ELBA-2026-9320 Oracle Linux 10 microcode_ctl bug fix and enhancement update
ELSA-2026-11413 Important: Oracle Linux 10 yggdrasil security update
ELSA-2026-11412 Important: Oracle Linux 10 yggdrasil-worker-package-manager security update
ELSA-2026-11389 Important: Oracle Linux 10 vim security update
ELSA-2026-11352 Important: Oracle Linux 10 xorg-x11-server-Xwayland security update
ELBA-2026-50243 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update
ELSA-2026-11388 Important: Oracle Linux 9 xorg-x11-server security update
ELSA-2026-11369 Important: Oracle Linux 9 xorg-x11-server-Xwayland security update
ELSA-2026-11360 Important: Oracle Linux 9 LibRaw security update
ELBA-2026-50246 Oracle Linux 9 podman bug fix update
ELBA-2026-50245 Oracle Linux 9 golang bug fix update
ELBA-2026-50243 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update
ELBA-2026-50243 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update
ELSA-2026-11349 Moderate: Oracle Linux 8 libxml2 security update
ELSA-2026-10704 Important: Oracle Linux 8 go-toolset:rhel8 security update
ELSA-2026-6007 Moderate: Oracle Linux 6 Extended Lifecycle Support (ELS) python security update
ELBA-2026-9320 Oracle Linux 10 microcode_ctl bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-9320
http://linux.oracle.com/errata/ELBA-2026-9320.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
microcode_ctl-20250812-1.20260210.1.0.1.el10_1.noarch.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/microcode_ctl-20250812-1.20260210.1.0.1.el10_1.src.rpm
Description of changes:
[20250812-1.20260210.1.0.1]
- enable use with ueknext and UEK8 kernels
- don't bother calling dracut if virtualized
- ensure UEK also rebuilds initramfs
- enable early update for 06-4f-01
- enable early and late load on RHCK
[4:20250812-1.20260210-1]
- Update Intel CPU microcode to microcode-20260210 release (RHEL-152418)
- Microcode files (/platform_mask shown) with revision updates (in hex):
06-6a-06/87: Ice Lake-X: d000410 to d000421
06-6c-01/10: Ice Lake-D: 10002e0 to 10002f1
06-7e-05/80: Ice Lake-L: 00ca to 00cc
06-8c-01/80: Tiger Lake: 00bc to 00be
06-8c-02/c2: Tiger Lake: 003c to 003e
06-8d-01/c2: Tiger Lake-H: 0056 to 0058
06-8f-07/87: Sapphire Rapids: 2b000650 to 2b000661
06-8f-08/10: Sapphire Rapids with HBM: 2c000410 to 2c000421
06-8f-08/87: Sapphire Rapids: 2b000650 to 2b000661
06-97-02/07: Alder Lake: 003d to 003e
06-97-05/07: Alder Lake: 003d to 003e
06-9a-03/80: Alder Lake-L: 043a to 043b
06-9a-04/80: Alder Lake-L: 043a to 043b
06-9a-04/40: Arizona Beach (Atom C11xx): 000b to 000c
06-9a-04/80: Alder Lake-L: 043a to 043b
06-a7-01/02: Rocket Lake: 0064 to 0065
06-aa-04/e6: Meteor Lake-L: 0025 to 0028
06-ad-01/20: Granite Rapids-X: a000124 to a000133
06-ad-01/95: Granite Rapids-X: 10003f0 to 1000405
06-ae-01/97: Granite Rapids-D: 1000273 to 10002f3
06-b5-00/80: Arrow Lake-U: 000a to 000d
06-b7-01/32: Raptor Lake: 0132 to 0133
06-ba-02/e0: Raptor Lake-P: 6133 to 6134
06-ba-03/e0: Raptor Lake-P: 6133 to 6134
06-be-00/19: Gracemont (Alder Lake-N): 001e to 0021
06-bf-02/07: Raptor Lake-S: 003d to 003e
06-bf-05/07: Raptor Lake-S: 003d to 003e
06-c5-02/82: Arrow Lake-H: 011a to 011b
06-c6-02/82: Arrow Lake: 011a to 011b
06-cf-02/87: Emerald Rapids: 210002c0 to 210002d3
Resolves: RHEL-152418
ELSA-2026-11413 Important: Oracle Linux 10 yggdrasil security update
Oracle Linux Security Advisory ELSA-2026-11413
http://linux.oracle.com/errata/ELSA-2026-11413.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
yggdrasil-0.4.8-4.el10_1.x86_64.rpm
yggdrasil-devel-0.4.8-4.el10_1.x86_64.rpm
aarch64:
yggdrasil-0.4.8-4.el10_1.aarch64.rpm
yggdrasil-devel-0.4.8-4.el10_1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/yggdrasil-0.4.8-4.el10_1.src.rpm
Related CVEs:
CVE-2026-25679
Description of changes:
[0.4.8-4]
- Bump release for rebuild
ELSA-2026-11412 Important: Oracle Linux 10 yggdrasil-worker-package-manager security update
Oracle Linux Security Advisory ELSA-2026-11412
http://linux.oracle.com/errata/ELSA-2026-11412.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
yggdrasil-worker-package-manager-0.2.3-5.el10_1.x86_64.rpm
aarch64:
yggdrasil-worker-package-manager-0.2.3-5.el10_1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/yggdrasil-worker-package-manager-0.2.3-5.el10_1.src.rpm
Related CVEs:
CVE-2026-25679
Description of changes:
[0.2.3-5]
- Bump release for rebuild
ELSA-2026-11389 Important: Oracle Linux 10 vim security update
Oracle Linux Security Advisory ELSA-2026-11389
http://linux.oracle.com/errata/ELSA-2026-11389.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
vim-X11-9.1.083-6.0.1.el10_1.4.x86_64.rpm
vim-common-9.1.083-6.0.1.el10_1.4.x86_64.rpm
vim-data-9.1.083-6.0.1.el10_1.4.noarch.rpm
vim-enhanced-9.1.083-6.0.1.el10_1.4.x86_64.rpm
vim-filesystem-9.1.083-6.0.1.el10_1.4.noarch.rpm
vim-minimal-9.1.083-6.0.1.el10_1.4.x86_64.rpm
xxd-9.1.083-6.0.1.el10_1.4.x86_64.rpm
aarch64:
vim-X11-9.1.083-6.0.1.el10_1.4.aarch64.rpm
vim-common-9.1.083-6.0.1.el10_1.4.aarch64.rpm
vim-data-9.1.083-6.0.1.el10_1.4.noarch.rpm
vim-enhanced-9.1.083-6.0.1.el10_1.4.aarch64.rpm
vim-filesystem-9.1.083-6.0.1.el10_1.4.noarch.rpm
vim-minimal-9.1.083-6.0.1.el10_1.4.aarch64.rpm
xxd-9.1.083-6.0.1.el10_1.4.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/vim-9.1.083-6.0.1.el10_1.4.src.rpm
Related CVEs:
CVE-2026-34982
Description of changes:
[9.1.083-6.0.1.el10_1.4]
- Remove upstream references [Orabug: 31197557]
[2:9.1.083-6.4]
- Resolves: RHEL-164951 vim: arbitrary command execution via modeline sandbox bypass
[2:9.1.083-6.3]
- RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
[2:9.1.083-6.2]
- RHEL-155409 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
[2:9.1.083-6.2]
- RHEL-155425 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
[2:9.1.083-6.1]
- RHEL-147922 CVE-2026-25749 vim: Heap Overflow in Vim
ELSA-2026-11352 Important: Oracle Linux 10 xorg-x11-server-Xwayland security update
Oracle Linux Security Advisory ELSA-2026-11352
http://linux.oracle.com/errata/ELSA-2026-11352.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
xorg-x11-server-Xwayland-24.1.5-6.el10_1.x86_64.rpm
xorg-x11-server-Xwayland-devel-24.1.5-6.el10_1.x86_64.rpm
aarch64:
xorg-x11-server-Xwayland-24.1.5-6.el10_1.aarch64.rpm
xorg-x11-server-Xwayland-devel-24.1.5-6.el10_1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/xorg-x11-server-Xwayland-24.1.5-6.el10_1.src.rpm
Related CVEs:
CVE-2026-33999
CVE-2026-34001
CVE-2026-34003
Description of changes:
[24.1.5-6]
- CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001
CVE-2026-34002, CVE-2026-34003
Resolves: https://redhat.atlassian.net/browse/RHEL-163188
Resolves: https://redhat.atlassian.net/browse/RHEL-163284
Resolves: https://redhat.atlassian.net/browse/RHEL-163242
ELBA-2026-50243 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-50243
http://linux.oracle.com/errata/ELBA-2026-50243.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-319.201.4.3.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-319.201.4.3.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-319.201.4.3.el9uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-319.201.4.3.el9uek.src.rpm
Description of changes:
[5.15.0-319.201.4.3]
- uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39263158]
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Lu Baolu) [Orabug: 39263158]
- iommu/vt-d: Set variable intel_dirty_ops to static (Kunwu Chan) [Orabug: 39263158]
- iommu/vt-d: Access/Dirty bit support for SS domains (Joao Martins) [Orabug: 39263158]
- iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39261287]
- iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39261287]
- iommu/amd: Move helpers to update IOMMU features to amd_iommu.h (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39261287]
- x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov (AMD)) [Orabug: 39261281]
ELSA-2026-11388 Important: Oracle Linux 9 xorg-x11-server security update
Oracle Linux Security Advisory ELSA-2026-11388
http://linux.oracle.com/errata/ELSA-2026-11388.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
xorg-x11-server-Xdmx-1.20.11-33.el9_7.x86_64.rpm
xorg-x11-server-Xephyr-1.20.11-33.el9_7.x86_64.rpm
xorg-x11-server-Xnest-1.20.11-33.el9_7.x86_64.rpm
xorg-x11-server-Xorg-1.20.11-33.el9_7.x86_64.rpm
xorg-x11-server-Xvfb-1.20.11-33.el9_7.x86_64.rpm
xorg-x11-server-common-1.20.11-33.el9_7.x86_64.rpm
xorg-x11-server-devel-1.20.11-33.el9_7.i686.rpm
xorg-x11-server-devel-1.20.11-33.el9_7.x86_64.rpm
xorg-x11-server-source-1.20.11-33.el9_7.noarch.rpm
aarch64:
xorg-x11-server-Xdmx-1.20.11-33.el9_7.aarch64.rpm
xorg-x11-server-Xephyr-1.20.11-33.el9_7.aarch64.rpm
xorg-x11-server-Xnest-1.20.11-33.el9_7.aarch64.rpm
xorg-x11-server-Xorg-1.20.11-33.el9_7.aarch64.rpm
xorg-x11-server-Xvfb-1.20.11-33.el9_7.aarch64.rpm
xorg-x11-server-common-1.20.11-33.el9_7.aarch64.rpm
xorg-x11-server-devel-1.20.11-33.el9_7.aarch64.rpm
xorg-x11-server-source-1.20.11-33.el9_7.noarch.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/xorg-x11-server-1.20.11-33.el9_7.src.rpm
Related CVEs:
CVE-2026-33999
CVE-2026-34001
CVE-2026-34003
Description of changes:
[1.20.11-33]
- CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001
CVE-2026-34002, CVE-2026-34003
Resolves: https://redhat.atlassian.net/browse/RHEL-163225
Resolves: https://redhat.atlassian.net/browse/RHEL-163307
Resolves: https://redhat.atlassian.net/browse/RHEL-163238
ELSA-2026-11369 Important: Oracle Linux 9 xorg-x11-server-Xwayland security update
Oracle Linux Security Advisory ELSA-2026-11369
http://linux.oracle.com/errata/ELSA-2026-11369.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
xorg-x11-server-Xwayland-23.2.7-6.el9_7.i686.rpm
xorg-x11-server-Xwayland-23.2.7-6.el9_7.x86_64.rpm
xorg-x11-server-Xwayland-devel-23.2.7-6.el9_7.i686.rpm
xorg-x11-server-Xwayland-devel-23.2.7-6.el9_7.x86_64.rpm
aarch64:
xorg-x11-server-Xwayland-23.2.7-6.el9_7.aarch64.rpm
xorg-x11-server-Xwayland-devel-23.2.7-6.el9_7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/xorg-x11-server-Xwayland-23.2.7-6.el9_7.src.rpm
Related CVEs:
CVE-2026-33999
CVE-2026-34001
CVE-2026-34003
Description of changes:
