Title of the patch: Security update for the Linux Kernel

---

Description of the patch: The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603). - CVE-2025-71183: btrfs: always detect conflicting inodes when logging inode refs (bsc#1257631). - CVE-2026-23168: flex_proportions: make fprop_new_period() hardirq safe (bsc#1258826). - CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). - CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). - CVE-2026-23245: net/sched: act_gate: snapshot parameters with RCU on replace (bsc#1259799). - CVE-2026-23271: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018). - CVE-2026-23276: net: move dev_xmit_recursion() helpers to net/core/dev.h (bsc#1260012). - CVE-2026-23300: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (bsc#1260538). - CVE-2026-23306: scsi: pm8001: Fix use-after-free in pm8001_queue_command() (bsc#1260501). - CVE-2026-23313: i40e: Fix preempt count leak in napi poll tracepoint (bsc#1260555). - CVE-2026-23321: mptcp: pm: in-kernel: always mark signal+subflow endp as used (bsc#1260505). - CVE-2026-23340: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (bsc#1260523). - CVE-2026-23346: mm/ioremap: define generic_ioremap_prot() and generic_iounmap() (bsc#1260529). - CVE-2026-23351: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (bsc#1260526). - CVE-2026-23368: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (bsc#1260530). - CVE-2026-23374: blktrace: fix __this_cpu_read/write in preemptible context (bsc#1260811). - CVE-2026-23378: net/sched: act_ife: Fix metalist update behavior (bsc#1260546). - CVE-2026-23391: netfilter: xt_CT: drop pending enqueued packets on template removal (bsc#1260566). - CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1260531). - CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). - CVE-2026-23397: nfnetlink_osf: validate individual option lengths in fingerprints (bsc#1260728). - CVE-2026-23399: nf_tables: nft_dynset: fix possible stateful expression memleak in error path (bsc#1261020). - CVE-2026-23440: net/mlx5e: Fix race condition during IPSec ESN update (bsc#1261641). - CVE-2026-23441: net/mlx5e: Prevent concurrent access to IPSec ASO context (bsc#1261768). - CVE-2026-23442: ipv6: add NULL checks for idev in SRv6 paths (bsc#1261581). - CVE-2026-23449: net/sched: teql: Fix double-free in teql_master_xmit (bsc#1261779). - CVE-2026-23450: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (bsc#1261584). - CVE-2026-23455: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (bsc#1261687). - CVE-2026-23456: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (bsc#1261703). - CVE-2026-23457: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (bsc#1261686). - CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (bsc#1261781). - CVE-2026-23461: Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (bsc#1261707). - CVE-2026-23462: Bluetooth: HIDP: Fix possible UAF (bsc#1261710). - CVE-2026-23468: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion (bsc#1261692). - CVE-2026-23472: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN (bsc#1261636). - CVE-2026-23473: io_uring/poll: fix multishot recv missing EOF on wakeup race (bsc#1261694). - CVE-2026-31400: sunrpc: fix cache_request leak in cache_release (bsc#1261645). - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261638). - CVE-2026-31403: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (bsc#1261796). - CVE-2026-31404: xfs: avoid dereferencing log items after push callbacks (bsc#1261628). - CVE-2026-31407: netfilter: conntrack: add missing netlink policy validations (bsc#1261632). - CVE-2026-31411: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (bsc#1261752). - CVE-2026-31415: ipv6: avoid overflows in ip6_datagram_send_ctl() (bsc#1262099). - CVE-2026-31416: netfilter: nfnetlink_log: account for netlink header size (bsc#1262100). - CVE-2026-31420: bridge: mrp: reject zero test interval to avoid OOM panic (bsc#1262055). - CVE-2026-31421: net/sched: cls_fw: fix NULL pointer dereference on shared blocks (bsc#1262061). - CVE-2026-31422: net/sched: cls_flow: fix NULL pointer dereference on shared blocks (bsc#1262054). - CVE-2026-31423: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (bsc#1262063). - CVE-2026-31424: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (bsc#1262053). - CVE-2026-31425: rds: ib: reject FRMR registration before IB connection is established (bsc#1262074). - CVE-2026-31427: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (bsc#1262086). - CVE-2026-31428: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (bsc#1262087). - CVE-2026-31436: dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (bsc#1262602). - CVE-2026-31449: ext4: validate p_idx bounds in ext4_ext_correct_indexes (bsc#1262616). - CVE-2026-31470: virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (bsc#1262665). - CVE-2026-31488: drm/amd/display: Do not skip unrelated mode changes in DSC validation (bsc#1262746). - CVE-2026-31494: net: cadence: macb: Synchronize stats calculations (bsc#1262671). - CVE-2026-31496: netfilter: nf_conntrack_expect: skip expectations in other netns via proc (bsc#1262673). - CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263085). - CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (bsc#1263093). - CVE-2026-31507: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (bsc#1263095). - CVE-2026-31512: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (bsc#1262734). - CVE-2026-31515: af_key: validate families in pfkey_send_migrate() (bsc#1262752). - CVE-2026-31519: btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (bsc#1263012). - CVE-2026-31525: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (bsc#1262725). - CVE-2026-31528: perf: Make sure to use pmu_ctx->pmu for groups (bsc#1263001). - CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1262758). - CVE-2026-31550: pmdomain: bcm: bcm2835-power: Increase ASB control timeout (bsc#1263104). - CVE-2026-31565: RDMA/irdma: Fix deadlock during netdev reset with active connections (bsc#1263064). - CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel() (bsc#1263065). - CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (bsc#1263176). - CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small