GIT Revision: 96c5a1b0eb6063d5f3273dcdc97282b2ab321d4b

GIT Branch: SUSE-2024 2026-02-03 02:00:59 +0000
2026-02-03 08:07:46 +01:00
parent c6f41d2359
commit 3bbda31af2
26 changed files with 3267 additions and 41 deletions
--- a/kernel-debug.changes
+++ b/kernel-debug.changes
@@ -1,3 +1,234 @@
+-------------------------------------------------------------------
+Mon Feb  2 15:04:52 CET 2026 - rgoldwyn@suse.com
+
+- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
+- commit 16880ae
+
+-------------------------------------------------------------------
+Mon Feb  2 15:01:21 CET 2026 - tiwai@suse.de
+
+- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
+- commit b3a8e60
+
+-------------------------------------------------------------------
+Mon Feb  2 12:39:46 CET 2026 - jslaby@suse.cz
+
+- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1
+  (CVE-2026-23005 bsc#1257245).
+- commit 4fcc2d5
+
+-------------------------------------------------------------------
+Mon Feb  2 12:09:40 CET 2026 - joao.povoas@suse.com
+
+- Update
+  patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch
+  (git-fixes CVE-2025-40097 bsc#1252900).
+- Update
+  patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch
+  (git-fixes CVE-2025-71081 bsc#1256609).
+- Update
+  patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch
+  (git-fixes CVE-2025-71147 bsc#1257158).
+- Update
+  patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch
+  (git-fixes CVE-2024-42103 bsc#1228490).
+- Update
+  patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch
+  (git-fixes CVE-2025-38243 bsc#1246184).
+- Update
+  patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch
+  (jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
+  jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
+  jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714
+  bsc#1254465).
+- Update
+  patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch
+  (git-fixes CVE-2025-71083 bsc#1256610).
+- Update
+  patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
+  (bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
+- Update
+  patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch
+  (git-fixes CVE-2025-71111 bsc#1256728).
+- Update
+  patches.suse/ipmi-Rework-user-message-limit-handling.patch
+  (git-fixes CVE-2025-40202 bsc#1253451).
+- Update
+  patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch
+  (git-fixes CVE-2025-71136 bsc#1256759).
+- Update
+  patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch
+  (git-fixes CVE-2025-68819 bsc#1256664).
+- Update
+  patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch
+  (git-fixes CVE-2025-68808 bsc#1256682).
+- Update
+  patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch
+  (git-fixes CVE-2025-38322 bsc#1246447).
+- Update
+  patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch
+  (git-fixes CVE-2025-68804 bsc#1256617).
+- Update
+  patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch
+  (bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616).
+- Update
+  patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch
+  (git-fixes CVE-2025-38379 bsc#1247030).
+- Update
+  patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
+  (bsc#1250705 CVE-2025-39913).
+- Update
+  patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
+  (bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
+- Update
+  patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch
+  (git-fixes CVE-2024-53070 bsc#1233563).
+- Update
+  patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
+  (git-fixes CVE-2024-53149 bsc#1234842).
+- Update
+  patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch
+  (git-fixes CVE-2025-37813 bsc#1242909).
+- Update
+  patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch
+  (bsc#1256528 CVE-2025-22047 bsc#1241437).
+- commit fbc3d71
+
+-------------------------------------------------------------------
+Mon Feb  2 11:59:39 CET 2026 - joao.povoas@suse.com
+
+- Update
+  patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch
+  (stable-fixes CVE-2025-71118 bsc#1256763).
+- Update
+  patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch
+  (git-fixes CVE-2025-68783 bsc#1256650).
+- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch
+  (git-fixes CVE-2026-23006 bsc#1257208).
+- Update
+  patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch
+  (git-fixes CVE-2025-71082 bsc#1256611).
+- Update
+  patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch
+  (git-fixes CVE-2025-68777 bsc#1256655).
+- Update
+  patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch
+  (CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282).
+- Update
+  patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch
+  (bsc#1255569 CVE-2025-68725).
+- Update
+  patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch
+  (stable-fixes CVE-2025-68797 bsc#1256660).
+- Update
+  patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch
+  (stable-fixes CVE-2025-40106 bsc#1252891).
+- Update
+  patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch
+  (git-fixes CVE-2025-71131 bsc#1256742).
+- Update
+  patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch
+  (git-fixes CVE-2025-71163 bsc#1257215).
+- Update
+  patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch
+  (git-fixes CVE-2025-71162 bsc#1257204).
+- Update
+  patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch
+  (git-fixes CVE-2025-71130 bsc#1256741).
+- Update
+  patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch
+  (git-fixes CVE-2025-71138 bsc#1256785).
+- Update
+  patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch
+  (git-fixes CVE-2025-68789 bsc#1256781).
+- Update
+  patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch
+  (CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277).
+- Update
+  patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch
+  (CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800).
+- Update
+  patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch
+  (git-fixes CVE-2026-22997 bsc#1257202).
+- Update
+  patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch
+  (git-fixes CVE-2025-71079 bsc#1256619).
+- Update
+  patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch
+  (git-fixes CVE-2025-71086 bsc#1256625).
+- Update
+  patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch
+  (git-fixes CVE-2025-71154 bsc#1257163).
+- Update
+  patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch
+  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
+  bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119
+  bsc#1256730).
+- Update
+  patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch
+  (git-fixes CVE-2025-71132 bsc#1256737).
+- Update
+  patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch
+  (git-fixes CVE-2025-68773 bsc#1256586).
+- Update
+  patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch
+  (stable-fixes CVE-2025-68254 bsc#1255140).
+- Update
+  patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch
+  (stable-fixes CVE-2025-68256 bsc#1255138).
+- Update
+  patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch
+  (git-fixes CVE-2025-71145 bsc#1257155).
+- Update
+  patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch
+  (stable-fixes CVE-2025-71108 bsc#1256774).
+- Update
+  patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch
+  (stable-fixes CVE-2025-71114 bsc#1256752).
+- Update
+  patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch
+  (git-fixes CVE-2026-22978 bsc#1257227).
+- Update
+  patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch
+  (git-fixes CVE-2025-71100 bsc#1256593).
+- commit 856d20b
+
+-------------------------------------------------------------------
+Mon Feb  2 10:31:21 CET 2026 - msuchanek@suse.de
+
+- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
+- commit b73475a
+
+-------------------------------------------------------------------
+Mon Feb  2 10:21:16 CET 2026 - tbogendoerfer@suse.de
+
+- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv
+  (CVE-2026-22996).
+- net/mlx5e: Fix crash on profile change rollback failure
+  (CVE-2026-23000 bsc#1257234).
+- commit 46ccefc
+
+-------------------------------------------------------------------
+Mon Feb  2 09:10:49 CET 2026 - sjaeckel@suse.de
+
+- macvlan: fix possible UAF in macvlan_forward_source()
+  (CVE-2026-23001 bsc#1257232).
+- commit bcf0129
+
+-------------------------------------------------------------------
+Mon Feb  2 08:15:46 CET 2026 - jdelvare@suse.com
+
+- gpio: rockchip: Stop calling pinctrl for set_direction
+  (git-fixes).
+- commit 8cea9c9
+
+-------------------------------------------------------------------
+Sun Feb  1 10:40:07 CET 2026 - wqu@suse.com
+
+- btrfs: do not strictly require dirty metadata threshold for
+  metadata  writepages (stable-fixes).
+- commit b83c55a
+
 -------------------------------------------------------------------
 Sun Feb  1 09:40:06 CET 2026 - tiwai@suse.de

