diff --git a/config.tar.bz2 b/config.tar.bz2 index e27bc73..e7634ea 100644 --- a/config.tar.bz2 +++ b/config.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fa8285b58d3005de2a6b08dc951bf04a1cc3ab04d835e5c060bdf374c234fde0 -size 145934 +oid sha256:8d56b373d53d4c7e93fc642a8e1086bac2c1ee74c840aff9a3c0463674a4189e +size 145929 diff --git a/dtb-aarch64.changes b/dtb-aarch64.changes index 4a16d03..5e08337 100644 --- a/dtb-aarch64.changes +++ b/dtb-aarch64.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/dtb-aarch64.spec b/dtb-aarch64.spec index 803aa05..1e497d1 100644 --- a/dtb-aarch64.spec +++ b/dtb-aarch64.spec @@ -27,7 +27,7 @@ Name: dtb-aarch64 Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/kernel-64kb.changes b/kernel-64kb.changes index 4a16d03..5e08337 100644 --- a/kernel-64kb.changes +++ b/kernel-64kb.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-64kb.spec b/kernel-64kb.spec index a4bf799..1de0ae5 100644 --- a/kernel-64kb.spec +++ b/kernel-64kb.spec @@ -19,7 +19,7 @@ %define srcversion 6.4 %define patchversion 6.4.0 -%define git_commit a712d0617352bf5d23ca105fef8d2e3128edac45 +%define git_commit 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -42,7 +42,7 @@ Name: kernel-64kb Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/kernel-debug.changes b/kernel-debug.changes index 4a16d03..5e08337 100644 --- a/kernel-debug.changes +++ b/kernel-debug.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-debug.spec b/kernel-debug.spec index e4d90bf..e64a127 100644 --- a/kernel-debug.spec +++ b/kernel-debug.spec @@ -19,7 +19,7 @@ %define srcversion 6.4 %define patchversion 6.4.0 -%define git_commit a712d0617352bf5d23ca105fef8d2e3128edac45 +%define git_commit 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -42,7 +42,7 @@ Name: kernel-debug Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/kernel-default.changes b/kernel-default.changes index 4a16d03..5e08337 100644 --- a/kernel-default.changes +++ b/kernel-default.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-default.spec b/kernel-default.spec index 90b83ac..1c56baf 100644 --- a/kernel-default.spec +++ b/kernel-default.spec @@ -19,7 +19,7 @@ %define srcversion 6.4 %define patchversion 6.4.0 -%define git_commit a712d0617352bf5d23ca105fef8d2e3128edac45 +%define git_commit 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -42,7 +42,7 @@ Name: kernel-default Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/kernel-docs.changes b/kernel-docs.changes index 4a16d03..5e08337 100644 --- a/kernel-docs.changes +++ b/kernel-docs.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-docs.spec b/kernel-docs.spec index 5c37599..a37f31a 100644 --- a/kernel-docs.spec +++ b/kernel-docs.spec @@ -18,7 +18,7 @@ %define srcversion 6.4 %define patchversion 6.4.0 -%define git_commit a712d0617352bf5d23ca105fef8d2e3128edac45 +%define git_commit 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %define variant %{nil} %define build_html 1 %define build_pdf 0 @@ -30,7 +30,7 @@ Name: kernel-docs Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/kernel-kvmsmall.changes b/kernel-kvmsmall.changes index 4a16d03..5e08337 100644 --- a/kernel-kvmsmall.changes +++ b/kernel-kvmsmall.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-kvmsmall.spec b/kernel-kvmsmall.spec index 5adea8e..9cbe61a 100644 --- a/kernel-kvmsmall.spec +++ b/kernel-kvmsmall.spec @@ -19,7 +19,7 @@ %define srcversion 6.4 %define patchversion 6.4.0 -%define git_commit a712d0617352bf5d23ca105fef8d2e3128edac45 +%define git_commit 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -42,7 +42,7 @@ Name: kernel-kvmsmall Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/kernel-obs-build.changes b/kernel-obs-build.changes index 4a16d03..5e08337 100644 --- a/kernel-obs-build.changes +++ b/kernel-obs-build.