SUSE-SU-2025:02000-1

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305). - CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448). - CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507). - CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510). - CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506). - CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852). - CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854). - CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856). - CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867). - CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875). - CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860). - CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951). - CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944). - CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664). - CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519). - CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547). - CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). The following non-security bugs were fixed: - ACPI: PPTT: Fix processor subtable walk (git-fixes). - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes). - ALSA: seq: Fix delivery of UMP events to group ports (git-fixes). - ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes). - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes). - ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes). - Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes). - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes). - Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes). - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes). - Fix write to cloned skb in ipv6_hop_ioam() (git-fixes). - HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes). - HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes). - IB/cm: use rwlock for MAD agent lock (git-fixes) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes). - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes). - Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes). - Input: xpad - fix Share button on Xbox One controllers (stable-fixes). - Input: xpad - fix two controller table values (git-fixes). - KVM: SVM: Allocate IR data using atomic allocation (git-fixes). - KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes). - KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes). - KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes). - KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes). - KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes). - KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes). - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes). - KVM: arm64: Mark some header functions as inline (git-fixes). - KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes). - KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes). - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes). - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes). - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes). - KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes). - KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes). - KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes). - KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes). - KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes). - KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657). - KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658). - KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes). - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes). - KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes). - KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes). - KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes). - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes). - KVM: x86: Make x2APIC ID 100% readonly (git-fixes). - KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes). - KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes). - KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes). - NFS: O_DIRECT writes must check and adjust the file length (git-fixes). - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes). - NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes). - NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes). - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes) - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes) - RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes) - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes) - Squashfs: check return result of sb_min_blocksize (git-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes). - add bug reference for an existing hv_netvsc change (bsc#1243737). - afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes). - afs: Make it possible to find the volumes that are using a server (git-fixes). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes) - arm64: insn: Add support for encoding DSB (git-fixes) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes) - arm64: proton-pack: Expose whether the branchy loop k value (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes) - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes). - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes). - bnxt_en: Fix coredump logic to free allocated buffer (git-fixes). - bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes). - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes). - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes). - bpf: Scrub packet on bpf_redirect_peer (git-fixes). - btrfs: adjust subpage bit start based on sectorsize (bsc#1241492). - btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208). - btrfs: avoid monopolizing a core when activating a swap file (git-fixes). - btrfs: do not loop for nowait writes when checking for cross references (git-fixes). - btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes). - btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012). - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes). - cBPF: Refresh fixes for cBPF issue (bsc#1242778) - can: bcm: add locking for bcm_op runtime updates (git-fixes). - can: bcm: add missing rcu read protection for procfs content (git-fixes). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - can: slcan: allow reception of short error messages (git-fixes). - check-for-config-changes: Fix flag name typo - cifs: change tcon status when need_reconnect is set on it (git-fixes). - cifs: reduce warning log level for server not advertising interfaces (git-fixes). - crypto: algif_hash - fix double free in hash_accept (git-fixes). - devlink: fix port new reply cmd type (git-fixes). - dm-integrity: fix a warning on invalid table line (git-fixes). - dma-buf: insert memory barrier before updating num_fences (git-fixes). - dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes). - dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes). - dmaengine: idxd: Fix ->poll() return value (git-fixes). - dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes). - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mediatek: drop unused variable (git-fixes). - dmaengine: ti: k3-udma: Add missing locking (git-fixes). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Avoid flooding unnecessary info messages (git-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes). - drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes). - drm/amdgpu: fix pm notifier handling (git-fixes). - drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes). - drm/edid: fixed the bug that hdr metadata was not reset (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/v3d: Add job to pending list if the reset was skipped (stable-fixes). - exfat: fix potential wrong error return from get_block (git-fixes). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes). - hv_netvsc: Remove rmsg_pgcnt (git-fixes). