CLSA-2024:1733422548 TuxCare License Agreement 0 - Version was updated Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Version was updated

0 tuxcare-oraclelinux7-els expat-2.1.0-15.0.1.el7_9.tuxcare.els1.i686.rpm 85d50aee003cee18c254bb24e7f6246b2661cf9e35561244ae7d8c77c85e362b expat-2.1.0-15.0.1.el7_9.tuxcare.els1.x86_64.rpm 495bde9c6a0733f9c6f5b648e2aaf5b8ae9b105f34be6854b0c5a0ada11a449a expat-devel-2.1.0-15.0.1.el7_9.tuxcare.els1.i686.rpm 4f92c0d385e3cac19b8e26dda33818ddd8770a4b19959badb1f4f3c9da1ff870 expat-devel-2.1.0-15.0.1.el7_9.tuxcare.els1.x86_64.rpm cfcec926ea8dab37f1483604c1b44eaed7199378920ea5499db463535069a1e8 expat-static-2.1.0-15.0.1.el7_9.tuxcare.els1.i686.rpm ee3292e3618946dacccdee552018800b5fa3da0e2477f99515c24ac334fed05b expat-static-2.1.0-15.0.1.el7_9.tuxcare.els1.x86_64.rpm d8c2bfafc6f79081a6ffe584aacecf59337a965afcc2732934c470387860e984 CLSA-2024:1733428726 TuxCare License Agreement 0 - CVE-2024-38428: properly re-implement userinfo parsing (rfc2396) Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-38428: properly re-implement userinfo parsing (rfc2396)

0 tuxcare-oraclelinux7-els wget-1.14-18.el7_6.1.tuxcare.els1.x86_64.rpm 2b9c54f85c86ac5601c4694b0d3804b75b8bf79528465df04ee63e46777a0618 CLSA-2024:1733429914 TuxCare License Agreement 0 - CVE-2024-11233: fix buffer overflow vulnerability in convert.quoted-printable-decode filter Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-11233: fix buffer overflow vulnerability in convert.quoted-printable-decode filter

0 tuxcare-oraclelinux7-els php-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 13944338b0407d06945d4cf4c3e7bc6649d5b28669688656b0bba246830ada14 php-bcmath-5.4.16-48.el7.tuxcare.els6.x86_64.rpm d455e34d7916ee7c6cb9ada6daca28fef8d8753e74e2a3ae3f6d781ae30795c7 php-cli-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 7d3b0c348fb5c46b8d920c3226c81e7e2c4b4b4d876f4c9347e45a799c3ea3e5 php-common-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 083fe1905e1b086e0b725ad0c25e76b82a20a0ebcac5abb220bad05b8714a156 php-dba-5.4.16-48.el7.tuxcare.els6.x86_64.rpm adac9317b31f9a20f959a9d601c7227c24a5eabf171509efa28ed2eefd731fdd php-devel-5.4.16-48.el7.tuxcare.els6.x86_64.rpm b389ccff8f20b028b964b50b39a6edbec43a6a076dc8eae6658e1c25bf1e9a73 php-embedded-5.4.16-48.el7.tuxcare.els6.x86_64.rpm b1a8710758312b34dc88409bd3d4cfc97e92b52348e2b29e662d81374b10fa8a php-enchant-5.4.16-48.el7.tuxcare.els6.x86_64.rpm b64f497c60c7030ee29d969675b117745e333f7488cad25961b8f961890df215 php-fpm-5.4.16-48.el7.tuxcare.els6.x86_64.rpm ca71e04ca44797e85f97debec293ca8469a4e22fa950065d587a6eb12b9c755e php-gd-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 4d97c02b83d5e02c59a2d07c311fe734ead5e5030f03bf504b4d263fd2170cf2 php-intl-5.4.16-48.el7.tuxcare.els6.x86_64.rpm ab4bacab0cda1594364cc8b3253720c4ca975ab885550937e9ae6d17726725c4 php-ldap-5.4.16-48.el7.tuxcare.els6.x86_64.rpm ef4b5abc7f8b7098b632194b17cd15ac7a05d8a438f75766142bb00adaf9e373 php-mbstring-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 9601687ef346b605a9e4c0cb405544ad78960f37888b743ae01c65a7b905c24d php-mysql-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 7d317485c619cbb22a583a4f2414bc904a68d9a983d0b50fa6784a8c95087d55 php-mysqlnd-5.4.16-48.el7.tuxcare.els6.x86_64.rpm d4194fc361fa4cdb4a7a30de5e55e3873c59ab9f45951c1177ac36cb0c52857a php-odbc-5.4.16-48.el7.tuxcare.els6.x86_64.rpm c5f03d2331433a42eea6f47db9e56d4642d6368fd34ab83a3a9e934d5e0a217f php-pdo-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 0a09bdbaa40f78a9c7f20e53ce5616c8b92c55af410c8573f1ce6ddbb1266758 php-pgsql-5.4.16-48.el7.tuxcare.els6.x86_64.rpm e8aed036078a579b3215e1b5bfed8fbc607ad073dbdea617d70323e8e6c07d78 php-process-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 78d6d2f732ac0f994237e303c5d0182c93a44cb3bb00f9fdb62afcb2eab3c627 php-pspell-5.4.16-48.el7.tuxcare.els6.x86_64.rpm a4b10203d6196d9d552c202c59b25a8f0caf72b25549a17e5eff6d01abde7847 php-recode-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 9858c7d0e4699fff84754e27e95e528778d411a70d183997b1cc860fb661540d php-snmp-5.4.16-48.el7.tuxcare.els6.x86_64.rpm ec7a3d49c22972fc5807116b5381803bb2b7bd21d18fd452af51b309000324a8 php-soap-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 6d96e6feccbe1ff9b8775ff5bdbce126a45cf5a3362f74a139aeb20e00d2c1ed php-xml-5.4.16-48.el7.tuxcare.els6.x86_64.rpm c4a9a534f3900bba44f31050d11132b4afd3029bd296eb613c578a43b73fe306 php-xmlrpc-5.4.16-48.el7.tuxcare.els6.x86_64.rpm 3506ead3a170e8f6786efca21a8db58562beb698fdb144db957e46778503b313 CLSA-2024:1734027856 TuxCare License Agreement 0 - Port side-channel silent functions from 3.4.1. Partially fix for CVE-2018-16869 - CVE-2018-16869: Add side-channel silent memory, math, PKCS1, RSA functions - Added tests for side-channel silent implementations Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Port side-channel silent functions from 3.4.1. Partially fix for CVE-2018-16869 - CVE-2018-16869: Add side-channel silent memory, math, PKCS1, RSA functions - Added tests for side-channel silent implementations

0 tuxcare-oraclelinux7-els nettle-2.7.1-9.el7_9.tuxcare.els1.i686.rpm 1ed3dbe1fe17414e101ec5606562d9d115f9baf4ad156c14f95f6381e665e9ef nettle-2.7.1-9.el7_9.tuxcare.els1.x86_64.rpm e04987a647a7f6799302b4a4eb3ccb60d25790f7194fc8b403da5c07800719d0 nettle-devel-2.7.1-9.el7_9.tuxcare.els1.i686.rpm 337b9ba1738fb4e996306a05a317fa173af3677f2d00cff24abbe2620013ccd5 nettle-devel-2.7.1-9.el7_9.tuxcare.els1.x86_64.rpm fc6c3c74dc393c1f520597ef119817564c46b5c5cf705964a2fcd7c40c755720 CLSA-2024:1734027948 TuxCare License Agreement 0 - Version was updated Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Version was updated

0 tuxcare-oraclelinux7-els python-2.7.5-94.0.1.el7_9.tuxcare.els1.x86_64.rpm 2d74d686edb2b8dfd78e2b4ee6b1a67320e287b64d9d934b01de31a5d2f0e853 python-debug-2.7.5-94.0.1.el7_9.tuxcare.els1.x86_64.rpm ab3e1e19f6864c79336324f6277825c3b3392d9425c7844b2426ee7c5b0a8e10 python-devel-2.7.5-94.0.1.el7_9.tuxcare.els1.x86_64.rpm 556d2e80104eea75c56f0527a33ec87effb4a5c462ada18a972ea3dadefe8648 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els1.i686.rpm dfdddc3d633a5601df55a83c5b080387028cbd4e7e298b6afbb3356d871cd845 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els1.x86_64.rpm f19d7911b0d1649c3070ca58ea3f311fdba01676a8d64af71b4db53b20e9636d python-test-2.7.5-94.0.1.el7_9.tuxcare.els1.x86_64.rpm cc378a5d9bd8b903df12104d61003265f247d818e7963cb973fd8a564e7de62e python-tools-2.7.5-94.0.1.el7_9.tuxcare.els1.x86_64.rpm 134f2e3d73f678caf4bdb1099206dcb4f6faf7374ae564d55ed3fada6a218f20 tkinter-2.7.5-94.0.1.el7_9.tuxcare.els1.x86_64.rpm 0337daf12836fcfe657597a63aaed641c855e091e6c24cbb5eb01add68c92e37 CLSA-2024:1734368297 TuxCare License Agreement 0 - Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use _gnutls_switch_lib_state for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side channel attacks. - CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack. - CVE-2024-0553: minimize branching after decryption. Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use _gnutls_switch_lib_state for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side channel attacks. - CVE-2023-5981: removes branching that depends on secret data to prevent potential side-channel attack. - CVE-2024-0553: minimize branching after decryption.

0 tuxcare-oraclelinux7-els gnutls-3.3.29-9.el7_6.tuxcare.els1.i686.rpm b5e9d65d8ceae6496123d3f9d9883f54048c1a68609df2692637380b9513cbeb gnutls-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm 207775db0ed75702ffae64981c490e00b5719f3f58f0ea365af9edc97aee1ee0 gnutls-c++-3.3.29-9.el7_6.tuxcare.els1.i686.rpm 558ce4433ace60ead02f16d73f6f377f2d2e94f6247a183d9f8174518d10b292 gnutls-c++-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm 8d6244ec6469683fbf7629126374cb316ed764672435587a2d1136a21435234e gnutls-dane-3.3.29-9.el7_6.tuxcare.els1.i686.rpm 4f7491de5f7ef36119352e6b3cda0fdc4d2bae1ba090ab35e88aa1f041a37e0f gnutls-dane-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm f77c81f46e0882bbb0d9f3a6318be457e0241dd5c2f364e17e36ed5aa62ed857 gnutls-devel-3.3.29-9.el7_6.tuxcare.els1.i686.rpm f3f1bf078144fc601ec5e17ae0c755a7dd233fc087bc1c6216943f3de3d9fd0b gnutls-devel-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm a11ffe837f30c138eb140b1517edb5d0c6b8fb6bdd37cb9734b6c76fd439484e gnutls-utils-3.3.29-9.el7_6.tuxcare.els1.x86_64.rpm ac69607342934138be296dc642bd4ef5d5c566741aa7746c6e86b1c936cff281 CLSA-2024:1734368396 TuxCare License Agreement 0 - Version was updated Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Version was updated

0 tuxcare-oraclelinux7-els libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els1.i686.rpm a1f5f15d610039a34b04f6750a7fe25366866b6768cc8d2a6b495674041beafa libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els1.x86_64.rpm 2147f2202cd6a683e13638765887c40bca32bb694a21840a5a980d398cb24082 libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els1.i686.rpm 7050131972214df9ea94151bd7dd30e0a978ef84a77ed7af1a55fc5daca14f3e libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els1.x86_64.rpm 9eb8a7a1085202dea22698df5069fb558dd309e63fd5ea7294b5d52a337af4f5 libxml2-python-2.9.1-6.0.3.el7_9.6.tuxcare.els1.x86_64.rpm 1ff99b06947dc37d5fb61908ffc1326ef0fe37cb350d08bdbcfc8acbe86cfdfe libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els1.i686.rpm 0c559599ec9ae99d3e425bac40cbd29176fab5ab6beede1b6780d73fbde5ea69 libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els1.x86_64.rpm 0da1127f63baeaa7d92ad7c139d793519f91572c5079b8cc043df53194f81221 CLSA-2024:1734635951 TuxCare License Agreement 0 - Update version to 3.6.8-21.0.1.tuxcare.els1 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Update version to 3.6.8-21.0.1.tuxcare.els1

0 tuxcare-oraclelinux7-els python3-3.6.8-21.0.1.el7_9.tuxcare.els1.i686.rpm ba00cc782c4f3a6eec225524424d8dc65917279bd4c50de8a80567cd796ea508 python3-3.6.8-21.0.1.el7_9.tuxcare.els1.x86_64.rpm b63738bf15447551122e578cff86549b5ef4bc515c6b283c55f153388376c2d3 python3-debug-3.6.8-21.0.1.el7_9.tuxcare.els1.i686.rpm 55d201c9a68985b1d79a3c1aa1ca4b58d62658f6fb939946672cba151149393b python3-debug-3.6.8-21.0.1.el7_9.tuxcare.els1.x86_64.rpm e3fbb4454941b41daa202cd815fad106cae0f86eef33c3a201f3aa19009178de python3-devel-3.6.8-21.0.1.el7_9.tuxcare.els1.i686.rpm d030f57ac26c664a3088fc78f31d506381475c6b4dcdb07e28e16c604ac8a2b8 python3-devel-3.6.8-21.0.1.el7_9.tuxcare.els1.x86_64.rpm da9ec8850c7e2b514adb566f3c13b02e9741588113a8ebc2a9284e8893e2ef29 python3-idle-3.6.8-21.0.1.el7_9.tuxcare.els1.i686.rpm 679d4ef6d54707b707135d7870cae720d4f8c7c97e2db7a24c9d0e62daf59fd6 python3-idle-3.6.8-21.0.1.el7_9.tuxcare.els1.x86_64.rpm 5b32ec78226b6aebf4d89ec6fbb45057b7987c5e78061bca0bae4a62629ece91 python3-libs-3.6.8-21.0.1.el7_9.tuxcare.els1.i686.rpm 3dc18045ac59aee93d0e0fb9905d464f9b8f149b29cff1577aca0f4c02796e76 python3-libs-3.6.8-21.0.1.el7_9.tuxcare.els1.x86_64.rpm 9788b3d3fd568373f2c93ee155e507182c97e1605cfb07dec111fa59934bd455 python3-test-3.6.8-21.0.1.el7_9.tuxcare.els1.i686.rpm d297cee77c9cc86669327f2b379018c347eaabbe848141f9945436853eb3a80d python3-test-3.6.8-21.0.1.el7_9.tuxcare.els1.x86_64.rpm 691f7857973b60b7bd9c7ac4b160ad8518fbe49cdb97098bbd88f6fd5a309ecd python3-tkinter-3.6.8-21.0.1.el7_9.tuxcare.els1.i686.rpm 5fb6727d4776b212f3239ad14a11033188324f1db43d6c9f228d3ea09424a5a7 python3-tkinter-3.6.8-21.0.1.el7_9.tuxcare.els1.x86_64.rpm c9bf0217132a2bc96c4b1c17c0352869b6bb4c1a0e594c2b25ed500689cfd9c6 CLSA-2025:1737568622 TuxCare License Agreement 0 - CVE-2024-12085: fix to prevent information leak off the stack Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-12085: fix to prevent information leak off the stack

0 tuxcare-oraclelinux7-els rsync-3.1.2-12.el7_9.tuxcare.els2.x86_64.rpm 86c4dce3be5b5fba2d840fa42968a0895d1ee67279cdf784c598a468f0f06d95 CLSA-2025:1738833413 TuxCare License Agreement 0 - CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter

0 tuxcare-oraclelinux7-els rsync-3.1.2-12.el7_9.tuxcare.els3.x86_64.rpm b12b119c3226ecbc188a0c499d037f86ec23911f7c9bfda6afc8600bcc0b5254 CLSA-2025:1739386458 TuxCare License Agreement 0 - CVE-2024-12747: fix symlink race condition in sender Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-12747: fix symlink race condition in sender

0 tuxcare-oraclelinux7-els rsync-3.1.2-12.el7_9.tuxcare.els4.x86_64.rpm 61f7d12f7b99fd7ae8eb175f53a98c1a84152016cb6606ee680f3452be541718 CLSA-2025:1740132042 TuxCare License Agreement 0 - CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts

0 tuxcare-oraclelinux7-els python3-3.6.8-21.0.1.el7_9.tuxcare.els2.i686.rpm bc275a3903735e28b3dae27c844b6b71a1d03eb3fbd34fe407274077a08a5836 python3-3.6.8-21.0.1.el7_9.tuxcare.els2.x86_64.rpm d072162937a23eec94f57f2cad1dbdbbb479c5b1bff9fe3d641f5400a37e197f python3-debug-3.6.8-21.0.1.el7_9.tuxcare.els2.i686.rpm c1f58205e03a57cecb82a5ced4733b36feba33264c0779892fbe48cd6d5bda57 python3-debug-3.6.8-21.0.1.el7_9.tuxcare.els2.x86_64.rpm e106101221746d4ecfb422628992391f2ed98447c91058fbd0a1ddc07b16cc2a python3-devel-3.6.8-21.0.1.el7_9.tuxcare.els2.i686.rpm 68899f6accccc5fcd3174317656b67a68eed9170a9e987b116d1d006adaef82f python3-devel-3.6.8-21.0.1.el7_9.tuxcare.els2.x86_64.rpm 9bbb711f25a840512995c05c19f4dbf2333434522f4deba8849e43878256120c python3-idle-3.6.8-21.0.1.el7_9.tuxcare.els2.i686.rpm ddcd62754d09949b1c1c1aef4aaf10a6206e5c74ecb2cc814a9c811813982448 python3-idle-3.6.8-21.0.1.el7_9.tuxcare.els2.x86_64.rpm b753d14ff626f397565b50b9e6dd8f7883753f9baee74cb5e0b12e220f8ad6f5 python3-libs-3.6.8-21.0.1.el7_9.tuxcare.els2.i686.rpm 6b2bacbd8c47dd6cc248efc666ef3913d8c14cad3c2fdf3aa4c3e29cf489c561 python3-libs-3.6.8-21.0.1.el7_9.tuxcare.els2.x86_64.rpm 34a562f614963355e066e63f06fd11ec74b477f636764439b3ae3ec94c663373 python3-test-3.6.8-21.0.1.el7_9.tuxcare.els2.i686.rpm d0369a9e080f091d3f4e276a62d410fa54095f2eb154bd5917ffc1513745a1e8 python3-test-3.6.8-21.0.1.el7_9.tuxcare.els2.x86_64.rpm 360fa414f4cd761db261ccc87806f58897c79ab6b51dccf0676cd831981fa99b python3-tkinter-3.6.8-21.0.1.el7_9.tuxcare.els2.i686.rpm 222abe37e81da6c3889ed4ee871d5dbd7f91f5f01f656ff6d09bfa3a5316cf15 python3-tkinter-3.6.8-21.0.1.el7_9.tuxcare.els2.x86_64.rpm d956da44943a867d226d5c7319ed3e8a551d1faa615d15b37ef1004038b4b646 CLSA-2025:1741286016 TuxCare License Agreement 0 - CVE-2025-27113: fix compilation of explicit child axis Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-27113: fix compilation of explicit child axis

0 tuxcare-oraclelinux7-els libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els2.i686.rpm 53589cace332094d27e3f5a298ffc6036f4d0f82c0d18d290ef1814a330105d3 libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els2.x86_64.rpm 255f684424fe41887a48eb11617f7788c9af13cb6029aabde6efe1b173f576fb libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els2.i686.rpm 45015d8a06e4542aea1de387b790c23918d887aa37e2600dd8214a02c284bcca libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els2.x86_64.rpm 6534a220650d92aa0733e3ee410614b68470e9d5211ec641ea2ed524eb034df3 libxml2-python-2.9.1-6.0.3.el7_9.6.tuxcare.els2.x86_64.rpm 79077ef2ecf91c852e78c1fe9aa09ec5edeafc205a81a4cd25f84e05bb399246 libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els2.i686.rpm 932d79361d16524925d6b3ba4ff5ece74374387dde984e3855196e79bed17558 libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els2.x86_64.rpm bdea690631243e4a8b3b889218b4dc9c63cbd1aa415323574692238568c5dd0a CLSA-2025:1741624657 TuxCare License Agreement 0 - CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9

