SUSE-SU-2026:20477-1

Advisory lineage Upstream: 524 Downstream: 0
Published: 24 Feb 2026, 10:42
Last modified:23 Mar 2026, 04:52

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Feb 2026, 10:42
Published
Vulnerability first disclosed
23 Mar 2026, 04:52
Last Modified
Vulnerability information updated

Description

Security update for the Linux Kernel The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim (bsc#1256280). - CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). - CVE-2025-39880: libceph: fix invalid accesses to ceph_connection_v1_info (bsc#1250388). - CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (bsc#1250334). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). - CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). - CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). - CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861). - CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). - CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). - CVE-2025-40123: bpf: Enforce expected_attach_type for tailcall compatibility (bsc#1253365). - CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). - CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). - CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). - CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). - CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400). - CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458). - CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413). - CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). - CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442). - CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647). - CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40231: vsock: fix lock inversion in vsock_assign_transport() (bsc#1254815). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871). - CVE-2025-40240: sctp: avoid NULL dereference when chunk data buffer is missing (bsc#1254869). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864). - CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854). - CVE-2025-40251: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (bsc#1254856). - CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (bsc#1254849). - CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852). - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845). - CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839). - CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835). - CVE-2025-40268: cifs: client: fix memory leak in smb3_fs_context_parse_param (bsc#1255082). - CVE-2025-40271: fs/proc: fix uaf in proc_readdir_de() (bsc#1255297). - CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830). - CVE-2025-40278: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (bsc#1254825). - CVE-2025-40279: net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (bsc#1254846). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40287: exfat: fix improper check of dentry.stream.valid_size (bsc#1255030). - CVE-2025-40289: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (bsc#1255042). - CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175). - CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179). - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187). - CVE-2025-40307: exfat: validate cluster allocation bits of the allocation bitmap (bsc#1255039). - CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794). - CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors (bsc#1255081). - CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273). - CVE-2025-40339: drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428). - CVE-2025-40346: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (bsc#1255318). - CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260). - CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261). - CVE-2025-40360: drm/sysfb: Do not dereference NULL pointer in plane reset (bsc#1255095). - CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102). - CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255). - CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327). - CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266). - CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269). - CVE-2025-68190: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() (bsc#1255131). - CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241). - CVE-2025-68201: drm/amdgpu: remove two invalid BUG_ON()s (bsc#1255136). - CVE-2025-68204: pmdomain: arm: scmi: Fix genpd leak on provider registration failure (bsc#1255224). - CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142). - CVE-2025-68208: bpf: account for current allocated stack depth in widen_imprecise_scalars() (bsc#1255227). - CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230). - CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216). - CVE-2025-68230: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (bsc#1255134). - CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() (bsc#1255272). - CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157). - CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268). - CVE-2025-68255: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (bsc#1255395). - CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199). - CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164). - CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128). - CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403). - CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120). - CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172). - CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417). - CVE-2025-68327: usb: renesas_usbhs: Fix synchronous external abort on unbind (bsc#1255488). - CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482). - CVE-2025-68340: team: Move team device type change at the end of team_port_add (bsc#1255507). - CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (bsc#1255544). - CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu (bsc#1255552). - CVE-2025-68365: fs/ntfs3: Initialize allocated memory before use (bsc#1255548). - CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622). - CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547). - CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537). - CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614). - CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695). - CVE-2025-68727: ntfs3: Fix uninit buffer allocated by __getname() (bsc#1255568). - CVE-2025-68728: ntfs3: fix uninit memory after failed mi_read in mi_format_new (bsc#1255539). - CVE-2025-68733: smack: fix bug: unprivileged task can create labels (bsc#1255615). - CVE-2025-68742: bpf: Improve program stats run-time calculation (bsc#1255707). - CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709). - CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930). - CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579). - CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584). - CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582). - CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665). - CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659). - CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638). - CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688). - CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689). - CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646). - CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653). - CVE-2025-68803: nfsd: set security label during create operations (bsc#1256770). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651). - CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680). - CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674). - CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754). - CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613). - CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628). - CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed() (bsc#1256773). - CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777). - CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597). - CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605). - CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606). - CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607). - CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757). - CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733). - CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (bsc#1256761). - CVE-2025-71137: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (bsc#1256760). - CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164). - CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (bsc#1257035). - CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053). - CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217). - CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221). - CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220). - CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218). - CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180). - CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv. - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245). - CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332). - CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207). The following non security issues were fixed: - ALSA: usb-audio: Update for native DSD support quirks (stable-fixes). - Disable CONFIG_CPU5_WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062). - Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 bsc#1243678 ltc#213596) CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y - Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569). - cifs: Fix copy offload to flush destination region (bsc#1252511). - cifs: Fix flushing, invalidation and file size with copy_file_range() (bsc#1252511). - cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449). - cifs: make cifs_chan_update_iface() a void function (git-fixes). - cifs: update dstaddr whenever channel iface is updated (git-fixes). - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386) - drm/amdgpu: update mappings not managed by KFD (bsc#1255428) - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - ext4: wait for ongoing I/O to complete before freeing blocks (bsc#1256366). - fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025). - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - media: atomisp: Prefix firmware paths with "intel/ipu/" (bsc#1252973). - media: atomisp: Remove firmware_name module parameter (bsc#1252973). - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1254447 bsc#1253087). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: usb: pegasus: fix memory leak in update_eth_regs_async() (git-fixes). - powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496). - sched: Increase sched_tick_remote timeout (bsc#1254510). - scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). - scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). - scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). - scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). - scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). - scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). - scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). - scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). - scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256861). - scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). - scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861). - scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). - scsi: qla2xxx: Add Speed in SFP print information (bsc#1256863). - scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256863). - scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256863). - scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863). - scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863). - scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256863). - scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256863). - scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256863). - scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256863). - scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863). - scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256863). - scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256863). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154). - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - smb: improve directory cache reuse for readdir operations (bsc#1252712). - soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). - spi: tegra210-quad: Check hardware status on timeout (bsc#1253155) - spi: tegra210-quad: Fix timeout handling (bsc#1253155) - spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155) - spi: tegra210-quad: Update dummy sequence configuration (git-fixes) - supported.conf: Mark lan 743x supported (jsc#PED-14571) - tracing: Fix access to trace_event_file (bsc#1254373). - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (git-fixes). - x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528). - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528). - x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528). - x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528). - x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528). - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528). - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528). - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528). - x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256528). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528). - x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528).

Affected Systems

  • susekernel-default-base&distro=SUSE Linux Micro 6.0

    < 6.4.0-39.1.21.16

  • susekernel-default&distro=SUSE Linux Micro 6.0

    < 6.4.0-39.1

  • susekernel-kvmsmall&distro=SUSE Linux Micro 6.0

    < 6.4.0-39.1

  • susekernel-source&distro=SUSE Linux Micro 6.0

    < 6.4.0-39.1

References (1096)