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes). - i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes). - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes). - idpf: fix offloads support for encapsulated packets (git-fixes). - idpf: fix potential memory leak on kcalloc() failure (git-fixes). - idpf: protect shutdown from reset (git-fixes). - igc: fix lock order in igc_ptp_reset (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - inetpeer: remove create argument of inet_getpeer_v() (git-fixes). - inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes). - ipv4/route: avoid unused-but-set-variable warning (git-fixes). - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes). - ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes). - ipv4: Fix incorrect source address in Record Route option (git-fixes). - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes). - ipv4: fix source address selection with route leak (git-fixes). - ipv4: give an IPv4 dev to blackhole_netdev (git-fixes). - ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes). - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes). - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes). - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes). - ipv6: Align behavior across nexthops during path selection (git-fixes). - ipv6: Do not consider link down nexthops in path selection (git-fixes). - ipv6: Start path selection from the first nexthop (git-fixes). - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993). - jiffies: Define secs_to_jiffies() (bsc#1242993). - kernel-obs-qa: Use srchash for dependency as well - loop: Add sanity check for read/write_iter (git-fixes). - loop: aio inherit the ioprio of original request (git-fixes). - loop: do not require ->write_iter for writable files in loop_configure (git-fixes). - md/raid1,raid10: do not ignore IO flags (git-fixes). - md/raid10: fix missing discard IO accounting (git-fixes). - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes). - md/raid5: implement pers->bitmap_sector() (git-fixes). - md: add a new callback pers->bitmap_sector() (git-fixes). - md: ensure resync is prioritized over recovery (git-fixes). - md: fix mddev uaf while iterating all_mddevs list (git-fixes). - md: preserve KABI in struct md_personality v2 (git-fixes). - media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes). - mtd: phram: Add the kernel lock down check (bsc#1232649). - neighbour: delete redundant judgment statements (git-fixes). - net/handshake: Fix handshake_req_destroy_test1 (git-fixes). - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes). - net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes). - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes). - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes). - net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes). - net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes). - net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes). - net: Add non-RCU dev_getbyhwaddr() helper (git-fixes). - net: Clear old fragment checksum value in napi_reuse_skb (git-fixes). - net: Handle napi_schedule() calls from non-interrupt (git-fixes). - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes). - net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes). - net: do not dump stack on queue timeout (git-fixes). - net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes). - net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes). - net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes). - net: qede: Initialize qede_ll_ops with designated initializer (git-fixes). - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes). - net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes). - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes). - netdev-genl: avoid empty messages in queue dump (git-fixes). - netdev: fix repeated netlink messages in queue dump (git-fixes). - netlink: annotate data-races around sk->sk_err (git-fixes). - netpoll: Ensure clean state on setup failures (git-fixes). - nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes). - nfsd: add list_head nf_gc to struct nfsd_file (git-fixes). - nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes). - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096). - nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes). - nvme-tcp: fix premature queue removal and I/O failover (git-fixes). - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes). - nvme: Add 'partial_nid' quirk (bsc#1241148). - nvme: Add warning when a partiually unique NID is detected (bsc#1241148). - nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149). - nvme: Update patch nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149). - nvme: fixup scan failure for non-ANA multipath controllers (git-fixes). - nvme: multipath: fix return value of nvme_available_path (git-fixes). - nvme: re-read ANA log page after ns scan completes (git-fixes). - nvme: requeue namespace scan on missed AENs (git-fixes). - nvme: unblock ctrl state transition for firmware update (git-fixes). - nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes). - nvmet-fc: inline nvmet_fc_free_hostport (git-fixes). - nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes). - nvmet-fc: take tgtport reference only once (git-fixes). - nvmet-fc: update tgtport ref per assoc (git-fixes). - nvmet-fcloop: Remove remote port from list when unlinking (git-fixes). - nvmet-fcloop: add ref counting to lport (git-fixes). - nvmet-fcloop: replace kref with refcount (git-fixes). - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes). - objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - octeontx2-pf: qos: fix VF root node parent queue index (git-fixes). - padata: do not leak refcount in reorder_work (git-fixes). - phy: Fix error handling in tegra_xusb_port_init (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes). - phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes). - phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes). - phy: tegra: xusb: remove a stray unlock (git-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes). - powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes). - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555). - qibfs: fix _another_ leak (git-fixes) - rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes) - rcu/tasks: Handle new PF_IDLE semantics (git-fixes) - rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes) - rcu: Introduce rcu_cpu_online() (git-fixes) - regulator: max20086: fix invalid memory access (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805). - scsi: Improve CDL control (git-fixes). - scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993). - scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993). - scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993). - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993). - scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993). - scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993). - scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993). - scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993). - scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993). - scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966). - scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qla2xxx: Fix typos in a comment (bsc#1243090). - scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090). - scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090). - scsi: qla2xxx: Remove unused module parameters (bsc#1243090). - scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090). - scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090). - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203). - smb3: fix Open files on server counter going negative (git-fixes). - smb: client: Use str_yes_no() helper function (git-fixes). - smb: client: allow more DFS referrals to be cached (git-fixes). - smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes). - smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes). - smb: client: do not retry DFS targets on server shutdown (git-fixes). - smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes). - smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes). - smb: client: fix DFS interlink failover (git-fixes). - smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes). - smb: client: fix hang in wait_for_response() for negproto (bsc#1242709). - smb: client: fix potential race in cifs_put_tcon() (git-fixes). - smb: client: fix return value of parse_dfs_referrals() (git-fixes). - smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes). - smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes). - smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes). - smb: client: improve purging of cached referrals (git-fixes). - smb: client: introduce av_for_each_entry() helper (git-fixes). - smb: client: optimize referral walk on failed link targets (git-fixes). - smb: client: parse DNS domain name from domain= option (git-fixes). - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes). - smb: client: provide dns_resolve_{unc,name} helpers (git-fixes). - smb: client: refresh referral without acquiring refpath_lock (git-fixes). - smb: client: remove unnecessary checks in open_cached_dir() (git-fixes). - spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes). - spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes). - spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes). - spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes). - spi: tegra114: Use value to check for invalid delays (git-fixes). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes). - tcp_cubic: fix incorrect HyStart round start detection (git-fixes). - thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes). - virtio_console: fix missing byte order handling for cols and rows (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes). - wifi: mt76: disable napi on driver removal (git-fixes). - x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes). - x86/xen: move xen_reserve_extra_memory() (git-fixes). - xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes). - xen: Change xen-acpi-processor dom0 dependency (git-fixes). - xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes). - xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - xhci: split free interrupter into separate remove and free parts (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (git-fixes). - xsk: Do not assume metadata is always requested in TX completion (git-fixes).