0 tuxcare-oraclelinux7-els bind-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm dc781b8d4f040d0f163aeaa8ba60cae181c0d0d8e60a8fe333a8be8af43db086 bind-chroot-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 46b068fcd1f91d972cd25b7bea5626f0a628e9f991509a7dd6e49cb5d937900f bind-devel-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.i686.rpm aaa2253f0e16df417dde27f3a6cdc6441903e4dc85e0d0be452441ab352f002d bind-devel-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 267e4855a94cafc92806d9e1f34900b756c67b6b84f3bddc4b5d9a685bce9e48 bind-export-devel-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.i686.rpm 53b8cd82683e1157cbd5deb15a532b5db85a7bee738cc5cd421efe52f7606598 bind-export-devel-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm dd4a477208e5cd4f640d21a2268889bfdcd7d12fcadc87311eeeaf4f735e0a6d bind-export-libs-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.i686.rpm 8b4aa4cf0efb7d4d8ce1203bb2532677203183a92d78bd55a9adc567963e0937 bind-export-libs-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 54d8695f9d3fb28399df1f5ea2aa6fc182b80123b18f324645a65f4a01beb7f2 bind-libs-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.i686.rpm 21ba3997eafb5380ba54cfbd6d605fd479843deedeb10d445c7113d998621581 bind-libs-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 17ed774f5f7d0a6cf7ffc981d57221266ac07f0e93abab52acfce8755500b672 bind-libs-lite-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.i686.rpm 0688b87c4c19b5dd9d78abbdc0ba903391abb098fca26ce8f3bf0a56f370ea98 bind-libs-lite-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 8c659e3d57d4b786c294c4aeb01dd7384a3462996e8803ecbcc769d3ba6ca83f bind-license-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.noarch.rpm 16c62f581310a0ccd5a72e1f72a9ddd720a8474275b78c5520165a301ef416b2 bind-lite-devel-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.i686.rpm 0b036a4e2faadee647da7f211e2f66e01724f5d09f35668dc9221cae618a0424 bind-lite-devel-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm a3564d54b633399048d36ad31b4f151fac71db7d1ba8aff454f38eb8f62935ce bind-pkcs11-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm abfdc9f160ca51719317173b3accc7315a6f9626468e0e6b3defb668972e59c4 bind-pkcs11-devel-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.i686.rpm e702563ceeaa3db38c847161861085556e3074db540e6a7d71d6a8e0d39d515e bind-pkcs11-devel-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 3f58f7206c932fe46c04c147e528675fcf2f0b8baca3d72fa989275b18f8a24f bind-pkcs11-libs-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.i686.rpm 8f230ab60dc47ae951a084de79f1d11ac5aea3f738aaa9f75778752c77f8026c bind-pkcs11-libs-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 599fe667dc95dec57fcb17328f8d72df47e9a3027a472f35185f1a8d2f2be588 bind-pkcs11-utils-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 63d5f6a7257c17e226c13af81368965a47bb201a353744cd8962392837b73d2f bind-sdb-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 10e75e4326a44004744c2e2d991a8d742a5de7f06180a53cdd6f1f54e48a0396 bind-sdb-chroot-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 3ed9e47e73b7382817952850cd8281f6111ecc220816a85e7231f47ae75600ca bind-utils-9.11.4-26.0.1.P2.el7_9.16.tuxcare.els1.x86_64.rpm 7bab22c2d1586a8f20975cb7712fa949823007ce5ffbccea16cdd225111c0f2b CLSA-2025:1741628714 TuxCare License Agreement 0 - CVE-2025-0840: fix stack-buffer-overflow at objdump disassemble_bytes Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-0840: fix stack-buffer-overflow at objdump disassemble_bytes

0 tuxcare-oraclelinux7-els binutils-2.27-44.base.0.3.el7_9.1.tuxcare.els1.x86_64.rpm 3b8c00de10c415518273527c5f7fc2d8a16efca641ffa3f9c5d0357491859b29 binutils-devel-2.27-44.base.0.3.el7_9.1.tuxcare.els1.i686.rpm 82679e57b2eb4d28eca35e6676a6fa88dfe8762c43a6beb76337c2ae06a1a23d binutils-devel-2.27-44.base.0.3.el7_9.1.tuxcare.els1.x86_64.rpm 0c5ef96296f45467cdc7ab65db4aae58f98c61a7c85e7204e715eb3d8c81e9bf CLSA-2025:1741635876 TuxCare License Agreement 0 - CVE-2022-30522: fix possible DoS Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2022-30522: fix possible DoS

0 tuxcare-oraclelinux7-els httpd-2.4.6-99.0.5.el7_9.1.tuxcare.els1.x86_64.rpm 7c0fb74a2f24a400271e12cabe89b52d7c02e5dec27951233383444d97ac9918 httpd-devel-2.4.6-99.0.5.el7_9.1.tuxcare.els1.x86_64.rpm 9cec7e32fbb2f7aa93302e137bca8a3b2e824984a36e3f08eba60e0e51b245fa httpd-manual-2.4.6-99.0.5.el7_9.1.tuxcare.els1.noarch.rpm c06f854bf654acf77cb44e0783417d48633f5fbd9da6a20f588bf444da199758 httpd-tools-2.4.6-99.0.5.el7_9.1.tuxcare.els1.x86_64.rpm fb747d701c5109da5cf3a36d4df7283b4da026e4395960c53f4bbe0e3d5faa53 mod_ldap-2.4.6-99.0.5.el7_9.1.tuxcare.els1.x86_64.rpm 6ba5c8b7d44449fabe3265b3cf1f25bcb208559020346aedde1b5dc387c3bc99 mod_proxy_html-2.4.6-99.0.5.el7_9.1.tuxcare.els1.x86_64.rpm badda2ca39ea9d25218357b6ed9bd7c8bc201225a5eb77b29877b27ef17668fd mod_session-2.4.6-99.0.5.el7_9.1.tuxcare.els1.x86_64.rpm 30eff4d5c90870d061a1f22b02dbad71429baa9d29140236480109a0d09f42e2 mod_ssl-2.4.6-99.0.5.el7_9.1.tuxcare.els1.x86_64.rpm c1bf661514af86778870a3f4e291cf2dc703cef4f7eea7d0d890a40163c7e74a CLSA-2025:1742322442 TuxCare License Agreement 0 - HID: core: zero-initialize the report buffer {CVE-2024-50302} - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" - drm/amd/amdgpu: Fix GPR read from debugfs (v2) {CVE-2024-50282} - USB: serial: io_edgeport: fix use after free in debug printk {CVE-2024-50267} - wifi: iwlegacy: Clear stale interrupts before resuming device {CVE-2024-50234} - udf: fix uninit-value use in udf_get_fileshortad {CVE-2024-50143} - Update dependency for shim and signing key Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- HID: core: zero-initialize the report buffer {CVE-2024-50302} - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" - drm/amd/amdgpu: Fix GPR read from debugfs (v2) {CVE-2024-50282} - USB: serial: io_edgeport: fix use after free in debug printk {CVE-2024-50267} - wifi: iwlegacy: Clear stale interrupts before resuming device {CVE-2024-50234} - udf: fix uninit-value use in udf_get_fileshortad {CVE-2024-50143} - Update dependency for shim and signing key

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm b00cc7e9071e6945fc4d78270342d7a630a7d1629a2ca88e1296fdb619a7da53 kernel-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm 87a949b84c1f4a5d617cf5a81ff24441a350f4a936cdc6ad150fb1cf7ceaaa06 kernel-debug-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm ef56a10ff12baec6abbee2a5845f9fbf489d3e111e5371c66421f86180c3ce1a kernel-debug-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm cb9e47f2e5d6a65e42c2fd9f2c4153d2a241a67e7e4e1ec15bbc167fbc89e7bf kernel-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm 1faf1a1ebef02535b0f2aad00e06b10899cf3fffd5802ddbc26fea6e0d4f4d18 kernel-headers-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm 503f2e421151be0af341af3b2cc45ffc26dcd8392bf7ff900bd53dd74ca9bb66 kernel-tools-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm d32d82a264ee3dd82b3ccb9879d2a0ee41f2f68abd053629a7dd67858b1cd469 kernel-tools-libs-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm 45874041c0ae58a0e976feac42f80e23d06666acd9ffcfa57e3f86d3933455d3 kernel-tools-libs-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm 0908e1bd3fb24d32cd81367f3b0432f142ba0a2d105d2958192135d16c990d14 perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm 4a8abf7a331947c75a525d22e4ebd2ec850d8b9a6deba7234527ca9d9c9720bb python-perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els18.x86_64.rpm 3105ee01410a43c67880c53d5de0d725f29d96cb9657b329ecfc6bc1a2d2decf CLSA-2025:1742374400 TuxCare License Agreement 0 - Sign by Cloudlinux - CVE-2023-4692: ntfs: checks to ensure that NTFS drive's sector numbers are never written beyond the boundary - CVE-2023-4693: ntfs: fix an out-of-bounds read flaw on NTFS filesystem driver Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Sign by Cloudlinux - CVE-2023-4692: ntfs: checks to ensure that NTFS drive's sector numbers are never written beyond the boundary - CVE-2023-4693: ntfs: fix an out-of-bounds read flaw on NTFS filesystem driver

0 tuxcare-oraclelinux7-els grub2-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm cf573e0b29ae5b0e997269f71cca30a414e897dcd6382d8c79ad1b8bb26dd66a grub2-common-2.02-0.87.0.26.el7_9.14.tuxcare.els1.noarch.rpm 73c51f33ded6385fed37fafed8a349c046f4fdbb6f6c2e6bf56c891654f8ee3d grub2-efi-ia32-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm eadb3965ce572ff0c8de25f8836c27ebe4c83f93a96559a667e32823ea11b49a grub2-efi-ia32-cdboot-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm df2e5b5bf27f013bda3bcd4afcc72777165bffbab640651acc74167debf8f778 grub2-efi-ia32-modules-2.02-0.87.0.26.el7_9.14.tuxcare.els1.noarch.rpm fe5d41e14e0404b4165294dac700eab3ad0541aba901bd5575e754c504e4aef0 grub2-efi-x64-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm f8aafbc569ee3439889135b612cb4e5ae6951e1dbe72b7fa1c16988cbe1f48e6 grub2-efi-x64-cdboot-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm 6314fc53ca79fd9bb9a51e78438bbf29dd8a243370d96e1c1dbc089347c30541 grub2-efi-x64-modules-2.02-0.87.0.26.el7_9.14.tuxcare.els1.noarch.rpm bdb1206c371e24f603b9dda8f1646b16a5abd5ac0e5ff19d55660336a07f5d57 grub2-pc-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm 888eb372fad5b2482b62831b1d816631c5950c3aff37084d84005935e8ccdbfa grub2-pc-modules-2.02-0.87.0.26.el7_9.14.tuxcare.els1.noarch.rpm 7fa643e06c74f8b9d968b5b827de97abb01e3ad628c3f5ac296ed7c93e19a886 grub2-tools-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm b2f15fa82932316183d75e0155bf0a91a8c0b26a3b0c52fc0f88a225639f05a0 grub2-tools-extra-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm b6f888443ab08e73dfd6007dcf27d4e3b4d210bea8432cd169572dca36a8b9fa grub2-tools-minimal-2.02-0.87.0.26.el7_9.14.tuxcare.els1.x86_64.rpm 7a120b205a80c2da72d0271fd3aa28f396b520ab35424288b013947fee08401a CLSA-2025:1742376604 TuxCare License Agreement 0 - Add support for oraclelinux7 None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Add support for oraclelinux7

0 tuxcare-oraclelinux7-els mokutil-15.8-2.el7.tuxcare.els1.x86_64.rpm 6e9cf78fc8d9babfa994ac01a2fc7c340883c34f11a23512eba0059d084fda25 shim-ia32-15.8-2.el7.tuxcare.els1.x86_64.rpm ec80a24ade0e6ccef7d06b24308524ed66637d1065c52cf25cd166e9ad75f04b shim-x64-15.8-2.el7.tuxcare.els1.x86_64.rpm aa061f9c4ffb965ccf19379a3afe0445025b301cb424a6c2a67269d04ede485d CLSA-2025:1742731930 TuxCare License Agreement 0 - CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation (openssh bz#3012) [Orabug: 30448895] Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without truncation (openssh bz#3012) [Orabug: 30448895]

0 tuxcare-oraclelinux7-els openssh-7.4p1-23.0.3.el7_9.tuxcare.els1.x86_64.rpm 1eb2bcc6011ac0dd87a6dd2f0507015b40362c4f6744ecbdd2d4fbbf85f72b5b openssh-askpass-7.4p1-23.0.3.el7_9.tuxcare.els1.x86_64.rpm fa2d5b9dc0ff2061c6c6751ba4764a9cc83c67b50e61b102c5b5d41208dde139 openssh-cavs-7.4p1-23.0.3.el7_9.tuxcare.els1.x86_64.rpm 92b6b79efc37c4ea15421a0ddeb4264ee48ca35e9a86601bc939d220b21650eb openssh-clients-7.4p1-23.0.3.el7_9.tuxcare.els1.x86_64.rpm 03d99c3840ae808016ea1c51380872e5b0dee02289feb5dcf56a649bd1887087 openssh-keycat-7.4p1-23.0.3.el7_9.tuxcare.els1.x86_64.rpm 7f23f5d6fc1cd2b80f70f1ed0ca047a122a77ba3d19b87fd6c9508987a633912 openssh-ldap-7.4p1-23.0.3.el7_9.tuxcare.els1.x86_64.rpm b21e355f265615ee2556b0cec561fef1861fd8018f6964bb77166c8b949ba515 openssh-server-7.4p1-23.0.3.el7_9.tuxcare.els1.x86_64.rpm 42ac905c7a4a1fc4029c053bd408dc9ad573861866cf956f0505b907f3d8001b openssh-server-sysvinit-7.4p1-23.0.3.el7_9.tuxcare.els1.x86_64.rpm e4e72f59117b341afdc008bbf8203fc74e616cd16479a0b9ddc1334e6748e3db pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els1.i686.rpm f0e05a8dfc4018d0f161748bf659fdec9afc3be647a2f686323e3a1de1a184f5 pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els1.x86_64.rpm 669c189acf791907c2cd372d392d17634664061e83d5597ba46b7a2c66782cc3 CLSA-2025:1743675538 TuxCare License Agreement 0 - drm: nv04: Fix out of bounds access {CVE-2024-27008} - media: uvcvideo: Fix double free in error path {CVE-2024-57980} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- drm: nv04: Fix out of bounds access {CVE-2024-27008} - media: uvcvideo: Fix double free in error path {CVE-2024-57980}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm dfc7d32fdc1cf65d384199e9d4325d71bbf241939ba7ae1f769665205c637d9a kernel-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm 28548693e0173596066186835ea9fecda96d0532200417e987bab8349154548c kernel-debug-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm d7fdf8c54d1d5a7af4a0d9f31a33f8d426ea937703fc6a9912e733b323713710 kernel-debug-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm 96c3b93336442e29b231c6a855d730811eeb1325352fc790da3480cdc86f5843 kernel-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm 8f7e9e6871b40ee803530af120c05279ad85283a575328f4c6d4a6ca32279c0a kernel-headers-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm 92525c6ca50c0f97a6c3f3427a2669d66c97dbd23082f9e997a68a8e323d65f5 kernel-tools-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm 0864d392e108da4d062738436ee3b9c39c0e41a7d65e0dee23a41ad36cacc2c8 kernel-tools-libs-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm 509a89d788aef2adcb856ce954ba33060ae6df38a01dd294dfabfba4fc6c85f6 kernel-tools-libs-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm 3d3887c4f4a419bdc96b9f22bcbe53ad036a42e5d08dae76f23108b2547a7da8 perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm 20ad44e0b7dc108c5d5a5b884b24c3abe7cdf47ceedc5dd57916846a394426bc python-perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els19.x86_64.rpm a744d6734c389726749eafbe8163218f93394190d3325a7c883a91b743667a35 CLSA-2025:1744717794 TuxCare License Agreement 0 - CVE-2025-0624: net: Out-of-bounds write in grub_net_search_configfile() - CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write - CVE-2025-1118: commands/dump: The dump command is not in lockdown when secure boot is enabled - CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-1125: fs/hfs: Integer overflow may lead to heap based out-of-bounds write Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-0624: net: Out-of-bounds write in grub_net_search_configfile() - CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write - CVE-2025-1118: commands/dump: The dump command is not in lockdown when secure boot is enabled - CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data - CVE-2025-1125: fs/hfs: Integer overflow may lead to heap based out-of-bounds write

0 tuxcare-oraclelinux7-els grub2-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm ab79ae5a8692188f46d95f1237be57b093153d8cb61d770b8af6e1f4016e9e31 grub2-common-2.02-0.87.0.26.el7_9.14.tuxcare.els4.noarch.rpm d03aaa7b17c9b1d06a76175a30f9746672f8e6980416068e2421f341c337c072 grub2-efi-ia32-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm 25552e59ed0a6e439e08d2ca31a376f6ca2246c4a993d76ffe51faa848047e25 grub2-efi-ia32-cdboot-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm 01caad522040bee1ba747f8f915a934797041a81b26455f7c1696dc5404ab3e1 grub2-efi-ia32-modules-2.02-0.87.0.26.el7_9.14.tuxcare.els4.noarch.rpm df8693f972fc91dead281a8c347444825e1c3a527963cba73b5eb2e08f17a254 grub2-efi-x64-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm 98fc0dddd414abda04b8ca11f377ba8c4b884e378c9206d9bd164e1a72fbec65 grub2-efi-x64-cdboot-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm 8d3a7226387d4270cfc46ec161281798b43fc2e0f8d50622a29577ab1068c9bc grub2-efi-x64-modules-2.02-0.87.0.26.el7_9.14.tuxcare.els4.noarch.rpm 0fd1c579b191c9fe61344d40e8ef13158b7308b2c96338fcfd00fa6b7fb529a5 grub2-pc-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm 2aa78839dc26cd30efe0297ee1b4584b6e3346c83b1b1629bc1dcff0d214faa0 grub2-pc-modules-2.02-0.87.0.26.el7_9.14.tuxcare.els4.noarch.rpm 1c2f2918c6e4fe6d0db09cf9fff46afccb057732608004df923c91575f25a2c0 grub2-tools-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm 899ebb999fd3510d6d3a1b76069c6884525e49a350bfd67cf6239a7f7c3ba7e6 grub2-tools-extra-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm df571192e9d060150cec2a196a26b60da8a3a69ce89ca06a719594ddcdc0c21c grub2-tools-minimal-2.02-0.87.0.26.el7_9.14.tuxcare.els4.x86_64.rpm 6541ec0398c84f3244a5ff76cc0abfc4fab28b634a5fc15bf10b7df7a04ff5c2 CLSA-2025:1744924875 TuxCare License Agreement 0 - CVE-2024-52531: fix buffer overflow caused by conversion to UTF-8 Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-52531: fix buffer overflow caused by conversion to UTF-8

0 tuxcare-oraclelinux7-els libsoup-2.62.2-2.0.1.el7.tuxcare.els3.i686.rpm e6326e494f4aa45f0c61564c51ca2399cad06429f87faf200758880685344670 libsoup-2.62.2-2.0.1.el7.tuxcare.els3.x86_64.rpm 0a908b13e983866ab2df0a2ff89e908d440af907ff034b1f55a8c12e155f8f7b libsoup-devel-2.62.2-2.0.1.el7.tuxcare.els3.i686.rpm c872c53083542d8bb98f3555c453f4737746b4c8a8e72ad8e6fa3dad043da99c libsoup-devel-2.62.2-2.0.1.el7.tuxcare.els3.x86_64.rpm 131c3e80eb8c0598546985288886ca5af6ae6cbe5daebaede1a126e2893f1195 CLSA-2025:1745530850 TuxCare License Agreement 0 - CVE-2024-2496: Fix NULL pointer dereference in udevConnectListAllInterfaces() function Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-2496: Fix NULL pointer dereference in udevConnectListAllInterfaces() function