write values (bsc#1263165). - CVE-2026-31602: ALSA: ctxfi: Limit PTP to a single page (bsc#1263723). - CVE-2026-31607: usbip: validate number_of_packets in usbip_pack_ret_submit() (bsc#1263600). - CVE-2026-31622: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler (bsc#1263797). - CVE-2026-31649: net: stmmac: fix integer underflow in chain mode (bsc#1263582). - CVE-2026-31656: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (bsc#1263170). - CVE-2026-31662: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (bsc#1263131). - CVE-2026-31668: seg6: separate dst_cache for input and output paths in seg6 lwtunnel (bsc#1263140). - CVE-2026-31669: mptcp: fix slab-use-after-free in __inet_lookup_established (bsc#1263141). - CVE-2026-31675: net/sched: sch_netem: fix out-of-bounds access in packet corruption (bsc#1263556). - CVE-2026-31679: openvswitch: validate MPLS set/set_masked payload length (bsc#1263592). - CVE-2026-31681: netfilter: xt_multiport: validate range encoding in checkentry (bsc#1263593). - CVE-2026-31682: bridge: br_nd_send: linearize skb before parsing ND options (bsc#1263595). - CVE-2026-31684: net: sched: act_csum: validate nested VLAN headers (bsc#1263596). - CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263668). - CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263901). - CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (bsc#1263882). - CVE-2026-31738: vxlan: validate ND option lengths in vxlan_na_create (bsc#1264059). - CVE-2026-31787: xen/privcmd: fix double free via VMA splitting (bsc#1262181). - CVE-2026-43009: bpf: Fix incorrect pruning due to atomic fetch precision tracking (bsc#1264014). - CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new expectations (bsc#1263931). - CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect cleanup (bsc#1263933). - CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995). - CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach() (bsc#1264097). - CVE-2026-43044: crypto: caam - fix DMA corruption on long hmac keys (bsc#1264087). - CVE-2026-43050: atm: lec: fix use-after-free in sock_def_readable() (bsc#1264082). - CVE-2026-43060: netfilter: nft_ct: drop pending enqueued packets on removal (bsc#1264183). - CVE-2026-43088: net: af_key: zero aligned sockaddr tail in PF_KEY exports (bsc#1264469). - CVE-2026-43110: wifi: brcmfmac: validate bsscfg indices in IF events (bsc#1264482). - CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr. - CVE-2026-43126: ALSA: mixer: oss: Add card disconnect checkpoints (bsc#1264634). - CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264848). - CVE-2026-43214: KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() (bsc#1264651). - CVE-2026-43265: KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() (bsc#1264427). - CVE-2026-43329: netfilter: flowtable: strictly check for maximum number of actions (bsc#1265085). - CVE-2026-43330: crypto: caam - fix overflow on long hmac keys (bsc#1264801). - CVE-2026-43334: Bluetooth: SMP: force responder MITM requirements before building the pairing response (bsc#1265090). - CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values (bsc#1265119). - CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle (bsc#1265116). - CVE-2026-43419: ceph: fix memory leaks in ceph_mdsc_build_path() (bsc#1264661). - CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (bsc#1265126). - CVE-2026-43441: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1264674). - CVE-2026-43494: net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626). - CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-transfer helpers (bsc#1265960). The following non security issues were fixed: - accel/qaic: Add overflow check to remap_pfn_range during mmap (git-fixes). - ACPI: AGDI: fix missing newline in error message (git-fixes). - ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug (git-fixes). - ACPI: scan: Use acpi_dev_put() in object add error paths (git-fixes). - ACPI: video: force native backlight on HP OMEN 16 (8A44) (stable-fixes). - ALSA: 6fire: Fix input volume change detection (git-fixes). - ALSA: 6fire: fix use-after-free on disconnect (git-fixes). - ALSA: aoa: i2sbus: clear stale prepared state (git-fixes). - ALSA: aoa: i2sbus: fix OF node lifetime handling (git-fixes). - ALSA: aoa: Skip devices with no codecs in i2sbus_resume() (git-fixes). - ALSA: aoa: Use guard() for mutex locks (stable-fixes). - ALSA: asihpi: avoid write overflow check warning (stable-fixes). - ALSA: caiaq: Don't abort when no input device is available (git-fixes). - ALSA: caiaq: Fix control_put() result and cache rollback (git-fixes). - ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (git-fixes). - ALSA: caiaq: fix usb_dev refcount leak on probe failure (git-fixes). - ALSA: caiaq: Handle probe errors properly (git-fixes). - ALSA: caiaq: take a reference on the USB device in create_card() (git-fixes). - ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() (git-fixes). - ALSA: core: Fix potential data race at fasync handling (git-fixes). - ALSA: core: Serialize deferred fasync state checks (git-fixes). - ALSA: core: Validate compress device numbers without dynamic minors (git-fixes). - ALSA: ctxfi: Add fallback to default RSR for S/PDIF (git-fixes). - ALSA: ctxfi: Fix missing SPDIFI1 index handling (stable-fixes). - ALSA: ctxfi: Limit PTP to a single page (git-fixes). - ALSA: firewire-tascam: Do not drop unread control events (git-fixes). - ALSA: fireworks: bound device-supplied status before string array lookup (git-fixes). - ALSA: hda/realtek - fixed speaker no sound update (git-fixes). - ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk (stable-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC (stable-fixes). - ALSA: hda/realtek: add quirk for Framework F111:000F (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10 (stable-fixes). - ALSA: hda/realtek: fix code style (ERROR: else should follow close brace '}') (git-fixes). - ALSA: misc: Use guard() for spin locks (stable-fixes). - ALSA: scarlett2: Add missing sentinel initializer field (git-fixes). - ALSA: seq: Notify client and port info changes (stable-fixes). - ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP JU Jiu (stable-fixes). - ALSA: usb-audio: Avoid false E-MU sample-rate notifications (git-fixes). - ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Evaluate packsize caps at the right place (git-fixes). - ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch (git-fixes). - ALSA: usb-audio: Fix potential leak of pd at parsing UAC3 streams (git-fixes). - ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex (stable-fixes). - ALSA: usb-audio: Fix UAC3 cluster descriptor size check (git-fixes). - ALSA: usb-audio: midi2: Restart output URBs on resume (git-fixes). - ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES (git-fixes). - ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA (stable-fixes). - ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF (stable-fixes). - ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in quirk table (stable-fixes). - ASoC: codecs: ab8500: Fix casting of private data (git-fixes). - ASoC: cs35l56: Destroy workqueue in probe error path (git-fixes). - ASoC: cs35l56: Don't use devres to unregister component (git-fixes). - ASoC: fsl_easrc: Change the type for iec958 channel status controls (git-fixes). - ASoC: fsl_easrc: Check the variable range in fsl_easrc_iec958_put_bits() (git-fixes). - ASoC: fsl_easrc: fix comment typo (git-fixes). - ASoC: fsl_easrc: Fix value type in fsl_easrc_iec958_get_bits() (git-fixes). - ASoC: fsl_micfil: Add access property for "VAD Detected" (git-fixes). - ASoC: fsl_micfil: Fix event generation in hwvad_put_enable() (git-fixes). - ASoC: fsl_micfil: Fix event generation in hwvad_put_init_mode() (git-fixes). - ASoC: fsl_micfil: Fix event generation in micfil_put_dc_remover_state() (git-fixes). - ASoC: fsl_micfil: Fix event generation in micfil_quality_set() (git-fixes). - ASoC: fsl_xcvr: Fix event generation for cached controls (git-fixes). - ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_arc_mode_put() (git-fixes). - ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_mode_put() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix MCLK leak on platform_clock_control error (git-fixes). - ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens (git-fixes). - ASoC: qcom: q6apm: move component registration to unmanaged version (git-fixes). - ASoC: qcom: q6apm: remove child devices when apm is removed (git-fixes). - ASoC: qcom: qdsp6: topology: check widget type before accessing data (git-fixes). - ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list (stable-fixes). - ASoC: SOF: compress: return the configured codec from get_params (git-fixes). - ASoC: SOF: Don't allow pointer operations on unconfigured streams (git-fixes). - ASoC: SOF: Intel: hda: Place check before dereference (git-fixes). - ASoC: SOF: topology: reject invalid vendor array size in token parser (stable-fixes). - ASoC: sti: Return errors from regmap_field_alloc() (git-fixes). - ASoC: sti: use managed regmap_field allocations (git-fixes). - ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J (stable-fixes). - ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585 (stable-fixes). - batman-adv: bla: only purge non-released claims (git-fixes). - batman-adv: bla: prevent use-after-free when deleting claims (git-fixes). - batman-adv: bla: put backbone reference on failed claim hash insert (git-fixes). - batman-adv: fix integer overflow on buff_pos (git-fixes). - batman-adv: hold claim backbone gateways by reference (git-fixes). - batman-adv: reject new tp_meter sessions during teardown (git-fixes). - batman-adv: reject oversized global TT response buffers (git-fixes). - batman-adv: stop caching unowned originator pointers in BAT IV (git-fixes). - Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (git-fixes). - Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (git-fixes). - Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt (git-fixes). - Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (git-fixes). - Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error (git-fixes). - Bluetooth: HIDP: serialise l2cap_unregister_user via hidp_session_sem (git-fixes). - Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() (git-fixes). - Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (git-fixes). - Bluetooth: l2cap: fix MPS check in l2cap_ecred_reconf_req (git-fixes). - Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() (git-fixes). - Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() (git-fixes). - Bluetooth: L2CAP: Fix printing wrong information if SDU length exceeds MTU (git-fixes). - Bluetooth: RFCOMM: pull credit byte with skb_pull_data() (git-fixes). - Bluetooth: SCO: check for codecs->num_codecs == 1 before assigning to sco_pi(sk)->codec (git-fixes). - Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready (git-fixes). - Bluetooth: SCO: hold sk properly in sco_conn_ready (git-fixes). - Bluetooth: virtio_bt: clamp rx length before skb_put (git-fixes). - Bluetooth: virtio_bt: validate rx pkt_type header length (git-fixes). - btrfs: do not skip logging new dentries when logging a new name (git-fixes). - btrfs: reject root items with drop_progress and zero drop_level (git-fixes). - btrfs: replace BUG() with error handling in __btrfs_balance() (git-fixes). - can: mcp251x: add error handling for power enable in open and resume (stable-fixes). - can: raw: fix ro->uniq use-after-free in raw_rcv() (git-fixes). - can: ucan: fix devres lifetime (git-fixes). - cdc-acm: new quirk for EPSON HMD (stable-fixes). - check-for-config-changes: Exclude CC_MS_EXTENSIONS. - check-for-config-changes: Exclude HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC}. - checkpatch: add support for Assisted-by tag (stable-fixes). - comedi: dt2815: add hardware detection to prevent crash (stable-fixes). - crypto: algif_aead - Fix minimum RX size check for decryption (git-fixes). - crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit (git-fixes). - crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup (git-fixes). - crypto: atmel-ecc - Release client on allocation failure (git-fixes). - crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path (git-fixes). - crypto: atmel-tdes - fix DMA sync direction (git-fixes). - crypto: authencesn - reject short ahash digests during instance creation (git-fixes). - crypto: ccp - copy IV using skcipher ivsize (git-fixes). - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (git-fixes). - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (git-fixes). - crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (git-fixes). - crypto: ccree - fix a memory leak in cc_mac_digest() (git-fixes). - crypto: hisilicon - Fix dma_unmap_single() direction (git-fixes). - crypto: jitterentropy - replace long-held spinlock with mutex (git-fixes). - crypto: pcrypt - Fix handling of MAY_BACKLOG requests (git-fixes). - crypto: qat - fix type mismatch in RAS sysfs show functions (git-fixes). - crypto: qat - use swab32 macro (git-fixes). - crypto: sa2ul - Fix AEAD fallback algorithm names (git-fixes). - crypto: simd - reject compat registrations without __ prefixes (git-fixes). - crypto: talitos - fix SEC1 32k ahash request limitation (git-fixes). - crypto: testmgr - Hide ENOENT errors (stable-fixes). - crypto: testmgr - Hide ENOENT errors better (git-fixes). - devres: fix missing node debug info in devm_krealloc() (git-fixes). - dm init: ensure device probing has finished in dm-mod.waitfor= (git-fixes). - dmaengine: dw-axi-dmac: Remove unnecessary return statement from void function (git-fixes). - dmaengine: mxs-dma: Fix missing return value from of_dma_controller_register() (git-fixes). - drm/amd/display: Add NULL check for integrated_info in clk_mgr_construct (git-fixes). - drm/amd/display: Allow DCE link encoder without AUX registers (git-fixes). - drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths (git-fixes). - drm/amd/display: Disable 10-bit truncation and dithering on DCE 6.x (git-fixes). - drm/amd/display: Read EDID from VBIOS embedded panel info (git-fixes). - drm/amd/pm/ci: Clear EnabledForActivity field for memory levels (git-fixes). - drm/amd/pm/ci: Disable MCLK DPM on problematic CI ASICs (git-fixes). - drm/amd/pm/ci: Fill DW8 fields from SMC (git-fixes). - drm/amd/pm/ci: Fix powertune defaults for Hawaii 0x67B0 (git-fixes). - drm/amd/pm/ci: Use highest MCLK on CI when MCLK DPM is disabled (git-fixes). - drm/amd/pm/smu7: Add SCLK cap for quirky Hawaii board (git-fixes). - drm/amd/pm/smu7: Fix SMU7 voltage dependency on display clock (git-fixes). - drm/amdgpu/gfx6: Support harvested SI chips with disabled TCCs (v2) (git-fixes). - drm/amdgpu/gfx9: drop unnecessary 64-bit fence flag check in KIQ (stable-fixes). - drm/amdgpu/gfx10: look at the right prop for gfx queue priority (git-fixes). - drm/amdgpu/gmc: Fix AMDGPU_GART_PLACEMENT_LOW to not overlap with VRAM (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v2.0 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v2.5 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v3.0 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.3 ring (git-fixes). - drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.5 ring (git-fixes). - drm/amdgpu/pm: add missing revision check for CI (git-fixes). - drm/amdgpu/pm: align Hawaii mclk workaround with radeon (git-fixes). - drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission (git-fixes). - drm/amdgpu/vce: Prevent partial address patches (stable-fixes). - drm/amdgpu/vcn3: Avoid overflow on msg bound check (git-fixes). - drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg (stable-fixes). - drm/amdgpu/vcn4: Avoid overflow on msg bound check (git-fixes). - drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg (stable-fixes). - drm/amdgpu/vcn4: Prevent OOB reads when parsing IB (stable-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v2.0 enc/dec rings (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v2.5 enc/dec rings (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v3.0 enc/dec rings (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v4.0 enc ring (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v4.0.3 enc ring (git-fixes). - drm/amdgpu/vcn: set no_user_fence for VCN v4.0.5 enc ring (git-fixes). - drm/amdgpu: Add bounds checking to ib_{get,set}_value (stable-fixes). - drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG (git-fixes). - drm/amdgpu: fix zero-size GDS range init on RDNA4 (stable-fixes). - drm/amdgpu: zero-initialize GART table on allocation (stable-fixes). - drm/amdkfd: Add upper bound check for num_of_nodes (stable-fixes). - drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure (stable-fixes). - drm/amdkfd: validate SVM ioctl nattr against buffer size (stable-fixes). - drm/arcpgu: fix device node leak (git-fixes). - drm/bridge: cadence: cdns-mhdp8546-core: Add mode_valid hook to drm_bridge_funcs (git-fixes). - drm/bridge: cadence: cdns-mhdp8546-core: Handle HDCP state in bridge atomic check (git-fixes). - drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable() (git-fixes). - drm/etnaviv: Fix armed job not being pushed to the DRM scheduler (git-fixes). - drm/fb-helper: Fix clipping when damage area spans a single scanline (git-fixes). - drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (git-fixes). - drm/gma500/oaktrail_hdmi: fix i2c adapter leak on setup (git-fixes). - drm/gma500/oaktrail_lvds: fix hang on init failure (git-fixes). - drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init (git-fixes). - drm/i915/dp: Fix VSC dynamic range signaling for RGB formats (git-fixes). - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (git-fixes). - drm/i915/wm: Verify the correct plane DDB entry (git-fixes). - drm/i915: skip __i915_request_skip() for already signaled requests (git-fixes). - drm/komeda: fix integer overflow in AFBC framebuffer size check (git-fixes). - drm/msm/a6xx: Fix dumping A650+ debugbus blocks (git-fixes). - drm/msm/a6xx: Fix HLSQ register dumping (git-fixes). - drm/msm/a6xx: Use barriers while updating HFI Q headers (git-fixes). - drm/msm/dpu: fix mismatch between power and frequency (git-fixes). - drm/msm/dsi: add the missing parameter description (git-fixes). - drm/msm/dsi: fix bits_per_pclk (git-fixes). - drm/msm/dsi: fix hdisplay calculation for CMD mode panel (git-fixes). - drm/msm/dsi: rename MSM8998 DSI version from V2_2_0 to V2_0_0 (git-fixes). - drm/msm/shrinker: Fix