Affected Systems

• opensuse•dtb-aarch64&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-64kb&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-debug&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-default-base&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1.150600.12.24.1

• opensuse•kernel-default&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-docs&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-kvmsmall&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-obs-build&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-obs-qa&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-source&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-syms&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• opensuse•kernel-zfcpdump&distro=openSUSE Leap 15.6

  < 6.4.0-150600.23.53.1

• suse•kernel-64kb&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-default-base&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6

  < 6.4.0-150600.23.53.1.150600.12.24.1

• suse•kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-default&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-default&distro=SUSE Linux Enterprise Module for Legacy 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-default&distro=SUSE Linux Enterprise Workstation Extension 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-docs&distro=SUSE Linux Enterprise Module for Development Tools 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-livepatch-SLE15-SP6_Update_12&distro=SUSE Linux Enterprise Live Patching 15 SP6

  < 1-150600.13.3.1

• suse•kernel-obs-build&distro=SUSE Linux Enterprise Module for Development Tools 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-source&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-source&distro=SUSE Linux Enterprise Module for Development Tools 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-syms&distro=SUSE Linux Enterprise Module for Development Tools 15 SP6

  < 6.4.0-150600.23.53.1

• suse•kernel-zfcpdump&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6

  < 6.4.0-150600.23.53.1

References (371)