0 tuxcare-oraclelinux7-els libvirt-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm eb0066a65e82832440ec5f312aef8a6c92971aa0e1f018826f2ba711dc864993 libvirt-admin-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 75a397ae5b2eb081674b334abd6b71d424cc3bee8f0991e94c0cd4b7fd0f0005 libvirt-bash-completion-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 1e679db61720322d8212e4ca643cd5e40d7122036c4deda164f1eba9cebf74a2 libvirt-client-4.5.0-36.el7_9.5.tuxcare.els1.i686.rpm 5a6097c74d5a610ce5d24ef25505d6c4bade26a53108f665740df703ee5a430b libvirt-client-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm de8dee8794d185b21ee840784097bca4710e11d70523244d2cb0da4f4153ed19 libvirt-daemon-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 0465c6b50b675be7a2aee082d5a6976265d8bfdf736a7f8f54fc57c686c1551f libvirt-daemon-config-network-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 914289b3460043638fbd32b25d7e47e3298824fc453cdefd53fc6304667a5cd2 libvirt-daemon-config-nwfilter-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 0c8f048f2a86f3a45cbea669abea7cec472c0eb9cae72813109157885dd4ef2f libvirt-daemon-driver-interface-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 7345ad594efe25471ff2c51dc3148ede168575a4b47c811ca9f7d5921ee1cb90 libvirt-daemon-driver-lxc-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 442d856c7b1bfe51833d86807abc2d798284a9d3ec3e36a8faedb247f869652f libvirt-daemon-driver-network-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 7356da3376d413a2bbcea509f37c25c0ba67c5b4a31172e60ed1687c57e21fd7 libvirt-daemon-driver-nodedev-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 4ce0c9a11c3af97ccb95e5c5274ba9bb4c4c66368282e08e6794f991f774e101 libvirt-daemon-driver-nwfilter-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm efba8dba96c404c52240dbd8f5f36a8669e94eda1e39861c84538ecbac8f99c9 libvirt-daemon-driver-qemu-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 568bf59cb4480df6ec6cc6a4323992040106ba2c9557cc76c2b6d279bcd5031c libvirt-daemon-driver-secret-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 3b510e584a6d2ff9384468184faf6b6f8c94b18e412ac8ea76682716f821e8b2 libvirt-daemon-driver-storage-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 977a32aa2feb91ef3e44d4f31ae81d17c8f91aceb0f5298de370c76f9f26936f libvirt-daemon-driver-storage-core-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 787286bc29e8729421f76802002d7d6138ba34790d48e60ebdf66ae03ba5e50d libvirt-daemon-driver-storage-disk-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 0ef5b5c494479202ff544d0da044983b3bc7184cee8aeb1b342cb786828dbd97 libvirt-daemon-driver-storage-gluster-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 60dd40641b8cca440796b21ec9478090157fd12859d4522ae8e221e3c47eca60 libvirt-daemon-driver-storage-iscsi-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm c330e0ff6a7747cd7f59ae0fd4796a4e4612f92dabd599e776c9a7e1f6453025 libvirt-daemon-driver-storage-logical-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 2a2199f84559f7938a0c18a800ebfe5a7cc4e6c1508ceaf4ea633bee08758b7a libvirt-daemon-driver-storage-mpath-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm be666d005160c4f4d6dc4ce67d6bc9973c014efaab17cc9c790864ce7bd6cf12 libvirt-daemon-driver-storage-rbd-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 714ce8f9453b6e6b2f16ee2c71b1774b556bfbd833ab6d658a7943e9aabc4705 libvirt-daemon-driver-storage-scsi-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm f750223f636f023cf0d422c6916e903271eb2ba9ede7b7a80ddd99725d77391b libvirt-daemon-kvm-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm cb80eb427ee25daf5998a8d54d6d04319d253a2848f155a712a6570c942c66c1 libvirt-daemon-lxc-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm af6a5bd7bd6e697692e3f59d3e9482671898fa3192bde045a2692990749fc972 libvirt-devel-4.5.0-36.el7_9.5.tuxcare.els1.i686.rpm 8862a5678d555ceb51dd424064260603a66650f65baccb71a7f6a88797ad06eb libvirt-devel-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 7788afa6fd0c497168c1111d7ed0e96397b5751656cd7121183c4505187b06d2 libvirt-docs-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm f3f947d67c57b2c976e585ffbb470c87356b3472075d5152d33c0d134eada7c4 libvirt-libs-4.5.0-36.el7_9.5.tuxcare.els1.i686.rpm c575cebca3a0c4009cd4addb8867ff363577745a50196023e8bb9b86de54a397 libvirt-libs-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 848517669b7d13993db430ec5b2235a5b6b79fa624b96e414b378c4cd09cedb8 libvirt-lock-sanlock-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm ac769dee263aae45ea0df142d6e03575b51b57a6fa491466f7a909149d89019a libvirt-login-shell-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm 4f6afb867d99f8532d7f1ed2a97841ea5a33bc3a0885fe6f1c7258db09093590 libvirt-nss-4.5.0-36.el7_9.5.tuxcare.els1.i686.rpm 38a29665ba7ad0573e0c3c6e32726e5bb25122ed858ea01babc1b6985e850c21 libvirt-nss-4.5.0-36.el7_9.5.tuxcare.els1.x86_64.rpm eb5eb3ce9d0b4cf5db6ab0642c4ef01d3781dacd7fc0d4c4df34869f68d33ca7 CLSA-2025:1746479711 TuxCare License Agreement 0 - sctp: sysctl: auth_enable: avoid using current->nsproxy - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy {CVE-2025-21640} - bpf: Use preempt_count() directly in bpf_send_signal_common() - Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" - jfs: fix slab-out-of-bounds read in ea_get() - serial: 8250_dma: terminate correct DMA in tx_dma_flush() - Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" - net: usb: usbnet: restore usb%d name exception for local mac addresses - vlan: fix memory leak in vlan_newlink() {CVE-2022-49636} - rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity - LTS tag: v5.4.291 - eeprom: digsy_mtc: Make GPIO lookup table match the device - slimbus: messaging: Free transaction ID in delayed interrupt scenario {CVE-2025-21914} - intel_th: pci: Add Panther Lake-P/U support - intel_th: pci: Add Panther Lake-H support - intel_th: pci: Add Arrow Lake support - Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982} - xhci: pci: Fix indentation in the PCI device ID definitions - usb: gadget: Check bmAttributes only if configuration is valid - usb: gadget: Fix setting self-powered state on suspend - usb: gadget: Set self-powered based on MaxPower and bmAttributes - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality - usb: typec: ucsi: increase timeout for PPM reset operations - usb: atm: cxacru: fix a flaw in existing endpoint checks {CVE-2025-21916} - usb: renesas_usbhs: Flush the notify_hotplug_work {CVE-2025-21917} - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader - usb: renesas_usbhs: Use devm_usb_get_phy() - usb: renesas_usbhs: Call clk_put() - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" - gpio: rcar: Fix missing of_node_put() call - net: ipv6: fix missing dst ref drop in ila lwtunnel - net: ipv6: fix dst ref loop in ila lwtunnel - net-timestamp: support TCP GSO case for a few missing flags - vlan: enforce underlying device type {CVE-2025-21920} - ppp: Fix KMSAN uninit-value warning with bpf {CVE-2025-21922} - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink - drm/sched: Fix preprocessor guard - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() - llc: do not use skb_get() before dev_queue_xmit() {CVE-2025-21925} - hwmon: (ad7314) Validate leading zero bits and return error - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table - hwmon: (pmbus) Initialise page count in pmbus_identify() - caif_virtio: fix wrong pointer check in cfv_probe() {CVE-2025-21904} - net: gso: fix ownership in __udp_gso_segment {CVE-2025-21926} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928} - HID: google: fix unused variable warning under !CONFIG_ACPI - wifi: iwlwifi: limit printed string from FW file {CVE-2025-21905} - mm/page_alloc: fix uninitialized variable - rapidio: fix an API misues when rio_add_net() fails {CVE-2025-21934} - rapidio: add check for rio_add_net() in rio_scan_alloc_net() - wifi: nl80211: reject cooked mode if it is set along with other flags {CVE-2025-21909} - wifi: cfg80211: regulatory: improve invalid hints checking {CVE-2025-21910} - x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 - x86/cpu: Validate CPUID leaf 0x2 EDX output - x86/cacheinfo: Validate CPUID leaf 0x2 EDX output - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M - ALSA: hda/realtek: update ALC222 depop optimize - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist - HID: appleir: Fix potential NULL dereference at raw event handle {CVE-2025-21948} - Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" - drm/amdgpu: disable BAR resize on Dell G5 SE - drm/amdgpu: Check extended configuration space register when system uses large bar - drm/amdgpu: skip BAR resizing if the bios already did it - acct: perform last write from workqueue {CVE-2025-21846} - kernel/acct.c: use dedicated helper to access rlimit values - kernel/acct.c: use #elif instead of #end and #elif - drop_monitor: fix incorrect initialization order {CVE-2025-21862} - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702} - sched/core: Prevent rescheduling when interrupts are disabled {CVE-2024-58090} - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk - phy: tegra: xusb: reset VBUS & ID OVERRIDE - usbnet: gl620a: fix endpoint checking in genelink_bind() {CVE-2025-21877} - perf/core: Fix low freq setting via IOC_PERIOD - ftrace: Avoid potential division by zero in function_stat_show() - x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. - ipvs: Always clear ipvs_property flag in skb_scrub_packet() - ASoC: es8328: fix route from DAC to output - net: cadence: macb: Synchronize stats calculations - sunrpc: suppress warnings for unused procfs functions - batman-adv: Drop unmanaged ELP metric worker {CVE-2025-21823} - batman-adv: Ignore neighbor throughput metrics in error case - acct: block access to kernel internal filesystems - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() {CVE-2025-21848} - tee: optee: Fix supplicant wait loop {CVE-2025-21871} - power: supply: da9150-fg: fix potential overflow - flow_dissector: Fix port range key handling in BPF conversion - flow_dissector: Fix handling of mixed port and port-range keys - net: extract port range fields from fl_flow_key - geneve: Suppress list corruption splat in geneve_destroy_tunnels(). - geneve: Fix use-after-free in geneve_find_dev(). {CVE-2025-21858} - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h - USB: gadget: f_midi: f_midi_complete to call queue_work {CVE-2025-21859} - usb/gadget: f_midi: Replace tasklet with work - usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API - usb: dwc3: Fix timeout issue during controller enter/exit from halt state - usb: dwc3: Increase DWC3 controller halt timeout - memcg: fix soft lockup in the OOM process {CVE-2024-57977} - mm: update mark_victim tracepoints fields - crypto: testmgr - some more fixes to RSA test vectors - crypto: testmgr - populate RSA CRT parameters in RSA test vectors - crypto: testmgr - fix version number of RSA tests - crypto: testmgr - Fix wrong test case of RSA - crypto: testmgr - fix wrong key length for pkcs1pad - driver core: bus: Fix double free in driver API bus_register() {CVE-2024-50055} - scsi: storvsc: Set correct data length for sending SCSI command without payload - vlan: move dev_put into vlan_dev_uninit - vlan: introduce vlan_dev_free_egress_priority - pps: Fix a use-after-free {CVE-2024-57979} - btrfs: avoid monopolizing a core when activating a swap file - x86/i8253: Disable PIT timer 0 when not in use - parport_pc: add support for ASIX AX99100 - serial: 8250_pci: add support for ASIX AX99100 - can: ems_pci: move ASIX AX99100 ids to pci_ids.h - nilfs2: protect access to buffers with no active references {CVE-2025-21811} - nilfs2: do not force clear folio if buffer is referenced {CVE-2025-21722} - nilfs2: do not output warnings when clearing dirty buffers - alpha: replace hardcoded stack offsets with autogenerated ones - ndisc: extend RCU protection in ndisc_send_skb() {CVE-2025-21760} - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() - arp: use RCU protection in arp_xmit() {CVE-2025-21762} - neighbour: use RCU protection in __neigh_notify() {CVE-2025-21763} - neighbour: delete redundant judgment statements - ndisc: use RCU protection in ndisc_alloc_skb() {CVE-2025-21764} - ipv6: use RCU protection in ip6_default_advmss() {CVE-2025-21765} - ipv4: use RCU protection in inet_select_addr() - ipv4: use RCU protection in rt_is_expired() - net: add dev_net_rcu() helper - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() - regmap-irq: Add missing kfree() - partitions: mac: fix handling of bogus partition table {CVE-2025-21772} - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock - alpha: align stack for page fault and user unaligned trap handlers - serial: 8250: Fix fifo underflow on flush - alpha: make stack 16-byte aligned (most cases) - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero - can: c_can: fix unbalanced runtime PM disable in error path - USB: serial: option: drop MeiG Smart defines - USB: serial: option: fix Telit Cinterion FN990A name - USB: serial: option: add Telit Cinterion FN990B compositions - USB: serial: option: add MeiG Smart SLM828 - usb: cdc-acm: Fix handling of oversized fragments - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk - USB: hub: Ignore non-compliant devices with too many configs or interfaces {CVE-2025-21776} - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths {CVE-2025-21835} - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI - usb: dwc2: gadget: remove of_node reference upon udc_stop - usb: gadget: udc: renesas_usb3: Fix compiler warning - usb: roles: set switch registered flag early on - batman-adv: fix panic during interface removal {CVE-2025-21781} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V - orangefs: fix a oob in orangefs_debug_write {CVE-2025-21782} - Grab mm lock before grabbing pt lock - vfio/pci: Enable iowrite64 and ioread64 for vfio pci - media: cxd2841er: fix 64-bit division on gcc-9 - gpio: bcm-kona: Add missing newline to dev_err format string - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array {CVE-2025-21785} - team: better TEAM_OPTION_TYPE_STRING validation {CVE-2025-21787} - vrf: use RCU protection in l3mdev_l3_out() {CVE-2025-21791} - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() - HID: multitouch: Add NULL check in mt_input_configured - ocfs2: check dir i_size in ocfs2_find_entry - MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static - ptp: Ensure info->enable callback is always set {CVE-2025-21814} - net/ncsi: wait for the last response to Deselect Package before configuring channel - misc: fastrpc: Fix registered buffer page address - mtd: onenand: Fix uninitialized retlen in do_otp_read() - NFC: nci: Add bounds checking in nci_hci_create_pipe() - nilfs2: fix possible int overflows in nilfs_fiemap() {CVE-2025-21736} - ocfs2: handle a symlink read error correctly {CVE-2024-58001} - vfio/platform: check the bounds of read/write syscalls {CVE-2025-21687} - nvmem: core: improve range check for nvmem_cell_write() - crypto: qce - unregister previously registered algos in error path - crypto: qce - fix goto jump in error path - media: uvcvideo: Remove redundant NULL assignment - media: uvcvideo: Fix event flags in uvc_ctrl_send_events - media: ov5640: fix get_light_freq on auto - soc: qcom: smem_state: fix missing of_node_put in error path - kbuild: Move -Wenum-enum-conversion to W=2 - powerpc/pseries/eeh: Fix get PE state translation - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use - serial: sh-sci: Drop __initdata macro for port_cfg - soc: qcom: socinfo: Avoid out of bounds read of serial number {CVE-2024-58007} - usb: gadget: f_tcm: Don't prepare BOT write request twice - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint - usb: gadget: f_tcm: Decrement command ref count on cleanup - usb: gadget: f_tcm: Translate error to sense - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() {CVE-2025-21744} - HID: hid-sensor-hub: don't use stale platform-data on remove - of: reserved-memory: Fix using wrong number of cells to get property 'alignment' - of: Fix of_find_node_opts_by_path() handling of alias+path+options - of: Correct child specifier used as input of the 2nd nexus node - perf bench: Fix undefined behavior in cmpworker() - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate - clk: qcom: clk-alpha-pll: fix alpha mode configuration - drm/komeda: Add check for komeda_get_layer_fourcc_list() - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() {CVE-2024-58083} - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma - binfmt_flat: Fix integer overflow bug on 32 bit systems {CVE-2024-58010} - m68k: vga: Fix I/O defines - s390/futex: Fix FUTEX_OP_ANDN implementation - leds: lp8860: Write full EEPROM, not only half of it - cpufreq: s3c64xx: Fix compilation warning - tun: revert fix group permission check - net: rose: lock the socket in rose_bind() {CVE-2025-21749} - udp: gso: do not drop small packets when PMTU reduces - tg3: Disable tg3 PCIe AER on system reboot - gpu: drm_dp_cec: fix broken CEC adapter properties check - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry - nvme: handle connectivity loss in nvme_set_queue_count - usb: xhci: Fix NULL pointer dereference on certain command aborts {CVE-2024-57981} - usb: xhci: Add timeout argument in address_device USB HCD callback - net: usb: rtl8150: enable basic endpoint checking {CVE-2025-21708} - net: usb: rtl8150: use new tasklet API - tasklet: Introduce new initialization API - kbuild: userprogs: use correct lld when linking through clang - media: uvcvideo: Remove dangling pointers {CVE-2024-58002} - media: uvcvideo: Only save async fh if success - nilfs2: handle errors that nilfs_prepare_chunk() may return {CVE-2025-21721} - nilfs2: eliminate staggered calls to kunmap in nilfs_rename - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link - spi-mxs: Fix chipselect glitch - x86/mm: Don't disable PCID when INVLPG has been fixed by microcode - APEI: GHES: Have GHES honor the panic= setting - HID: Wacom: Add PCI Wacom device support - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id - tomoyo: don't emit warning in tomoyo_write_control() {CVE-2024-58085} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() - mmc: core: Respect quirk_max_rate for non-UHS SDIO card - tun: fix group permission check - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX {CVE-2024-58017} - x86/amd_nb: Restrict init function to AMD-based systems - sched: Don't try to catch up excess steal time. - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling - btrfs: fix use-after-free when attempting to join an aborted transaction {CVE-2025-21753} - btrfs: output the reason for open_ctree() failure - usb: gadget: f_tcm: Don't free command immediately {CVE-2024-58055} - media: uvcvideo: Fix double free in error path {CVE-2024-57980} - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE - drivers/card_reader/rtsx_usb: Restore interrupt based detection - ktest.pl: Check kernelrelease return in get_version - NFSD: Reset cb_seq_status after NFS4ERR_DELAY - hexagon: Fix unbalanced spinlock in die() - hexagon: fix using plain integer as NULL pointer warning in cmpxchg - genksyms: fix memory leak when the same symbol is read from *.symref file - genksyms: fix memory leak when the same symbol is added from source - net: sh_eth: Fix missing rtnl lock in suspend/resume path - vsock: Allow retrying on connect() failure - perf trace: Fix runtime error of index out of bounds - net: davicom: fix UAF in dm9000_drv_remove {CVE-2025-21715} - net: rose: fix timer races against user threads {CVE-2025-21718} - PM: hibernate: Add error handling for syscore_suspend() - ipmr: do not call mr_mfc_uses_dev() for unres entries {CVE-2025-21719} - net: fec: implement TSO descriptor cleanup - ubifs: skip dumping tnc tree when zroot is null {CVE-2024-58058} - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read {CVE-2024-58069} - dmaengine: ti: edma: fix OF node reference leaks in edma_driver - module: Extend the preempt disabled section in dereference_symbol_descriptor(). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() - media: uvcvideo: Propagate buf->error to userspace - media: camif-core: Add check for clk_enable() - media: mipi-csis: Add check for clk_enable() - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() - media: lmedm04: Handle errors for lme2510_int_read - media: lmedm04: Use GFP_KERNEL for URB allocation/submission. - media: rc: iguanair: handle timeouts - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() - ARM: dts: mediatek: mt7623: fix IR nodename - arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names - arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property - rdma/cxgb4: Prevent potential integer overflow on 32bit {CVE-2024-57973} - RDMA/mlx4: Avoid false error about access to uninitialized gids array - bpf: Send signals asynchronously if !preemptible {CVE-2025-21728} - perf report: Fix misleading help message about --demangle - perf top: Don't complain about lack of vmlinux when not resolving some kernel samples - padata: fix sysfs store callback check - ktest.pl: Remove unused declarations in run_bisect_test function - perf header: Fix one memory leakage in process_bpf_prog_info() - perf header: Fix one memory leakage in process_bpf_btf() - ASoC: sun4i-spdif: Add clock multiplier settings - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind - net: sched: Disallow replacing of child qdisc from one parent to another {CVE-2025-21700} - net/mlxfw: Drop hard coded max FW flash image size - net: let net.core.dev_weight always be non-zero {CVE-2025-21806} - clk: analogbits: Fix incorrect calculation of vco rate delta - selftests: harness: fix printing of mismatch values in __EXPECT() - selftests/harness: Display signed values correctly - wifi: wlcore: fix unbalanced pm_runtime calls - regulator: of: Implement the unwind path of of_regulator_match() - team: prevent adding a device which is already a team device lower {CVE-2024-58071} - cpupower: fix TSC MHz calculation - wifi: rtlwifi: pci: wait for firmware loading before releasing memory - wifi: rtlwifi: fix memory leaks and invalid access at probe error path {CVE-2024-58063} - wifi: rtlwifi: remove unused check_buddy_priv {CVE-2024-58072} - wifi: rtlwifi: remove unused dualmac control leftovers - wifi: rtlwifi: remove unused timer and related code - rtlwifi: replace usage of found with dedicated list iterator variable - dt-bindings: mmc: controller: clarify the address-cells description - wifi: rtlwifi: usb: fix workqueue leak when probe fails - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step - rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg - wifi: rtlwifi: do not complete firmware loading needlessly - ipmi: ipmb: Add check devm_kasprintf() returned value {CVE-2024-58051} - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table - drm/etnaviv: Fix page property being used for non writecombine buffers - partitions: ldm: remove the initial kernel-doc notation - nbd: don't allow reconnect after disconnect {CVE-2025-21731} - afs: Fix directory format encoding struct - overflow: Allow mixed type arguments - overflow: Correct check_shl_overflow() comment - overflow: Add __must_check attribute to check_*() helpers - rds: ib: Do not attempt to insert RDMA exthdr twice - net: mana: Fix TX CQE error handling {CVE-2023-52532} - net/mlx5: Stop waiting for PCI if pci channel is offline - rds: ib: Fix racy send affinity work cancellation - rds: ib: Make traffic_class visible to user-space - rds: ib: Remove incorrect update of the path record sl and qos_class fields - net: core: reject skb_copy(_expand) for fraglist GSO skbs {CVE-2024-36929} - udp: do not accept non-tunnel GSO skbs landing in a tunnel {CVE-2024-35884} - udp: never accept GSO_FRAGLIST packets - udp: initialize is_flist with 0 in udp_gro_receive - ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494} - sched: sch_cake: add bounds checks to host bulk flow fairness counts {CVE-2025-21647} - udf: Fix use of check_add_overflow() with mixed type arguments - x86/xen: allow larger contiguous memory regions in PV guests - xen: remove a confusing comment on auto-translated guest I/O - ALSA: hda/realtek: Fixup ALC225 depop procedure - ALSA: hda/realtek - Add type for ALC287 - net: loopback: Avoid sending IP packets without an Ethernet header - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() - ocfs2: fix incorrect CPU endianness conversion causing mount failure - Revert "btrfs: avoid monopolizing a core when activating a swap file" - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc {CVE-2024-58009} - rds: Make sure transmit path and connection tear-down does not run concurrently - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() - LTS tag: v5.4.290 - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals - drm/v3d: Assign job pointer to NULL before signaling the fence {CVE-2025-21688} - Input: xpad - add support for wooting two he (arm) - Input: xpad - add unofficial Xbox 360 wireless receiver clone - Input: atkbd - map F23 key to support default copilot shortcut - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() - ext4: fix slab-use-after-free in ext4_split_extent_at() - ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path - vfio/platform: check the bounds of read/write syscalls {CVE-2025-21687} - net/xen-netback: prevent UAF in xenvif_flush_hash() {CVE-2024-49936} - net: xen-netback: hash.c: Use built-in RCU list checking - signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die - m68k: Add missing mmap_read_lock() to sys_cacheflush() - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request - ASoC: wm8994: Add depends on MFD core - net: fix data-races around sk->sk_forward_alloc {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() {CVE-2024-56631} - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly - fs/proc: fix softlockup in __read_vmcore (part 2) {CVE-2025-21694} - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks - nvmet: propagate npwg topology - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() - kheaders: Ignore silly-rename files - hfs: Sanity check the root record - mac802154: check local interfaces before deleting sdata list {CVE-2024-57948} - i2c: mux: demux-pinctrl: check initial mux selection, too - drm/v3d: Ensure job pointer is set to NULL after job completion {CVE-2025-21697} - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() - gtp: Destroy device along with udp socket's netns dismantle. {CVE-2025-21678} - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). - gtp: use exit_batch_rtnl() method - net: add exit_batch_rtnl() method - net: net_namespace: Optimize the code - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() - sctp: sysctl: rto_min/max: avoid using current->nsproxy - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv {CVE-2024-57892} - ocfs2: correct return value of ocfs2_local_free_info() - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider - phy: core: fix code style in devm_of_phy_provider_unregister - arm64: dts: rockchip: add hevc power domain clock to rk3328 - arm64: dts: rockchip: add #power-domain-cells to power domain nodes - arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 - arm64: dts: rockchip: fix defines in pd_vio node for rk3399 - iio: inkern: call iio_device_put() only on mapped devices - iio: adc: at91: call input_free_device() on allocated iio_dev {CVE-2024-57904} - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() - iio: gyro: fxas21002c: Fix missing data update in trigger handler - iio: adc: ti-ads8688: fix information leak in triggered buffer {CVE-2024-57906} - iio: imu: kmx61: fix information leak in triggered buffer {CVE-2024-57908} - iio: light: vcnl4035: fix information leak in triggered buffer {CVE-2024-57910} - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer - iio: pressure: zpa2326: fix information leak in triggered buffer {CVE-2024-57912} - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind {CVE-2024-57913} - usb: fix reference leak in usb_new_device() - USB: core: Disable LPM only for non-suspended ports - USB: usblp: return error when setting unsupported protocol - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null - USB: serial: cp210x: add Phoenix Contact UPS Device - usb-storage: Add max sectors quirk for Nokia 208 - staging: iio: ad9832: Correct phase range check - staging: iio: ad9834: Correct phase range check - USB: serial: option: add Neoway N723-EA support - USB: serial: option: add MeiG Smart SRM815 - drm/amd/display: increase MAX_SURFACES to the value supported by hw - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] - drm/amd/display: Add check for granularity in dml ceil/floor helpers {CVE-2024-57922} - sctp: sysctl: auth_enable: avoid using current->nsproxy - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy {CVE-2025-21640} - dm thin: make get_first_thin use rcu-safe list first function {CVE-2025-21664} - tls: Fix tls_sw_sendmsg error handling - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute {CVE-2025-21653} - tcp/dccp: allow a connection when sk_max_ack_backlog is zero - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog - net: 802: LLC+SNAP OID:PID lookup on start of skb data - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() - dm array: fix cursor index when skipping across block boundaries - dm array: fix unreleased btree blocks on closing a faulty array cursor - dm array: fix releasing a faulty array block twice in dm_array_cursor_end {CVE-2024-57929} - jbd2: flush filesystem device before updating tail sequence - Revert "NFSD: Limit the number of concurrent async COPY operations" - rds: ib: Avoid sleeping function inside RCU region by using sampled values instead - dm rq: don't queue request to blk-mq during DM suspend {CVE-2021-47498} - dm: rearrange core declarations for extended use from dm-zone.c - cgroup: Make operations on the cgroup root_list RCU safe - uek: kabi: Fix build error for HIDE_INCLUDE macro - oracleasm: Fix PI when use_logical_block_size is set - oracleasm: Add support for per-I/O block size selection - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() - io_uring: fix possible deadlock in io_register_iowq_max_workers() - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write {CVE-2024-53052} - io_uring: use kiocb_{start,end}_write() helpers - fs: create kiocb_{start,end}_write() helpers - io_uring: rename kiocb_end_write() local helper - io_uring/sqpoll: close race on waiting for sqring entries - io_uring/sqpoll: do not put cpumask on stack - io_uring/sqpoll: retain test for whether the CPU is valid - io_uring/sqpoll: do not allow pinning outside of cpuset - io_uring/io-wq: limit retrying worker initialisation - vfs: check dentry is still valid in get_link() - RDS: avoid queueing delayed work on an offlined cpu - NFSD: Limit the number of concurrent async COPY operations {CVE-2024-49974} - LTS tag: v5.4.289 - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() - drm: adv7511: Drop dsi single lane support - net/sctp: Prevent autoclose integer overflow in sctp_association_init() - sky2: Add device ID 11ab:4373 for Marvell 88E8075 - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking {CVE-2024-57889} - RDMA/uverbs: Prevent integer overflow issue {CVE-2024-57890} - modpost: fix the missed iteration for the max bit in do_input() - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host - ARC: build: Try to guess GCC variant of cross compiler - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base - net: usb: qmi_wwan: add Telit FE910C04 compositions - bpf: fix potential error return - sound: usb: format: don't warn that raw DSD is unsupported - wifi: mac80211: wake the queues in case of failure in resume - ila: serialize calls to nf_register_net_hooks() {CVE-2024-57900} - ALSA: usb-audio: US16x08: Initialize array before use - net: llc: reset skb->transport_header - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext {CVE-2024-54031} - netfilter: Replace zero-length array with flexible-array member - netrom: check buffer length before accessing it {CVE-2024-57802} - drm/bridge: adv7511_audio: Update Audio InfoFrame properly - drm: bridge: adv7511: Enable SPDIF DAI - RDMA/bnxt_re: Fix max_qp_wrs reported - RDMA/bnxt_re: Fix reporting hw_ver in query_device - RDMA/bnxt_re: Add check for path mtu in modify_qp - RDMA/mlx5: Enforce same type port association for multiport RoCE - net/mlx5: Make API mlx5_core_is_ecpf accept const pointer - IB/mlx5: Introduce and use mlx5_core_is_vf() - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet {CVE-2024-55916} - selinux: ignore unknown extended permissions {CVE-2024-57931} - ipv6: prevent possible UAF in ip6_xmit() {CVE-2024-44985} - skb_expand_head() adjust skb->truesize incorrectly - btrfs: avoid monopolizing a core when activating a swap file - tracing: Constify string literal data member in struct trace_event_call - bpf: fix recursive lock when verdict program return SK_PASS {CVE-2024-56694} - ipv6: fix possible UAF in ip6_finish_output2() - ipv6: use skb_expand_head in ip6_xmit - ipv6: use skb_expand_head in ip6_finish_output2 - skbuff: introduce skb_expand_head() - MIPS: Probe toolchain support of -msym32 - epoll: Add synchronous wakeup support for ep_poll_callback - virtio-blk: don't keep queue frozen during system suspend {CVE-2024-57946} - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF - regmap: Use correct format specifier for logging range errors - scsi: megaraid_sas: Fix for a potential deadlock {CVE-2024-57807} - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset - dmaengine: mv_xor: fix child node refcount handling in early exit - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy - phy: core: Fix that API devm_phy_put() fails to release the phy - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() - phy: core: Fix an OF node refcount leakage in _of_phy_get() - mtd: diskonchip: Cast an operand to prevent potential overflow - bpf: Check negative offsets in __bpf_skb_min_len() - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg {CVE-2024-56769} - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() - of: Fix error path in of_parse_phandle_with_args_map() - udmabuf: also check for F_SEAL_FUTURE_WRITE - nilfs2: prevent use of deleted inode {CVE-2024-53690} - NFS/pnfs: Fix a live lock between recalled layouts and layoutget - btrfs: tree-checker: reject inline extent items with 0 ref count - zram: refuse to use zero sized block device as backing device - sh: clk: Fix clk_enable() to return 0 on NULL clk - USB: serial: option: add Telit FE910C04 rmnet compositions - USB: serial: option: add MediaTek T7XX compositions - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready - USB: serial: option: add MeiG Smart SLM770A - USB: serial: option: add TCL IK512 MBIM & ECM - efivarfs: Fix error on non-existent file - i2c: riic: Always round-up when calculating bus period - chelsio/chtls: prevent potential integer overflow on 32bit - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk - netfilter: ipset: Fix for recursive locking warning - net: ethernet: bgmac-platform: fix an OF node reference leak - net: hinic: Fix cleanup in create_rxqs/txqs() - ionic: use ee->offset when returning sprom data - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll - erofs: fix incorrect symlink detection in fast symlink - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size - drm/i915: Fix memory leak by correcting cache object name in error handler - PCI: Add ACS quirk for Broadcom BCM5760X NIC - ALSA: usb: Fix UBSAN warning in parse_audio_unit() - PCI/AER: Disable AER service on suspend - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled - net: sched: fix ordering of qlen adjustment {CVE-2024-53164} - kpcimgr: fix flush_icache_range arguments - ftrace: use preempt_enable/disable notrace macros to avoid double fault - nfsd: restore callback functionality for NFSv4.0 - i2c: pnx: Fix timeout in wait functions - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() - af_packet: fix vlan_get_tci() vs MSG_PEEK {CVE-2024-57902} - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK {CVE-2024-57901} - mtd: rawnand: fix double free in atmel_pmecc_create_user() - Revert "xen/swiotlb: add alignment check for dma buffers" - vfio/iommu_type1: Fix some sanity checks in detach group - Revert "vfio/iommu_type1: Fix some sanity checks in detach group" - rds: ib: Avoid UAF on RDS Socket's rs_trans_lock - rds: ib: Fix blocked processes related to race in rds_rdma_free_dev_rs_worker() - rds: ib: Fix deterministic UAF in rds_rdma_free_dev_rs_worker() - Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage" - LTS tag: v5.4.288 - ALSA: usb-audio: Fix a DMA to stack memory bug - xen/netfront: fix crash when removing device {CVE-2024-53240} - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() - blk-iocost: fix weight updates of inner active iocgs - blk-iocost: clamp inuse and skip noops in __propagate_weights() - ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired - net/sched: netem: account for backlog updates from child qdisc {CVE-2024-56770} - qca_spi: Make driver probing reliable - qca_spi: Fix clock speed for multiple QCA7000 - ACPI: resource: Fix memory resource type union access - net: lapb: increase LAPB_HEADER_LEN {CVE-2024-56659} - tipc: fix NULL deref in cleanup_bearer() {CVE-2024-56661} - batman-adv: Do not let TT changes list grows indefinitely - batman-adv: Remove uninitialized data in full table TT response - batman-adv: Do not send uninitialized TT changes - bpf, sockmap: Fix update element with same - xfs: don't drop errno values when we fail to ficlone the entire range - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer - usb: ehci-hcd: fix call balance of clocks handling routines - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() - usb: host: max3421-hcd: Correctly abort a USB request. - LTS tag: v5.4.287 - bpf, xdp: Update devmap comments to reflect napi/rcu usage - ALSA: usb-audio: Fix out of bounds reads when finding clock sources {CVE-2024-53150} - PCI: rockchip-ep: Fix address translation unit programming - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" - modpost: Add .irqentry.text to OTHER_SECTIONS - jffs2: Fix rtime decompressor - jffs2: Prevent rtime decompress memory corruption {CVE-2024-57850} - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* - perf/x86/intel/pt: Fix buffer full but size is 0 case - bpf: fix OOB devmap writes when deleting elements {CVE-2024-56615} - xdp: Simplify devmap cleanup - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle - powerpc/prom_init: Fixup missing powermac #size-cells {CVE-2024-56781} - usb: chipidea: udc: handle USB Error Interrupt if IOC not set - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock - PCI: Add ACS quirk for Wangxun FF5xxx NICs - PCI: Add 'reset_subordinate' to reset hierarchy below bridge - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. {CVE-2024-56586} - nvdimm: rectify the illogical code within nd_dax_probe() - pinctrl: qcom-pmic-gpio: add support for PM8937 - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset - scsi: st: Don't modify unknown block number in MTIOCGET - leds: class: Protect brightness_show() with led_cdev->led_access mutex - tracing: Use atomic64_inc_return() in trace_clock_counter() - netpoll: Use rcu_access_pointer() in __netpoll_setup - net/neighbor: clear error in case strict check is not set - rocker: fix link status detection in rocker_carrier_init() - ASoC: hdmi-codec: reorder channel allocation list - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() - wifi: ipw2x00: libipw_rx_any(): fix bad alignment - drm/amdgpu: set the right AMDGPU sg segment limitation {CVE-2024-56594} - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree {CVE-2024-56595} - jfs: fix array-index-out-of-bounds in jfs_readdir {CVE-2024-56596} - jfs: fix shift-out-of-bounds in dbSplit {CVE-2024-56597} - jfs: array-index-out-of-bounds fix in dtReadFirst {CVE-2024-56598} - wifi: ath5k: add PCI ID for Arcadyan devices - wifi: ath5k: add PCI ID for SX76X - net: inet6: do not leave a dangling sk pointer in inet6_create() {CVE-2024-40954} - net: inet: do not leave a dangling sk pointer in inet_create() {CVE-2024-40954} - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() {CVE-2024-40954} - net: af_can: do not leave a dangling sk pointer in can_create() {CVE-2024-40954} - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() - af_packet: avoid erroring out after sock_init_data() in packet_create() {CVE-2024-40954} - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() - net: ethernet: fs_enet: Use %pa to format resource_size_t - net: fec_mpc52xx_phy: Use %pa to format resource_size_t - samples/bpf: Fix a resource leak - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() - drm/mcde: Enable module autoloading - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera - s390/cpum_sf: Handle CPU hotplug remove during sampling {CVE-2024-57849} - mmc: core: Further prevent card detect during shutdown - regmap: detach regmap from dev on regmap_exit - dma-buf: fix dma_fence_array_signaled v4 - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again {CVE-2024-48881} - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() {CVE-2024-56619} - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts - scsi: qla2xxx: Fix NVMe and NPIV connect issue - ocfs2: update seq_file index in ocfs2_dlm_seq_next - tracing: Fix cmp_entries_dup() to respect sort() comparison rules - HID: wacom: fix when get product name maybe null pointer {CVE-2024-56629} - bpf: Fix exact match conditions in trie_get_next_key() - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie - ocfs2: free inode when ocfs2_get_init_inode() fails {CVE-2024-56630} - spi: mpc52xx: Add cancel_work_sync before module remove {CVE-2024-50051} - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg {CVE-2024-56633} - drm/sti: Add __iomem for mixer_dbg_mxn's parameter - gpio: grgpio: Add NULL check in grgpio_probe {CVE-2024-56634} - gpio: grgpio: use a helper variable to store the address of ofdev->dev - crypto: x86/aegis128 - access 32-bit arguments as 32-bit - x86/asm: Reorder early variables - xen: Fix the issue of resource not being properly released in xenbus_dev_probe() - xen/xenbus: fix locking - xenbus/backend: Protect xenbus callback with lock - xenbus/backend: Add memory pressure handler callback - xen/xenbus: reference count registered modules - netfilter: nft_set_hash: skip duplicated elements pending gc run - netfilter: ipset: Hold module reference while requesting a module {CVE-2024-56637} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - net/qed: allow old cards not supporting "num_images" to work - tipc: Fix use-after-free of kernel socket in cleanup_bearer(). {CVE-2024-56642} - tipc: add new AEAD key structure for user API - tipc: enable creating a "preliminary" node - tipc: add reference counter to bearer - dccp: Fix memory leak in dccp_feat_change_recv {CVE-2024-56643} - can: j1939: j1939_session_new(): fix skb reference counting {CVE-2024-56645} - net/sched: tbf: correct backlog statistic for GSO packets - netfilter: x_tables: fix LED ID check in led_tg_check() {CVE-2024-56650} - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() {CVE-2024-53680} - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call - drm/etnaviv: flush shader L1 cache after user commandstream - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur {CVE-2024-56779} - nfsd: make sure exp active before svc_export_show {CVE-2024-56558} - dm thin: Add missing destroy_work_on_stack() - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() - util_macros.h: fix/rework find_closest() macros - ad7780: fix division by zero in ad7780_write_raw() {CVE-2024-56567} - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 - ftrace: Fix regression with module command in stack_trace_filter {CVE-2024-56569} - ovl: Filter invalid inodes with missing lookup function {CVE-2024-56570} - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled - media: ts2020: fix null-ptr-deref in ts2020_probe() {CVE-2024-56574} - media: i2c: tc358743: Fix crash in the probe error path when using polling - btrfs: ref-verify: fix use-after-free after invalid ref action {CVE-2024-56581} - quota: flush quota_release_work upon quota writeback {CVE-2024-56780} - ASoC: fsl_micfil: fix the naming style for mask definition - sh: intc: Fix use-after-free bug in register_intc_controller() - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport {CVE-2024-56688} - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE - SUNRPC: correct error code comment in xs_tcp_setup_socket() - modpost: remove incorrect code in do_eisa_entry() - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification - 9p/xen: fix release of IRQ {CVE-2024-56704} - 9p/xen: fix init sequence - block: return unsigned int from bdev_io_min - jffs2: fix use of uninitialized variable - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit - ubi: fastmap: Fix duplicate slab cache names while attaching {CVE-2024-53172} - ubifs: Correct the total block count by deducting journal reservation - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() {CVE-2024-56739} - rtc: abx80x: Fix WDT bit position of the status register - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() - NFSv4.0: Fix a use-after-free problem in the asynchronous open() - um: Always dump trace for specified task in show_stack - um: Clean up stacktrace dump - um: add show_stack_loglvl() - um/sysrq: remove needless variable sp - um: Fix the return value of elf_core_copy_task_fpregs - um: Fix potential integer overflow during physmem setup {CVE-2024-53145} - rpmsg: glink: Propagate TX failures in intentless mode as well - SUNRPC: make sure cache entry active before cache_show {CVE-2024-53174} - NFSD: Prevent a potential integer overflow {CVE-2024-53146} - lib: string_helpers: silence snprintf() output truncation warning - usb: dwc3: gadget: Fix checking for number of TRBs left - ALSA: hda/realtek: Apply quirk for Medion E15433 - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max - ALSA: hda/realtek: Set PCBeep to default value for ALC274 - ALSA: hda/realtek: Update ALC225 depop procedure - media: wl128x: Fix atomicity violation in fmc_send_cmd() {CVE-2024-56700} - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values - block: fix ordering between checking BLK_MQ_S_STOPPED request adding - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled - sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK - um: vector: Do not use drvdata in release {CVE-2024-53181} - serial: 8250: omap: Move pm_runtime_get_sync - um: net: Do not use drvdata in release {CVE-2024-53183} - um: ubd: Do not use drvdata in release {CVE-2024-53184} - ubi: wl: Put source PEB into correct list if trying locking LEB failed - spi: Fix acpi deferred irq probe - netfilter: ipset: add missing range check in bitmap_ip_uadt {CVE-2024-53141} - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" - serial: sh-sci: Clean sci_ports[0] after at earlycon exit - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler - comedi: Flush partial mappings in error case {CVE-2024-53148} - PCI: Fix use-after-free of slot->bus on hot remove {CVE-2024-53194} - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() - jfs: xattr: check invalid xattr size more strictly - ext4: fix FS_IOC_GETFSMAP handling - ext4: supress data-race warnings in ext4_free_inodes_{count,set}() - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() - usb: ehci-spear: fix call balance of sehci clk handling routines - apparmor: fix 'Do simple duplicate message elimination' - staging: greybus: uart: clean up TIOCGSERIAL - misc: apds990x: Fix missing pm_runtime_disable() - USB: chaoskey: Fix possible deadlock chaoskey_list_lock - USB: chaoskey: fail open after removal - usb: yurex: make waiting on yurex_write interruptible - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() - ipmr: fix tables suspicious RCU usage - ipmr: convert /proc handlers to rcu_read_lock() - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken - marvell: pxa168_eth: fix call balance of pep->clk handling routines - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device - power: supply: core: Remove might_sleep() from power_supply_put() - vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214} - NFSD: Fix nfsd4_shutdown_copy() - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length - rpmsg: glink: Fix GLINK command prefix - rpmsg: glink: Send READ_NOTIFY command in FIFO full case - rpmsg: glink: Add TX_DATA_CONT command while sending - perf trace: Avoid garbage when not printing a syscall's arguments - perf trace: Do not lose last events in a race - m68k: coldfire/device.c: only build FEC when HW macros are defined - m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x - PCI: cpqphp: Fix PCIBIOS_* return value confusion - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads - perf probe: Correct demangled symbols in C++ program - perf cs-etm: Don't flush when packet_queue fills up - clk: clk-axi-clkgen: make sure to enable the AXI bus clock - clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand - dt-bindings: clock: axi-clkgen: include AXI clk - dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() - fbdev/sh7760fb: Alloc DMA memory from hardware device - powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static - ocfs2: fix uninitialized value in ocfs2_file_read_iter() - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() - scsi: fusion: Remove unused variable 'rc' - scsi: bfa: Fix use-after-free in bfad_im_module_exit() - mfd: rt5033: Fix missing regmap_del_irq_chip() - mtd: rawnand: atmel: Fix possible memory leak - cpufreq: loongson2: Unregister platform_driver on failure - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices {CVE-2024-56723} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device {CVE-2024-56724} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device {CVE-2024-56691} - mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() - mfd: da9052-spi: Change read-mask to write-mask - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race - trace/trace_event_perf: remove duplicate samples on the first tracepoint event - netpoll: Use rcu_access_pointer() in netpoll_poll_lock - ALSA: 6fire: Release resources at card release {CVE-2024-53239} - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection {CVE-2024-56531} - ALSA: us122l: Use snd_card_free_when_closed() at disconnection {CVE-2024-56532} - net: rfkill: gpio: Add check for clk_enable() - selftests: net: really check for bg process completion - bpf, sockmap: Fix sk_msg_reset_curr - bpf, sockmap: Several fixes to bpf_msg_pop_data {CVE-2024-56720} - bpf, sockmap: Several fixes to bpf_msg_push_data - drm/etnaviv: hold GPU lock across perfmon sampling - drm/etnaviv: fix power register offset on GC300 - drm/etnaviv: dump: fix sparse warnings - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() - drm/panfrost: Remove unused id_mask from struct panfrost_model - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() - bpf: Fix the xdp_adjust_tail sample prog issue - ASoC: fsl_micfil: fix regmap_write_bits usage - ASoC: fsl_micfil: use GENMASK to define register bit fields - ASoC: fsl_micfil: do not define SHIFT/MASK for single bits - ASoC: fsl_micfil: Drop unnecessary register read - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() - drm/omap: Fix locking in omap_gem_new_dmabuf() - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() {CVE-2024-53156} - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware {CVE-2024-53157} - regmap: irq: Set lockdep class for hierarchical IRQ domains - ARM: dts: cubieboard4: Fix DCDC5 regulator constraints - tpm: fix signed/unsigned bug when checking event logs - efi/tpm: Pass correct address to memblock_reserve - mmc: mmc_spi: drop buggy snprintf() - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() - time: Fix references to _msecs_to_jiffies() handling of values - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() - crypto: bcm - add error check in the ahash_hmac_init function {CVE-2024-56681} - crypto: cavium - Fix the if condition to exit loop after timeout - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY - EDAC/fsl_ddr: Fix bad bit shift operations - EDAC/bluefield: Fix potential integer overflow {CVE-2024-53161} - firmware: google: Unregister driver_info on failure - firmware: google: Unregister driver_info on failure and exit in gsmi - hfsplus: don't query the device logical block size multiple times {CVE-2024-56548} - s390/syscalls: Avoid creation of arch/arch/ directory - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() - m68k: mvme147: Reinstate early console - m68k: mvme16x: Add and use "mvme16x.h" - m68k: mvme147: Fix SCSI controller IRQ numbers - nvme-pci: fix freeing of the HMB descriptor table {CVE-2024-56756} - initramfs: avoid filename buffer overrun {CVE-2024-53142} - mips: asm: fix warning when disabling MIPS_FP_SUPPORT - x86/xen/pvh: Annotate indirect branch as safe - nvme: fix metadata handling in nvme-passthrough - cifs: Fix buffer overflow when parsing NFS reparse points {CVE-2024-49996} - ipmr: Fix access to mfc_cache_list without lock held - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() - regulator: rk808: Add apply_bit for BUCK3 on RK809 - soc: qcom: Add check devm_kasprintf() returned value - net: usb: qmi_wwan: add Quectel RG650V - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 - selftests/watchdog-test: Fix system accidentally reset after watchdog-test - mac80211: fix user-power when emulating chanctx - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet - kbuild: Use uname for LINUX_COMPILE_HOST detection - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint {CVE-2024-53130} - ocfs2: fix UBSAN warning in ocfs2_verify_volume() - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint {CVE-2024-53131} - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN - ocfs2: uncache inode which has failed entering the group {CVE-2024-53112} - net/mlx5e: kTLS, Fix incorrect page refcounting {CVE-2024-53138} - net/mlx5: fs, lock FTE when checking if active {CVE-2024-53121} - netlink: terminate outstanding dump on socket close {CVE-2024-53140} - LTS tag: v5.4.286 - 9p: fix slab cache name creation for real - md/raid10: improve code of mrdev in raid10_sync_request - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition - fs: Fix uninitialized value issue in from_kuid and from_kgid {CVE-2024-53101} - powerpc/powernv: Free name on error in opal_event_init() - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML - bpf: use kvzmalloc to allocate BPF verifier environment - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad - 9p: Avoid creating multiple slab caches with the same name - ALSA: usb-audio: Add endianness annotations - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans {CVE-2024-50264} - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer {CVE-2024-53103} - ftrace: Fix possible use-after-free issue in ftrace_location() {CVE-2024-38588} - NFSD: Fix NFSv4's PUTPUBFH operation - ALSA: usb-audio: Add quirks for Dell WD19 dock - ALSA: usb-audio: Support jack detection on Dell dock - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() - irqchip/gic-v3: Force propagation of the active state with a read-back - USB: serial: option: add Quectel RG650V - USB: serial: option: add Fibocom FG132 0x0112 composition - USB: serial: qcserial: add support for Sierra Wireless EM86xx - USB: serial: io_edgeport: fix use after free in debug printk {CVE-2024-50267} - usb: musb: sunxi: Fix accessing an released usb phy {CVE-2024-50269} - fs/proc: fix compile warning about variable 'vmcore_mmap_ops' - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format - net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538} - spi: fix use-after-free of the add_lock mutex {CVE-2021-47195} - spi: Fix deadlock when adding SPI controllers on SPI buses {CVE-2021-47469} - mtd: rawnand: protect access to rawnand devices while in suspend - btrfs: reinitialize delayed ref list after deleting it from the list {CVE-2024-50273} - nfs: Fix KMSAN warning in decode_getfattr_attrs() {CVE-2024-53066} - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow - dm cache: fix potential out-of-bounds access on the first resume {CVE-2024-50278} - dm cache: optimize dirty bit checking with find_next_bit when resizing - dm cache: fix out-of-bounds access to the dirty bitset when resizing {CVE-2024-50279} - dm cache: correct the number of origin blocks to match the target length - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() - pwm: imx-tpm: Use correct MODULO value for EPWM mode - media: v4l2-tpg: prevent the risk of a division by zero {CVE-2024-50287} - media: cx24116: prevent overflows on SNR calculus {CVE-2024-50290} - media: s5p-jpeg: prevent buffer overflows {CVE-2024-53061} - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() - media: adv7604: prevent underflow condition when reporting colorspace - media: dvb_frontend: don't play tricks with underflow values - media: dvbdev: prevent the risk of out of memory access {CVE-2024-53063} - media: stb0899_algo: initialize cfr before using it - net: hns3: fix kernel crash when uninstalling driver {CVE-2024-50296} - can: c_can: fix {rx,tx}_errors statistics - sctp: properly validate chunk size in sctp_sf_ootb() {CVE-2024-50299} - net: enetc: set MAC address to the VF net_device - enetc: simplify the return expression of enetc_vf_set_mac_addr() - security/keys: fix slab-out-of-bounds in key_task_permission - HID: core: zero-initialize the report buffer {CVE-2024-50302} - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin - ARM: dts: rockchip: Fix the spi controller on rk3036 - ARM: dts: rockchip: drop grf reference from rk3036 hdmi - ARM: dts: rockchip: fix rk3036 acodec node - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator - rds/ib: avoid scq/rcq polling during rds connection shutdown - RDMA/mlx5: Send UAR page index as ioctl attribute - RDMA: Pass entire uverbs attr bundle to create cq function - IB/uverbs: Enable CQ ioctl commands by default - tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" {CVE-2024-53127} - mm: revert "mm: shmem: fix data-race in shmem_getattr()" - net/ipv6: release expired exception dst cached in socket {CVE-2024-56644} - Revert "unicode: Don't special case ignorable code points" - powerpc/vdso: Flag VDSO64 entry points as functions - Revert "usb: gadget: composite: fix OS descriptors w_value logic" - rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 - rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation - rds: rds_message_alloc() needlessly zeroes m_used_sgs - rds: tracepoint in rds_receive_csum_err() prints pointless information - rds: rds_inc_init() should initialize the inc->i_conn_path field - rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption - md/raid10: fix task hung in raid10d - md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() - md/raid10: avoid deadlock on recovery. - arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. - net/rds: report pending-messages count in RDS_INQ response - net/rds: Introduce RDS-INQ feature to RDS protocol - net/rds: Supporting SIOCOUTQ to read pending sends - mm/memory-failure: pass the folio and the page to collect_procs() - KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD - KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding - objtool: Default ignore INT3 for unreachable - x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled - x86/msr: Add functions to set/clear the bit of an MSR on all cpus Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- sctp: sysctl: auth_enable: avoid using current->nsproxy - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy {CVE-2025-21640} - bpf: Use preempt_count() directly in bpf_send_signal_common() - Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" - jfs: fix slab-out-of-bounds read in ea_get() - serial: 8250_dma: terminate correct DMA in tx_dma_flush() - Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" - net: usb: usbnet: restore usb%d name exception for local mac addresses - vlan: fix memory leak in vlan_newlink() {CVE-2022-49636} - rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity - LTS tag: v5.4.291 - eeprom: digsy_mtc: Make GPIO lookup table match the device - slimbus: messaging: Free transaction ID in delayed interrupt scenario {CVE-2025-21914} - intel_th: pci: Add Panther Lake-P/U support - intel_th: pci: Add Panther Lake-H support - intel_th: pci: Add Arrow Lake support - Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982} - xhci: pci: Fix indentation in the PCI device ID definitions - usb: gadget: Check bmAttributes only if configuration is valid - usb: gadget: Fix setting self-powered state on suspend - usb: gadget: Set self-powered based on MaxPower and bmAttributes - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality - usb: typec: ucsi: increase timeout for PPM reset operations - usb: atm: cxacru: fix a flaw in existing endpoint checks {CVE-2025-21916} - usb: renesas_usbhs: Flush the notify_hotplug_work {CVE-2025-21917} - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader - usb: renesas_usbhs: Use devm_usb_get_phy() - usb: renesas_usbhs: Call clk_put() - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" - gpio: rcar: Fix missing of_node_put() call - net: ipv6: fix missing dst ref drop in ila lwtunnel - net: ipv6: fix dst ref loop in ila lwtunnel - net-timestamp: support TCP GSO case for a few missing flags - vlan: enforce underlying device type {CVE-2025-21920} - ppp: Fix KMSAN uninit-value warning with bpf {CVE-2025-21922} - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink - drm/sched: Fix preprocessor guard - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() - llc: do not use skb_get() before dev_queue_xmit() {CVE-2025-21925} - hwmon: (ad7314) Validate leading zero bits and return error - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table - hwmon: (pmbus) Initialise page count in pmbus_identify() - caif_virtio: fix wrong pointer check in cfv_probe() {CVE-2025-21904} - net: gso: fix ownership in __udp_gso_segment {CVE-2025-21926} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928} - HID: google: fix unused variable warning under !CONFIG_ACPI - wifi: iwlwifi: limit printed string from FW file {CVE-2025-21905} - mm/page_alloc: fix uninitialized variable - rapidio: fix an API misues when rio_add_net() fails {CVE-2025-21934} - rapidio: add check for rio_add_net() in rio_scan_alloc_net() - wifi: nl80211: reject cooked mode if it is set along with other flags {CVE-2025-21909} - wifi: cfg80211: regulatory: improve invalid hints checking {CVE-2025-21910} - x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 - x86/cpu: Validate CPUID leaf 0x2 EDX output - x86/cacheinfo: Validate CPUID leaf 0x2 EDX output - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M - ALSA: hda/realtek: update ALC222 depop optimize - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist - HID: appleir: Fix potential NULL dereference at raw event handle {CVE-2025-21948} - Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" - drm/amdgpu: disable BAR resize on Dell G5 SE - drm/amdgpu: Check extended configuration space register when system uses large bar - drm/amdgpu: skip BAR resizing if the bios already did it - acct: perform last write from workqueue {CVE-2025-21846} - kernel/acct.c: use dedicated helper to access rlimit values - kernel/acct.c: use #elif instead of #end and #elif - drop_monitor: fix incorrect initialization order {CVE-2025-21862} - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702} - sched/core: Prevent rescheduling when interrupts are disabled {CVE-2024-58090} - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk - phy: tegra: xusb: reset VBUS & ID OVERRIDE - usbnet: gl620a: fix endpoint checking in genelink_bind() {CVE-2025-21877} - perf/core: Fix low freq setting via IOC_PERIOD - ftrace: Avoid potential division by zero in function_stat_show() - x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. - ipvs: Always clear ipvs_property flag in skb_scrub_packet() - ASoC: es8328: fix route from DAC to output - net: cadence: macb: Synchronize stats calculations - sunrpc: suppress warnings for unused procfs functions - batman-adv: Drop unmanaged ELP metric worker {CVE-2025-21823} - batman-adv: Ignore neighbor throughput metrics in error case - acct: block access to kernel internal filesystems - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() {CVE-2025-21848} - tee: optee: Fix supplicant wait loop {CVE-2025-21871} - power: supply: da9150-fg: fix potential overflow - flow_dissector: Fix port range key handling in BPF conversion - flow_dissector: Fix handling of mixed port and port-range keys - net: extract port range fields from fl_flow_key - geneve: Suppress list corruption splat in geneve_destroy_tunnels(). - geneve: Fix use-after-free in geneve_find_dev(). {CVE-2025-21858} - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h - USB: gadget: f_midi: f_midi_complete to call queue_work {CVE-2025-21859} - usb/gadget: f_midi: Replace tasklet with work - usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API - usb: dwc3: Fix timeout issue during controller enter/exit from halt state - usb: dwc3: Increase DWC3 controller halt timeout - memcg: fix soft lockup in the OOM process {CVE-2024-57977} - mm: update mark_victim tracepoints fields - crypto: testmgr - some more fixes to RSA test vectors - crypto: testmgr - populate RSA CRT parameters in RSA test vectors - crypto: testmgr - fix version number of RSA tests - crypto: testmgr - Fix wrong test case of RSA - crypto: testmgr - fix wrong key length for pkcs1pad - driver core: bus: Fix double free in driver API bus_register() {CVE-2024-50055} - scsi: storvsc: Set correct data length for sending SCSI command without payload - vlan: move dev_put into vlan_dev_uninit - vlan: introduce vlan_dev_free_egress_priority - pps: Fix a use-after-free {CVE-2024-57979} - btrfs: avoid monopolizing a core when activating a swap file - x86/i8253: Disable PIT timer 0 when not in use - parport_pc: add support for ASIX AX99100 - serial: 8250_pci: add support for ASIX AX99100 - can: ems_pci: move ASIX AX99100 ids to pci_ids.h - nilfs2: protect access to buffers with no active references {CVE-2025-21811} - nilfs2: do not force clear folio if buffer is referenced {CVE-2025-21722} - nilfs2: do not output warnings when clearing dirty buffers - alpha: replace hardcoded stack offsets with autogenerated ones - ndisc: extend RCU protection in ndisc_send_skb() {CVE-2025-21760} - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() - arp: use RCU protection in arp_xmit() {CVE-2025-21762} - neighbour: use RCU protection in __neigh_notify() {CVE-2025-21763} - neighbour: delete redundant judgment statements - ndisc: use RCU protection in ndisc_alloc_skb() {CVE-2025-21764} - ipv6: use RCU protection in ip6_default_advmss() {CVE-2025-21765} - ipv4: use RCU protection in inet_select_addr() - ipv4: use RCU protection in rt_is_expired() - net: add dev_net_rcu() helper - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() - regmap-irq: Add missing kfree() - partitions: mac: fix handling of bogus partition table {CVE-2025-21772} - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock - alpha: align stack for page fault and user unaligned trap handlers - serial: 8250: Fix fifo underflow on flush - alpha: make stack 16-byte aligned (most cases) - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero - can: c_can: fix unbalanced runtime PM disable in error path - USB: serial: option: drop MeiG Smart defines - USB: serial: option: fix Telit Cinterion FN990A name - USB: serial: option: add Telit Cinterion FN990B compositions - USB: serial: option: add MeiG Smart SLM828 - usb: cdc-acm: Fix handling of oversized fragments - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk - USB: hub: Ignore non-compliant devices with too many configs or interfaces {CVE-2025-21776} - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths {CVE-2025-21835} - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI - usb: dwc2: gadget: remove of_node reference upon udc_stop - usb: gadget: udc: renesas_usb3: Fix compiler warning - usb: roles: set switch registered flag early on - batman-adv: fix panic during interface removal {CVE-2025-21781} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V - orangefs: fix a oob in orangefs_debug_write {CVE-2025-21782} - Grab mm lock before grabbing pt lock - vfio/pci: Enable iowrite64 and ioread64 for vfio pci - media: cxd2841er: fix 64-bit division on gcc-9 - gpio: bcm-kona: Add missing newline to dev_err format string - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array {CVE-2025-21785} - team: better TEAM_OPTION_TYPE_STRING validation {CVE-2025-21787} - vrf: use RCU protection in l3mdev_l3_out() {CVE-2025-21791} - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() - HID: multitouch: Add NULL check in mt_input_configured - ocfs2: check dir i_size in ocfs2_find_entry - MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static - ptp: Ensure info->enable callback is always set {CVE-2025-21814} - net/ncsi: wait for the last response to Deselect Package before configuring channel - misc: fastrpc: Fix registered buffer page address - mtd: onenand: Fix uninitialized retlen in do_otp_read() - NFC: nci: Add bounds checking in nci_hci_create_pipe() - nilfs2: fix possible int overflows in nilfs_fiemap() {CVE-2025-21736} - ocfs2: handle a symlink read error correctly {CVE-2024-58001} - vfio/platform: check the bounds of read/write syscalls {CVE-2025-21687} - nvmem: core: improve range check for nvmem_cell_write() - crypto: qce - unregister previously registered algos in error path - crypto: qce - fix goto jump in error path - media: uvcvideo: Remove redundant NULL assignment - media: uvcvideo: Fix event flags in uvc_ctrl_send_events - media: ov5640: fix get_light_freq on auto - soc: qcom: smem_state: fix missing of_node_put in error path - kbuild: Move -Wenum-enum-conversion to W=2 - powerpc/pseries/eeh: Fix get PE state translation - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use - serial: sh-sci: Drop __initdata macro for port_cfg - soc: qcom: socinfo: Avoid out of bounds read of serial number {CVE-2024-58007} - usb: gadget: f_tcm: Don't prepare BOT write request twice - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint - usb: gadget: f_tcm: Decrement command ref count on cleanup - usb: gadget: f_tcm: Translate error to sense - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() {CVE-2025-21744} - HID: hid-sensor-hub: don't use stale platform-data on remove - of: reserved-memory: Fix using wrong number of cells to get property 'alignment' - of: Fix of_find_node_opts_by_path() handling of alias+path+options - of: Correct child specifier used as input of the 2nd nexus node - perf bench: Fix undefined behavior in cmpworker() - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate - clk: qcom: clk-alpha-pll: fix alpha mode configuration - drm/komeda: Add check for komeda_get_layer_fourcc_list() - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() {CVE-2024-58083} - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma - binfmt_flat: Fix integer overflow bug on 32 bit systems {CVE-2024-58010} - m68k: vga: Fix I/O defines - s390/futex: Fix FUTEX_OP_ANDN implementation - leds: lp8860: Write full EEPROM, not only half of it - cpufreq: s3c64xx: Fix compilation warning - tun: revert fix group permission check - net: rose: lock the socket in rose_bind() {CVE-2025-21749} - udp: gso: do not drop small packets when PMTU reduces - tg3: Disable tg3 PCIe AER on system reboot - gpu: drm_dp_cec: fix broken CEC adapter properties check - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry - nvme: handle connectivity loss in nvme_set_queue_count - usb: xhci: Fix NULL pointer dereference on certain command aborts {CVE-2024-57981} - usb: xhci: Add timeout argument in address_device USB HCD callback - net: usb: rtl8150: enable basic endpoint checking {CVE-2025-21708} - net: usb: rtl8150: use new tasklet API - tasklet: Introduce new initialization API - kbuild: userprogs: use correct lld when linking through clang - media: uvcvideo: Remove dangling pointers {CVE-2024-58002} - media: uvcvideo: Only save async fh if success - nilfs2: handle errors that nilfs_prepare_chunk() may return {CVE-2025-21721} - nilfs2: eliminate staggered calls to kunmap in nilfs_rename - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link - spi-mxs: Fix chipselect glitch - x86/mm: Don't disable PCID when INVLPG has been fixed by microcode - APEI: GHES: Have GHES honor the panic= setting - HID: Wacom: Add PCI Wacom device support - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id - tomoyo: don't emit warning in tomoyo_write_control() {CVE-2024-58085} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() - mmc: core: Respect quirk_max_rate for non-UHS SDIO card - tun: fix group permission check - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX {CVE-2024-58017} - x86/amd_nb: Restrict init function to AMD-based systems - sched: Don't try to catch up excess steal time. - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling - btrfs: fix use-after-free when attempting to join an aborted transaction {CVE-2025-21753} - btrfs: output the reason for open_ctree() failure - usb: gadget: f_tcm: Don't free command immediately {CVE-2024-58055} - media: uvcvideo: Fix double free in error path {CVE-2024-57980} - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE - drivers/card_reader/rtsx_usb: Restore interrupt based detection - ktest.pl: Check kernelrelease return in get_version - NFSD: Reset cb_seq_status after NFS4ERR_DELAY - hexagon: Fix unbalanced spinlock in die() - hexagon: fix using plain integer as NULL pointer warning in cmpxchg - genksyms: fix memory leak when the same symbol is read from *.symref file - genksyms: fix memory leak when the same symbol is added from source - net: sh_eth: Fix missing rtnl lock in suspend/resume path - vsock: Allow retrying on connect() failure - perf trace: Fix runtime error of index out of bounds - net: davicom: fix UAF in dm9000_drv_remove {CVE-2025-21715} - net: rose: fix timer races against user threads {CVE-2025-21718} - PM: hibernate: Add error handling for syscore_suspend() - ipmr: do not call mr_mfc_uses_dev() for unres entries {CVE-2025-21719} - net: fec: implement TSO descriptor cleanup - ubifs: skip dumping tnc tree when zroot is null {CVE-2024-58058} - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read {CVE-2024-58069} - dmaengine: ti: edma: fix OF node reference leaks in edma_driver - module: Extend the preempt disabled section in dereference_symbol_descriptor(). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() - media: uvcvideo: Propagate buf->error to userspace - media: camif-core: Add check for clk_enable() - media: mipi-csis: Add check for clk_enable() - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() - media: lmedm04: Handle errors for lme2510_int_read - media: lmedm04: Use GFP_KERNEL for URB allocation/submission. - media: rc: iguanair: handle timeouts - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() - ARM: dts: mediatek: mt7623: fix IR nodename - arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names - arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property - rdma/cxgb4: Prevent potential integer overflow on 32bit {CVE-2024-57973} - RDMA/mlx4: Avoid false error about access to uninitialized gids array - bpf: Send signals asynchronously if !preemptible {CVE-2025-21728} - perf report: Fix misleading help message about --demangle - perf top: Don't complain about lack of vmlinux when not resolving some kernel samples - padata: fix sysfs store callback check - ktest.pl: Remove unused declarations in run_bisect_test function - perf header: Fix one memory leakage in process_bpf_prog_info() - perf header: Fix one memory leakage in process_bpf_btf() - ASoC: sun4i-spdif: Add clock multiplier settings - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind - net: sched: Disallow replacing of child qdisc from one parent to another {CVE-2025-21700} - net/mlxfw: Drop hard coded max FW flash image size - net: let net.core.dev_weight always be non-zero {CVE-2025-21806} - clk: analogbits: Fix incorrect calculation of vco rate delta - selftests: harness: fix printing of mismatch values in __EXPECT() - selftests/harness: Display signed values correctly - wifi: wlcore: fix unbalanced pm_runtime calls - regulator: of: Implement the unwind path of of_regulator_match() - team: prevent adding a device which is already a team device lower {CVE-2024-58071} - cpupower: fix TSC MHz calculation - wifi: rtlwifi: pci: wait for firmware loading before releasing memory - wifi: rtlwifi: fix memory leaks and invalid access at probe error path {CVE-2024-58063} - wifi: rtlwifi: remove unused check_buddy_priv {CVE-2024-58072} - wifi: rtlwifi: remove unused dualmac control leftovers - wifi: rtlwifi: remove unused timer and related code - rtlwifi: replace usage of found with dedicated list iterator variable - dt-bindings: mmc: controller: clarify the address-cells description - wifi: rtlwifi: usb: fix workqueue leak when probe fails - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step - rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg - wifi: rtlwifi: do not complete firmware loading needlessly - ipmi: ipmb: Add check devm_kasprintf() returned value {CVE-2024-58051} - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table - drm/etnaviv: Fix page property being used for non writecombine buffers - partitions: ldm: remove the initial kernel-doc notation - nbd: don't allow reconnect after disconnect {CVE-2025-21731} - afs: Fix directory format encoding struct - overflow: Allow mixed type arguments - overflow: Correct check_shl_overflow() comment - overflow: Add __must_check attribute to check_*() helpers - rds: ib: Do not attempt to insert RDMA exthdr twice - net: mana: Fix TX CQE error handling {CVE-2023-52532} - net/mlx5: Stop waiting for PCI if pci channel is offline - rds: ib: Fix racy send affinity work cancellation - rds: ib: Make traffic_class visible to user-space - rds: ib: Remove incorrect update of the path record sl and qos_class fields - net: core: reject skb_copy(_expand) for fraglist GSO skbs {CVE-2024-36929} - udp: do not accept non-tunnel GSO skbs landing in a tunnel {CVE-2024-35884} - udp: never accept GSO_FRAGLIST packets - udp: initialize is_flist with 0 in udp_gro_receive - ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494} - sched: sch_cake: add bounds checks to host bulk flow fairness counts {CVE-2025-21647} - udf: Fix use of check_add_overflow() with mixed type arguments - x86/xen: allow larger contiguous memory regions in PV guests - xen: remove a confusing comment on auto-translated guest I/O - ALSA: hda/realtek: Fixup ALC225 depop procedure - ALSA: hda/realtek - Add type for ALC287 - net: loopback: Avoid sending IP packets without an Ethernet header - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() - ocfs2: fix incorrect CPU endianness conversion causing mount failure - Revert "btrfs: avoid monopolizing a core when activating a swap file" - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc {CVE-2024-58009} - rds: Make sure transmit path and connection tear-down does not run concurrently - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() - LTS tag: v5.4.290 - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals - drm/v3d: Assign job pointer to NULL before signaling the fence {CVE-2025-21688} - Input: xpad - add support for wooting two he (arm) - Input: xpad - add unofficial Xbox 360 wireless receiver clone - Input: atkbd - map F23 key to support default copilot shortcut - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() - ext4: fix slab-use-after-free in ext4_split_extent_at() - ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path - vfio/platform: check the bounds of read/write syscalls {CVE-2025-21687} - net/xen-netback: prevent UAF in xenvif_flush_hash() {CVE-2024-49936} - net: xen-netback: hash.c: Use built-in RCU list checking - signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die - m68k: Add missing mmap_read_lock() to sys_cacheflush() - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request - ASoC: wm8994: Add depends on MFD core - net: fix data-races around sk->sk_forward_alloc {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() {CVE-2024-56631} - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly - fs/proc: fix softlockup in __read_vmcore (part 2) {CVE-2025-21694} - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks - nvmet: propagate npwg topology - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() - kheaders: Ignore silly-rename files - hfs: Sanity check the root record - mac802154: check local interfaces before deleting sdata list {CVE-2024-57948} - i2c: mux: demux-pinctrl: check initial mux selection, too - drm/v3d: Ensure job pointer is set to NULL after job completion {CVE-2025-21697} - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() - gtp: Destroy device along with udp socket's netns dismantle. {CVE-2025-21678} - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). - gtp: use exit_batch_rtnl() method - net: add exit_batch_rtnl() method - net: net_namespace: Optimize the code - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() - sctp: sysctl: rto_min/max: avoid using current->nsproxy - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv {CVE-2024-57892} - ocfs2: correct return value of ocfs2_local_free_info() - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider - phy: core: fix code style in devm_of_phy_provider_unregister - arm64: dts: rockchip: add hevc power domain clock to rk3328 - arm64: dts: rockchip: add #power-domain-cells to power domain nodes - arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 - arm64: dts: rockchip: fix defines in pd_vio node for rk3399 - iio: inkern: call iio_device_put() only on mapped devices - iio: adc: at91: call input_free_device() on allocated iio_dev {CVE-2024-57904} - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() - iio: gyro: fxas21002c: Fix missing data update in trigger handler - iio: adc: ti-ads8688: fix information leak in triggered buffer {CVE-2024-57906} - iio: imu: kmx61: fix information leak in triggered buffer {CVE-2024-57908} - iio: light: vcnl4035: fix information leak in triggered buffer {CVE-2024-57910} - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer - iio: pressure: zpa2326: fix information leak in triggered buffer {CVE-2024-57912} - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind {CVE-2024-57913} - usb: fix reference leak in usb_new_device() - USB: core: Disable LPM only for non-suspended ports - USB: usblp: return error when setting unsupported protocol - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null - USB: serial: cp210x: add Phoenix Contact UPS Device - usb-storage: Add max sectors quirk for Nokia 208 - staging: iio: ad9832: Correct phase range check - staging: iio: ad9834: Correct phase range check - USB: serial: option: add Neoway N723-EA support - USB: serial: option: add MeiG Smart SRM815 - drm/amd/display: increase MAX_SURFACES to the value supported by hw - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] - drm/amd/display: Add check for granularity in dml ceil/floor helpers {CVE-2024-57922} - sctp: sysctl: auth_enable: avoid using current->nsproxy - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy {CVE-2025-21640} - dm thin: make get_first_thin use rcu-safe list first function {CVE-2025-21664} - tls: Fix tls_sw_sendmsg error handling - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute {CVE-2025-21653} - tcp/dccp: allow a connection when sk_max_ack_backlog is zero - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog - net: 802: LLC+SNAP OID:PID lookup on start of skb data - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() - dm array: fix cursor index when skipping across block boundaries - dm array: fix unreleased btree blocks on closing a faulty array cursor - dm array: fix releasing a faulty array block twice in dm_array_cursor_end {CVE-2024-57929} - jbd2: flush filesystem device before updating tail sequence - Revert "NFSD: Limit the number of concurrent async COPY operations" - rds: ib: Avoid sleeping function inside RCU region by using sampled values instead - dm rq: don't queue request to blk-mq during DM suspend {CVE-2021-47498} - dm: rearrange core declarations for extended use from dm-zone.c - cgroup: Make operations on the cgroup root_list RCU safe - uek: kabi: Fix build error for HIDE_INCLUDE macro - oracleasm: Fix PI when use_logical_block_size is set - oracleasm: Add support for per-I/O block size selection - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() - io_uring: fix possible deadlock in io_register_iowq_max_workers() - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write {CVE-2024-53052} - io_uring: use kiocb_{start,end}_write() helpers - fs: create kiocb_{start,end}_write() helpers - io_uring: rename kiocb_end_write() local helper - io_uring/sqpoll: close race on waiting for sqring entries - io_uring/sqpoll: do not put cpumask on stack - io_uring/sqpoll: retain test for whether the CPU is valid - io_uring/sqpoll: do not allow pinning outside of cpuset - io_uring/io-wq: limit retrying worker initialisation - vfs: check dentry is still valid in get_link() - RDS: avoid queueing delayed work on an offlined cpu - NFSD: Limit the number of concurrent async COPY operations {CVE-2024-49974} - LTS tag: v5.4.289 - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() - drm: adv7511: Drop dsi single lane support - net/sctp: Prevent autoclose integer overflow in sctp_association_init() - sky2: Add device ID 11ab:4373 for Marvell 88E8075 - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking {CVE-2024-57889} - RDMA/uverbs: Prevent integer overflow issue {CVE-2024-57890} - modpost: fix the missed iteration for the max bit in do_input() - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host - ARC: build: Try to guess GCC variant of cross compiler - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base - net: usb: qmi_wwan: add Telit FE910C04 compositions - bpf: fix potential error return - sound: usb: format: don't warn that raw DSD is unsupported - wifi: mac80211: wake the queues in case of failure in resume - ila: serialize calls to nf_register_net_hooks() {CVE-2024-57900} - ALSA: usb-audio: US16x08: Initialize array before use - net: llc: reset skb->transport_header - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext {CVE-2024-54031} - netfilter: Replace zero-length array with flexible-array member - netrom: check buffer length before accessing it {CVE-2024-57802} - drm/bridge: adv7511_audio: Update Audio InfoFrame properly - drm: bridge: adv7511: Enable SPDIF DAI - RDMA/bnxt_re: Fix max_qp_wrs reported - RDMA/bnxt_re: Fix reporting hw_ver in query_device - RDMA/bnxt_re: Add check for path mtu in modify_qp - RDMA/mlx5: Enforce same type port association for multiport RoCE - net/mlx5: Make API mlx5_core_is_ecpf accept const pointer - IB/mlx5: Introduce and use mlx5_core_is_vf() - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet {CVE-2024-55916} - selinux: ignore unknown extended permissions {CVE-2024-57931} - ipv6: prevent possible UAF in ip6_xmit() {CVE-2024-44985} - skb_expand_head() adjust skb->truesize incorrectly - btrfs: avoid monopolizing a core when activating a swap file - tracing: Constify string literal data member in struct trace_event_call - bpf: fix recursive lock when verdict program return SK_PASS {CVE-2024-56694} - ipv6: fix possible UAF in ip6_finish_output2() - ipv6: use skb_expand_head in ip6_xmit - ipv6: use skb_expand_head in ip6_finish_output2 - skbuff: introduce skb_expand_head() - MIPS: Probe toolchain support of -msym32 - epoll: Add synchronous wakeup support for ep_poll_callback - virtio-blk: don't keep queue frozen during system suspend {CVE-2024-57946} - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF - regmap: Use correct format specifier for logging range errors - scsi: megaraid_sas: Fix for a potential deadlock {CVE-2024-57807} - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset - dmaengine: mv_xor: fix child node refcount handling in early exit - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy - phy: core: Fix that API devm_phy_put() fails to release the phy - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() - phy: core: Fix an OF node refcount leakage in _of_phy_get() - mtd: diskonchip: Cast an operand to prevent potential overflow - bpf: Check negative offsets in __bpf_skb_min_len() - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg {CVE-2024-56769} - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() - of: Fix error path in of_parse_phandle_with_args_map() - udmabuf: also check for F_SEAL_FUTURE_WRITE - nilfs2: prevent use of deleted inode {CVE-2024-53690} - NFS/pnfs: Fix a live lock between recalled layouts and layoutget - btrfs: tree-checker: reject inline extent items with 0 ref count - zram: refuse to use zero sized block device as backing device - sh: clk: Fix clk_enable() to return 0 on NULL clk - USB: serial: option: add Telit FE910C04 rmnet compositions - USB: serial: option: add MediaTek T7XX compositions - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready - USB: serial: option: add MeiG Smart SLM770A - USB: serial: option: add TCL IK512 MBIM & ECM - efivarfs: Fix error on non-existent file - i2c: riic: Always round-up when calculating bus period - chelsio/chtls: prevent potential integer overflow on 32bit - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk - netfilter: ipset: Fix for recursive locking warning - net: ethernet: bgmac-platform: fix an OF node reference leak - net: hinic: Fix cleanup in create_rxqs/txqs() - ionic: use ee->offset when returning sprom data - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll - erofs: fix incorrect symlink detection in fast symlink - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size - drm/i915: Fix memory leak by correcting cache object name in error handler - PCI: Add ACS quirk for Broadcom BCM5760X NIC - ALSA: usb: Fix UBSAN warning in parse_audio_unit() - PCI/AER: Disable AER service on suspend - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled - net: sched: fix ordering of qlen adjustment {CVE-2024-53164} - kpcimgr: fix flush_icache_range arguments - ftrace: use preempt_enable/disable notrace macros to avoid double fault - nfsd: restore callback functionality for NFSv4.0 - i2c: pnx: Fix timeout in wait functions - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() - af_packet: fix vlan_get_tci() vs MSG_PEEK {CVE-2024-57902} - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK {CVE-2024-57901} - mtd: rawnand: fix double free in atmel_pmecc_create_user() - Revert "xen/swiotlb: add alignment check for dma buffers" - vfio/iommu_type1: Fix some sanity checks in detach group - Revert "vfio/iommu_type1: Fix some sanity checks in detach group" - rds: ib: Avoid UAF on RDS Socket's rs_trans_lock - rds: ib: Fix blocked processes related to race in rds_rdma_free_dev_rs_worker() - rds: ib: Fix deterministic UAF in rds_rdma_free_dev_rs_worker() - Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage" - LTS tag: v5.4.288 - ALSA: usb-audio: Fix a DMA to stack memory bug - xen/netfront: fix crash when removing device {CVE-2024-53240} - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() - blk-iocost: fix weight updates of inner active iocgs - blk-iocost: clamp inuse and skip noops in __propagate_weights() - ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired - net/sched: netem: account for backlog updates from child qdisc {CVE-2024-56770} - qca_spi: Make driver probing reliable - qca_spi: Fix clock speed for multiple QCA7000 - ACPI: resource: Fix memory resource type union access - net: lapb: increase LAPB_HEADER_LEN {CVE-2024-56659} - tipc: fix NULL deref in cleanup_bearer() {CVE-2024-56661} - batman-adv: Do not let TT changes list grows indefinitely - batman-adv: Remove uninitialized data in full table TT response - batman-adv: Do not send uninitialized TT changes - bpf, sockmap: Fix update element with same - xfs: don't drop errno values when we fail to ficlone the entire range - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer - usb: ehci-hcd: fix call balance of clocks handling routines - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() - usb: host: max3421-hcd: Correctly abort a USB request. - LTS tag: v5.4.287 - bpf, xdp: Update devmap comments to reflect napi/rcu usage - ALSA: usb-audio: Fix out of bounds reads when finding clock sources {CVE-2024-53150} - PCI: rockchip-ep: Fix address translation unit programming - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" - modpost: Add .irqentry.text to OTHER_SECTIONS - jffs2: Fix rtime decompressor - jffs2: Prevent rtime decompress memory corruption {CVE-2024-57850} - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* - perf/x86/intel/pt: Fix buffer full but size is 0 case - bpf: fix OOB devmap writes when deleting elements {CVE-2024-56615} - xdp: Simplify devmap cleanup - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle - powerpc/prom_init: Fixup missing powermac #size-cells {CVE-2024-56781} - usb: chipidea: udc: handle USB Error Interrupt if IOC not set - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock - PCI: Add ACS quirk for Wangxun FF5xxx NICs - PCI: Add 'reset_subordinate' to reset hierarchy below bridge - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. {CVE-2024-56586} - nvdimm: rectify the illogical code within nd_dax_probe() - pinctrl: qcom-pmic-gpio: add support for PM8937 - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset - scsi: st: Don't modify unknown block number in MTIOCGET - leds: class: Protect brightness_show() with led_cdev->led_access mutex - tracing: Use atomic64_inc_return() in trace_clock_counter() - netpoll: Use rcu_access_pointer() in __netpoll_setup - net/neighbor: clear error in case strict check is not set - rocker: fix link status detection in rocker_carrier_init() - ASoC: hdmi-codec: reorder channel allocation list - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() - wifi: ipw2x00: libipw_rx_any(): fix bad alignment - drm/amdgpu: set the right AMDGPU sg segment limitation {CVE-2024-56594} - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree {CVE-2024-56595} - jfs: fix array-index-out-of-bounds in jfs_readdir {CVE-2024-56596} - jfs: fix shift-out-of-bounds in dbSplit {CVE-2024-56597} - jfs: array-index-out-of-bounds fix in dtReadFirst {CVE-2024-56598} - wifi: ath5k: add PCI ID for Arcadyan devices - wifi: ath5k: add PCI ID for SX76X - net: inet6: do not leave a dangling sk pointer in inet6_create() {CVE-2024-40954} - net: inet: do not leave a dangling sk pointer in inet_create() {CVE-2024-40954} - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() {CVE-2024-40954} - net: af_can: do not leave a dangling sk pointer in can_create() {CVE-2024-40954} - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() - af_packet: avoid erroring out after sock_init_data() in packet_create() {CVE-2024-40954} - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() - net: ethernet: fs_enet: Use %pa to format resource_size_t - net: fec_mpc52xx_phy: Use %pa to format resource_size_t - samples/bpf: Fix a resource leak - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() - drm/mcde: Enable module autoloading - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera - s390/cpum_sf: Handle CPU hotplug remove during sampling {CVE-2024-57849} - mmc: core: Further prevent card detect during shutdown - regmap: detach regmap from dev on regmap_exit - dma-buf: fix dma_fence_array_signaled v4 - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again {CVE-2024-48881} - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() {CVE-2024-56619} - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts - scsi: qla2xxx: Fix NVMe and NPIV connect issue - ocfs2: update seq_file index in ocfs2_dlm_seq_next - tracing: Fix cmp_entries_dup() to respect sort() comparison rules - HID: wacom: fix when get product name maybe null pointer {CVE-2024-56629} - bpf: Fix exact match conditions in trie_get_next_key() - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie - ocfs2: free inode when ocfs2_get_init_inode() fails {CVE-2024-56630} - spi: mpc52xx: Add cancel_work_sync before module remove {CVE-2024-50051} - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg {CVE-2024-56633} - drm/sti: Add __iomem for mixer_dbg_mxn's parameter - gpio: grgpio: Add NULL check in grgpio_probe {CVE-2024-56634} - gpio: grgpio: use a helper variable to store the address of ofdev->dev - crypto: x86/aegis128 - access 32-bit arguments as 32-bit - x86/asm: Reorder early variables - xen: Fix the issue of resource not being properly released in xenbus_dev_probe() - xen/xenbus: fix locking - xenbus/backend: Protect xenbus callback with lock - xenbus/backend: Add memory pressure handler callback - xen/xenbus: reference count registered modules - netfilter: nft_set_hash: skip duplicated elements pending gc run - netfilter: ipset: Hold module reference while requesting a module {CVE-2024-56637} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - net/qed: allow old cards not supporting "num_images" to work - tipc: Fix use-after-free of kernel socket in cleanup_bearer(). {CVE-2024-56642} - tipc: add new AEAD key structure for user API - tipc: enable creating a "preliminary" node - tipc: add reference counter to bearer - dccp: Fix memory leak in dccp_feat_change_recv {CVE-2024-56643} - can: j1939: j1939_session_new(): fix skb reference counting {CVE-2024-56645} - net/sched: tbf: correct backlog statistic for GSO packets - netfilter: x_tables: fix LED ID check in led_tg_check() {CVE-2024-56650} - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() {CVE-2024-53680} - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call - drm/etnaviv: flush shader L1 cache after user commandstream - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur {CVE-2024-56779} - nfsd: make sure exp active before svc_export_show {CVE-2024-56558} - dm thin: Add missing destroy_work_on_stack() - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() - util_macros.h: fix/rework find_closest() macros - ad7780: fix division by zero in ad7780_write_raw() {CVE-2024-56567} - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 - ftrace: Fix regression with module command in stack_trace_filter {CVE-2024-56569} - ovl: Filter invalid inodes with missing lookup function {CVE-2024-56570} - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled - media: ts2020: fix null-ptr-deref in ts2020_probe() {CVE-2024-56574} - media: i2c: tc358743: Fix crash in the probe error path when using polling - btrfs: ref-verify: fix use-after-free after invalid ref action {CVE-2024-56581} - quota: flush quota_release_work upon quota writeback {CVE-2024-56780} - ASoC: fsl_micfil: fix the naming style for mask definition - sh: intc: Fix use-after-free bug in register_intc_controller() - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport {CVE-2024-56688} - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE - SUNRPC: correct error code comment in xs_tcp_setup_socket() - modpost: remove incorrect code in do_eisa_entry() - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification - 9p/xen: fix release of IRQ {CVE-2024-56704} - 9p/xen: fix init sequence - block: return unsigned int from bdev_io_min - jffs2: fix use of uninitialized variable - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit - ubi: fastmap: Fix duplicate slab cache names while attaching {CVE-2024-53172} - ubifs: Correct the total block count by deducting journal reservation - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() {CVE-2024-56739} - rtc: abx80x: Fix WDT bit position of the status register - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() - NFSv4.0: Fix a use-after-free problem in the asynchronous open() - um: Always dump trace for specified task in show_stack - um: Clean up stacktrace dump - um: add show_stack_loglvl() - um/sysrq: remove needless variable sp - um: Fix the return value of elf_core_copy_task_fpregs - um: Fix potential integer overflow during physmem setup {CVE-2024-53145} - rpmsg: glink: Propagate TX failures in intentless mode as well - SUNRPC: make sure cache entry active before cache_show {CVE-2024-53174} - NFSD: Prevent a potential integer overflow {CVE-2024-53146} - lib: string_helpers: silence snprintf() output truncation warning - usb: dwc3: gadget: Fix checking for number of TRBs left - ALSA: hda/realtek: Apply quirk for Medion E15433 - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max - ALSA: hda/realtek: Set PCBeep to default value for ALC274 - ALSA: hda/realtek: Update ALC225 depop procedure - media: wl128x: Fix atomicity violation in fmc_send_cmd() {CVE-2024-56700} - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values - block: fix ordering between checking BLK_MQ_S_STOPPED request adding - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled - sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK - um: vector: Do not use drvdata in release {CVE-2024-53181} - serial: 8250: omap: Move pm_runtime_get_sync - um: net: Do not use drvdata in release {CVE-2024-53183} - um: ubd: Do not use drvdata in release {CVE-2024-53184} - ubi: wl: Put source PEB into correct list if trying locking LEB failed - spi: Fix acpi deferred irq probe - netfilter: ipset: add missing range check in bitmap_ip_uadt {CVE-2024-53141} - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" - serial: sh-sci: Clean sci_ports[0] after at earlycon exit - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler - comedi: Flush partial mappings in error case {CVE-2024-53148} - PCI: Fix use-after-free of slot->bus on hot remove {CVE-2024-53194} - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() - jfs: xattr: check invalid xattr size more strictly - ext4: fix FS_IOC_GETFSMAP handling - ext4: supress data-race warnings in ext4_free_inodes_{count,set}() - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() - usb: ehci-spear: fix call balance of sehci clk handling routines - apparmor: fix 'Do simple duplicate message elimination' - staging: greybus: uart: clean up TIOCGSERIAL - misc: apds990x: Fix missing pm_runtime_disable() - USB: chaoskey: Fix possible deadlock chaoskey_list_lock - USB: chaoskey: fail open after removal - usb: yurex: make waiting on yurex_write interruptible - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() - ipmr: fix tables suspicious RCU usage - ipmr: convert /proc handlers to rcu_read_lock() - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken - marvell: pxa168_eth: fix call balance of pep->clk handling routines - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device - power: supply: core: Remove might_sleep() from power_supply_put() - vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214} - NFSD: Fix nfsd4_shutdown_copy() - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length - rpmsg: glink: Fix GLINK command prefix - rpmsg: glink: Send READ_NOTIFY command in FIFO full case - rpmsg: glink: Add TX_DATA_CONT command while sending - perf trace: Avoid garbage when not printing a syscall's arguments - perf trace: Do not lose last events in a race - m68k: coldfire/device.c: only build FEC when HW macros are defined - m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x - PCI: cpqphp: Fix PCIBIOS_* return value confusion - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads - perf probe: Correct demangled symbols in C++ program - perf cs-etm: Don't flush when packet_queue fills up - clk: clk-axi-clkgen: make sure to enable the AXI bus clock - clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand - dt-bindings: clock: axi-clkgen: include AXI clk - dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() - fbdev/sh7760fb: Alloc DMA memory from hardware device - powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static - ocfs2: fix uninitialized value in ocfs2_file_read_iter() - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() - scsi: fusion: Remove unused variable 'rc' - scsi: bfa: Fix use-after-free in bfad_im_module_exit() - mfd: rt5033: Fix missing regmap_del_irq_chip() - mtd: rawnand: atmel: Fix possible memory leak - cpufreq: loongson2: Unregister platform_driver on failure - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices {CVE-2024-56723} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device {CVE-2024-56724} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device {CVE-2024-56691} - mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() - mfd: da9052-spi: Change read-mask to write-mask - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race - trace/trace_event_perf: remove duplicate samples on the first tracepoint event - netpoll: Use rcu_access_pointer() in netpoll_poll_lock - ALSA: 6fire: Release resources at card release {CVE-2024-53239} - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection {CVE-2024-56531} - ALSA: us122l: Use snd_card_free_when_closed() at disconnection {CVE-2024-56532} - net: rfkill: gpio: Add check for clk_enable() - selftests: net: really check for bg process completion - bpf, sockmap: Fix sk_msg_reset_curr - bpf, sockmap: Several fixes to bpf_msg_pop_data {CVE-2024-56720} - bpf, sockmap: Several fixes to bpf_msg_push_data - drm/etnaviv: hold GPU lock across perfmon sampling - drm/etnaviv: fix power register offset on GC300 - drm/etnaviv: dump: fix sparse warnings - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() - drm/panfrost: Remove unused id_mask from struct panfrost_model - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() - bpf: Fix the xdp_adjust_tail sample prog issue - ASoC: fsl_micfil: fix regmap_write_bits usage - ASoC: fsl_micfil: use GENMASK to define register bit fields - ASoC: fsl_micfil: do not define SHIFT/MASK for single bits - ASoC: fsl_micfil: Drop unnecessary register read - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() - drm/omap: Fix locking in omap_gem_new_dmabuf() - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() {CVE-2024-53156} - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware {CVE-2024-53157} - regmap: irq: Set lockdep class for hierarchical IRQ domains - ARM: dts: cubieboard4: Fix DCDC5 regulator constraints - tpm: fix signed/unsigned bug when checking event logs - efi/tpm: Pass correct address to memblock_reserve - mmc: mmc_spi: drop buggy snprintf() - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() - time: Fix references to _msecs_to_jiffies() handling of values - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() - crypto: bcm - add error check in the ahash_hmac_init function {CVE-2024-56681} - crypto: cavium - Fix the if condition to exit loop after timeout - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY - EDAC/fsl_ddr: Fix bad bit shift operations - EDAC/bluefield: Fix potential integer overflow {CVE-2024-53161} - firmware: google: Unregister driver_info on failure - firmware: google: Unregister driver_info on failure and exit in gsmi - hfsplus: don't query the device logical block size multiple times {CVE-2024-56548} - s390/syscalls: Avoid creation of arch/arch/ directory - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() - m68k: mvme147: Reinstate early console - m68k: mvme16x: Add and use "mvme16x.h" - m68k: mvme147: Fix SCSI controller IRQ numbers - nvme-pci: fix freeing of the HMB descriptor table {CVE-2024-56756} - initramfs: avoid filename buffer overrun {CVE-2024-53142} - mips: asm: fix warning when disabling MIPS_FP_SUPPORT - x86/xen/pvh: Annotate indirect branch as safe - nvme: fix metadata handling in nvme-passthrough - cifs: Fix buffer overflow when parsing NFS reparse points {CVE-2024-49996} - ipmr: Fix access to mfc_cache_list without lock held - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() - regulator: rk808: Add apply_bit for BUCK3 on RK809 - soc: qcom: Add check devm_kasprintf() returned value - net: usb: qmi_wwan: add Quectel RG650V - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 - selftests/watchdog-test: Fix system accidentally reset after watchdog-test - mac80211: fix user-power when emulating chanctx - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet - kbuild: Use uname for LINUX_COMPILE_HOST detection - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint {CVE-2024-53130} - ocfs2: fix UBSAN warning in ocfs2_verify_volume() - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint {CVE-2024-53131} - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN - ocfs2: uncache inode which has failed entering the group {CVE-2024-53112} - net/mlx5e: kTLS, Fix incorrect page refcounting {CVE-2024-53138} - net/mlx5: fs, lock FTE when checking if active {CVE-2024-53121} - netlink: terminate outstanding dump on socket close {CVE-2024-53140} - LTS tag: v5.4.286 - 9p: fix slab cache name creation for real - md/raid10: improve code of mrdev in raid10_sync_request - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition - fs: Fix uninitialized value issue in from_kuid and from_kgid {CVE-2024-53101} - powerpc/powernv: Free name on error in opal_event_init() - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML - bpf: use kvzmalloc to allocate BPF verifier environment - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad - 9p: Avoid creating multiple slab caches with the same name - ALSA: usb-audio: Add endianness annotations - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans {CVE-2024-50264} - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer {CVE-2024-53103} - ftrace: Fix possible use-after-free issue in ftrace_location() {CVE-2024-38588} - NFSD: Fix NFSv4's PUTPUBFH operation - ALSA: usb-audio: Add quirks for Dell WD19 dock - ALSA: usb-audio: Support jack detection on Dell dock - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() - irqchip/gic-v3: Force propagation of the active state with a read-back - USB: serial: option: add Quectel RG650V - USB: serial: option: add Fibocom FG132 0x0112 composition - USB: serial: qcserial: add support for Sierra Wireless EM86xx - USB: serial: io_edgeport: fix use after free in debug printk {CVE-2024-50267} - usb: musb: sunxi: Fix accessing an released usb phy {CVE-2024-50269} - fs/proc: fix compile warning about variable 'vmcore_mmap_ops' - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format - net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538} - spi: fix use-after-free of the add_lock mutex {CVE-2021-47195} - spi: Fix deadlock when adding SPI controllers on SPI buses {CVE-2021-47469} - mtd: rawnand: protect access to rawnand devices while in suspend - btrfs: reinitialize delayed ref list after deleting it from the list {CVE-2024-50273} - nfs: Fix KMSAN warning in decode_getfattr_attrs() {CVE-2024-53066} - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow - dm cache: fix potential out-of-bounds access on the first resume {CVE-2024-50278} - dm cache: optimize dirty bit checking with find_next_bit when resizing - dm cache: fix out-of-bounds access to the dirty bitset when resizing {CVE-2024-50279} - dm cache: correct the number of origin blocks to match the target length - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() - pwm: imx-tpm: Use correct MODULO value for EPWM mode - media: v4l2-tpg: prevent the risk of a division by zero {CVE-2024-50287} - media: cx24116: prevent overflows on SNR calculus {CVE-2024-50290} - media: s5p-jpeg: prevent buffer overflows {CVE-2024-53061} - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() - media: adv7604: prevent underflow condition when reporting colorspace - media: dvb_frontend: don't play tricks with underflow values - media: dvbdev: prevent the risk of out of memory access {CVE-2024-53063} - media: stb0899_algo: initialize cfr before using it - net: hns3: fix kernel crash when uninstalling driver {CVE-2024-50296} - can: c_can: fix {rx,tx}_errors statistics - sctp: properly validate chunk size in sctp_sf_ootb() {CVE-2024-50299} - net: enetc: set MAC address to the VF net_device - enetc: simplify the return expression of enetc_vf_set_mac_addr() - security/keys: fix slab-out-of-bounds in key_task_permission - HID: core: zero-initialize the report buffer {CVE-2024-50302} - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin - ARM: dts: rockchip: Fix the spi controller on rk3036 - ARM: dts: rockchip: drop grf reference from rk3036 hdmi - ARM: dts: rockchip: fix rk3036 acodec node - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator - rds/ib: avoid scq/rcq polling during rds connection shutdown - RDMA/mlx5: Send UAR page index as ioctl attribute - RDMA: Pass entire uverbs attr bundle to create cq function - IB/uverbs: Enable CQ ioctl commands by default - tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" {CVE-2024-53127} - mm: revert "mm: shmem: fix data-race in shmem_getattr()" - net/ipv6: release expired exception dst cached in socket {CVE-2024-56644} - Revert "unicode: Don't special case ignorable code points" - powerpc/vdso: Flag VDSO64 entry points as functions - Revert "usb: gadget: composite: fix OS descriptors w_value logic" - rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 - rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation - rds: rds_message_alloc() needlessly zeroes m_used_sgs - rds: tracepoint in rds_receive_csum_err() prints pointless information - rds: rds_inc_init() should initialize the inc->i_conn_path field - rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption - md/raid10: fix task hung in raid10d - md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() - md/raid10: avoid deadlock on recovery. - arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. - net/rds: report pending-messages count in RDS_INQ response - net/rds: Introduce RDS-INQ feature to RDS protocol - net/rds: Supporting SIOCOUTQ to read pending sends - mm/memory-failure: pass the folio and the page to collect_procs() - KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD - KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding - objtool: Default ignore INT3 for unreachable - x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled - x86/msr: Add functions to set/clear the bit of an MSR on all cpus