can_block() logic (git-fixes). - drm/nouveau: fix u32 overflow in pushbuf reloc bounds check (git-fixes). - drm/panel: sharp-ls043t1le01: make use of prepare_prev_first (git-fixes). - drm/panel: simple: Correct G190EAN01 prepare timing (git-fixes). - drm/panfrost: Fix wait_bo ioctl leaking positive return from dma_resv_wait_timeout() (git-fixes). - drm/radeon: add missing revision check for CI (git-fixes). - drm/sun4i: backend: fix error pointer dereference (git-fixes). - drm/sun4i: Fix resource leaks (git-fixes). - drm/vc4: Fix a memory leak in hang state error path (git-fixes). - drm/vc4: Fix memory leak of BO array in hang state (git-fixes). - drm/vc4: platform_get_irq_byname() returns an int (stable-fixes). - drm/vc4: Protect madv read in vc4_gem_object_mmap() with madv_lock (git-fixes). - drm/vc4: Release runtime PM reference after binding V3D (git-fixes). - drm/vram: remove DRM_VRAM_MM_FILE_OPERATIONS from docs (git-fixes). - dt-bindings: net: Fix Tegra234 MGBE PTP clock (git-fixes). - efi/capsule-loader: fix incorrect sizeof in phys array reallocation (git-fixes). - efi: pstore: Drop efivar lock when efi_pstore_open() returns with an error (git-fixes). - ext4: fix fsync(2) for nojournal mode (git-fixes). - ext4: make recently_deleted() properly work with lazy itable initialization (git-fixes). - ext4: reject mount if bigalloc with s_first_data_block != 0 (git-fixes). - extcon: ptn5150: handle pending IRQ events during system resume (git-fixes). - fbdev: matroxfb: Mark variable with __maybe_unused to avoid W=1 build break (git-fixes). - fbdev: offb: fix PCI device reference leak on probe failure (git-fixes). - fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (stable-fixes). - fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free (stable-fixes). - fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (git-fixes). - firmware: dmi: Correct an indexing error in dmi.h (git-fixes). - gpio: tegra: fix irq_release_resources calling enable instead of disable (git-fixes). - gtp: disable BH before calling udp_tunnel_xmit_skb() (git-fixes). - HID: alps: fix NULL pointer dereference in alps_raw_event() (git-fixes). - HID: asus: do not abort probe when not necessary (git-fixes). - HID: asus: make asus_resume adhere to linux kernel coding standards (git-fixes). - HID: core: clamp report_size in s32ton() to avoid undefined shift (stable-fixes). - HID: multitouch: Check to ensure report responses match the request (stable-fixes). - HID: playstation: Clamp num_touch_reports (git-fixes). - HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3 (stable-fixes). - HID: roccat: fix use-after-free in roccat_report_event (stable-fixes). - HID: usbhid: fix deadlock in hid_post_reset() (git-fixes). - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (stable-fixes). - hv_sock: fix ARM64 support (git-fixes). - hwmon: (ads7871) Fix endianness bug in 16-bit register reads (git-fixes). - hwmon: (corsair-psu) Close HID device on probe errors (git-fixes). - hwmon: (lm63) Add locking to avoid TOCTOU (git-fixes). - hwmon: (ltc2992) Clamp threshold writes to hardware range (git-fixes). - hwmon: (ltc2992) Fix u32 overflow in power read path (git-fixes). - i2c: s3c24xx: check the size of the SMBUS message before using it (stable-fixes). - i2c: smbus: reject oversized block transfers in the common path (git-fixes). - i2c: stm32f7: reinit_completion() per transfer not per msg (git-fixes). - i2c: stub: Reject I2C block transfers with invalid length (git-fixes). - i3c: master: Fix error codes at send_ccc_cmd (git-fixes). - i3c: mipi-i3c-hci: fix IBI payload length calculation for final status (git-fixes). - ibmveth: Disable GSO for packets with small MSS (bsc#1265144). - ice: set max queues in alloc_etherdev_mqs() (git-fixes). - iio: adc: ad7768-1: fix one-shot mode data acquisition (git-fixes). - iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() (git-fixes). - iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned() (git-fixes). - Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (stable-fixes). - Input: uinput - fix circular locking dependency with ff-core (git-fixes). - Input: uinput - take event lock when submitting FF request "event" (stable-fixes). - Input: xpad - add support for BETOP BTP-KP50B/C controller's wireless mode (stable-fixes). - Input: xpad - add support for Razer Wolverine V3 Pro (stable-fixes). - ipmi: Add limits to event and receive message requests (git-fixes). - ipmi: Check event message buffer response for bad data (git-fixes). - ipmi: ssif_bmc: change log level to dbg in irq callback (git-fixes). - ipmi: ssif_bmc: fix message desynchronization after truncated response (git-fixes). - ipmi: ssif_bmc: fix missing check for copy_to_user() partial failure (git-fixes). - irqchip/irq-pic32-evic: Address warning related to wrong printf() formatter (git-fixes). - kdump, documentation: describe craskernel CMA reservation (jsc#PED-7249). - KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (git-fixes). - KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN (git-fixes). - KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN (git-fixes). - KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (bsc#1253122). - KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (git-fixes). - KVM: x86: check for nEPT/nNPT in slow flush hypercalls (git-fixes). - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (git-fixes). - KVM: x86: hyper-v: Validate all GVAs during PV TLB flush (git-fixes). - KVM: x86: Ignore cpuid faulting in SMM (git-fixes). - leds: lgm-sso: Remove duplicate assignments for priv->mmap (git-fixes). - lib/hexdump: print_hex_dump_bytes() calls print_hex_dump_debug() (git-fixes). - media: amphion: Fix race between m2m job_abort and device_run (git-fixes). - media: as102: fix to not free memory after the device is registered in as102_usb_probe() (git-fixes). - media: dib8000: avoid division by 0 in dib8000_set_dds() (git-fixes). - media: em28xx: fix use-after-free in em28xx_v4l2_open() (git-fixes). - media: hackrf: fix to not free memory after the device is registered in hackrf_probe() (git-fixes). - media: i2c: imx219: Check return value of devm_gpiod_get_optional() in imx219_probe() (git-fixes). - media: i2c: imx412: Assert reset GPIO during probe (git-fixes). - media: i2c: ov08d10: fix image vertical start setting (git-fixes). - media: i2c: ov8856: free control handler on error in ov8856_init_controls() (git-fixes). - media: mtk-jpeg: fix use-after-free in release path due to uncancelled work (git-fixes). - media: omap3isp: drop the use count of v4l2 pipeline (git-fixes). - media: pci: zoran: fix potential memory leak in zoran_probe() (git-fixes). - media: rc: streamzap: Error handling in probe (git-fixes). - media: rc: xbox_remote: heed DMA restrictions (git-fixes). - media: saa7164: add ioremap return checks and cleanups (git-fixes). - media: staging: imx: configure src_mux in csi_start (git-fixes). - media: staging: imx: request mbus_config in csi_start (git-fixes). - media: uvcvideo: Enable VB2_DMABUF for metadata stream (git-fixes). - media: videobuf2: Set vma_flags in vb2_dma_sg_mmap (git-fixes). - media: vidtv: fix nfeeds state corruption on start_streaming failure (git-fixes). - media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections (git-fixes). - media: vidtv: fix pass-by-value structs causing MSAN warnings (git-fixes). - memory: tegra30-emc: Fix dll_change check (git-fixes). - memory: tegra124-emc: Fix dll_change check (git-fixes). - mfd: mc13xxx-core: Fix memory leak in mc13xxx_add_subdevice_pdata() (git-fixes). - mkspec: Add signature to source list only when it exists. - mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration (git-fixes). - mmc: vub300: fix NULL-deref on disconnect (git-fixes). - modpost: Amend ppc64 save/restfpr symnames for -Os build (bsc#1215199). - mtd: docg3: Convert to platform remove callback returning void (stable-fixes). - mtd: docg3: fix use-after-free in docg3_release() (git-fixes). - mtd: parsers: ofpart: call of_node_get() for dedicated subpartitions (git-fixes). - mtd: parsers: ofpart: call of_node_put() only in ofpart_fail path (git-fixes). - mtd: physmap_of_gemini: Fix disabled pinctrl state check (git-fixes). - mtd: rawnand: sunxi: fix sunxi_nfc_hw_ecc_read_extra_oob (git-fixes). - mtd: spi-nor: core: correct the op.dummy.nbytes when check read operations (git-fixes). - mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()` (stable-fixes). - mtd: spi-nor: sst: Fix SST write failure (git-fixes). - mtd: spi-nor: sst: Fix write enable before AAI sequence (git-fixes). - mtd: spi-nor: swp: check SR_TB flag when getting tb_mask (git-fixes). - net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626). - net/sched: cls_fw: fix NULL dereference of "old" filters before change() (git-fixes). - net/sched: fix pedit partial COW leading to page cache corruption (bsc#1265421). - net: gro: don't merge zcopy skbs (git-fixes). - net: mana: Add MAC address to vPort logs and clarify error messages (git-fixes). - net: mana: check xdp_rxq registration before unreg in mana_destroy_rxq() (git-fixes). - net: mana: Don't overwrite port probe error with add_adev result (git-fixes). - net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR (bsc#1265846). - net: mana: Fix EQ leak in mana_remove on NULL port (git-fixes). - net: mana: Fix RX skb truesize accounting (bsc#1248754). - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (git-fixes). - net: mana: Guard mana_remove against double invocation (git-fixes). - net: mana: hardening: Validate adapter_mtu from MANA_QUERY_DEV_CONFIG (git-fixes). - net: mana: hardening: Validate doorbell ID from GDMA_REGISTER_DEVICE response (git-fixes). - net: mana: Init gf_stats_work before potential error paths in probe (git-fixes). - net: mana: Init link_change_work before potential error paths in probe (git-fixes). - net: mana: remove double CQ cleanup in mana_create_rxq error path (git-fixes). - net: mana: Set default number of queues to 16 (bsc#1261648). - net: mana: Skip WQ object destruction for uninitialized RXQ (git-fixes). - net: mana: Use at least SZ_4K in doorbell ID range check (git-fixes). - net: mana: Use pci_name() for debugfs directory naming (git-fixes). - net: phy: dp83869: fix setting CLK_O_SEL field (git-fixes). - net: stmmac: Fix PTP ref clock for Tegra234 (git-fixes). - net: usb: asix: ax88772: re-add usbnet_link_change() in phylink callbacks (git-fixes). - net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() (git-fixes). - net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit() (git-fixes). - net: usb: rtl8150: free skb on usb_submit_urb() failure in xmit (git-fixes). - net: wan: fsl_ucc_hdlc: fix ucc_hdlc_remove (git-fixes). - net: wan: fsl_ucc_hdlc: fix uhdlc_memclean (git-fixes). - net: wan: fsl_ucc_hdlc: free tx_skbuff in uhdlc_memclean (git-fixes). - NFC: digital: Bounds check NFC-A cascade depth in SDD response handler (git-fixes). - nfc: llcp: add missing return after LLCP_CLOSED checks (git-fixes). - nfc: pn533: allocate rx skb before consuming bytes (git-fixes). - nfc: s3fwrn5: allocate rx skb before consuming bytes (git-fixes). - NFC: trf7970a: Ignore antenna noise when checking for RF field (git-fixes). - nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers (git-fixes). - ocfs2: fix possible deadlock between unlink and dio_end_io_write (bsc#1258718). - ocfs2: split transactions in dio completion to avoid credit exhaustion (bsc#1258718). - PCI/AER: Clear only error bits in PCIe Device Status (git-fixes). - PCI/AER: Stop ruling out unbound devices as error source (git-fixes). - PCI: dwc: Apply ECRC workaround to DesignWare 5.00a as well (git-fixes). - PCI: Enable AtomicOps only if Root Port supports them (git-fixes). - PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown (git-fixes). - PCI: hv: Set default NUMA node to 0 for devices without affinity info (git-fixes). - PCI: mediatek-gen3: Prevent leaking IRQ domains when IRQ not found (git-fixes). - PCI: tegra194: Allow system suspend when the Endpoint link is not up (git-fixes). - PCI: tegra194: Disable direct speed change for Endpoint mode (git-fixes). - PCI: tegra194: Disable LTSSM after transition to Detect on surprise link down (git-fixes). - PCI: tegra194: Disable PERST# IRQ only in Endpoint mode (git-fixes). - PCI: tegra194: Fix polling delay for L2 state (git-fixes). - PCI: tegra194: Increase LTSSM poll time on surprise