• https://www.suse.com/support/update/announcement/2025/suse-su-202502000-1/
• https://bugzilla.suse.com/1220112
• https://bugzilla.suse.com/1223096
• https://bugzilla.suse.com/1226498
• https://bugzilla.suse.com/1229491
• https://bugzilla.suse.com/1230581
• https://bugzilla.suse.com/1231016
• https://bugzilla.suse.com/1232649
• https://bugzilla.suse.com/1232882
• https://bugzilla.suse.com/1233192
• https://bugzilla.suse.com/1234154
• https://bugzilla.suse.com/1235149
• https://bugzilla.suse.com/1235968
• https://bugzilla.suse.com/1236142
• https://bugzilla.suse.com/1236208
• https://bugzilla.suse.com/1237312
• https://bugzilla.suse.com/1238212
• https://bugzilla.suse.com/1238473
• https://bugzilla.suse.com/1238774
• https://bugzilla.suse.com/1238992
• https://bugzilla.suse.com/1239691
• https://bugzilla.suse.com/1239925
• https://bugzilla.suse.com/1240593
• https://bugzilla.suse.com/1240866
• https://bugzilla.suse.com/1240966
• https://bugzilla.suse.com/1241148
• https://bugzilla.suse.com/1241282
• https://bugzilla.suse.com/1241305
• https://bugzilla.suse.com/1241340
• https://bugzilla.suse.com/1241351
• https://bugzilla.suse.com/1241376
• https://bugzilla.suse.com/1241448
• https://bugzilla.suse.com/1241457
• https://bugzilla.suse.com/1241492
• https://bugzilla.suse.com/1241519
• https://bugzilla.suse.com/1241525
• https://bugzilla.suse.com/1241533
• https://bugzilla.suse.com/1241538
• https://bugzilla.suse.com/1241576
• https://bugzilla.suse.com/1241590
• https://bugzilla.suse.com/1241595
• https://bugzilla.suse.com/1241596
• https://bugzilla.suse.com/1241597
• https://bugzilla.suse.com/1241625
• https://bugzilla.suse.com/1241627
• https://bugzilla.suse.com/1241635
• https://bugzilla.suse.com/1241638
• https://bugzilla.suse.com/1241644
• https://bugzilla.suse.com/1241654
• https://bugzilla.suse.com/1241657
• https://bugzilla.suse.com/1242006
• https://bugzilla.suse.com/1242012
• https://bugzilla.suse.com/1242035
• https://bugzilla.suse.com/1242044
• https://bugzilla.suse.com/1242203
• https://bugzilla.suse.com/1242343
• https://bugzilla.suse.com/1242414
• https://bugzilla.suse.com/1242417
• https://bugzilla.suse.com/1242501
• https://bugzilla.suse.com/1242502
• https://bugzilla.suse.com/1242506
• https://bugzilla.suse.com/1242507
• https://bugzilla.suse.com/1242509
• https://bugzilla.suse.com/1242510
• https://bugzilla.suse.com/1242512
• https://bugzilla.suse.com/1242513
• https://bugzilla.suse.com/1242514
• https://bugzilla.suse.com/1242520
• https://bugzilla.suse.com/1242523
• https://bugzilla.suse.com/1242524
• https://bugzilla.suse.com/1242529
• https://bugzilla.suse.com/1242530
• https://bugzilla.suse.com/1242531
• https://bugzilla.suse.com/1242532
• https://bugzilla.suse.com/1242559
• https://bugzilla.suse.com/1242563
• https://bugzilla.suse.com/1242564
• https://bugzilla.suse.com/1242565
• https://bugzilla.suse.com/1242566
• https://bugzilla.suse.com/1242567
• https://bugzilla.suse.com/1242568
• https://bugzilla.suse.com/1242569
• https://bugzilla.suse.com/1242574
• https://bugzilla.suse.com/1242575
• https://bugzilla.suse.com/1242578
• https://bugzilla.suse.com/1242584
• https://bugzilla.suse.com/1242585
• https://bugzilla.suse.com/1242587