[23.2.7-6]
- CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001
CVE-2026-34002, CVE-2026-34003
Resolves: https://redhat.atlassian.net/browse/RHEL-163198
Resolves: https://redhat.atlassian.net/browse/RHEL-163294
Resolves: https://redhat.atlassian.net/browse/RHEL-163252
ELSA-2026-11360 Important: Oracle Linux 9 LibRaw security update
Oracle Linux Security Advisory ELSA-2026-11360
http://linux.oracle.com/errata/ELSA-2026-11360.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
LibRaw-0.21.1-2.el9_7.i686.rpm
LibRaw-0.21.1-2.el9_7.x86_64.rpm
LibRaw-devel-0.21.1-2.el9_7.i686.rpm
LibRaw-devel-0.21.1-2.el9_7.x86_64.rpm
aarch64:
LibRaw-0.21.1-2.el9_7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/LibRaw-0.21.1-2.el9_7.src.rpm
Related CVEs:
CVE-2026-21413
CVE-2026-24450
Description of changes:
[0.21.1-2]
- Fix CVE-2026-21413 and CVE-2026-24450
Resolves: RHEL-165373, RHEL-165456
ELBA-2026-50246 Oracle Linux 9 podman bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-50246
http://linux.oracle.com/errata/ELBA-2026-50246.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
podman-5.6.0-14.0.2.el9_7.x86_64.rpm
podman-docker-5.6.0-14.0.2.el9_7.noarch.rpm
podman-plugins-5.6.0-14.0.2.el9_7.x86_64.rpm
podman-remote-5.6.0-14.0.2.el9_7.x86_64.rpm
podman-tests-5.6.0-14.0.2.el9_7.x86_64.rpm
aarch64:
podman-5.6.0-14.0.2.el9_7.aarch64.rpm
podman-docker-5.6.0-14.0.2.el9_7.noarch.rpm
podman-plugins-5.6.0-14.0.2.el9_7.aarch64.rpm
podman-remote-5.6.0-14.0.2.el9_7.aarch64.rpm
podman-tests-5.6.0-14.0.2.el9_7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/podman-5.6.0-14.0.2.el9_7.src.rpm
Description of changes:
[5.6.0-14.0.2]
- Rebuild on new golang to support experimental GODEBUG fipsnoenforceems
ELBA-2026-50245 Oracle Linux 9 golang bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-50245
http://linux.oracle.com/errata/ELBA-2026-50245.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
golang-1.25.9-1.0.1.el9_7.x86_64.rpm
golang-bin-1.25.9-1.0.1.el9_7.x86_64.rpm
golang-docs-1.25.9-1.0.1.el9_7.noarch.rpm
golang-misc-1.25.9-1.0.1.el9_7.noarch.rpm
golang-race-1.25.9-1.0.1.el9_7.x86_64.rpm
golang-src-1.25.9-1.0.1.el9_7.noarch.rpm
golang-tests-1.25.9-1.0.1.el9_7.noarch.rpm
go-toolset-1.25.9-1.0.1.el9_7.x86_64.rpm
aarch64:
golang-1.25.9-1.0.1.el9_7.aarch64.rpm
golang-bin-1.25.9-1.0.1.el9_7.aarch64.rpm
golang-docs-1.25.9-1.0.1.el9_7.noarch.rpm
golang-misc-1.25.9-1.0.1.el9_7.noarch.rpm
golang-race-1.25.9-1.0.1.el9_7.aarch64.rpm
golang-src-1.25.9-1.0.1.el9_7.noarch.rpm
golang-tests-1.25.9-1.0.1.el9_7.noarch.rpm
go-toolset-1.25.9-1.0.1.el9_7.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/golang-1.25.9-1.0.1.el9_7.src.rpm
Description of changes:
[1.25.9-1.0.1]
- EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var
ELBA-2026-50243 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-50243
http://linux.oracle.com/errata/ELBA-2026-50243.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
aarch64:
bpftool-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-319.201.4.3.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-319.201.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-319.201.4.3.el9uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-319.201.4.3.el9uek.src.rpm
Description of changes:
[5.15.0-319.201.4.3]
- uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39263158]
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Lu Baolu) [Orabug: 39263158]
- iommu/vt-d: Set variable intel_dirty_ops to static (Kunwu Chan) [Orabug: 39263158]
- iommu/vt-d: Access/Dirty bit support for SS domains (Joao Martins) [Orabug: 39263158]
- iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39261287]
- iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39261287]
- iommu/amd: Move helpers to update IOMMU features to amd_iommu.h (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39261287]
- x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov (AMD)) [Orabug: 39261281]
[5.15.0-319.201.4.2]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Vijayendra Suman) [Orabug: 39200414]
[5.15.0-319.201.4.1]
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Sean Christopherson) [Orabug: 39153095]
- vfio: Adapt to upstream uAPI for VFIO_PRECOPY_INFO_REINIT (Maciej S. Szmigiero) [Orabug: 39153092]
- vfio/mlx5: Add REINIT support to VFIO_MIG_GET_PRECOPY_INFO (Yishai Hadas) [Orabug: 39153077]
- vfio/mlx5: consider inflight SAVE during PRE_COPY (Yishai Hadas) [Orabug: 39153077]
- net/mlx5: Add IFC bits for migration state (Yishai Hadas) [Orabug: 39153077]
- vfio: Adapt drivers to use the core helper vfio_check_precopy_ioctl (Yishai Hadas) [Orabug: 39153077]
- vfio: Add support for VFIO_DEVICE_FEATURE_MIG_PRECOPY_INFOv2 (Yishai Hadas) [Orabug: 39153077]
- vfio: Define uAPI for re-init initial bytes during the PRE_COPY phase (Yishai Hadas) [Orabug: 39153077]
[5.15.0-319.201.4]
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (Michael Chan) [Orabug: 39086190]
- net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (Fernando Fernandez Mancera) [Orabug: 39080807]
- hv_netvsc: Use VF's tso_max_size value when data path is VF (Shradha Gupta) [Orabug: 39065407]
- net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (Shradha Gupta) [Orabug: 39065407]
- IPv6/GRO: generic helper to remove temporary HBH/jumbo header in driver (Coco Li) [Orabug: 39065407]
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39045034]
- exadata: tools: perf: use comm_ignore_digit for report, top (Stephen Brennan) [Orabug: 38567667]
- tools: perf: add comm_ignore_digit column (Stephen Brennan) [Orabug: 38567667]
- mm/page_alloc: ignore the exact initial compaction result (Vlastimil Babka) [Orabug: 39071712]
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (Vlastimil Babka) [Orabug: 39071712]
- rds: Add state field to RDS trace logs. (Rohit Nair) [Orabug: 38870357]
- i3c: Move device name assignment after i3c_bus_init (Billy Tsai)
- ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() (Ziyi Guo)
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet)
- netfilter: nf_conncount: fix tracking of connections from localhost (Fernando Fernandez Mancera)
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug (Niklas Schnelle)
- Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (Niklas Schnelle)
- rtc: interface: Alarm race handling should not discard preceding error (Anthony Pighin (Nokia))
[5.15.0-319.201.3]
- arm64: pensando: Add non-caching option to capmem/mmap (Rob Gardner) [Orabug: 39017011]
- PCI: Fix BUILD_BUG_ON usage for old gcc (Alex Williamson) [Orabug: 39021252]
- PCI: Batch BAR sizing operations (Alex Williamson) [Orabug: 39021252]
- net: tunnel: make skb_vlan_inet_prepare() return drop reasons (Menglong Dong) [Orabug: 39053373]
[5.15.0-319.201.2]
- LTS version: v5.15.201 (Vijayendra Suman)
- USB: serial: option: add Telit FN920C04 RNDIS compositions (Fabio Porcedda)
- f2fs: fix out-of-bounds access in sysfs attribute read/write (Yongpeng Yang)
- f2fs: fix to avoid UAF in f2fs_write_end_io() (Chao Yu)
- fbdev: smscufx: properly copy ioctl memory to kernelspace (Greg Kroah-Hartman)
- fbdev: rivafb: fix divide error in nv3_arb() (Guangshuo Li)
- PCI: endpoint: Avoid creating sub-groups asynchronously (Liu Song)
- PCI: endpoint: Remove unused field in struct pci_epf_group (Christophe JAILLET)
- PCI: endpoint: Automatically create a function specific attributes group (Damien Le Moal)
- scsi: qla2xxx: Free sp in error path to fix system crash (Anil Gurumurthy)
- scsi: qla2xxx: Use named initializers for port_[d]state_str (Gleb Chesnokov)
- scsi: qla2xxx: Fix bsg_done() causing double free (Anil Gurumurthy)
- bus: fsl-mc: fix use-after-free in driver_override_show() (Gui-Dong Han)
- bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in sysfs show functions (Chelsy Ratnawat)
- smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() (Henrique Carvalho)
- crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req (Bibo Mao)
- mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (Eric Dumazet)
- selftests: mptcp: pm: ensure unknown flags are ignored (Matthieu Baerts (NGI0))
- net: dsa: free routing table on probe failure (Vladimir Oltean)
- smb: client: set correct id, uid and cruid for multiuser automounts (Paulo Alcantara)
- btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (Boris Burkov)
- Revert "wireguard: device: enable threaded NAPI" (Daniel Borkmann)
- gpiolib: acpi: Fix gpio count with string references (Alban Bedel)
- ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put() (Ziyi Guo)
- platform/x86: panasonic-laptop: Fix sysfs group leak in error path (Rafael J. Wysocki)
- platform/x86: classmate-laptop: Add missing NULL pointer checks (Rafael J. Wysocki)
- drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not used (Brahmajit Das)
- romfs: check sb_set_blocksize() return value (Deepanshu Kartikey)
- gpio: sprd: Change sprd_gpio lock to raw_spin_lock (Xuewen Yan)
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU (Tim Guttzeit)
- gpio: omap: do not register driver in probe() (Danilo Krummrich)
- scsi: qla2xxx: Query FW again before proceeding with login (Anil Gurumurthy)
- scsi: qla2xxx: Delay module unload while fabric scan in progress (Anil Gurumurthy)
- scsi: qla2xxx: Validate sp before freeing associated memory (Anil Gurumurthy)
- nilfs2: Fix potential block overflow that cause system hang (Edward Adam Davis)
- crypto: virtio - Add spinlock protection with virtqueue notification (Bibo Mao)
- crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly (Kees Cook)
- crypto: octeontx - Fix length check to avoid truncation in ucode_load_store (Thorsten Blum)
- LTS version: v5.15.200 (Vijayendra Suman)
- riscv: Replace function-like macro by static inline function (Björn Töpel)
- nvmet-tcp: pass iov_len instead of sg->length to bvec_set_page() (Varun Prakash)
- spi: tegra: Fix a memory leak in tegra_slink_probe() (Felix Gu)
- spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one (Breno Leitao)
- spi: tegra210-quad: Move curr_xfer read inside spinlock (Breno Leitao)
- iommu: disable SVA when CONFIG_X86 is set (Lu Baolu)