@@ -91,6 +322,13 @@ Fri Jan 30 11:03:45 CET 2026 - sjaeckel@suse.de
  bsc#1255172).
 - commit 6580707

+-------------------------------------------------------------------
+Fri Jan 30 09:59:25 CET 2026 - mkubecek@suse.cz
+
+- net/sched: sch_qfq: do not free existing class in
+  qfq_change_class() (CVE-2026-22999 bsc#1257236).
+- commit d911768
+
 -------------------------------------------------------------------
 Fri Jan 30 09:26:59 CET 2026 - mkubecek@suse.cz

@@ -129,6 +367,13 @@ Thu Jan 29 16:46:33 CET 2026 - tbogendoerfer@suse.de
  (CVE-2026-22993 bsc#1257180).
 - commit bb6b853

+-------------------------------------------------------------------
+Thu Jan 29 13:50:01 CET 2026 - rbm@suse.com
+
+- ipv6: BUG() in pskb_expand_head() as part of
+  calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
+- commit 35a165f
+
 -------------------------------------------------------------------
 Thu Jan 29 12:26:49 CET 2026 - mkubecek@suse.cz

@@ -197,6 +442,12 @@ Wed Jan 28 16:30:58 CET 2026 - oneukum@suse.com
  bsc#1256597).
 - commit addbe43

+-------------------------------------------------------------------
+Wed Jan 28 12:46:35 CET 2026 - pfalcato@suse.de
+
+- net: tcp: allow zero-window ACK update the window (bsc#1254767).
+- commit b6299d5
+
 -------------------------------------------------------------------
 Wed Jan 28 06:55:14 CET 2026 - shung-hsi.yu@suse.com

@@ -301,6 +552,15 @@ Tue Jan 27 03:40:41 CET 2026 - shung-hsi.yu@suse.com
  CVE-2025-68200).
 - commit 3454614

+-------------------------------------------------------------------
+Mon Jan 26 23:22:22 CET 2026 - ohering@suse.de
+
+- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
+- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
+- remove an Intel CPU model change which is already part of the base kernel
+- remove a bpf CVE change which is already part of the base kernel
+- commit 6def8a1
+
 -------------------------------------------------------------------
 Mon Jan 26 17:51:15 CET 2026 - tbogendoerfer@suse.de

@@ -316,6 +576,13 @@ Mon Jan 26 16:51:47 CET 2026 - rgoldwyn@suse.com
 - ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403).
 - commit de1a69a

+-------------------------------------------------------------------
+Mon Jan 26 16:17:34 CET 2026 - mhocko@suse.com
+
+- x86: make page fault handling disable interrupts properly
+  (git-fixes).
+- commit e28ac6a
+
 -------------------------------------------------------------------
 Mon Jan 26 15:35:32 CET 2026 - rgoldwyn@suse.com

@@ -449,6 +716,22 @@ Fri Jan 23 16:16:11 CET 2026 - mwilck@suse.com
  raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761).
 - commit 06431f4

+-------------------------------------------------------------------
+Fri Jan 23 10:17:26 CET 2026 - vkarasulli@suse.de
+
+- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089
+  bsc#1256612).
+- commit 74dac8b
+
+-------------------------------------------------------------------
+Fri Jan 23 09:58:42 CET 2026 - sjaeckel@suse.de
+
+- net: hns3: add VLAN id validation before using (CVE-2025-71112
+  bsc#1256726).
+- net/handshake: duplicate handshake cancellations leak socket
+  (CVE-2025-68775 bsc#1256665).
+- commit 5f03ae0
+
 -------------------------------------------------------------------
 Fri Jan 23 09:36:44 CET 2026 - tiwai@suse.de

@@ -1130,7 +1413,7 @@ Tue Jan 13 14:35:13 CET 2026 - jack@suse.cz

 - ext4: use optimized mballoc scanning regardless of inode format
  (bsc#1254378).
- commit aa95fec
+- commit 7e74f80

 -------------------------------------------------------------------
 Tue Jan 13 13:42:34 CET 2026 - tbogendoerfer@suse.de
@@ -17064,6 +17347,15 @@ Tue Jul  1 17:49:17 CEST 2025 - mkoutny@suse.com
  problems.
 - commit f86a16a

+-------------------------------------------------------------------
+Tue Jul  1 16:44:48 CEST 2025 - msuchanek@suse.de
+
+- Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602
+  bsc#1243678 ltc#213596)
+  CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY=y
+  CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX=y
+- commit f28d32c
+
 -------------------------------------------------------------------
 Tue Jul  1 16:17:35 CEST 2025 - pfalcato@suse.de