• https://bugzilla.suse.com/1242591
• https://bugzilla.suse.com/1242709
• https://bugzilla.suse.com/1242727
• https://bugzilla.suse.com/1242758
• https://bugzilla.suse.com/1242760
• https://bugzilla.suse.com/1242761
• https://bugzilla.suse.com/1242762
• https://bugzilla.suse.com/1242763
• https://bugzilla.suse.com/1242764
• https://bugzilla.suse.com/1242766
• https://bugzilla.suse.com/1242770
• https://bugzilla.suse.com/1242778
• https://bugzilla.suse.com/1242781
• https://bugzilla.suse.com/1242782
• https://bugzilla.suse.com/1242785
• https://bugzilla.suse.com/1242786
• https://bugzilla.suse.com/1242792
• https://bugzilla.suse.com/1242852
• https://bugzilla.suse.com/1242854
• https://bugzilla.suse.com/1242856
• https://bugzilla.suse.com/1242859
• https://bugzilla.suse.com/1242860
• https://bugzilla.suse.com/1242861
• https://bugzilla.suse.com/1242866
• https://bugzilla.suse.com/1242867
• https://bugzilla.suse.com/1242868
• https://bugzilla.suse.com/1242871
• https://bugzilla.suse.com/1242873
• https://bugzilla.suse.com/1242875
• https://bugzilla.suse.com/1242906
• https://bugzilla.suse.com/1242908
• https://bugzilla.suse.com/1242924
• https://bugzilla.suse.com/1242930
• https://bugzilla.suse.com/1242944
• https://bugzilla.suse.com/1242945
• https://bugzilla.suse.com/1242948
• https://bugzilla.suse.com/1242949
• https://bugzilla.suse.com/1242951
• https://bugzilla.suse.com/1242953
• https://bugzilla.suse.com/1242955
• https://bugzilla.suse.com/1242957
• https://bugzilla.suse.com/1242959
• https://bugzilla.suse.com/1242961
• https://bugzilla.suse.com/1242962
• https://bugzilla.suse.com/1242973
• https://bugzilla.suse.com/1242974
• https://bugzilla.suse.com/1242977
• https://bugzilla.suse.com/1242990
• https://bugzilla.suse.com/1242993
• https://bugzilla.suse.com/1243000
• https://bugzilla.suse.com/1243006
• https://bugzilla.suse.com/1243011
• https://bugzilla.suse.com/1243015
• https://bugzilla.suse.com/1243044
• https://bugzilla.suse.com/1243049
• https://bugzilla.suse.com/1243056
• https://bugzilla.suse.com/1243074
• https://bugzilla.suse.com/1243076
• https://bugzilla.suse.com/1243077
• https://bugzilla.suse.com/1243082
• https://bugzilla.suse.com/1243090
• https://bugzilla.suse.com/1243330
• https://bugzilla.suse.com/1243342
• https://bugzilla.suse.com/1243456
• https://bugzilla.suse.com/1243469
• https://bugzilla.suse.com/1243470
• https://bugzilla.suse.com/1243471
• https://bugzilla.suse.com/1243472
• https://bugzilla.suse.com/1243473
• https://bugzilla.suse.com/1243476
• https://bugzilla.suse.com/1243509
• https://bugzilla.suse.com/1243511
• https://bugzilla.suse.com/1243513
• https://bugzilla.suse.com/1243515
• https://bugzilla.suse.com/1243516
• https://bugzilla.suse.com/1243517
• https://bugzilla.suse.com/1243519
• https://bugzilla.suse.com/1243522
• https://bugzilla.suse.com/1243524
• https://bugzilla.suse.com/1243528
• https://bugzilla.suse.com/1243529
• https://bugzilla.suse.com/1243530
• https://bugzilla.suse.com/1243534
• https://bugzilla.suse.com/1243536
• https://bugzilla.suse.com/1243539
• https://bugzilla.suse.com/1243540
• https://bugzilla.suse.com/1243541
• https://bugzilla.suse.com/1243543