- Bluetooth: hci_event: call disconnect callback before deleting conn (Pauli Virtanen)
- gve: Correct ethtool rx_dropped calculation (Max Yuan)
- gve: Fix stats report corruption on queue count change (Debarghya Kundu)
- gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andreas Gruenbacher)
- riscv: uprobes: Add missing fence.i after building the XOL buffer (Björn Töpel)
- ASoC: amd: fix memory leak in acp3x pdm dma ops (Chris Bainbridge)
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (YunJe Shin)
- netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (Andrew Fasano)
- hwmon: (occ) Mark occ_init_attribute() as __printf (Arnd Bergmann)
- tipc: use kfree_sensitive() for session key material (Daniel Hodges)
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet)
- dpaa2-switch: add bounds check for if_id in IRQ handler (Junrui Luo)
- net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup (Zilin Guan)
- net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup (Zilin Guan)
- net: liquidio: Initialize netdev pointer before queue setup (Zilin Guan)
- dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero (Junrui Luo)
- platform/x86: intel_telemetry: Fix PSS event register mask (Kaushlendra Kumar)
- platform/x86: toshiba_haps: Fix memory leaks in add/remove routines (Rafael J. Wysocki)
- wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice (Miri Korenblit)
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi)
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi)
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates (Veerendranath Jakkam)
- ASoC: tlv320adcx140: Propagate error codes during probe (Dimitrios Katsaros)
- ASoC: davinci-evm: Fix reference leak in davinci_evm_probe (Kery Qi)
- wifi: mac80211: collect station statistics earlier when disconnect (Baochen Qiang)
- ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free (Wupeng Ma)
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) (Rodrigo Lugathe da Conceição Alves)
- HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list (Chris Chiu)
- netfilter: replace -EEXIST with -EBUSY (Daniel Gomez)
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk (Ruslan Krupitsa)
- HID: playstation: Center initial joystick axes to prevent spurious events (Siarhei Vishniakou)
- HID: intel-ish-hid: Reset enum_devices_done before enumeration (Zhang Lixu)
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL (DaytonCL)
- smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() (ZhangGuoDong)
- block,bfq: fix aux stat accumulation destination (shechenglong)
- net: usb: sr9700: support devices with virtual driver CD (Ethan Nelson-Moore)
- wifi: wlcore: ensure skb headroom before skb_push (Peter Åstrand)
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined (Moon Hee Lee)
- binderfs: fix ida_alloc_max() upper bound (Carlos Llamas)
- Bluetooth: hci_qca: Fix the teardown problem for real (Thomas Gleixner)
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (Steven Rostedt (Google))
- ARM: spear: Do not use timer namespace for timer_shutdown() function (Steven Rostedt (Google))
- Documentation: Remove bogus claim about del_timer_sync() (Thomas Gleixner)
- netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (Pablo Neira Ayuso)
- mm/kfence: randomize the freelist on initialization (Pimyn Girgis)
- KVM: Don't clobber irqfd routing type when deassigning irqfd (Sean Christopherson)
- ARM: 9468/1: fix memset64() on big-endian (Thomas Weissschuh)
- rbd: check for EOD after exclusive lock is ensured to be held (Ilya Dryomov)
- platform/x86: intel_telemetry: Fix swapped arrays in PSS output (Kaushlendra Kumar)
[5.15.0-319.199.1]
- genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask (Imran Khan) [Orabug: 39001910]
- nvme-pci: fix stuck reset on concurrent DPC and HP (Keith Busch) [Orabug: 38928033]
- nvme: cancel pending I/O if nvme controller is in terminal state (Nilay Shroff) [Orabug: 38928033]
- nvme-pci: fix queue unquiesce check on slot_reset (Keith Busch) [Orabug: 38928033]
- nvme: ensure disabling pairs with unquiesce (Keith Busch) [Orabug: 38928033]
- ionic: Rate limit unknown xcvr type messages (Eric Joyner) [Orabug: 38977644]
[5.15.0-318.199.3]
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (Kang Chen)
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (Breno Leitao) [Orabug: 38970594] {CVE-2026-23202}
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer (Breno Leitao)
- spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer (Breno Leitao)
- x86/kfence: fix booting on 32bit non-PAE systems (Andrew Cooper)
- KVM: x86: Don't snapshot "max" TSC if host TSC is constant (Sean Christopherson) [Orabug: 38966500]
- KVM: x86: Accept KVM_[GS]ET_TSC_KHZ as a VM ioctl. (David Woodhouse) [Orabug: 38966500]
- sfc: fix NULL dereferences in ef100_process_design_param() (Edward Cree) [Orabug: 37855346] {CVE-2025-37860}
- Revert "net/rds: fix crash by expanding kref coverage to rds_incoming.i_conn" (Sharath Srinivasan) [Orabug: 38937481]
- Revert "net/rds: expand kref coverage to rds_notifier->n_conn" (Sharath Srinivasan) [Orabug: 38937481]
[5.15.0-318.199.2]
- drivers/soc/pensando/penfw: Add support for pcie serdes fw download. (Hiren Mehta) [Orabug: 38953591]
- arm64: pensando: Add support for kpcimgr dynamic event queue (Rob Gardner) [Orabug: 38928823]
- procfs: move dropping pde and pid from ->evict_inode() to ->free_inode() (Al Viro) [Orabug: 38945002]
- ext4/jbd2: skip sb flush when EIO happened (Wengang Wang) [Orabug: 38188749]
- jbd2: store more accurate errno in superblock when possible (Wengang Wang) [Orabug: 38188749]
- Revert "IB/mlx5: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923519]
- Revert "IB/core: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923519]
- Revert "IB/core: Fix off-by-one attr index in setup_hw_port_stats" (Sharath Srinivasan) [Orabug: 38923519]
- drivers/soc/pensando/bsm: Fix various issues with secure-mode. (Hiren Mehta) [Orabug: 38944299]
- net/rds: wait_event_timeout until zero connections during rmmod (Sharath Srinivasan) [Orabug: 38928274]
- net/rds: rds_send_xmit should INIT_LIST_HEAD(&to_be_dropped) on restart (Sharath Srinivasan) [Orabug: 38928272]
- net/rds: fix rds_message memleak in rds_send_queue_rm (Sharath Srinivasan) [Orabug: 38928270]
- net/rds: fix rds_message memleak in rds_send_xmit (Sharath Srinivasan) [Orabug: 38923496]
[5.15.0-318.199.1]
- LTS version: v5.15.199 (Vijayendra Suman)
- wifi: cfg80211: init wiphy_work before allocating rfkill fails (Edward Adam Davis) [Orabug: 39004275] {CVE-2025-22119}
- wifi: cfg80211: fully move wiphy work to unbound workqueue (Johannes Berg)
- wifi: cfg80211: cancel wiphy_work before freeing wiphy (Miri Korenblit) [Orabug: 39004414] {CVE-2025-21979}
- wifi: cfg80211: fix wiphy delayed work queueing (Johannes Berg)
- wifi: cfg80211: use system_unbound_wq for wiphy work (Johannes Berg)
- team: Move team device type change at the end of team_port_add (Nikola Z. Ivanov)
- pinctrl: meson: mark the GPIO controller as sleeping (Bartosz Golaszewski)
- mptcp: avoid dup SUB_CLOSED events after disconnect (Matthieu Baerts)
- writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 (Laveesh Bansal)
- drm/imx/tve: fix probe device leak (Johan Hovold)
- pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver (Bartosz Golaszewski)
- net/sched: act_ife: convert comma to semicolon (Chen Ni)
- btrfs: prevent use-after-free on page private data in btrfs_subpage_clear_uptodate() (Jp Kobryn)
- drm/amdkfd: fix a memory leak in device_queue_manager_init() (Haoxiang Li)
- can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde)
- genirq/irq_sim: Initialize work context pointers properly (Gyeyoung Baek)
- HID: uclogic: Add NULL check in uclogic_input_configured() (Henry Martin) [Orabug: 39004242] {CVE-2025-38007}
- HID: uclogic: Correct devm device reference for hidinput input_dev name (Rahul Rameshbabu)
- wifi: mac80211: move TDLS work to wiphy work (Johannes Berg)
- wifi: mac80211: use wiphy work for sdata->work (Johannes Berg)
- wifi: cfg80211: add a work abstraction with special semantics (Johannes Berg)
- Bluetooth: Fix hci_suspend_sync crash (Ying Hsu)
- net: stmmac: make sure that ptp_rate is not 0 before configuring EST (Alexis Lothoré)
- usbnet: Fix using smp_processor_id() in preemptible code warnings (Zqiang) [Orabug: 38649206] {CVE-2025-40164}
- NFSD: fix race between nfsd registration and exports_proc (Maninder Singh) [Orabug: 38158712] {CVE-2025-38232}
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (Luis Henriques)
- espintcp: fix skb leaks (Sabrina Dubroca) [Orabug: 38094997] {CVE-2025-38057}
- fs/ntfs3: Initialize allocated memory before use (Bartlomiej Kubik)
- ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency (Namjae Jeon)
- drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (Gaosheng Cui)
- ksm: use range-walk function to jump over holes in scan_get_next_rmap_item (Pedro Demarchi Gomes) [Orabug: 38773375] {CVE-2025-68211}
- mm/pagewalk: add walk_page_range_vma() (David Hildenbrand)
- ksmbd: smbd: fix dma_unmap_sg() nents (Thomas Fourier)
- mei: trace: treat reg parameter as string (Alexander Usyskin)
- ALSA: scarlett2: Fix buffer overflow in config retrieval (Samasth Norway Ananda)
- nvme: fix PCIe subsystem reset controller state transition (Nilay Shroff)
- nvme-pci: do not directly handle subsys reset fallout (Keith Busch)
- nvme-fc: rename free_ctrl callback to match name pattern (Daniel Wagner)
- xfs: set max_agbno to allow sparse alloc of last full inode chunk (Brian Foster)
- dmaengine: stm32: dmamux: fix device leak on route allocation (Johan Hovold)
- dmaengine: stm32: dmamux: fix OF node leak on route allocation failure (Johan Hovold)
- w1: therm: Fix off-by-one buffer overflow in alarms_store (Thorsten Blum) [Orabug: 38930799] {CVE-2025-71197}
- w1: w1_therm: use swap() to make code cleaner (Yang Guang)
- arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s (Geraldo Nascimento)
- scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() (Abdun Nihaal) [Orabug: 38931015] {CVE-2026-23087}
- iio: adc: exynos_adc: fix OF populate on driver rebind (Johan Hovold)