0 tuxcare-oraclelinux7-els bpftool-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm bd52caa00e0cadd78721377ad2cf281801a2e9e283619f5bb9eec17f133dca1f kernel-uek-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm b12b7bcb4f3eab0443b7a099edb8dfc14816b6d4d94a0794e95bd8cf23473c95 kernel-uek-container-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm 9813bfb7a8ec05c7c752354f3a4f81a2fb650d08223f49984bc9e4b37d5a7ca8 kernel-uek-container-debug-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm dae9d04ed22980a0ad73989e998613622b21d667fff2a8d0df04cc486ae1fb11 kernel-uek-debug-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm c7544e5ca2c1be0d78cafdb05bd879a36334ca40b999f4b88b9a1afa3fdbcb6f kernel-uek-debug-devel-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm d5757cbc51b21c973108bee10cf76f19f739b4c48bcac15c820a909ed056b0e3 kernel-uek-devel-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm 3162d2aee93721c0477a7dc27c7e0cf627002d0f9797393080f2ce776263823e kernel-uek-headers-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm 1fd77107d6f5931f26ee9e388a12a17d8ee9ca654c91bdb432719cc887346284 kernel-uek-tools-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm 31c6451f1a08b03debdc3574278da4d05ed1c6955afa95ee2dd8efc6e87e37d7 perf-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm 50e4446d61211604ebc07fffa430cc57685e40d666f35231d0fb243a720bc04c python-perf-5.4.17-2136.338.4.2.el7uek.tuxcare.els1.x86_64.rpm dc21d8ec2b0941d0ecb0f3d219cf15cc2d06711fe188267fe11e5dc5db53f52b CLSA-2025:1747058736 TuxCare License Agreement 0 - CVE-2025-32415: fix heap buffer overflow in xmlSchemaIDCFillNodeTables Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-32415: fix heap buffer overflow in xmlSchemaIDCFillNodeTables