• https://bugzilla.suse.com/1243545
• https://bugzilla.suse.com/1243547
• https://bugzilla.suse.com/1243559
• https://bugzilla.suse.com/1243560
• https://bugzilla.suse.com/1243562
• https://bugzilla.suse.com/1243567
• https://bugzilla.suse.com/1243573
• https://bugzilla.suse.com/1243574
• https://bugzilla.suse.com/1243575
• https://bugzilla.suse.com/1243589
• https://bugzilla.suse.com/1243621
• https://bugzilla.suse.com/1243624
• https://bugzilla.suse.com/1243625
• https://bugzilla.suse.com/1243626
• https://bugzilla.suse.com/1243627
• https://bugzilla.suse.com/1243649
• https://bugzilla.suse.com/1243657
• https://bugzilla.suse.com/1243658
• https://bugzilla.suse.com/1243659
• https://bugzilla.suse.com/1243660
• https://bugzilla.suse.com/1243664
• https://bugzilla.suse.com/1243737
• https://bugzilla.suse.com/1243805
• https://bugzilla.suse.com/1243963
• https://www.suse.com/security/cve/CVE-2023-53146
• https://www.suse.com/security/cve/CVE-2024-28956
• https://www.suse.com/security/cve/CVE-2024-43869
• https://www.suse.com/security/cve/CVE-2024-46713
• https://www.suse.com/security/cve/CVE-2024-50106
• https://www.suse.com/security/cve/CVE-2024-50223
• https://www.suse.com/security/cve/CVE-2024-53135
• https://www.suse.com/security/cve/CVE-2024-54458
• https://www.suse.com/security/cve/CVE-2024-58098
• https://www.suse.com/security/cve/CVE-2024-58099
• https://www.suse.com/security/cve/CVE-2024-58100
• https://www.suse.com/security/cve/CVE-2024-58237
• https://www.suse.com/security/cve/CVE-2025-21629
• https://www.suse.com/security/cve/CVE-2025-21648
• https://www.suse.com/security/cve/CVE-2025-21702
• https://www.suse.com/security/cve/CVE-2025-21787
• https://www.suse.com/security/cve/CVE-2025-21814
• https://www.suse.com/security/cve/CVE-2025-21919
• https://www.suse.com/security/cve/CVE-2025-22005
• https://www.suse.com/security/cve/CVE-2025-22021
• https://www.suse.com/security/cve/CVE-2025-22030
• https://www.suse.com/security/cve/CVE-2025-22056
• https://www.suse.com/security/cve/CVE-2025-22057
• https://www.suse.com/security/cve/CVE-2025-22063
• https://www.suse.com/security/cve/CVE-2025-22066
• https://www.suse.com/security/cve/CVE-2025-22070
• https://www.suse.com/security/cve/CVE-2025-22089
• https://www.suse.com/security/cve/CVE-2025-22095
• https://www.suse.com/security/cve/CVE-2025-22103
• https://www.suse.com/security/cve/CVE-2025-22119
• https://www.suse.com/security/cve/CVE-2025-22124
• https://www.suse.com/security/cve/CVE-2025-22125
• https://www.suse.com/security/cve/CVE-2025-22126
• https://www.suse.com/security/cve/CVE-2025-23140
• https://www.suse.com/security/cve/CVE-2025-23141
• https://www.suse.com/security/cve/CVE-2025-23142
• https://www.suse.com/security/cve/CVE-2025-23144
• https://www.suse.com/security/cve/CVE-2025-23146
• https://www.suse.com/security/cve/CVE-2025-23147
• https://www.suse.com/security/cve/CVE-2025-23148
• https://www.suse.com/security/cve/CVE-2025-23149
• https://www.suse.com/security/cve/CVE-2025-23150
• https://www.suse.com/security/cve/CVE-2025-23151
• https://www.suse.com/security/cve/CVE-2025-23156
• https://www.suse.com/security/cve/CVE-2025-23157
• https://www.suse.com/security/cve/CVE-2025-23158