- of: platform: Use default match table for /firmware (Rob Herring)
- comedi: Fix getting range information for subdevices 16 to 255 (Ian Abbott)
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug: 38649138] {CVE-2025-40149}
- net: Add locking to protect skb->dev access in ip_output (Sharath Chandra Vurukala)
- mptcp: only reset subflow errors when propagated (Matthieu Baerts)
- scsi: qla2xxx: edif: Fix dma_free_coherent() size (Thomas Fourier)
- scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() (Haoxiang Li)
- ASoC: fsl: imx-card: Do not force slot width to sample width (Fabio Estevam)
- dma/pool: distinguish between missing and exhausted atomic pools (Sai Sree Kartheek Adivi)
- gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler (Denis Sergeev)
- scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() (Kery Qi)
- net: bridge: fix static key check (Martin Kaiser)
- nfc: nci: Fix race between rfkill and nci_unregister_device(). (Kuniyuki Iwashima)
- net/mlx5e: Account for netdev stats in ndo_get_stats64 (Gal Pressman)
- net/mlx5e: Report rx_discards_phy via rx_dropped (Yafang Shao)
- ice: stop counting UDP csum mismatch as rx_errors (Jesse Brandeburg)
- nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). (Kuniyuki Iwashima)
- rocker: fix memory leak in rocker_world_port_post_fini() (Kery Qi) [Orabug: 38970353] {CVE-2026-23164}
- ipv6: use the right ifindex when replying to icmpv6 from localhost (Fernando Fernandez Mancera)
- net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() (Zilin Guan)
- net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() (Zilin Guan)
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (Jia-Hong Su) [Orabug: 38970605] {CVE-2026-23146}
- bpf: Reject narrower access to pointer ctx fields (Paul Chaignon) [Orabug: 38335081] {CVE-2025-38591}
- bpf: Do not let BPF test infra emit invalid GSO types to stack (Daniel Borkmann) [Orabug: 38798882] {CVE-2025-68725}
- migrate: correct lock ordering for hugetlb file folios (Matthew Wilcox) [Orabug: 38931067] {CVE-2026-23097}
- can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38931121] {CVE-2026-23108}
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde)
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38930883] {CVE-2026-23061}
- can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (Marc Kleine-Budde) [Orabug: 38930860] {CVE-2026-23058}
- irqchip/gic-v3-its: Avoid truncating memory addresses (Arnd Bergmann) [Orabug: 38931002] {CVE-2026-23085}
- perf/x86/intel: Do not enable BTS for guests (Fernand Sieber)
- netrom: fix double-free in nr_route_frame() (Jeongjun Park)
- uacce: ensure safe queue release with state management (Chenghai Huang)
- uacce: implement mremap in uacce_vm_ops to return -EPERM (Yang Shen)
- uacce: fix cdev handling in the cleanup path (Wenkai Lin)
- intel_th: fix device leak on output open() (Johan Hovold) [Orabug: 38931041] {CVE-2026-23091}
- slimbus: core: fix device reference leak on report present (Johan Hovold)
- slimbus: core: fix runtime PM imbalance on report present (Johan Hovold)
- octeontx2: Fix otx2_dma_map_page() error return code (Thomas Fourier)
- arm64: Set __nocfi on swsusp_arch_resume() (Zhaoyang Huang)
- wifi: rsi: Fix memory corruption due to not set vif driver data size (Marek Vasut) [Orabug: 38930941] {CVE-2026-23073}
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() (Dan Carpenter)
- wifi: ath10k: fix dma_free_coherent() pointer (Thomas Fourier) [Orabug: 38970255] {CVE-2026-23133}
- mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (Matthew Schwartz)
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (Berk Cem Goksel) [Orabug: 38931030] {CVE-2026-23089}
- ALSA: ctxfi: Fix potential OOB access in audio mixer handling (Takashi Iwai) [Orabug: 38930967] {CVE-2026-23076}
- iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (Andreas Kübrich)
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (Pei Xiao)
- iio: adc: ad9467: fix ad9434 vref mask (Tomas Melin)
- of: fix reference count leak in of_alias_scan() (Weigang He)
- leds: led-class: Only Add LED to leds_list when it is fully ready (Hans de Goede) [Orabug: 38931092] {CVE-2026-23101}
- x86: make page fault handling disable interrupts properly (Cedric Xing)
- net/sched: act_ife: avoid possible NULL deref (Eric Dumazet)
- octeontx2-af: Fix error handling (Ratheesh Kannoth)
- bonding: provide a net pointer to __skb_flow_dissect() (Eric Dumazet) [Orabug: 38970200] {CVE-2026-23119}
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (Andrey Vatoropin) [Orabug: 38930993] {CVE-2026-23084}
- drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (Timur Kristóf)
- drm/amd/pm: Don't clear SI SMC table when setting power limit (Timur Kristóf)
- usbnet: limit max_mtu based on device's hard_mtu (Laurent Vivier)
- ipv6: annotate data-race in ndisc_router_discovery() (Eric Dumazet) [Orabug: 38970223] {CVE-2026-23124}
- mISDN: annotate data-race around dev->work (Eric Dumazet) [Orabug: 38970211] {CVE-2026-23121}
- net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue (Jijie Shao)
- net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M (Jijie Shao)
- ALSA: usb: Increase volume range that triggers a warning (Arun Raghavan)
- regmap: Fix race condition in hwspinlock irqsave routine (Cheng-Yu Lee) [Orabug: 38930931] {CVE-2026-23071}
- iio: adc: ad7280a: handle spi_setup() errors in probe() (Pavel Zhigulin)
- staging:iio:adc:ad7280a: Register define cleanup. (Jonathan Cameron)
- x86/kfence: avoid writing L1TF-vulnerable PTEs (Andrew Cooper)
- scsi: storvsc: Process unsupported MODE_SENSE_10 (Long Li)
- Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (Feng)
- Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (Gongqi)
- Revert "nfc/nci: Add the inconsistency check between the input data length and count" (Thadeu Lima de Souza Cascardo)
- w1: fix redundant counter decrement in w1_attach_slave_device() (Haoxiang Li)
- comedi: dmm32at: serialize use of paged registers (Ian Abbott)
- crypto: authencesn - reject too-short AAD (assoclenhead (Eric Dumazet) [Orabug: 39004363] {CVE-2026-22988}
- net: usb: pegasus: fix memory leak in update_eth_regs_async() (Petko Manolov) [Orabug: 38914761] {CVE-2026-23021}
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (Xiang Mei) [Orabug: 38872325] {CVE-2026-22976}
- HID: quirks: work around VID/PID conflict for appledisplay (René Rebe)
- bnxt_en: Fix potential data corruption with HW GRO/LRO (Srijit Bose)
- net/mlx5e: Don't print error message due to invalid module (Gal Pressman)
- netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates (Di Zhu)
- net: sock: fix hardened usercopy panic in sock_recv_errqueue (Weiming Shi) [Orabug: 38877947] {CVE-2026-22977}
- inet: ping: Fix icmp out counting (Yuan Gao)
- net: mscc: ocelot: Fix crash when adding interface under a lag (Jerry Wu)
- bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress (Alexandre Knecht)
- net: marvell: prestera: fix NULL dereference on devlink_alloc() failure (Alok Tiwari)
- netfilter: nf_conncount: update last_gc only when GC has been performed (Fernando Fernandez Mancera) [Orabug: 38970278] {CVE-2026-23139}
- netfilter: nf_tables: fix memory leak in nf_tables_newrule() (Zilin Guan)
- netfilter: nft_synproxy: avoid possible data-race on update operation (Fernando Fernandez Mancera)
- ARM: dts: imx6q-ba16: fix RTC interrupt level (Ian Ray)
- arm64: dts: add off-on-delay-us for usdhc2 regulator (Haibo Chen)
- scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" (Xingui Yang)
- scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset (Wen Xiong)
- NFS: Fix up the automount fs_context to use the correct cred (Trond Myklebust)
- NFSv4: ensure the open stateid seqid doesn't go backwards (Scott Mayhew)
- alpha: don't reference obsolete termio struct for TC* constants (Sam James)
- ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels (Sebastian Andrzej Siewior)
- csky: fix csky_cmpxchg_fixup not working (Yang Li)
- ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (Ye Bin) [Orabug: 37844521] {CVE-2025-22121}
- ext4: introduce ITAIL helper (Ye Bin)
- libceph: make calc_target() set t->paused, not just clear it (Ilya Dryomov) [Orabug: 38930821] {CVE-2026-23047}
- libceph: return the handler error from mon_handle_auth_done() (Ilya Dryomov) [Orabug: 38887697] {CVE-2026-22992}
- libceph: make free_choose_arg_map() resilient to partial allocation (Tuo Li) [Orabug: 38887691] {CVE-2026-22991}
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (Ilya Dryomov) [Orabug: 38887685] {CVE-2026-22990}
- libceph: prevent potential out-of-bounds reads in handle_auth_done() (Ziming Zhang) [Orabug: 38887673] {CVE-2026-22984}
- wifi: avoid kernel-infoleak from struct iw_point (Eric Dumazet) [Orabug: 38887650] {CVE-2026-22978}
- drm/pl111: Fix error handling in pl111_amba_probe (Miaoqian Lin)
- lib/crypto: aes: Fix missing MMU protection for AES S-box (Eric Biggers)
- mei: me: add nova lake point S DID (Alexander Usyskin)
- net: 3com: 3c59x: fix possible null dereference in vortex_probe1() (Thomas Fourier) [Orabug: 38914755] {CVE-2026-23020}
- atm: Fix dma_free_coherent() size (Thomas Fourier)
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path (Johan Hovold)
- net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (Su Hui) [Orabug: 39004163] {CVE-2024-40928}
- firmware: arm_scmi: Fix unused notifier-block in unregister (Amitai Gottlieb)
- ext4: fix error message when rejecting the default hash (Gabriel Krisman Bertazi)
- ext4: factor out ext4_hash_info_init() (Jason Yan)
- ext4: filesystems without casefold feature cannot be mounted with siphash (Lizhi Xu) [Orabug: 37206152] {CVE-2024-49968}
- pwm: stm32: Always program polarity (Sean Nyekjaer)
- x86: remove __range_not_ok() (Arnd Bergmann)
- selftests: net: test_vxlan_under_vrf: fix HV connectivity test (Andrea Righi)
- ipv4: Fix uninit-value access in __ip_make_skb() (Shigeru Yoshida) [Orabug: 36683410] {CVE-2024-36927}
- ipv6: Fix potential uninit-value access in __ip6_make_skb() (Shigeru Yoshida) [Orabug: 36683284] {CVE-2024-36903}
- KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning (Justin Stitt)