0 tuxcare-oraclelinux7-els libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els4.i686.rpm bf236abfba241d24492c1973d7ae41070d3ff25aefc8defd9e7032d043574823 libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els4.x86_64.rpm 3c69ecdc046ae869a689653aac70dc82b06e0683e40e49c14932d491eb8bfd59 libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els4.i686.rpm 3e646b7866e1de057970d934ed176c77cf470b9ebc9f347a0f6107da455aa988 libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els4.x86_64.rpm a45134a3752b2ff283a1986b937068363750128e19ba7445efbdb8919cd28f7b libxml2-python-2.9.1-6.0.3.el7_9.6.tuxcare.els4.x86_64.rpm 26d86274e8b867e12f35f33aaaf4aae66c45e1bf1c77f1117a3d31f70aafda96 libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els4.i686.rpm 32a1154ac4a428c018ad76df0a106764fea8b554c1d90d5db8f7b620a5f84730 libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els4.x86_64.rpm 5540a2bcd671fe0334f95fec018622316ea34c11e1444bf2b150e9e685272c48 CLSA-2025:1747251218 TuxCare License Agreement 0 - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices {CVE-2024-53197} - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd {CVE-2025-21969} - ext4: fix OOB read when checking dotdot dir {CVE-2025-37785} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993} - vlan: enforce underlying device type {CVE-2025-21920} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices {CVE-2024-53197} - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd {CVE-2025-21969} - ext4: fix OOB read when checking dotdot dir {CVE-2025-37785} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993} - vlan: enforce underlying device type {CVE-2025-21920}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm e6f059f51309a7b14d867ce79cdd139685a609bb59739be2fe6ce6e9c47f8694 kernel-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm c9f7e07f4e782a375a507f482019a85178f4f11121098c606ce057a9ed828450 kernel-debug-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm 390080fba6d8cc1e502804d9baf15d0b1a0d6c8c7ca54780f679ba1c997076fe kernel-debug-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm 214de9e4fe4f01fd50a4c5dfcb649f71786edb3c6cb10f2fe51efd6483ac1543 kernel-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm 3c3fb4a30dd8e4fd6587a7d5ae0af61ba76a8a3c94513454aec93d93a5e5c2c5 kernel-headers-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm da4497fdabda74c8319d61f0305708eb5338282ee0c13bf9c1acc85eb07568b0 kernel-tools-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm d060cf45635795b4d51a6c12f99c4e428f96edeacbbc1d7a7abaa3d83d8717d8 kernel-tools-libs-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm ab5b45e15f2d79c3a219f66dd94110af7f184fdb5a524c46f9dfd59e85c7a642 kernel-tools-libs-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm 7c6b405e60280cb2362b698ae39f64f44fa6f14acee98b19eda2f623fdbf457c perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm dcf097ccbe102158eaf801d7d2e5c986c162435907583c531dd2701241db7ad3 python-perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els20.x86_64.rpm d271115de6ba481bf38c6a0ecef3582719fa54f5a179864a5a5966afcf8195d7 CLSA-2025:1747690840 TuxCare License Agreement 0 - CVE-2025-1217: fix handling of folded headers by the http stream parser - CVE-2025-1734: fix validation of http headers with missing colon - CVE-2025-1861: fix incorrect http redirect location truncation Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-1217: fix handling of folded headers by the http stream parser - CVE-2025-1734: fix validation of http headers with missing colon - CVE-2025-1861: fix incorrect http redirect location truncation