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-obs-build.spec b/kernel-obs-build.spec index 80d43d3..a8cf018 100644 --- a/kernel-obs-build.spec +++ b/kernel-obs-build.spec @@ -38,7 +38,7 @@ %endif %endif %endif -%global kernel_package kernel%kernel_flavor-srchash-a712d0617352bf5d23ca105fef8d2e3128edac45 +%global kernel_package kernel%kernel_flavor-srchash-96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %endif %if 0%{?rhel_version} %global kernel_package kernel @@ -47,14 +47,14 @@ Name: kernel-obs-build Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif Summary: package kernel and initrd for OBS VM builds License: GPL-2.0-only Group: SLES -Provides: kernel-obs-build-srchash-a712d0617352bf5d23ca105fef8d2e3128edac45 +Provides: kernel-obs-build-srchash-96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b BuildRequires: coreutils BuildRequires: device-mapper BuildRequires: dracut diff --git a/kernel-obs-qa.changes b/kernel-obs-qa.changes index 4a16d03..5e08337 100644 --- a/kernel-obs-qa.changes +++ b/kernel-obs-qa.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-obs-qa.spec b/kernel-obs-qa.spec index 2c4af42..9e685f3 100644 --- a/kernel-obs-qa.spec +++ b/kernel-obs-qa.spec @@ -25,7 +25,7 @@ Name: kernel-obs-qa Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif @@ -36,7 +36,7 @@ BuildRequires: kernel-default # kernel-obs-build must be also configured as VMinstall, but is required # here as well to avoid that qa and build package build parallel %if ! 0%{?qemu_user_space_build} -BuildRequires: kernel-obs-build-srchash-a712d0617352bf5d23ca105fef8d2e3128edac45 +BuildRequires: kernel-obs-build-srchash-96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %endif BuildRequires: modutils ExclusiveArch: aarch64 ppc64le s390x x86_64 diff --git a/kernel-source.changes b/kernel-source.changes index 4a16d03..5e08337 100644 --- a/kernel-source.changes +++ b/kernel-source.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-source.spec b/kernel-source.spec index bcfbff2..3c18529 100644 --- a/kernel-source.spec +++ b/kernel-source.spec @@ -18,7 +18,7 @@ %define srcversion 6.4 %define patchversion 6.4.0 -%define git_commit a712d0617352bf5d23ca105fef8d2e3128edac45 +%define git_commit 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %define variant %{nil} %define gcc_package gcc13 %define gcc_compiler gcc-13 @@ -30,7 +30,7 @@ Name: kernel-source Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/kernel-syms.changes b/kernel-syms.changes index 4a16d03..5e08337 100644 --- a/kernel-syms.changes +++ b/kernel-syms.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-syms.spec b/kernel-syms.spec index a284361..a9bef10 100644 --- a/kernel-syms.spec +++ b/kernel-syms.spec @@ -16,7 +16,7 @@ # -%define git_commit a712d0617352bf5d23ca105fef8d2e3128edac45 +%define git_commit 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -24,7 +24,7 @@ Name: kernel-syms Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/kernel-zfcpdump.changes b/kernel-zfcpdump.changes index 4a16d03..5e08337 100644 --- a/kernel-zfcpdump.changes +++ b/kernel-zfcpdump.changes @@ -1,3 +1,234 @@ +------------------------------------------------------------------- +Mon Feb 2 15:04:52 CET 2026 - rgoldwyn@suse.com + +- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377). +- commit 16880ae + +------------------------------------------------------------------- +Mon Feb 2 15:01:21 CET 2026 - tiwai@suse.de + +- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792) +- commit b3a8e60 + +------------------------------------------------------------------- +Mon Feb 2 12:39:46 CET 2026 - jslaby@suse.cz + +- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 + (CVE-2026-23005 bsc#1257245). +- commit 4fcc2d5 + +------------------------------------------------------------------- +Mon Feb 2 12:09:40 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch + (git-fixes CVE-2025-40097 bsc#1252900). +- Update + patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch + (git-fixes CVE-2025-71081 bsc#1256609). +- Update + patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch + (git-fixes CVE-2025-71147 bsc#1257158). +- Update + patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch + (git-fixes CVE-2024-42103 bsc#1228490). +- Update + patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch + (git-fixes CVE-2025-38243 bsc#1246184). +- Update + patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch + (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070 + jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511 + jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714 + bsc#1254465). +- Update + patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch + (git-fixes CVE-2025-71083 bsc#1256610). +- Update + patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch + (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307). +- Update + patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch + (git-fixes CVE-2025-71111 bsc#1256728). +- Update + patches.suse/ipmi-Rework-user-message-limit-handling.patch + (git-fixes CVE-2025-40202 bsc#1253451). +- Update + patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch + (git-fixes CVE-2025-71136 bsc#1256759). +- Update + patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch + (git-fixes CVE-2025-68819 bsc#1256664). +- Update + patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch + (git-fixes CVE-2025-68808 bsc#1256682). +- Update + patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch + (git-fixes CVE-2025-38322 bsc#1246447). +- Update + patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch + (git-fixes CVE-2025-68804 bsc#1256617). +- Update + patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch + (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616). +- Update + patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch + (git-fixes CVE-2025-38379 bsc#1247030). +- Update + patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch + (bsc#1250705 CVE-2025-39913). +- Update + patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch + (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082). +- Update + patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch + (git-fixes CVE-2024-53070 bsc#1233563). +- Update + patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch + (git-fixes CVE-2024-53149 bsc#1234842). +- Update + patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch + (git-fixes CVE-2025-37813 bsc#1242909). +- Update + patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch + (bsc#1256528 CVE-2025-22047 bsc#1241437). +- commit fbc3d71 + +------------------------------------------------------------------- +Mon Feb 2 11:59:39 CET 2026 - joao.povoas@suse.com + +- Update + patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch + (stable-fixes CVE-2025-71118 bsc#1256763). +- Update + patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch + (git-fixes CVE-2025-68783 bsc#1256650). +- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch + (git-fixes CVE-2026-23006 bsc#1257208). +- Update + patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch + (git-fixes CVE-2025-71082 bsc#1256611). +- Update + patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch + (git-fixes CVE-2025-68777 bsc#1256655). +- Update + patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch + (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282). +- Update + patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch + (bsc#1255569 CVE-2025-68725). +- Update + patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch + (stable-fixes CVE-2025-68797 bsc#1256660). +- Update + patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch + (stable-fixes CVE-2025-40106 bsc#1252891). +- Update + patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch + (git-fixes CVE-2025-71131 bsc#1256742). +- Update + patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch + (git-fixes CVE-2025-71163 bsc#1257215). +- Update + patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch + (git-fixes CVE-2025-71162 bsc#1257204). +- Update + patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch + (git-fixes CVE-2025-71130 bsc#1256741). +- Update + patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch + (git-fixes CVE-2025-71138 bsc#1256785). +- Update + patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch + (git-fixes CVE-2025-68789 bsc#1256781). +- Update + patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch + (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277). +- Update + patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch + (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800). +- Update + patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch + (git-fixes CVE-2026-22997 bsc#1257202). +- Update + patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch + (git-fixes CVE-2025-71079 bsc#1256619). +- Update + patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch + (git-fixes CVE-2025-71086 bsc#1256625). +- Update + patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch + (git-fixes CVE-2025-71154 bsc#1257163). +- Update + patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch + (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes + bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119 + bsc#1256730). +- Update + patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch + (git-fixes CVE-2025-71132 bsc#1256737). +- Update + patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch + (git-fixes CVE-2025-68773 bsc#1256586). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch + (stable-fixes CVE-2025-68254 bsc#1255140). +- Update + patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch + (stable-fixes CVE-2025-68256 bsc#1255138). +- Update + patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch + (git-fixes CVE-2025-71145 bsc#1257155). +- Update + patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch + (stable-fixes CVE-2025-71108 bsc#1256774). +- Update + patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch + (stable-fixes CVE-2025-71114 bsc#1256752). +- Update + patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch + (git-fixes CVE-2026-22978 bsc#1257227). +- Update + patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch + (git-fixes CVE-2025-71100 bsc#1256593). +- commit 856d20b + +------------------------------------------------------------------- +Mon Feb 2 10:31:21 CET 2026 - msuchanek@suse.de + +- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199). +- commit b73475a + +------------------------------------------------------------------- +Mon Feb 2 10:21:16 CET 2026 - tbogendoerfer@suse.de + +- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv + (CVE-2026-22996). +- net/mlx5e: Fix crash on profile change rollback failure + (CVE-2026-23000 bsc#1257234). +- commit 46ccefc + +------------------------------------------------------------------- +Mon Feb 2 09:10:49 CET 2026 - sjaeckel@suse.de + +- macvlan: fix possible UAF in macvlan_forward_source() + (CVE-2026-23001 bsc#1257232). +- commit bcf0129 + +------------------------------------------------------------------- +Mon Feb 2 08:15:46 CET 2026 - jdelvare@suse.com + +- gpio: rockchip: Stop calling pinctrl for set_direction + (git-fixes). +- commit 8cea9c9 + +------------------------------------------------------------------- +Sun Feb 1 10:40:07 CET 2026 - wqu@suse.com + +- btrfs: do not strictly require dirty metadata threshold for + metadata writepages (stable-fixes). +- commit b83c55a + ------------------------------------------------------------------- Sun Feb 1 09:40:06 CET 2026 - tiwai@suse.de @@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de bsc#1255172). - commit 6580707 +------------------------------------------------------------------- +Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz + +- net/sched: sch_qfq: do not free existing class in + qfq_change_class() (CVE-2026-22999 bsc#1257236). +- commit d911768 + ------------------------------------------------------------------- Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz @@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de (CVE-2026-22993 bsc#1257180). - commit bb6b853 +------------------------------------------------------------------- +Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com + +- ipv6: BUG() in pskb_expand_head() as part of + calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623). +- commit 35a165f + ------------------------------------------------------------------- Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz @@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com bsc#1256597). - commit addbe43 +------------------------------------------------------------------- +Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de + +- net: tcp: allow zero-window ACK update the window (bsc#1254767). +- commit b6299d5 + ------------------------------------------------------------------- Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com @@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com CVE-2025-68200). - commit 3454614 +------------------------------------------------------------------- +Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de + +- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). +- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). +- remove an Intel CPU model change