- HID: core: Harden s32ton() against conversion to 0 bits (Alan Stern) [Orabug: 38334903] {CVE-2025-38556}
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (Sean Christopherson) [Orabug: 37116451] {CVE-2024-46830}
- page_pool: Fix use-after-free in page_pool_recycle_in_ring (Dong Chenchen) [Orabug: 38152994] {CVE-2025-38129}
- drm/i915/selftests: fix subtraction overflow bug (Andrzej Hajda)
- mmc: core: use sysfs_emit() instead of sprintf() (Sergey Shtylyov)
- net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. (Thadeu Lima de Souza Cascardo) [Orabug: 37844500] {CVE-2025-22111}
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (Thomas Zimmermann)
- wifi: mac80211: Discard Beacon frames to non-broadcast address (Jouni Malinen) [Orabug: 38852361] {CVE-2025-71127}
- ASoC: stm32: sai: fix OF node leak on probe (Johan Hovold)
- lockd: fix vfs_test_lock() calls (Neil Brown)
- powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages (David Hildenbrand)
- mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() (David Hildenbrand)
- mm/balloon_compaction: we cannot have isolated pages in the balloon list (David Hildenbrand)
- mm/balloon_compaction: make balloon page compaction callbacks static (Miaohe Lin)
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure (Johan Hovold)
- ASoC: stm32: sai: Use the devm_clk_get_optional() helper (Christophe Jaillet)
- ASoC: stm: Use dev_err_probe() helper (Kuninori Morimoto)
- r8169: fix RTL8117 Wake-on-Lan in DASH mode (René Rebe)
- iommu/qcom: fix device leak on of_xlate() (Johan Hovold)
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (Donet Tom)
- PCI: brcmstb: Fix disabling L0s capability (Jim Quinlan)
- powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION (David Hildenbrand)
- media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (Miaoqian Lin)
- media: samsung: exynos4-is: fix potential ABBA deadlock on init (Marek Szyprowski)
- NFSD: NFSv4 file creation neglects setting ACL (Chuck Lever) [Orabug: 38847872] {CVE-2025-68803}
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (Nicolas Dufresne)
- media: vpif_capture: fix section mismatch (Johan Hovold)
- media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() (Haoxiang Li)
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852341] {CVE-2025-71120}
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN (Jim Mattson)
- crypto: af_alg - zero initialize memory allocated via sock_kmalloc (Shivani Agarwal) [Orabug: 38852312] {CVE-2025-71113}
- svcrdma: bound check rq_pages index in inline path (Joshua Rogers) [Orabug: 38847976] {CVE-2025-71068}
- ARM: dts: microchip: sama7g5: fix uart fifo size to 32 (Nicolas Ferre)
- usb: ohci-nxp: fix device leak on probe failure (Johan Hovold)
- usb: ohci-nxp: Use helper function devm_clk_get_enabled() (Zhang Zekun)
- mptcp: pm: ignore unknown endpoint flags (Matthieu Baerts)
- usb: dwc3: keep susphy enabled during exit to avoid controller faults (Udipto Goswami)
- f2fs: fix to avoid updating zero-sized extent in extent cache (Chao Yu)
- f2fs: fix to propagate error from f2fs_enable_checkpoint() (Chao Yu)
- f2fs: use global inline_xattr_slab instead of per-sb slab cache (Chao Yu)
- f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() (Chao Yu)
- xfs: fix a memory leak in xfs_buf_item_init() (Haoxiang Li)
- KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit (Dongli Zhang)
- NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (Chuck Lever)
- ALSA: wavefront: Fix integer overflow in sample size validation (Junrui Luo)
- ALSA: wavefront: Use standard print API (Takashi Iwai)
- ALSA: wavefront: Clear substream pointers on close (Junrui Luo)
- wifi: mt76: Fix DTS power-limits on little endian systems (Sven Eckelmann)
- btrfs: don't rewrite ret from inode_permission (Josef Bacik)
- tpm: Cap the number of PCR banks (Jarkko Sakkinen) [Orabug: 38848017] {CVE-2025-71077}
- jbd2: fix the inconsistency between checksum and data in memory for journal sb (Ye Bin)
- xhci: dbgtty: fix device unregister (Łukasz Bartosik)
- xhci: dbgtty: use IDR to support several dbc instances. (Mathias Nyman)
- usb: gadget: udc: fix use-after-free in usb_gadget_state_work (Jimmy Hu) [Orabug: 38773636] {CVE-2025-68282}
- usb: xhci: Apply the link chain quirk on NEC isoc endpoints (Michał Pecio) [Orabug: 37844150] {CVE-2025-22022}
- usb: xhci: move link chain bit quirk checks into one helper function. (Niklas Neronin)
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (Zack Rusin) [Orabug: 38643537] {CVE-2025-40110}
- virtio_console: fix order of fields cols and rows (Maximilian Immanuel Brandtner)
- kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules (Martin Nybo Andersen)
- mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() (Seongjae Park)
- mm/damon/tests/core-kunit: handle memory failure from damon_test_target() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() (Seongjae Park)
- mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() (Seongjae Park)
- mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() (Seongjae Park)
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (Zhu Yanjun) [Orabug: 38094814] {CVE-2025-38022}
- mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() (Seongjae Park)
- mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() (Seongjae Park)
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (Lyude Paul)
- drm/ttm: Avoid NULL pointer deref for evicted BOs (Simon Richter) [Orabug: 38848052] {CVE-2025-71083}
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (Akhil P Oommen)
- net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (Deepanshu Kartikey)
- net: usb: sr9700: fix incorrect command used to write single register (Ethan Nelson-Moore)
- nfsd: Drop the client reference in client_states_open() (Haoxiang Li)
- fjes: Add missing iounmap in fjes_hw_init() (Haoxiang Li)
- e1000: fix OOB in e1000_tbi_should_accept() (Guangshuo Li) [Orabug: 38848099] {CVE-2025-71093}
- RDMA/cm: Fix leaking the multicast GID table reference (Jason Gunthorpe) [Orabug: 38848058] {CVE-2025-71084}
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (Jason Gunthorpe) [Orabug: 38848117] {CVE-2025-71096}
- idr: fix idr_alloc() returning an ID out of range (Matthew Wilcox)
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: TDA1997x: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (Ivan Abramov)
- media: cec: Fix debugfs leak on bus_register() failure (Xu Wang)
- fbdev: tcx.c fix mem_map to correct smem_start offset (René Rebe)
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (Thorsten Blum)
- fbdev: gbefb: fix to use physical address instead of dma address (René Rebe)
- dm-ebs: Mark full buffer dirty even on partial write (Uladzislau Rezki)
- media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (Ivan Abramov)
- parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() (Sven Schnelle)
- parisc: entry.S: fix space adjustment on interruption for 64-bit userspace (Sven Schnelle)
- media: rc: st_rc: Fix reset control resource leak (Xu Wang)
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices (Krzysztof Kozlowski)
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (Johan Hovold)
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (Christian Hitz)
- leds: leds-lp50xx: Allow LED 0 to be added to module bank (Christian Hitz)
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (Lukas Wunner)
- HID: logitech-dj: Remove duplicate error logging (Hans de Goede)
- iommu/tegra: fix device leak on probe_device() (Johan Hovold)
- iommu/sun50i: fix device leak on of_xlate() (Johan Hovold)
- iommu/omap: fix device leaks on probe_device() (Johan Hovold)
- iommu/mediatek: fix device leak on of_xlate() (Johan Hovold)
- iommu/mediatek-v1: fix device leak on probe_device() (Johan Hovold)
- iommu/ipmmu-vmsa: fix device leak on of_xlate() (Johan Hovold)
- iommu/exynos: fix device leak on of_xlate() (Johan Hovold)
- iommu/apple-dart: fix device leak on of_xlate() (Johan Hovold)
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. (Srinivas Kandagatla)
- ASoC: qcom: q6adm: the the copp device only during last instance (Srinivas Kandagatla)
- ASoC: qcom: q6asm-dai: perform correct state check before closing (Srinivas Kandagatla)
- ASoC: stm32: sai: fix device leak on probe (Johan Hovold)
- selftests/ftrace: traceonoff_triggers: strip off names (Yipeng Zou)
- RDMA/bnxt_re: fix dma_free_coherent() pointer (Thomas Fourier)
- RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation (Lihonggang)
- RDMA/bnxt_re: Fix to use correct page size for PDE table (Kalesh Ap)
- RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send (Alok Tiwari)
- RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() (Alok Tiwari)
- RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() (Jang Ingyu)
- RDMA/efa: Remove possible negative shift (Michael Margolin)
- RDMA/irdma: avoid invalid read in irdma_net_event (Michal Schmidt) [Orabug: 38852379] {CVE-2025-71133}
- net: rose: fix invalid array index in rose_kill_by_device() (Pwnverse)
- ipv4: Fix reference count leak when using error routes with nexthop objects (Ido Schimmel) [Orabug: 38848125] {CVE-2025-71097}
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (Will Rosenberg) [Orabug: 38848061] {CVE-2025-71085}
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (Anshumali Gaur)
- net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct (Bagas Sanjaya)
- net: usb: asix: validate PHY address before use (Deepanshu Kartikey) [Orabug: 38848107] {CVE-2025-71094}
- net: dsa: b53: skip multicast entries for fdb_dump() (Jonas Gorski)
- firewire: nosy: Fix dma_free_coherent() size (Thomas Fourier)
- genalloc.h: fix htmldocs warning (Andrew Morton)
- smc91x: fix broken irq-context in PREEMPT_RT (Levi Yun) [Orabug: 38852376] {CVE-2025-71132}
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (Deepakkumar Karn) [Orabug: 38887620] {CVE-2025-71154}
- team: fix check for port enabled in team_queue_override_port_prio_changed() (Jiri Pirko) [Orabug: 38848088] {CVE-2025-71091}
- platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (Junrui Luo)
