.rpm tomcat-servlet-4.0-api-9.0.87-2.el8_10.noarch.rpm tomcat-webapps-9.0.87-2.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/tomcat-9.0.87-2.el8_10.src.rpm Related CVEs: CVE-2026-29146 CVE-2026-34486 Description of changes: [1:9.0.87-2] - Resolves: RHEL-183993 Remove tomcat clustering JAR from RPM builds _______________________________________________ El-errata mailing list
An update that solves one vulnerability and has 16 fixes can now be installed.. # Security update for update 5.1.3 for SUSE_Multi-Linux_Manager Client Tools and Salt Bundle Announcement ID: SUSE-SU-2026:22536-1 Release Date: 2026-06-15T07:20:25Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259553 * bsc#1259554 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.1 * SUSE Multi-Linux Manager Client Tools for SUSE Linux Micro 6 An update that solves one vulnerability and has 16 fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers uyuni-tools: * version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Fixed Ssl Key file that can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name toavoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Linux Micro 6 zypper in -t patch Multi-Linux-ManagerTools-SL-Micro-64=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Linux Micro 6 (noarch) * mgrctl-zsh-completion-5.1.26-1.1 * mgrctl-lang-5.1.26-1.1 * mgrctl-bash-completion-5.1.26-1.1 * SUSE Multi-Linux Manager Client Tools for SUSE Linux Micro 6 (aarch64 ppc64le s390x x86_64) * mgrctl-5.1.26-1.1 * mgrctl-debuginfo-5.1.26-1.1 * venv-salt-minion-3006.0-11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 *https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 . Update fixes one issue and deploys 16 patches for SUSE Multi-Linux Manager Client Tools and Salt Bundle.. SUSE Client Tools, Salt Bundle, update fixes, security patch. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.