0 tuxcare-oraclelinux7-els php-5.4.16-48.el7.tuxcare.els9.x86_64.rpm faf79a6654d8fbe539b18285e02cbf10ee7c10bde8d9cbdde0ff8ea1a0ecc5bc php-bcmath-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 8758e370ca8166327af938044aeade3ceed637025b24a81da0a56acf5d970c13 php-cli-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 2e9d472e0cf452de96729bd9683fda07115f2c957f0bd58b564c6d7ce378952b php-common-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 4c6ff22b837d36fac1234ed18642a00fc4aca90c874acb9675a3eeb23b29bd77 php-dba-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 44b932a243cf5e15d9ae84c2fb9f7116561916ba48e5f80bb5add44a3c5237fd php-devel-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 30314effcba43c201cfad185fbba1e4dc2201f0372bbd92fcdc86b63021530b5 php-embedded-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 9bf1e692cf73e47d9de3e094bbae9176afb06697074cdf22480fec00f3a05d26 php-enchant-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 76db940d54f4b93db439dfdba30c821f1a7e6569b1418bed40f95a49a4043571 php-fpm-5.4.16-48.el7.tuxcare.els9.x86_64.rpm d1d6bde96ebe79e0123f6a5a5d74c0cbdd69685bb7ecfbd178727c82c65558f1 php-gd-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 6c8ad6802299ca3ded2a16381e6cfbaf6c2c43339b39f1b121860614be5807b1 php-intl-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 5629615ebcfb948364484c72e8f67f4f4e4e50c36cb9b8358a7d0ffb33f20a31 php-ldap-5.4.16-48.el7.tuxcare.els9.x86_64.rpm cb420031167446af7a46d8ee91023eb117a251638bb6908fd491527c27e7a927 php-mbstring-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 6f3a2236e62706f726716e1134feebce1ec9e5e5608781d970c950f6f0fa888d php-mysql-5.4.16-48.el7.tuxcare.els9.x86_64.rpm b227fb762960a215d488b4a8d6cfdb241940ebc0c596bf59af02f7ff80897fee php-mysqlnd-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 42074276bdb1267eccd5fe6b0f9fc6be3f86b463b3ba0074b877882d8465e790 php-odbc-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 1501adc061383b5cbf531b84df4ba2c87597d7ad6a2bc2fefef5b79b67c274ac php-pdo-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 24b92d5eb7c946a0593db791ff03ea965f2fee319f349dfb882ed98ce3861cf2 php-pgsql-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 04d192fc80bf04f598f2a162f9cad6fa0178657856be07e72fff3e715adee355 php-process-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 4d3f03c990e5ac854b763c229d42e778d314185cf04384c1c1ebaf7a75c95c6e php-pspell-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 79e7e62121e926b4344c9c75f77161c1d50590caf48cdec43a058f8e0909cce7 php-recode-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 5fc179d6df825b2052238b8c68a22aa3a65c5ffe386ef745ee5fc99aec525e52 php-snmp-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 058b5dbf0c06b37a49a89ca1ed28e614ca996e2efe32a5ed8fc543f19e4a359d php-soap-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 8baf49616941d2ee27ad11be677f9e8c5b73d3ad0de312ebfba1e00e69f4e37e php-xml-5.4.16-48.el7.tuxcare.els9.x86_64.rpm f8107b426a792b93458575d71595c80d52093627e0f9018301602e7817f47cfb php-xmlrpc-5.4.16-48.el7.tuxcare.els9.x86_64.rpm 0d22244f75fe6d7faa2051a735a928e5690b1fc3a0615b0b66b62559af9b36b3 CLSA-2025:1747693305 TuxCare License Agreement 0 - Update Intel CPU microcode to 20250211: - Addition of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c0003e0; - Addition of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000620; - Addition of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x38; - Addition of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x436; - Addition of cpuid:A06A4/0xe6 (MTL-H/U C0) microcode (in microcode.dat) at revision 0x20; - Addition of cpuid:A06F3/0x01 (SRF-SP C0) microcode (in microcode.dat) at revision 0x3000330; - Addition of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x12c; - Addition of cpuid:B0674/0x32 microcode (in microcode.dat) at revision 0x12c; - Addition of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x4124; - Addition of cpuid:B06A8/0xe0 microcode (in microcode.dat) at revision 0x4124; - Addition of cpuid:B06E0/0x19 (ADL-N A0) microcode (in microcode.dat) at revision 0x1c; - Addition of cpuid:B06F6/0x07 microcode (in microcode.dat) at revision 0x38; - Addition of cpuid:B06F7/0x07 microcode (in microcode.dat) at revision 0x38; - Addition of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) at revision 0x21000291; - Addition of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x21000291; - Removal of cpuid:806F4/0x10 microcode (in microcode.dat) at revision 0x2c000290; - Removal of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) at revision 0x2c000290; - Removal of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:806F6/0x10 microcode (in microcode.dat) at revision 0x2c000290; - Removal of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c000290; - Removal of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x32; - Removal of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x430; - Removal of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x11d; - Removal of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x411c; - Removal of cpuid:B06E0/0x11 (ADL-N A0) microcode (in microcode.dat) at revision 0x12; - Update of cpuid:50653/0x97 (SKX-SP B1) microcode (in microcode.dat) from revision 0x1000181 up to 0x1000191; - Update of cpuid:50656/0xbf (CLX-SP B0) microcode (in microcode.dat) from revision 0x4003604 up to 0x4003605; - Update of cpuid:50657/0xbf (CLX-SP/W/X B1/L1) microcode (in microcode.dat) from revision 0x5003604 up to 0x5003707; - Update of cpuid:5065B/0xbf (CPX-SP A1) microcode (in microcode.dat) from revision 0x7002703 up to 0x7002904; - Update of cpuid:50665/0x10 (BDX-NS A0/A1, HWL A1) microcode (in microcode.dat) from revision 0xe000014 up to 0xe000015; - Update of cpuid:506F1/0x01 (DNV B0) microcode (in microcode.dat) from revision 0x38 up to 0x3e; - Update of cpuid:606A6/0x87 (ICX-SP D0) microcode (in microcode.dat) from revision 0xd0003b9 up to 0xd0003f5; - Update of cpuid:606C1/0x10 (ICL-D B0) microcode (in microcode.dat) from revision 0x1000268 up to 0x10002c0; - Update of cpuid:706A1/0x01 (GLK B0) microcode (in microcode.dat) from revision 0x3e up to 0x42; - Update of cpuid:706A8/0x01 (GLK-R R0) microcode (in microcode.dat) from revision 0x22 up to 0x24; - Update of cpuid:706E5/0x80 (ICL-U/Y D1) microcode (in microcode.dat) from revision 0xc2 up to 0xc6; - Update of cpuid:806C1/0x80 (TGL-UP3/UP4 B1) microcode (in microcode.dat) from revision 0xb4 up to 0xb8; - Update of cpuid:806C2/0xc2 (TGL-R C0) microcode (in microcode.dat) from revision 0x34 up to 0x38; - Update of cpuid:806D1/0xc2 (TGL-H R0) microcode (in microcode.dat) from revision 0x4e up to 0x52; - Update of cpuid:806E9/0x10 (AML-Y 2+2 H0) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:806E9/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:806EA/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:806EB/0xd0 (WHL-U W0) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:806EC/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:806F4/0x10 microcode (in microcode.dat) from revision 0x2c000290 up to 0x2c0003e0; - Update of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) from revision 0x2b0004d0 up to 0x2b000620; - Update of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) from revision 0x2c000290 up to 0x2c0003e0; - Update of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) from revision 0x2b0004d0 up to 0x2b000620; - Update of cpuid:806F6/0x10 microcode (in microcode.dat) from revision 0x2c000290 up to 0x2c0003e0; - Update of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) from revision 0x2b0004d0 up to 0x2b000620; - Update of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) from revision 0x2b0004d0 up to 0x2b000620; - Update of cpuid:90661/0x01 (EHL B1) microcode (in microcode.dat) from revision 0x17 up to 0x1a; - Update of cpuid:90675/0x07 (ADL-S 6+0 K0) microcode (in microcode.dat) from revision 0x32 up to 0x38; - Update of cpuid:906A4/0x40 (AZB A0) microcode (in microcode.dat) from revision 0x5 up to 0x9; - Update of cpuid:906A4/0x80 (ADL-P 2+8 R0) microcode (in microcode.dat) from revision 0x430 up to 0x436; - Update of cpuid:906C0/0x01 (JSL A0/A1) microcode (in microcode.dat) from revision 0x24000024 up to 0x24000026; - Update of cpuid:906E9/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in microcode.dat) from revision 0xf4 up to 0xf8; - Update of cpuid:906EA/0x22 (CFL-H/S/Xeon E U0) microcode (in microcode.dat) from revision 0xf4 up to 0xfa; - Update of cpuid:906EB/0x02 (CFL-E/H/S B0) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:906EC/0x22 (CFL-H/S/Xeon E P0) microcode (in microcode.dat) from revision 0xf4 up to 0xf8; - Update of cpuid:906ED/0x22 (CFL-H/S/Xeon E R0) microcode (in microcode.dat) from revision 0xfa up to 0x102; - Update of cpuid:A0652/0x20 (CML-H R1) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:A0653/0x22 (CML-S 6+2 G1) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:A0655/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:A0660/0x80 (CML-U 6+2 A0) microcode (in microcode.dat) from revision 0xf8 up to 0xfe; - Update of cpuid:A0661/0x80 (CML-U 6+2 v2 K1) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:A0671/0x02 (RKL-S B0) microcode (in microcode.dat) from revision 0x5d up to 0x63; - Update of cpuid:B06A3/0xe0 (RPL-U 2+8 Q0) microcode (in microcode.dat) from revision 0x411c up to 0x4124; - Update of cpuid:B06F2/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x32 up to 0x38; - Update of cpuid:B06F5/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x32 up to 0x38; - Remove old firmware versions: 06-8f-04, 06-8f-05, 06-8f-06, 06-ba-08; None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Update Intel CPU microcode to 20250211: - Addition of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c0003e0; - Addition of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000620; - Addition of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x38; - Addition of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x436; - Addition of cpuid:A06A4/0xe6 (MTL-H/U C0) microcode (in microcode.dat) at revision 0x20; - Addition of cpuid:A06F3/0x01 (SRF-SP C0) microcode (in microcode.dat) at revision 0x3000330; - Addition of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x12c; - Addition of cpuid:B0674/0x32 microcode (in microcode.dat) at revision 0x12c; - Addition of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x4124; - Addition of cpuid:B06A8/0xe0 microcode (in microcode.dat) at revision 0x4124; - Addition of cpuid:B06E0/0x19 (ADL-N A0) microcode (in microcode.dat) at revision 0x1c; - Addition of cpuid:B06F6/0x07 microcode (in microcode.dat) at revision 0x38; - Addition of cpuid:B06F7/0x07 microcode (in microcode.dat) at revision 0x38; - Addition of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) at revision 0x21000291; - Addition of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x21000291; - Removal of cpuid:806F4/0x10 microcode (in microcode.dat) at revision 0x2c000290; - Removal of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) at revision 0x2c000290; - Removal of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:806F6/0x10 microcode (in microcode.dat) at revision 0x2c000290; - Removal of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c000290; - Removal of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b0004d0; - Removal of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x32; - Removal of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x430; - Removal of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x11d; - Removal of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x411c; - Removal of cpuid:B06E0/0x11 (ADL-N A0) microcode (in microcode.dat) at revision 0x12; - Update of cpuid:50653/0x97 (SKX-SP B1) microcode (in microcode.dat) from revision 0x1000181 up to 0x1000191; - Update of cpuid:50656/0xbf (CLX-SP B0) microcode (in microcode.dat) from revision 0x4003604 up to 0x4003605; - Update of cpuid:50657/0xbf (CLX-SP/W/X B1/L1) microcode (in microcode.dat) from revision 0x5003604 up to 0x5003707; - Update of cpuid:5065B/0xbf (CPX-SP A1) microcode (in microcode.dat) from revision 0x7002703 up to 0x7002904; - Update of cpuid:50665/0x10 (BDX-NS A0/A1, HWL A1) microcode (in microcode.dat) from revision 0xe000014 up to 0xe000015; - Update of cpuid:506F1/0x01 (DNV B0) microcode (in microcode.dat) from revision 0x38 up to 0x3e; - Update of cpuid:606A6/0x87 (ICX-SP D0) microcode (in microcode.dat) from revision 0xd0003b9 up to 0xd0003f5; - Update of cpuid:606C1/0x10 (ICL-D B0) microcode (in microcode.dat) from revision 0x1000268 up to 0x10002c0; - Update of cpuid:706A1/0x01 (GLK B0) microcode (in microcode.dat) from revision 0x3e up to 0x42; - Update of cpuid:706A8/0x01 (GLK-R R0) microcode (in microcode.dat) from revision 0x22 up to 0x24; - Update of cpuid:706E5/0x80 (ICL-U/Y D1) microcode (in microcode.dat) from revision 0xc2 up to 0xc6; - Update of cpuid:806C1/0x80 (TGL-UP3/UP4 B1) microcode (in microcode.dat) from revision 0xb4 up to 0xb8; - Update of cpuid:806C2/0xc2 (TGL-R C0) microcode (in microcode.dat) from revision 0x34 up to 0x38; - Update of cpuid:806D1/0xc2 (TGL-H R0) microcode (in microcode.dat) from revision 0x4e up to 0x52; - Update of cpuid:806E9/0x10 (AML-Y 2+2 H0) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:806E9/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:806EA/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:806EB/0xd0 (WHL-U W0) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:806EC/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:806F4/0x10 microcode (in microcode.dat) from revision 0x2c000290 up to 0x2c0003e0; - Update of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) from revision 0x2b0004d0 up to 0x2b000620; - Update of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) from revision 0x2c000290 up to 0x2c0003e0; - Update of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) from revision 0x2b0004d0 up to 0x2b000620; - Update of cpuid:806F6/0x10 microcode (in microcode.dat) from revision 0x2c000290 up to 0x2c0003e0; - Update of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) from revision 0x2b0004d0 up to 0x2b000620; - Update of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) from revision 0x2b0004d0 up to 0x2b000620; - Update of cpuid:90661/0x01 (EHL B1) microcode (in microcode.dat) from revision 0x17 up to 0x1a; - Update of cpuid:90675/0x07 (ADL-S 6+0 K0) microcode (in microcode.dat) from revision 0x32 up to 0x38; - Update of cpuid:906A4/0x40 (AZB A0) microcode (in microcode.dat) from revision 0x5 up to 0x9; - Update of cpuid:906A4/0x80 (ADL-P 2+8 R0) microcode (in microcode.dat) from revision 0x430 up to 0x436; - Update of cpuid:906C0/0x01 (JSL A0/A1) microcode (in microcode.dat) from revision 0x24000024 up to 0x24000026; - Update of cpuid:906E9/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in microcode.dat) from revision 0xf4 up to 0xf8; - Update of cpuid:906EA/0x22 (CFL-H/S/Xeon E U0) microcode (in microcode.dat) from revision 0xf4 up to 0xfa; - Update of cpuid:906EB/0x02 (CFL-E/H/S B0) microcode (in microcode.dat) from revision 0xf4 up to 0xf6; - Update of cpuid:906EC/0x22 (CFL-H/S/Xeon E P0) microcode (in microcode.dat) from revision 0xf4 up to 0xf8; - Update of cpuid:906ED/0x22 (CFL-H/S/Xeon E R0) microcode (in microcode.dat) from revision 0xfa up to 0x102; - Update of cpuid:A0652/0x20 (CML-H R1) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:A0653/0x22 (CML-S 6+2 G1) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:A0655/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:A0660/0x80 (CML-U 6+2 A0) microcode (in microcode.dat) from revision 0xf8 up to 0xfe; - Update of cpuid:A0661/0x80 (CML-U 6+2 v2 K1) microcode (in microcode.dat) from revision 0xf8 up to 0xfc; - Update of cpuid:A0671/0x02 (RKL-S B0) microcode (in microcode.dat) from revision 0x5d up to 0x63; - Update of cpuid:B06A3/0xe0 (RPL-U 2+8 Q0) microcode (in microcode.dat) from revision 0x411c up to 0x4124; - Update of cpuid:B06F2/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x32 up to 0x38; - Update of cpuid:B06F5/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x32 up to 0x38; - Remove old firmware versions: 06-8f-04, 06-8f-05, 06-8f-06, 06-ba-08;