• https://www.suse.com/security/cve/CVE-2025-23159
• https://www.suse.com/security/cve/CVE-2025-23160
• https://www.suse.com/security/cve/CVE-2025-23161
• https://www.suse.com/security/cve/CVE-2025-37740
• https://www.suse.com/security/cve/CVE-2025-37741
• https://www.suse.com/security/cve/CVE-2025-37742
• https://www.suse.com/security/cve/CVE-2025-37747
• https://www.suse.com/security/cve/CVE-2025-37748
• https://www.suse.com/security/cve/CVE-2025-37749
• https://www.suse.com/security/cve/CVE-2025-37750
• https://www.suse.com/security/cve/CVE-2025-37754
• https://www.suse.com/security/cve/CVE-2025-37755
• https://www.suse.com/security/cve/CVE-2025-37758
• https://www.suse.com/security/cve/CVE-2025-37765
• https://www.suse.com/security/cve/CVE-2025-37766
• https://www.suse.com/security/cve/CVE-2025-37767
• https://www.suse.com/security/cve/CVE-2025-37768
• https://www.suse.com/security/cve/CVE-2025-37769
• https://www.suse.com/security/cve/CVE-2025-37770
• https://www.suse.com/security/cve/CVE-2025-37771
• https://www.suse.com/security/cve/CVE-2025-37772
• https://www.suse.com/security/cve/CVE-2025-37773
• https://www.suse.com/security/cve/CVE-2025-37780
• https://www.suse.com/security/cve/CVE-2025-37781
• https://www.suse.com/security/cve/CVE-2025-37782
• https://www.suse.com/security/cve/CVE-2025-37787
• https://www.suse.com/security/cve/CVE-2025-37788
• https://www.suse.com/security/cve/CVE-2025-37789
• https://www.suse.com/security/cve/CVE-2025-37790
• https://www.suse.com/security/cve/CVE-2025-37792
• https://www.suse.com/security/cve/CVE-2025-37793
• https://www.suse.com/security/cve/CVE-2025-37794
• https://www.suse.com/security/cve/CVE-2025-37796
• https://www.suse.com/security/cve/CVE-2025-37797
• https://www.suse.com/security/cve/CVE-2025-37798
• https://www.suse.com/security/cve/CVE-2025-37803
• https://www.suse.com/security/cve/CVE-2025-37804
• https://www.suse.com/security/cve/CVE-2025-37805
• https://www.suse.com/security/cve/CVE-2025-37809
• https://www.suse.com/security/cve/CVE-2025-37810
• https://www.suse.com/security/cve/CVE-2025-37812
• https://www.suse.com/security/cve/CVE-2025-37815
• https://www.suse.com/security/cve/CVE-2025-37819
• https://www.suse.com/security/cve/CVE-2025-37820
• https://www.suse.com/security/cve/CVE-2025-37823
• https://www.suse.com/security/cve/CVE-2025-37824
• https://www.suse.com/security/cve/CVE-2025-37829
• https://www.suse.com/security/cve/CVE-2025-37830
• https://www.suse.com/security/cve/CVE-2025-37831
• https://www.suse.com/security/cve/CVE-2025-37833
• https://www.suse.com/security/cve/CVE-2025-37836
• https://www.suse.com/security/cve/CVE-2025-37839
• https://www.suse.com/security/cve/CVE-2025-37840
• https://www.suse.com/security/cve/CVE-2025-37841
• https://www.suse.com/security/cve/CVE-2025-37842
• https://www.suse.com/security/cve/CVE-2025-37849
• https://www.suse.com/security/cve/CVE-2025-37850
• https://www.suse.com/security/cve/CVE-2025-37851
• https://www.suse.com/security/cve/CVE-2025-37852
• https://www.suse.com/security/cve/CVE-2025-37853
• https://www.suse.com/security/cve/CVE-2025-37854
• https://www.suse.com/security/cve/CVE-2025-37858