which is already part of the base kernel +- remove a bpf CVE change which is already part of the base kernel +- commit 6def8a1 + ------------------------------------------------------------------- Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de @@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403). - commit de1a69a +------------------------------------------------------------------- +Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com + +- x86: make page fault handling disable interrupts properly + (git-fixes). +- commit e28ac6a + ------------------------------------------------------------------- Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com @@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761). - commit 06431f4 +------------------------------------------------------------------- +Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de + +- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089 + bsc#1256612). +- commit 74dac8b + +------------------------------------------------------------------- +Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de + +- net: hns3: add VLAN id validation before using (CVE-2025-71112 + bsc#1256726). +- net/handshake: duplicate handshake cancellations leak socket + (CVE-2025-68775 bsc#1256665). +- commit 5f03ae0 + ------------------------------------------------------------------- Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de @@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). -- commit aa95fec +- commit 7e74f80 ------------------------------------------------------------------- Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de @@ -17064,6 +17347,15 @@ Tue Jul 1 17:49:17 CEST 2025 - mkoutny@suse.com problems. - commit f86a16a +------------------------------------------------------------------- +Tue Jul 1 16:44:48 CEST 2025 - msuchanek@suse.de + +- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 + bsc#1243678 ltc#213596) + CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y + CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y +- commit f28d32c + ------------------------------------------------------------------- Tue Jul 1 16:17:35 CEST 2025 - pfalcato@suse.de diff --git a/kernel-zfcpdump.spec b/kernel-zfcpdump.spec index c8a37e6..32e64d7 100644 --- a/kernel-zfcpdump.spec +++ b/kernel-zfcpdump.spec @@ -19,7 +19,7 @@ %define srcversion 6.4 %define patchversion 6.4.0 -%define git_commit a712d0617352bf5d23ca105fef8d2e3128edac45 +%define git_commit 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -42,7 +42,7 @@ Name: kernel-zfcpdump Version: 6.4.0 %if 0%{?is_kotd} -Release: .ga712d06 +Release: .g96c5a1b %else Release: 0 %endif diff --git a/patches.suse.tar.bz2 b/patches.suse.tar.bz2 index a89bed4..3df8703 100644 --- a/patches.suse.tar.bz2 +++ b/patches.suse.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6479f0ebe60f9e1671e5abbe8ca714f8a7813976c2f7b3cddd05dd3424da4fde -size 30147443 +oid sha256:5395712806aa7a604e849dd56357e0e6dd8d87ddc684fe90ea1e3ec4dfab44f1 +size 30151396 diff --git a/series.conf b/series.conf index 58d00e3..6958732 100644 --- a/series.conf +++ b/series.conf @@ -46,8 +46,6 @@ ######################################################## # sorted patches ######################################################## - patches.suse/x86-cpu-Add-several-Intel-server-CPU-model-numbers.patch - patches.suse/bpf-make-sure-skb-len-0-when-redirecting-to-a-tunnel.patch patches.suse/s390-kasan-fix-insecure-W-X-mapping-warning.patch patches.suse/s390-kasan-avoid-short-by-one-page-shadow-memory.patch patches.suse/rust-arc-fix-intra-doc-link-in-Arc-T-init.patch @@ -8422,6 +8420,7 @@ patches.suse/i40e-Replace-one-element-array-with-flex-array-membe-ff1a724c.patch patches.suse/i40e-Replace-one-element-array-with-flex-array-membe-4bb28b27.patch patches.suse/net-tcp-send-zero-window-ACK-when-no-memory.patch + patches.suse/net-tcp-allow-zero-window-ACK-update-the-window.patch patches.suse/net-tcp-fix-unexcepted-socket-die-when-snd_wnd-is-0.patch patches.suse/netlink-convert-nlk-flags-to-atomic-flags.patch patches.suse/tg3-Use-pci_dev_id-to-simplify-the-code.patch @@ -35685,8 +35684,10 @@ patches.suse/PCI-rcar-gen2-Drop-ARM-dependency-from-PCI_RCAR_GEN2.patch patches.suse/RDMA-rxe-Fix-null-deref-on-srq-rq.queue-after-resize.patch