- platform/x86: msi-laptop: add missing sysfs_remove_group() (Thomas Fourier)
- ip6_gre: make ip6gre_header() robust (Eric Dumazet) [Orabug: 38848131] {CVE-2025-71098}
- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy (Toke Høiland-Jørgensen)
- net: mdio: aspeed: add dummy read to avoid read-after-write issue (Jacky Chou)
- net: mdio: aspeed: move reg accessing part into separate functions (Potin Lai)
- Bluetooth: btusb: revert use of devm_kzalloc in btusb (Raphael Pinsonneault-Thibeault) [Orabug: 38848044] {CVE-2025-71082}
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (Herbert Xu) [Orabug: 38852370] {CVE-2025-71131}
- iavf: fix off-by-one issues in iavf_config_rss_reg() (Kohei Enju) [Orabug: 38848073] {CVE-2025-71087}
- i40e: Refactor argument of i40e_detect_recover_hung() (Ivan Vecera)
- i40e: Refactor argument of several client notification functions (Ivan Vecera)
- i40e: fix scheduling in set_rx_mode (Przemyslaw Korba)
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (Gui-Dong Han)
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (Gui-Dong Han) [Orabug: 38852300] {CVE-2025-71111}
- hwmon: (max16065) Use local variable to avoid TOCTOU (Gui-Dong Han)
- i2c: amd-mp2: fix reference leak in MP2 PCI device (Ma Ke)
- rpmsg: glink: fix rpmsg device leak (Srinivas Kandagatla)
- soc: amlogic: canvas: fix device leak on lookup (Johan Hovold)
- soc: qcom: ocmem: fix device leak on lookup (Johan Hovold)
- amba: tegra-ahb: Fix device leak on SMMU enable (Johan Hovold)
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (Alex Deucher)
- io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh)
- svcrdma: return 0 on success from svc_rdma_copy_inline_range (Joshua Rogers)
- nfsd: Mark variable __maybe_unused to avoid W=1 build break (Andy Shevchenko)
- fsnotify: do not generate ACCESS/MODIFY events on child for special files (Amir Goldstein) [Orabug: 38847800] {CVE-2025-68788}
- tracing: Do not register unsupported perf events (Steven Rostedt) [Orabug: 38852355] {CVE-2025-71125}
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (Sean Christopherson)
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (Sean Christopherson)
- KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation (Yosry Ahmed)
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (Fuqiang Wang) [Orabug: 38852273] {CVE-2025-71104}
- KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (Fuqiang Wang)
- KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (Sean Christopherson)
- libceph: make decode_pool() more resilient against corrupted osdmaps (Ilya Dryomov) [Orabug: 38852325] {CVE-2025-71116}
- parisc: Do not reprogram affinitiy on ASP chip (Helge Deller)
- scs: fix a wrong parameter in __scs_magic (Zhichi Lin)
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (Tzung-Bi Shih)
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (Prithvi Tambewagh) [Orabug: 38847688] {CVE-2025-68771}
- media: vidtv: initialize local pointers upon transfer of memory ownership (Jeongjun Park)
- tools/testing/nvdimm: Use per-DIMM device handle (Alison Schofield)
- f2fs: fix return value of f2fs_recover_fsync_data() (Chao Yu)
- f2fs: invalidate dentry cache on failed whiteout creation (Deepanshu Kartikey)
- scsi: target: Reset t_task_cdb pointer in error case (Andrey Vatoropin) [Orabug: 38847770] {CVE-2025-68782}
- NFSD: use correct reservation type in nfsd4_scsi_fence_client (Dai Ngo)
- scsi: aic94xx: fix use-after-free in device removal path (Junrui Luo) [Orabug: 38848009] {CVE-2025-71075}
- scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (Tony Battersby) [Orabug: 38847931] {CVE-2025-68818}
- cpufreq: nforce2: fix reference count leak in nforce2 (Miaoqian Lin)
- intel_th: Fix error handling in intel_th_output_open (Ma Ke)
- char: applicom: fix NULL pointer dereference in ac_ioctl (Tianchu Chen)
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (Haoxiang Li)
- usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (Miaoqian Lin)
- usb: phy: isp1301: fix non-OF device reference imbalance (Johan Hovold)
- USB: lpc32xx_udc: Fix error handling in probe (Ma Ke)
- phy: broadcom: bcm63xx-usbh: fix section mismatches (Johan Hovold)
- media: pvrusb2: Fix incorrect variable used in trace message (Colin Ian King)
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (Jeongjun Park) [Orabug: 38847937] {CVE-2025-68819}
- usb: usb-storage: Maintain minimal modifications to the bcdDevice range. (Chenchangcheng)
- media: v4l2-mem2mem: Fix outdated documentation (Laurent Pinchart)
- jbd2: use a weaker annotation in journal handling (Byungchul Park)
- ext4: fix incorrect group number assertion in mb_check_buddy (Yongjian Sun)
- ext4: xattr: fix null pointer deref in ext4_raw_inode() (Karina Yankevich) [Orabug: 38848276] {CVE-2025-68820}
- ktest.pl: Fix uninitialized var in config-bisect.pl (Steven Rostedt)
- floppy: fix for PAGE_SIZE != 4KB (René Rebe)
- block: rate-limit capacity change info log (Li Chen)
- lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit (Eric Biggers)
- mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (Sarthak Garg)
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (Jarkko Sakkinen) [Orabug: 38887597] {CVE-2025-71147}
- vhost/vsock: improve RCU read sections around vhost_vsock_get() (Stefano Garzarella)
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (Chia-Lin Kao)
- nvme-fc: don't hold rport lock when putting ctrl (Daniel Wagner)
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (Wenhua Lin)
- usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. (Chenchangcheng)
- usb: xhci: limit run_graceperiod for only usb 3.0 devices (Hongyu Xie)
- usb: typec: ucsi: Handle incorrect num_connectors capability (Mark Pearson) [Orabug: 38852285] {CVE-2025-71108}
- usbip: Fix locking bug in RT-enabled kernels (Lizhi Xu)
- exfat: fix remount failure in different process environments (Yuezhang Mo)
- via_wdt: fix critical boot hang due to unnamed resource allocation (Li Qiang) [Orabug: 38852318] {CVE-2025-71114}
- scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (Tony Battersby)
- scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (Tony Battersby)
- scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (Tony Battersby)
- powerpc/addnote: Fix overflow on 32-bit builds (Ben Collins)
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (Josua Mayer)
- ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (Matthias Schiffer)
- firmware: imx: scu-irq: Init workqueue before request mbox channel (Peng Fan)
- ipmi: Fix __scan_channels() failing to rescan channels (Jinhui Guo)
- ipmi: Fix the race between __scan_channels() and deliver_response() (Jinhui Guo)
- ALSA: usb-mixer: us16x08: validate meter packet indices (Shipei Qu) [Orabug: 38847775] {CVE-2025-68783}
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (Xu Wang)
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (Xu Wang)
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (Shaurya Rane) [Orabug: 38847724] {CVE-2025-68776}
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (Jared Kangas)
- spi: fsl-cpm: Check length parity before switching to 16 bit mode (Christophe Leroy)
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf (Pengjie Zhang)
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (Christoffer Sandberg)
- Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (Junjie Cao)
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (Ping Cheng)
- net: hns3: add VLAN id validation before using (Jian Shen)
- net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx (Jian Shen)
- net: hns3: Align type of some variables with their print type (Hao Chen)
- net: hns3: using the num_tqps in the vf driver to apply for resources (Jian Shen)
- net/mlx5: fw_tracer, Handle escaped percent properly (Shay Drory)
- net/mlx5: fw_tracer, Validate format string parameters (Shay Drory) [Orabug: 38847914] {CVE-2025-68816}
- ethtool: Avoid overflowing userspace buffer on stats query (Gal Pressman) [Orabug: 38847826] {CVE-2025-68795}
- net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers (Daniil Tatianin)
- net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats (Daniil Tatianin)
- ethtool: use phydev variable (Tom Rix)
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (Dan Carpenter)
- net/sched: ets: Remove drr class from the active list if it changes to strict (Victor Nogueira) [Orabug: 38847910] {CVE-2025-68815}
- caif: fix integer underflow in cffrml_receive() (Junrui Luo)
- ipvs: fix ipv4 null-ptr-deref in route error path (Slavin Liu) [Orabug: 38847900] {CVE-2025-68813}
- netfilter: nf_conncount: fix leaked ct in error paths (Fernando Fernandez Mancera) [Orabug: 38974757] {CVE-2025-71146}
- broadcom: b44: prevent uninitialized value usage (Alexey Simakov)
- net: openvswitch: fix middle attribute validation in push_nsh() action (Ilya Maximets) [Orabug: 38847784] {CVE-2025-68785}
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (Ido Schimmel)
- mlxsw: spectrum_router: Fix neighbour use-after-free (Ido Schimmel)
- ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() (Dmitry Skorodumov)
- net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (Jamal Hadi Salim) [Orabug: 38847965] {CVE-2025-71066}
- netrom: Fix memory leak in nr_sendmsg() (Wang Liang)
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (Gongwei Li)
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (Qu Wenruo)
- hfsplus: fix volume corruption issue for generic/073 (Viacheslav Dubeyko)
- hfsplus: Verify inode mode when loading from disk (Tetsuo Handa)
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create (Yang Chenzhi)
- hfsplus: fix volume corruption issue for generic/070 (Viacheslav Dubeyko)
- fs/ntfs3: Support timestamps prior to epoch (Konstantin Komarov)
- livepatch: Match old_sympos 0 and 1 in klp_find_func() (Song Liu)
- cpufreq: s5pv210: fix refcount leak (Shuhao Fu)
- ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (Sakari Ailus)
- ACPICA: Avoid walking the Namespace if start_node is NULL (Cryolitia Pukngae) [Orabug: 38852333] {CVE-2025-71118}
- x86/ptrace: Always inline trivial accessors (Peter Zijlstra)