link down (git-fixes). - PCI: tegra194: Set LTR message request before PCIe link up in Endpoint mode (git-fixes). - PCI: tegra194: Use devm_gpiod_get_optional() to parse "nvidia,refclk-select" (git-fixes). - PCI: tegra194: Use DWC IP core version (git-fixes). - pinctrl: abx500: Fix type of 'argument' variable (git-fixes). - pinctrl: Fix spelling problem (git-fixes). - pinctrl: intel: Fix the revision for new features (1kOhm PD, HW debouncer) (stable-fixes). - pinctrl: pic32: change all cases of bare 'unsigned' to 'unsigned int' (git-fixes). - pinctrl: pic32: use consistent spacing around '+' (git-fixes). - pinctrl: pinctrl-pic32: Fix resource leak (git-fixes). - platform/chrome: chromeos_tbmc: Drop wakeup source on remove (git-fixes). - platform/surface: surfacepro3_button: Drop wakeup source on remove (git-fixes). - platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug (stable-fixes). - platform/x86: dell-wmi-sysman: bound enumeration string aggregation (git-fixes). - platform/x86: dell_rbu: avoid uninit value usage in packet_size_write() (git-fixes). - platform/x86: hp-wmi: Ignore backlight and FnLock events (stable-fixes). - platform/x86: panasonic-laptop: Fix OPTD notifier registration and cleanup (git-fixes). - power: supply: axp288_charger: Do not cancel work before initializing it (git-fixes). - power: supply: max17042: avoid overflow when determining health (git-fixes). - powerpc/crash: fix backup region offset update to elfcorehdr (bsc#1259535). - RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (git-fixes). - RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() (git-fixes). - RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (git-fixes). - RDMA/mana: Validate rx_hash_key_len (git-fixes). - RDMA/mana_ib: cleanup the usage of mana_gd_send_request() (git-fixes). - RDMA/mana_ib: Disable RX steering on RSS QP destroy (git-fixes). - RDMA/mana_ib: Support memory windows (git-fixes). - regulator: act8945a: fix OF node reference imbalance (git-fixes). - regulator: bd9571mwv: fix OF node reference imbalance (git-fixes). - regulator: max77650: fix OF node reference imbalance (git-fixes). - regulator: mt6357: fix OF node reference imbalance (git-fixes). - remoteproc: xlnx: Only access buffer information if IPI is buffered (git-fixes). - Revert "ALSA: usb: Increase volume range that triggers a warning" (git-fixes). - rtc: abx80x: Disable alarm feature if no interrupt attached (git-fixes). - rtc: ntxec: fix OF node reference imbalance (git-fixes). - sched/balancing: Switch the 'DEFINE_SPINLOCK(balancing)' spinlock into an 'atomic_t sched_balance_running' flag (bsc#1253754). - sched/fair: Change likelyhood of nohz.nr_cpus (bsc#1234634 bsc#1258961). - sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1253754). - sched/fair: Move checking for nohz cpus after time check (bsc#1234634 bsc#1258961). - sched/fair: Remove nohz.nr_cpus and use weight of cpumask instead (bsc#1234634 bsc#1258961). - sched/fair: Skip sched_balance_running cmpxchg when balance is not due (bsc#1253754). - scsi: storvsc: Handle PERSISTENT_RESERVE_IN truncation for Hyper-V vFC (git-fixes). - scsi: target: iscsi: validate CHAP_R length before base64 decode (bsc#1265449). - soc/tegra: cbb: Set ERD on resume for err interrupt (git-fixes). - soc: qcom: aoss: compare against normalized cooling state (git-fixes). - soc: qcom: llcc: fix v1 SB syndrome register offset (git-fixes). - sound: ua101: fix division by zero at probe (git-fixes). - soundwire: bus: demote UNATTACHED state warnings to dev_dbg() (git-fixes). - soundwire: cadence: Clear message complete before signaling waiting thread (git-fixes). - spi: at91-usart: fix controller deregistration (git-fixes). - spi: atmel: fix controller deregistration (git-fixes). - spi: cadence: fix controller deregistration (git-fixes). - spi: fix controller cleanup() documentation (git-fixes). - spi: fix misleading controller deregistration kernel-doc (git-fixes). - spi: fix misleading controller registration kernel-doc (git-fixes). - spi: fsl-qspi: Use reinit_completion() for repeated operations (git-fixes). - spi: hisi-kunpeng: prevent infinite while() loop in hisi_spi_flush_fifo (git-fixes). - spi: imx: fix runtime pm leak on probe deferral (git-fixes). - spi: imx: fix use-after-free on unbind (git-fixes). - spi: microchip-core-qspi: fix controller deregistration (git-fixes). - spi: microchip-core-qspi: Use helper function devm_clk_get_enabled() (stable-fixes). - spi: mpc52xx: fix use-after-free on unbind (git-fixes). - spi: mtk-nor: fix controller deregistration (git-fixes). - spi: mtk-snfi: unregister ECC engine on probe failure and remove() callback (git-fixes). - spi: omap2-mcspi: fix controller deregistration (git-fixes). - spi: orion: fix clock imbalance on registration failure (git-fixes). - spi: orion: fix runtime pm leak on unbind (git-fixes). - spi: rockchip: fix controller deregistration (git-fixes). - spi: rspi: fix controller deregistration (git-fixes). - spi: sh-hspi: fix controller deregistration (git-fixes). - spi: spi-ti-qspi: Convert to platform remove callback returning void (stable-fixes). - spi: sprd: fix controller deregistration (git-fixes). - spi: sun4i: fix controller deregistration (git-fixes). - spi: sun4i: switch to use modern name (stable-fixes). - spi: syncuacer: fix controller deregistration (git-fixes). - spi: synquacer: switch to use modern name (stable-fixes). - spi: uniphier: fix controller deregistration (git-fixes). - spi: uniphier: Simplify clock handling with devm_clk_get_enabled() (stable-fixes). - spi: uniphier: switch to use modern name (stable-fixes). - spi: zynq-qspi: switch to use modern name (stable-fixes). - spi: zynqmp-gqspi: fix controller deregistration (git-fixes). - staging: media: atomisp: Disallow all private IOCTLs (git-fixes). - staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() (git-fixes). - staging: sm750fb: fix division by zero in ps_to_hz() (git-fixes). - staging: vme_user: added bound check to geoid (stable-fixes). - staging: vme_user: fix root device leak on init failure (git-fixes). - thermal/drivers/spear: Fix error condition for reading st,thermal-flags (git-fixes). - thermal/drivers/sprd: Fix raw temperature