• https://www.suse.com/security/cve/CVE-2025-37867
• https://www.suse.com/security/cve/CVE-2025-37870
• https://www.suse.com/security/cve/CVE-2025-37871
• https://www.suse.com/security/cve/CVE-2025-37873
• https://www.suse.com/security/cve/CVE-2025-37875
• https://www.suse.com/security/cve/CVE-2025-37879
• https://www.suse.com/security/cve/CVE-2025-37881
• https://www.suse.com/security/cve/CVE-2025-37886
• https://www.suse.com/security/cve/CVE-2025-37887
• https://www.suse.com/security/cve/CVE-2025-37889
• https://www.suse.com/security/cve/CVE-2025-37890
• https://www.suse.com/security/cve/CVE-2025-37891
• https://www.suse.com/security/cve/CVE-2025-37892
• https://www.suse.com/security/cve/CVE-2025-37897
• https://www.suse.com/security/cve/CVE-2025-37900
• https://www.suse.com/security/cve/CVE-2025-37901
• https://www.suse.com/security/cve/CVE-2025-37903
• https://www.suse.com/security/cve/CVE-2025-37905
• https://www.suse.com/security/cve/CVE-2025-37911
• https://www.suse.com/security/cve/CVE-2025-37912
• https://www.suse.com/security/cve/CVE-2025-37913
• https://www.suse.com/security/cve/CVE-2025-37914
• https://www.suse.com/security/cve/CVE-2025-37915
• https://www.suse.com/security/cve/CVE-2025-37918
• https://www.suse.com/security/cve/CVE-2025-37925
• https://www.suse.com/security/cve/CVE-2025-37928
• https://www.suse.com/security/cve/CVE-2025-37929
• https://www.suse.com/security/cve/CVE-2025-37930
• https://www.suse.com/security/cve/CVE-2025-37931
• https://www.suse.com/security/cve/CVE-2025-37932
• https://www.suse.com/security/cve/CVE-2025-37937
• https://www.suse.com/security/cve/CVE-2025-37943
• https://www.suse.com/security/cve/CVE-2025-37944
• https://www.suse.com/security/cve/CVE-2025-37948
• https://www.suse.com/security/cve/CVE-2025-37949
• https://www.suse.com/security/cve/CVE-2025-37951
• https://www.suse.com/security/cve/CVE-2025-37953
• https://www.suse.com/security/cve/CVE-2025-37954
• https://www.suse.com/security/cve/CVE-2025-37957
• https://www.suse.com/security/cve/CVE-2025-37958
• https://www.suse.com/security/cve/CVE-2025-37959
• https://www.suse.com/security/cve/CVE-2025-37960
• https://www.suse.com/security/cve/CVE-2025-37963
• https://www.suse.com/security/cve/CVE-2025-37969
• https://www.suse.com/security/cve/CVE-2025-37970
• https://www.suse.com/security/cve/CVE-2025-37972
• https://www.suse.com/security/cve/CVE-2025-37974
• https://www.suse.com/security/cve/CVE-2025-37978
• https://www.suse.com/security/cve/CVE-2025-37979
• https://www.suse.com/security/cve/CVE-2025-37980
• https://www.suse.com/security/cve/CVE-2025-37982
• https://www.suse.com/security/cve/CVE-2025-37983
• https://www.suse.com/security/cve/CVE-2025-37985
• https://www.suse.com/security/cve/CVE-2025-37986
• https://www.suse.com/security/cve/CVE-2025-37989
• https://www.suse.com/security/cve/CVE-2025-37990
• https://www.suse.com/security/cve/CVE-2025-38104
• https://www.suse.com/security/cve/CVE-2025-38152
• https://www.suse.com/security/cve/CVE-2025-38240
• https://www.suse.com/security/cve/CVE-2025-38637
• https://www.suse.com/security/cve/CVE-2025-39735
• https://www.suse.com/security/cve/CVE-2025-40014
• https://www.suse.com/security/cve/CVE-2025-40325