0 tuxcare-oraclelinux7-els microcode_ctl-2.1-73.20.0.1.el7_9.tuxcare.els1.x86_64.rpm 19499cdd3d3634c4b8c10e4b8fca9781fc98f048d5ecce5f1b98118079f84b5f CLSA-2025:1748629601 TuxCare License Agreement 0 - Addition AMD CPU microcode for processor family 0x19: cpuid:0x00A70FC0(ver:0x0A70C005), cpuid:0x00A70F52(ver:0x0A705206), cpuid:0x00A00F82(ver:0x0A00820C), cpuid:0x00A40F41(ver:0x0A404107), cpuid:0x00A70F80(ver:0x0A708007), cpuid:0x00A20F10(ver:0x0A20102D), cpuid:0x00A70F41(ver:0x0A704107), cpuid:0x00A60F12(ver:0x0A601209), cpuid:0x00A10F81(ver:0x0A108108), cpuid:0x00A50F00(ver:0x0A500011), cpuid:0x00A20F12(ver:0x0A201210); - Addition AMD CPU microcode for processor family 0x17: cpuid:0x00870F10(ver:0x08701034), cpuid:0x00860F01(ver:0x0860010D), cpuid:0x00860F81(ver:0x08608108); - Update AMD CPU microcode for processor family 0x17: cpuid:0x008A0F00(ver:0x08A0000A); None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Addition AMD CPU microcode for processor family 0x19: cpuid:0x00A70FC0(ver:0x0A70C005), cpuid:0x00A70F52(ver:0x0A705206), cpuid:0x00A00F82(ver:0x0A00820C), cpuid:0x00A40F41(ver:0x0A404107), cpuid:0x00A70F80(ver:0x0A708007), cpuid:0x00A20F10(ver:0x0A20102D), cpuid:0x00A70F41(ver:0x0A704107), cpuid:0x00A60F12(ver:0x0A601209), cpuid:0x00A10F81(ver:0x0A108108), cpuid:0x00A50F00(ver:0x0A500011), cpuid:0x00A20F12(ver:0x0A201210); - Addition AMD CPU microcode for processor family 0x17: cpuid:0x00870F10(ver:0x08701034), cpuid:0x00860F01(ver:0x0860010D), cpuid:0x00860F81(ver:0x08608108); - Update AMD CPU microcode for processor family 0x17: cpuid:0x008A0F00(ver:0x08A0000A);