clamping in sprd_thm_rawdata_to_temp (git-fixes). - thermal/drivers/sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata (git-fixes). - tpm: avoid -Wunused-but-set-variable (git-fixes). - tpm: tpm_tis: add error logging for data transfer (git-fixes). - tpm: tpm_tis: stop transmit if retries are exhausted (git-fixes). - tty: tty_io: update timestamps on all device nodes (bsc#1262020). - USB: cdc-acm: Add quirks for Yoga Book 9 14IAH10 INGENIC touchscreen (stable-fixes). - usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change (git-fixes). - usb: chipidea: otg: not wait vbus drop if use role_switch (git-fixes). - USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (stable-fixes). - usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (stable-fixes). - usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() (git-fixes). - usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() (stable-fixes). - usb: gadget: f_uac1_legacy: validate control request size (stable-fixes). - usb: gadget: renesas_usb3: validate endpoint index in standard request handlers (git-fixes). - USB: omap_udc: DMA: Don't enable burst 4 mode (git-fixes). - usb: port: add delay after usb_hub_set_port_power() (git-fixes). - usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (stable-fixes). - USB: serial: io_edgeport: add support for Blackbox IC135A (stable-fixes). - USB: serial: option: add MeiG Smart SRM825WN (stable-fixes). - USB: serial: option: add support for Rolling Wireless RW135R-GL (stable-fixes). - USB: serial: option: add Telit Cinterion FN990A MBIM composition (stable-fixes). - USB: serial: option: add Telit Cinterion LE910Cx compositions (stable-fixes). - usb: storage: Expand range of matched versions for VL817 quirks entry (stable-fixes). - usb: ulpi: fix memory leak on ulpi_register() error paths (git-fixes). - usb: usblp: fix heap leak in IEEE 1284 device ID via short response (stable-fixes). - usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl (stable-fixes). - usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable() (git-fixes). - usbip: validate number_of_packets in usbip_pack_ret_submit() (git-fixes). - virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (git-fixes). - virt: tdx-guest: Return error for GetQuote failures (git-fixes). - wifi: ath5k: do not access array OOB (git-fixes). - wifi: ath9k: Fix typo (git-fixes). - wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (git-fixes). - wifi: ath11k: skip status ring entry processing (stable-fixes). - wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation (stable-fixes). - wifi: b43: enforce bounds check on firmware key index in b43_rx() (git-fixes). - wifi: b43legacy: enforce bounds check on firmware key index in RX path (git-fixes). - wifi: brcmfmac: Fix error pointer dereference (git-fixes). - wifi: brcmfmac: validate bsscfg indices in IF events (stable-fixes). - wifi: brcmsmac: Fix dma_free_coherent() size (git-fixes). - wifi: cw1200: Revert "Fix locking in error paths" (git-fixes). - wifi: libertas: notify firmware load wait on disconnect (git-fixes). - wifi: mac80211: check ieee80211_rx_data_set_link return in pubsta MLO path (git-fixes). - wifi: mac80211: drop stray 'static' from fast-RX rx_result (git-fixes). - wifi: mac80211: remove station if connection prep fails (git-fixes). - wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor (stable-fixes). - wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling (git-fixes). - wifi: mt76: mt7615: fix use_cts_prot support (git-fixes). - wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work() (git-fixes). - wifi: mt76: mt7915: fix use_cts_prot support (git-fixes). - wifi: mt76: mt7921: fix a potential clc buffer length underflow (git-fixes). - wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work (git-fixes). - wifi: mt76: mt7921: Reset ampdu_state state in case of failure in mt76_connac2_tx_check_aggr() (git-fixes). - wifi: mt76: mt7925: fix incorrect length field in txpower command (git-fixes). - wifi: mt76: mt7996: fix FCS error flag check in RX descriptor (git-fixes). - wifi: mt76: mt7996: fix struct mt7996_mcu_uni_event (git-fixes). - wifi: mwifiex: Fix memory leak in mwifiex_11n_aggregate_pkt() (git-fixes). - wifi: nl80211: fix NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST usage (git-fixes). - wifi: nl80211: require admin perm on SET_PMK / DEL_PMK (git-fixes). - wifi: rsi: fix kthread lifetime race between self-exit and external-stop (git-fixes). - wifi: rt2x00usb: fix devres lifetime (git-fixes). - wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet (git-fixes). - wifi: rtw88: check for PCI upstream bridge existence (git-fixes). - wifi: rtw88: fix device leak on probe failure (git-fixes). - wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap() (git-fixes). - wifi: wl1251: validate packet IDs before indexing tx_frames (stable-fixes). - workqueue: Break up enum definitions and give names to the types (bsc#1260522). - workqueue: Clean up enum work_bits and related constants (bsc#1260522). - workqueue: Factor out work_grab_pending() from __cancel_work_sync() (bsc#1260522). - workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() (bsc#1260522). - workqueue: Implement disable/enable for (delayed) work items (bsc#1260522). - workqueue: Introduce work_cancel_flags (bsc#1260522). - workqueue: Make @flags handling consistent across set_work_data() and friends (bsc#1260522). - workqueue: Preserve OFFQ bits in cancel[_sync] paths (bsc#1260522). - workqueue: Rename __cancel_work_timer() to __cancel_timer_sync() (bsc#1260522). - workqueue: Reorganize flush and cancel[_sync] functions (bsc#1260522). - x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 (git-fixes). - x86/boot/sev: Avoid shared GHCB page for early memory acceptance (git-fixes). - x86/boot: Don't add the EFI stub to targets, again (git-fixes). - x86/boot: Fix page table access in 5-level to 4-level paging transition (git-fixes). - X.509: Fix out-of-bounds access when parsing extensions (git-fixes). - Xarray: do not return sibling entries from xas_find_marked() (bsc#1263815).

---

Patchnames: SUSE-SLE-Micro-6.0-kernel-435

---

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).