- sched/deadline: only set free_cpus for online runqueues (Doug Berger) [Orabug: 38847753] {CVE-2025-68780}
- btrfs: fix memory leak of fs_devices in degraded seed device path (Deepanshu Kartikey)
- bpf, arm64: Do not audit capability check in do_jit() (Ondrej Mosnacek)
- spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (Vishwaroop A)
- coresight: etm4x: Correct polling IDLE bit (Leo Yan)
- netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (Nicklas Bo Jensen)
- NFS: Fix missing unlock in nfs_unlink() (Sun Ke)
- ASoC: fsl_xcvr: get channel status data when PHY is not exists (Shengjiu Wang)
- ALSA: dice: fix buffer overflow in detect_stream_formats() (Junrui Luo) [Orabug: 38798767] {CVE-2025-68346}
- usb: phy: Initialize struct usb_phy list_head (Diogo Ivo)
- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (Haotien Hsu)
- ocfs2: fix memory leak in ocfs2_merge_rec_left() (Dmitry Antipov)
- efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (Mauro Carvalho Chehab)
- efi/cper: Adjust infopfx size to accept an extra space (Mauro Carvalho Chehab)
- efi/cper: Add a new helper function to print bitmasks (Mauro Carvalho Chehab)
- dm log-writes: Add missing set_freezable() for freezable kthread (Xu Wang)
- dm-raid: fix possible NULL dereference with undefined raid type (Alexey Simakov)
- ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() (Pangliyuan)
- ALSA: uapi: Fix typo in asound.h comment (Andres J Rosa)
- dma/pool: eliminate alloc_pages warning in atomic_pool_expand (Dave Kleikamp)
- blk-mq: Abort suspend when wakeup events are pending (Cong Zhang)
- ASoC: ak5558: Disable regulator when error happens (Shengjiu Wang)
- ASoC: ak4458: Disable regulator when error happens (Shengjiu Wang)
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() (Xu Wang)
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (Anton Khirnov)
- fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() (Armin Wolf)
- NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (Trond Myklebust) [Orabug: 38818237] {CVE-2025-68764}
- fs_context: drop the unused lsm_flags member (Ondrej Mosnacek)
- Revert "nfs: ignore SB_RDONLY when mounting nfs" (Trond Myklebust)
- Revert "nfs: clear SB_RDONLY before getting superblock" (Trond Myklebust)
- Revert "nfs: ignore SB_RDONLY when remounting nfs" (Trond Myklebust)
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (Jonathan Curley) [Orabug: 38798775] {CVE-2025-68349}
- NFS: Initialise verifiers for visible dentries in nfs_atomic_open() (Trond Myklebust)
- NFS: Fix the verifier for case sensitive filesystem in nfs_atomic_open() (Trond Myklebust)
- NFSv4: Add some support for case insensitive filesystems (Trond Myklebust)
- fs/nls: Fix utf16 to utf8 conversion (Armin Wolf)
- NFS: Avoid changing nlink when file removes and attribute updates race (Trond Myklebust)
- NFS: don't unhash dentry during unlink/rename (Neil Brown)
- NFS: Label the dentry with a verifier in nfs_rmdir() and nfs_unlink() (Trond Myklebust)
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (Abdun Nihaal)
- pinctrl: single: Fix incorrect type for error return variable (Xu Wang)
- pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling (Matthijs Kooijman)
- perf tools: Fix split kallsyms DSO counting (Namhyung Kim)
- remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs (Alexandru Gagniuc)
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (Ivan Stepchenko)
- net: stmmac: fix rx limit check in stmmac_rx_zc() (Alexey Kodanev)
- netfilter: nft_connlimit: update the count if add was skipped (Fernando Fernandez Mancera)
- netfilter: nf_conncount: rework API to use sk_buff directly (Fernando Fernandez Mancera)
- netfilter: nf_conncount: reduce unnecessary GC (William Tu)
- netfilter: flowtable: check for maximum number of encapsulations in bridge vlan (Pablo Neira Ayuso)
- regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (Sparkhuang) [Orabug: 38798787] {CVE-2025-68354}
- ASoC: Intel: catpt: Fix error path in hw_params() (Cezary Rojewski)
- virtio: fix virtqueue_set_affinity() docs (Michael S. Tsirkin)
- virtio_vdpa: fix misleading return in void function (Alok Tiwari)
- ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation (Yongjian Sun)
- ext4: remove unused return value of __mb_check_buddy (Kemeng Shi)
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (René Rebe)
- drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (Dan Carpenter)
- ASoC: fsl_xcvr: clear the channel status control memory (Shengjiu Wang)
- ASoC: fsl_xcvr: Add support for i.MX93 platform (Chancel Liu)
- ASoC: fsl_xcvr: Add Counter registers (Shengjiu Wang)
- RDMA/irdma: Fix data race in irdma_free_pble (Krzysztof Czurylo)
- RDMA/irdma: Fix data race in irdma_sc_ccq_arm (Krzysztof Czurylo)
- iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal (Stephan Gerhold)
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (Randy Dunlap)
- backlight: led-bl: Add devlink to supplier LEDs (Luca Ceresoli)
- backlight: led_bl: Take led_access lock when required (Mans Rullgard)
- wifi: ieee80211: correct FILS status codes (Ria Thomas)
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (Shawn Lin)
- staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (Jianglei Nie)
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (Zilin Guan)
- crypto: ccree - Correctly handle return of sg_nents_for_len (Xu Wang)
- selftests/bpf: Improve reliability of test_perf_branches_no_hw() (Matt Bobrowski)
- selftests/bpf: skip test_perf_branches_hw() on unsupported platforms (Matt Bobrowski)
- usb: dwc2: fix hang during suspend if set as peripheral (Jisheng Zhang)
- usb: dwc2: fix hang during shutdown if set as peripheral (Jisheng Zhang)
- usb: dwc2: disable platform lowlevel hw resources during shutdown (Jisheng Zhang)
- usb: chaoskey: fix locking for O_NONBLOCK (Oliver Neukum)
- ima: Handle error code returned by ima_filter_rule_match() (Zhao Yipeng) [Orabug: 38798922] {CVE-2025-68740}
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (Seungjin Bae) [Orabug: 38798815] {CVE-2025-68362}
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (Xu Wang)
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (Xu Wang)
- pwm: bcm2835: Make sure the channel is enabled after pwm_request() (Uwe Kleine-König)
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (Jay Liu)
- fs/ntfs3: Prevent memory leaks in add sub record (Edward Adam Davis)
- fs/ntfs3: out1 also needs to put mi (Edward Adam Davis)
- fs/ntfs3: Make ni_ins_new_attr return error (Konstantin Komarov)
- fs/ntfs3: Add new argument is_mft to ntfs_mark_rec_free (Konstantin Komarov)
- fs/ntfs3: Remove unused mi_mark_free (Konstantin Komarov)
- powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format (Ritesh Harjani)
- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (Abdun Nihaal) [Orabug: 38818222] {CVE-2025-68759}
- NFSD/blocklayout: Fix minlength check in proc_layoutget (Sergey Bashirov)
- watchdog: wdat_wdt: Fix ACPI table leak in probe function (Xu Wang)
- watchdog: wdat_wdt: Stop watchdog when uninstalling module (Liu Xinpeng)
- selftests/bpf: Fix failure paths in send_signal test (Alexei Starovoitov)
- ps3disk: use memcpy_{from,to}_bvec index (René Rebe)
- PCI: keystone: Exit ks_pcie_probe() for invalid mode (Siddharth Vadapalli)
- leds: netxbig: Fix GPIO descriptor leak in error paths (Xu Wang)
- scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls (Xu Wang)
- ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (Xu Wang)
- ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() (Dmitry Antipov) [Orabug: 38798824] {CVE-2025-68364}
- lib/vsprintf: Check pointer before dereferencing in time_and_date() (Andy Shevchenko)
- clk: renesas: r9a06g032: Fix memory leak in error path (Xu Wang)
- coresight: etm4x: Add context synchronization before enabling trace (Leo Yan)
- coresight: etm4x: Extract the trace unit controlling (Leo Yan)
- coresight-etm4x: add isb() before reading the TRCSTATR (Yuanfang Zhang)
- coresight: etm4x: Use Trace Filtering controls dynamically (Suzuki K Poulose)
- coresight: etm4x: Save restore TRFCR_EL1 (Suzuki K Poulose)
- nbd: defer config unlock in nbd_genl_connect (Zheng Qixing) [Orabug: 38798833] {CVE-2025-68366}
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (Abdun Nihaal)
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (Long Li) [Orabug: 38798838] {CVE-2025-68367}
- powerpc/32: Fix unpaired stwcx. on interrupt exit (Christophe Leroy)
- RDMA/rtrs: server: Fix error handling in get_or_create_srv (Ma Ke)
- dt-bindings: PCI: amlogic: Fix the register name of the DBI region (Manivannan Sadhasivam)
- dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema (Neil Armstrong)
- scsi: stex: Fix reboot_notifier leak in probe error path (Xu Wang)
- nbd: defer config put in recv_work (Zheng Qixing) [Orabug: 38798851] {CVE-2025-68372}
- nbd: partition nbd_read_stat() into nbd_read_reply() and nbd_handle_reply() (Yu Kuai)
- nbd: clean up return value checking of sock_xmit() (Yu Kuai)
- regulator: core: disable supply if enabling main regulator fails (Gabor Juhos)
- perf/x86/intel: Correct large PEBS flag check (Dapeng Mi)
- ext4: correct the checking of quota files before moving extents (Zhang Yi)
- ext4: minor defrag code improvements (Eric Whitney)
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path (Xu Wang)
- spi: tegra210-quad: Fix timeout handling (Vishwaroop A) [Orabug: 38798944] {CVE-2025-68746}
- spi: tegra210-quad: modify chip select (CS) deactivation (Vishwaroop A)
- scsi: target: Do not write NUL characters into ASCII configfs output (Bart Van Assche)
- power: supply: apm_power: only unset own apm_get_power_status (Ahelenia Ziemiańska)
- power: supply: wm831x: Check wm831x_set_bits() return value (Ivan Abramov)
- i3c: master: svc: Prevent incomplete IBI transaction (Stanley Chu)
- i3c: fix refcount inconsistency in i3c_master_register (Frank Li)
- pinctrl: stm32: fix hwspinlock resource leak in probe function (Xu Wang)
- x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() (Tengda Wu)
- x86: kmsan: don't instrument stack walking functions (Alexander Potapenko)
- kmsan: introduce __no_sanitize_memory and __no_kmsan_checks (Alexander Potapenko)