patches.suse/tpm-Cap-the-number-of-PCR-banks.patch + patches.suse/iommu-disable-SVA-when-CONFIG_X86-is-set.patch patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch patches.suse/macintosh-mac_hid-fix-race-condition-in-mac_hid_togg.patch + patches.suse/powerpc-addnote-Fix-overflow-on-32-bit-builds.patch patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch patches.suse/KVM-SVM-Don-t-skip-unrelated-instruction-if-INT3-INT.patch patches.suse/soc-tegra-fuse-speedo-tegra210-Update-speedo-IDs.patch @@ -35801,7 +35802,9 @@ patches.suse/nfc-pn533-Fix-error-code-in-pn533_acr122_poweron_rdr.patch patches.suse/ethtool-Avoid-overflowing-userspace-buffer-on-stats-query.patch patches.suse/net-mlx5-fw_tracer-Validate-format-string-parameters.patch + patches.suse/net-handshake-duplicate-handshake-cancellations-leak-socke.patch patches.suse/net-hns3-using-the-num_tqps-in-the-vf-driver-to-appl.patch + patches.suse/net-hns3-add-VLAN-id-validation-before-using.patch patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch patches.suse/can-j1939-make-j1939_sk_bind-fail-if-device-is-no-lo.patch patches.suse/PM-runtime-Do-not-clear-needs_force_resume-with-enab.patch @@ -35858,6 +35861,7 @@ patches.suse/wifi-cfg80211-sme-store-capped-length-in-__cfg80211_.patch patches.suse/wifi-mac80211-do-not-use-old-MBSSID-elements.patch patches.suse/net-stmmac-fix-the-crash-issue-for-zero-copy-XDP_TX-action.patch + patches.suse/ipv6-BUG-in-pskb_expand_head-as-part-of-calipso_skbuff_set.patch patches.suse/net-usb-sr9700-fix-incorrect-command-used-to-write-s.patch patches.suse/ipv4-Fix-reference-count-leak-when-using-error-routes-with.patch patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch @@ -35894,9 +35898,15 @@ patches.suse/docs-ABI-sysfs-devices-soc-Fix-swapped-sample-values.patch patches.suse/mei-me-add-nova-lake-point-S-DID.patch patches.suse/lib-crypto-aes-Fix-missing-MMU-protection-for-AES-S-.patch + patches.suse/x86-fpu-Clear-XSTATE_BV-i-in-guest-XSAVE-state-whenev.patch + patches.suse/macvlan-fix-possible-UAF-in-macvlan_forward_source.patch patches.suse/ipv4-ip_gre-make-ipgre_header-robust.patch patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch patches.suse/can-ctucanfd-fix-SSP_SRC-in-cases-when-bit-rate-is-h.patch + patches.suse/net-mlx5e-Fix-crash-on-profile-change-rollback-failu.patch + patches.suse/net-mlx5e-Don-t-store-mlx5e_priv-in-mlx5e_dev-devlin.patch + patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch + patches.suse/net-sched-sch_qfq-do-not-free-existing-class-in-qfq_.patch patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch patches.suse/ASoC-codecs-wsa883x-fix-unnecessary-initialisation.patch patches.suse/ASoC-codecs-wsa881x-fix-unnecessary-initialisation.patch @@ -35952,6 +35962,7 @@ patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch patches.suse/dpll-Prevent-duplicate-registrations.patch + patches.suse/x86-make-page-fault-handling-disable-interrupts-prop.patch patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch patches.suse/drm-nouveau-add-missing-DCB-connector-types.patch patches.suse/drm-nouveau-implement-missing-DCB-connector-types-gr.patch @@ -35987,6 +35998,8 @@ patches.suse/comedi-dmm32at-serialize-use-of-paged-registers.patch patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch patches.suse/w1-fix-redundant-counter-decrement-in-w1_attach_slav.patch + patches.suse/msft-hv-3448-scsi-storvsc-Process-unsupported-MODE_SENSE_10.patch + patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch @@ -35997,6 +36010,7 @@ patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch patches.suse/drm-amd-pm-fix-race-in-power-state-check-before-mute.patch patches.suse/drm-imx-tve-fix-probe-device-leak.patch + patches.suse/gpio-rockchip-Stop-calling-pinctrl-for-set_direction.patch patches.suse/gpio-omap-do-not-register-driver-in-probe.patch patches.suse/ASoC-fsl-imx-card-Do-not-force-slot-width-to-sample-.patch patches.suse/ASoC-Intel-sof_es8336-fix-headphone-GPIO-logic-inver.patch diff --git a/source-timestamp b/source-timestamp index e7ec36e..3784771 100644 --- a/source-timestamp +++ b/source-timestamp @@ -1,3 +1,3 @@ -2026-02-02 00:48:09 +0000 -GIT Revision: a712d0617352bf5d23ca105fef8d2e3128edac45 +2026-02-03 02:00:59 +0000 +GIT Revision: 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b GIT Branch: SUSE-2024