- compiler-gcc.h: Define __SANITIZE_ADDRESS__ under hwaddress sanitizer (Kees Cook)
- sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). (Kuniyuki Iwashima)
- phy: mscc: Fix PTP for VSC8574 and VSC8572 (Horatiu Vultur)
- firmware: imx: scu-irq: fix OF node leak in (Peng Fan)
- s390/ap: Don't leak debug feature files if AP instructions are not available (Heiko Carstens)
- s390/smp: Fix fallback CPU detection (Heiko Carstens)
- crypto: hisilicon/qm - restore original qos values (Nieweiqiang)
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (Thorsten Blum) [Orabug: 38798875] {CVE-2025-68724}
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (Li Qiang)
- arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl (Tim Harvey)
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (Francesco Lavra)
- iio: imu: st_lsm6dsx: discard samples during filters settling time (Lorenzo Bianconi)
- iio: imu: st_lsm6dsx: introduce st_lsm6dsx_device_set_enable routine (Lorenzo Bianconi)
- inet: Avoid ehash lookup race in inet_ehash_insert() (Luoxuanqiang)
- rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() (Luoxuanqiang)
- ntfs3: Fix uninit buffer allocated by __getname() (Sidharth Seela)
- ntfs3: fix uninit memory after failed mi_read in mi_format_new (Raphael Pinsonneault-Thibeault)
- irqchip/qcom-irq-combiner: Fix section mismatch (Johan Hovold)
- USB: Fix descriptor count when handling invalid MBIM extended descriptor (Seungjin Bae)
- drm/vgem-fence: Fix potential deadlock on release (Janusz Krzysztofik) [Orabug: 38818212] {CVE-2025-68757}
- drm/panel: visionox-rm69299: Don't clear all mode flags (Guido Günther)
- gpu: host1x: Fix race in syncpt alloc/free (Mainak Sen) [Orabug: 38798899] {CVE-2025-68732}
- smack: fix bug: unprivileged task can create labels (Konstantin Andreev)
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing (Navaneeth K) [Orabug: 38773544] {CVE-2025-68254}
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (Navaneeth K) [Orabug: 38773554] {CVE-2025-68255}
- comedi: check device's attached status in compat ioctls (Nikita Zhandarovich)
- comedi: multiq3: sanitize config options in multiq3_attach() (Nikita Zhandarovich)
- comedi: c6xdigio: Fix invalid PNP driver unregistration (Ian Abbott)
- HID: elecom: Add support for ELECOM M-XT3URBK (018F) (Naoki Ueki)
- platform/x86: huawei-wmi: add keys for HONOR models (Ston Jia)
- platform/x86: acer-wmi: Ignore backlight event (Armin Wolf)
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration (Praveen Talari)
- bfs: Reconstruct file type when loading from disk (Tetsuo Handa)
- spi: imx: keep dma request disabled before dma transfer setup (Robin Gong)
- spi: xilinx: increase number of retries before declaring stall (Alvaro Gamez Machado)
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (Johan Hovold)
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (Johan Hovold)
- serial: add support of CPCI cards (Magne Bruno)
- USB: serial: ftdi_sio: match on interface number for jtag (Johan Hovold)
- USB: serial: option: move Telit 0x10c7 composition in the right place (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE910C04 new compositions (Fabio Porcedda)
- USB: serial: option: add Foxconn T99W760 (Slark Xiao)
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (Nikita Zhandarovich)
- ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (Alexey Nepomnyashih) [Orabug: 38773587] {CVE-2025-68261}
- locking/spinlock/debug: Fix data-race in do_raw_write_lock (Alexander Sverdlin)
- ext4: refresh inline data size before write operations (Deepanshu Kartikey) [Orabug: 38773603] {CVE-2025-68264}
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (Ye Bin) [Orabug: 38792633] {CVE-2025-68337}
- Documentation: process: Also mention Sasha Levin as stable tree maintainer (Bagas Sanjaya)
- leds: spi-byte: Use devm_led_classdev_register_ext() (Stefan Kalscheuer)
- leds: Replace all non-returning strlcpy with strscpy (Azeem Shaikh)
- drm/i915/selftests: Fix inconsistent IS_ERR and PTR_ERR (Kai Song)
- dpaa2-mac: bail if the dpmacs fwnode is not found (Robert-Ionut Alexa)
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca)
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 39004269] {CVE-2025-40256}
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca)
ELBA-2026-50243 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2026-50243
http://linux.oracle.com/errata/ELBA-2026-50243.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-319.201.4.3.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-319.201.4.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-319.201.4.3.el8uek.x86_64.rpm
aarch64:
bpftool-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-319.201.4.3.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-319.201.4.3.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-319.201.4.3.el8uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-319.201.4.3.el8uek.src.rpm
Description of changes:
[5.15.0-319.201.4.3]
- uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39263158]
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Lu Baolu) [Orabug: 39263158]
- iommu/vt-d: Set variable intel_dirty_ops to static (Kunwu Chan) [Orabug: 39263158]
- iommu/vt-d: Access/Dirty bit support for SS domains (Joao Martins) [Orabug: 39263158]
- iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39261287]
- iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39261287]
- iommu/amd: Move helpers to update IOMMU features to amd_iommu.h (Alejandro Jimenez) [Orabug: 39261287]
- iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39261287]
- x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov (AMD)) [Orabug: 39261281]
ELSA-2026-11349 Moderate: Oracle Linux 8 libxml2 security update
Oracle Linux Security Advisory ELSA-2026-11349
http://linux.oracle.com/errata/ELSA-2026-11349.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libxml2-2.9.7-21.el8_10.4.i686.rpm
libxml2-2.9.7-21.el8_10.4.x86_64.rpm
libxml2-devel-2.9.7-21.el8_10.4.i686.rpm
libxml2-devel-2.9.7-21.el8_10.4.x86_64.rpm
python3-libxml2-2.9.7-21.el8_10.4.x86_64.rpm
aarch64:
libxml2-2.9.7-21.el8_10.4.aarch64.rpm
libxml2-devel-2.9.7-21.el8_10.4.aarch64.rpm
python3-libxml2-2.9.7-21.el8_10.4.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libxml2-2.9.7-21.el8_10.4.src.rpm
Related CVEs:
CVE-2025-9714
Description of changes:
[2.9.7-21.4]
- Fix CVE-2025-9714 (RHEL-119279)
[2.9.7.21.3]
- Fix CVE-2025-32415 (RHEL-100177)
[2.9.7.21.2]
- Fix CVE-2025-7425 (RHEL-102797)
[2.9.7-21.1]
- Fix CVE-2025-6021 (RHEL-96498)
- Fix CVE-2025-49794 (RHEL-96398)
- Fix CVE-2025-49796 (RHEL-96424)
ELSA-2026-10704 Important: Oracle Linux 8 go-toolset:rhel8 security update
Oracle Linux Security Advisory ELSA-2026-10704
http://linux.oracle.com/errata/ELSA-2026-10704.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
delve-1.25.2-1.0.1.module+el8.10.0+90715+2d4d8dfd.x86_64.rpm
golang-1.25.9-1.module+el8.10.0+90881+305b00ae.x86_64.rpm
golang-bin-1.25.9-1.module+el8.10.0+90881+305b00ae.x86_64.rpm
golang-docs-1.25.9-1.module+el8.10.0+90881+305b00ae.noarch.rpm
golang-misc-1.25.9-1.module+el8.10.0+90881+305b00ae.noarch.rpm
golang-race-1.25.9-1.module+el8.10.0+90881+305b00ae.x86_64.rpm
golang-src-1.25.9-1.module+el8.10.0+90881+305b00ae.noarch.rpm
golang-tests-1.25.9-1.module+el8.10.0+90881+305b00ae.noarch.rpm
go-toolset-1.25.9-1.module+el8.10.0+90881+305b00ae.x86_64.rpm
aarch64:
delve-1.25.2-1.0.1.module+el8.10.0+90715+2d4d8dfd.aarch64.rpm
golang-1.25.9-1.module+el8.10.0+90881+305b00ae.aarch64.rpm
golang-bin-1.25.9-1.module+el8.10.0+90881+305b00ae.aarch64.rpm
golang-docs-1.25.9-1.module+el8.10.0+90881+305b00ae.noarch.rpm
golang-misc-1.25.9-1.module+el8.10.0+90881+305b00ae.noarch.rpm
golang-race-1.25.9-1.module+el8.10.0+90881+305b00ae.aarch64.rpm
golang-src-1.25.9-1.module+el8.10.0+90881+305b00ae.noarch.rpm
golang-tests-1.25.9-1.module+el8.10.0+90881+305b00ae.noarch.rpm
go-toolset-1.25.9-1.module+el8.10.0+90881+305b00ae.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/delve-1.25.2-1.0.1.module+el8.10.0+90715+2d4d8dfd.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/golang-1.25.9-1.module+el8.10.0+90881+305b00ae.src.rpm
Related CVEs:
CVE-2026-27140
CVE-2026-27143
CVE-2026-27144
CVE-2026-32280
CVE-2026-32282
CVE-2026-32283
Description of changes:
delve
[1.25.2-1.0.1]
- Disable DWARF compression which has issues (Alex Burmashev)
[1.25.2-1]
- Update to Delve 1.25.2 (Sync from CentOS Stream 9)
- Related: RHEL-121223
golang
[1.25.9-1]
- Update to Go 1.25.9 (fips-2)
- Resolves: RHEL-169932
[1.25.7-2]
- Update to Go 1.25.8 (fips-1)
- Resolves: RHEL-156551
[1.25.7-1]
- Update to Go 1.25.7 (fips-1)
- Resolves: RHEL-146469
[1.25.5-1]
- Update to Go 1.25.5 (fips-1)
- Resolves: RHEL-139365
[1.25.3-1]
- Update to Go 1.25.3 (sync from CentOS Stream 9)
- Build go-toolset as a subpackage
- Preserve GOAMD64=v1 for RHEL 8
- Resolves: RHEL-121223
[1.24.6-1]
- Update to Go 1.24.6 (fips-1)
- Resolves: RHEL-106455
[1.24.4-1]
- Update to Go 1.24.4 (fips-1)
- Resolves: RHEL-85264
[1.23.9-1]
- Update to Go 1.23.9
- Resolves: RHEL-94636
[1.23.6-1]
- Update to Go 1.23.6
- Resolves: RHEL-83824
[1.22.11-1]
- Rebase to Go1.22.11 to pick up fixes for CVE 2024-45341 and 2024-45336
- Fix test failures with expired certificates
- Resolves: RHEL-73752
ELSA-2026-6007 Moderate: Oracle Linux 6 Extended Lifecycle Support (ELS) python security update
Oracle Linux Security Advisory ELSA-2026-6007
http://linux.oracle.com/errata/ELSA-2026-6007.html
The following updated rpms for Oracle Linux 6 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:
i386:
x86_64:
python-2.6.6-68.0.5.el6_10.x86_64.rpm
python-devel-2.6.6-68.0.5.el6_10.i686.rpm
python-devel-2.6.6-68.0.5.el6_10.x86_64.rpm
python-libs-2.6.6-68.0.5.el6_10.i686.rpm
python-libs-2.6.6-68.0.5.el6_10.x86_64.rpm
python-test-2.6.6-68.0.5.el6_10.x86_64.rpm
python-tools-2.6.6-68.0.5.el6_10.x86_64.rpm
tkinter-2.6.6-68.0.5.el6_10.x86_64.rpm
Related CVEs:
CVE-2025-15366
CVE-2025-15367
Description of changes:
[2.6.6-68.0.5]
- Fix CVE-2025-15366 and CVE-2025-15367 [Orabug: 39141391]
[2.6.6-68.0.4]
- Fix CVE-2025-12084 [Orabug: 38902317]