0 tuxcare-oraclelinux7-els iwl100-firmware-39.31.5.1-999.35.el7.tuxcare.els1.noarch.rpm 5508796b0409c43cfa5e0ec9f6349e20cc7a5a3d84ec877699316f8fcd84d45a iwl1000-firmware-39.31.5.1-999.35.el7.tuxcare.els1.noarch.rpm 9e14227a1716ec63c4778935b92dde748e9bbfcfde48bd0bc320cb636653adcc iwl105-firmware-18.168.6.1-999.35.el7.tuxcare.els1.noarch.rpm 2f3d7896d1248d91f068f7b87de1fbb7bb2fce319379c6444df331237972e11c iwl135-firmware-18.168.6.1-999.35.el7.tuxcare.els1.noarch.rpm 51a49872bdaef4ec0f06c22fd7b8a8df84bccfea9f947901398dc55fddc3ab56 iwl2000-firmware-18.168.6.1-999.35.el7.tuxcare.els1.noarch.rpm 77de24288d17dc287a3a9d98432e315116e808751ff922a484262e754db97817 iwl2030-firmware-18.168.6.1-999.35.el7.tuxcare.els1.noarch.rpm 0fc77f1deea125a7e6afa11c74576c452c3c58b3956b08916e6bb877b03e3e39 iwl3160-firmware-22.0.7.0-999.35.el7.tuxcare.els1.noarch.rpm f824874200841424d89479259a35d384e1618c616c594062aee26690d1e23a29 iwl3945-firmware-15.32.2.9-999.35.el7.tuxcare.els1.noarch.rpm 61b5db397babdf37969f374cd41b7c91ea92f1340e9317f500dcd367dc0e8fb5 iwl4965-firmware-228.61.2.24-999.35.el7.tuxcare.els1.noarch.rpm 94aa3ae18b4a7aa3001980ffc542cb4c5b5202dc6cb9e13749340751289af182 iwl5000-firmware-8.83.5.1_1-999.35.el7.tuxcare.els1.noarch.rpm 40ed0a1b3c832c5244077d4f7fe5ee148a3acf9dca8001178cdbda3abee843a6 iwl5150-firmware-8.24.2.2-999.35.el7.tuxcare.els1.noarch.rpm 20851ff279976c31634934ba64161f006cf121704d9cd84d200d91fa5c7dcafa iwl6000-firmware-9.221.4.1-999.35.el7.tuxcare.els1.noarch.rpm 7c6af6af99de2b48ad37b27cef66e8b85f47ee01079f529bb5848255c35b60b0 iwl6000g2a-firmware-17.168.5.3-999.35.el7.tuxcare.els1.noarch.rpm 5a1b883d51b09e867b196c2c6e910baed0814c48ab42f785f3db8ff24657b653 iwl6000g2b-firmware-17.168.5.2-999.35.el7.tuxcare.els1.noarch.rpm 700a717def44907e09559e9d3cd2478ab527d1e7e0a3f65273b0a7cfb0482174 iwl6050-firmware-41.28.5.1-999.35.el7.tuxcare.els1.noarch.rpm 410cad58f6cca92c8bfc49d09a55257fbfb8961af45fee5859692a3fb41716a2 iwl7260-firmware-22.0.7.0-999.35.el7.tuxcare.els1.noarch.rpm a5d59ab6f3af2af7583988783828f7ef8d5f8ca9226d7ee1f95f934a9eb5cc42 iwlax2xx-firmware-20241003-999.35.el7.tuxcare.els1.noarch.rpm 300fab7f392acb9c92dd221d47e803392501c571eab0c4f39926fc8d83453a72 linux-firmware-20241003-999.35.git95bfe086.el7.tuxcare.els1.noarch.rpm c6f5d92fd97096dc131866a1b70884be5ca477aeef95fb5212848dde0a8d27fa linux-nano-firmware-20241003-999.35.git95bfe086.el7.tuxcare.els1.noarch.rpm c4fd9e27f4d29938f1911b54895657d976043cfe8e3d9b25a73d2e8e3edaadd2 CLSA-2025:1749505823 TuxCare License Agreement 0 - CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code

0 tuxcare-oraclelinux7-els cpp-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 22aad9acf8a5b1e1a4a0e4cc4a38b2233388e9f45c0ed57b20897b4e6599ef4f gcc-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 184381b34aeed0ff69513e3ef0e2080fd597d53e8980bc35bdfafae4f40cdb49 gcc-c++-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 13700e8f31ec0856fa2a15e7e7cfda9037897cfd5bb3269cd3309fe82f925832 gcc-gfortran-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm c2096ce3987e0b0b6f85e6e2177cc33de6c848d30313bc830efd0d6a2d4143eb gcc-gnat-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 3ef451294e56ac4a3100f7d582b215b2a94d07a953383bcc71290f4c2b7389a0 gcc-go-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 91df7e4a67e8586bbf89df7f55424b905648811a14cacc5e2265b26a56491dc1 gcc-objc++-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm dce8e79012e09d8f1a1f641a40f167f5c81d481846a1532019bd03d58879ca5c gcc-objc-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 6a43ee1506e3af1b363b741821a2f70b84b44db328f86e684558bfb3b19ecdf2 gcc-plugin-devel-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm fe6bfbe6b38b53f57400e79f84491c69e34ccff1221d708e1c3f75098fbdb874 libasan-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm e5c995322c0f524459ec44abb3c378691292f8c64f1b9a5cd34b86b2188fa3e5 libasan-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 7c0affeee90d79214945bf38ffc977bec170843fcc758ab8a155b22f7018a62a libasan-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 9cf95557ece22e9006cdbc70868148d40b6016216ba393496832bafe819826f4 libasan-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm c17a46685ef6ad8da34758e109176d00fafe4b7e6fd9fd6563f3b0434b4394cc libatomic-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 91c57837e856c4aeceb09c9cdd40fd8f20899c87e8cdcb651226cbec6264585c libatomic-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm eb607a8a85b1a681bf727fb6eed358eed94605ae897c5442386da051d1d909fe libatomic-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm db5fafb44dee12758917dc5ec94d5220b463495c6b43a507a54bbfdcb19cfde9 libatomic-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm c094855770e33df58ac7b210254392a249648819b84847d2d98655a65193fe3a libgcc-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 6a1b9dd9d55342efdf715c7afecc230fbc4734fb0780eb31aed669b6236314bf libgcc-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm ee3165c70079b0103b23c0cd3418a2cdc2177a1a5a485f7eb7fcf36fa57e551c libgfortran-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 98f27c1824d81b330542af0b386012d13ec0a27a81b7cf3099a26ddba1cecac7 libgfortran-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm f4aaaf1f9cc6b85d16395bb61c65ba570353d02e9905fa3922c63108f9dff194 libgfortran-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm d24ce23fb26c06ae9643aaaf5225ce109579f6e4ce0359d3ab71f335eb6a4f45 libgfortran-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 5f8101c65ad27e24913ace048786d0b2f9af82e18999de8fbf06e9d3651ef7ee libgnat-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 7e2fdb4600bf095925ae72625a61b1ab3935c60457be12dddd1761c80e1f7cb9 libgnat-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm dacc7158daaefba2bcaa785ccf8de8371845b6651f480a1c7ee89fe9416a7506 libgnat-devel-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 65ca88bdf122edb916e317ad52c092b3985e4a4aa17048e34bf1703f283eb552 libgnat-devel-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 110c433547ae9259752ed6cf25d1a69d1eb1bdb22d96bb06366b975e25e65376 libgnat-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm a5ab57c88b643152938f2796ddab5e2bfef7aff8b2e88cb2490225b8abce2876 libgnat-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 2acfa82cd46d5039ede892ef53e9cf5a64253e206da58521f83e3d9737ff4399 libgo-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 02c422844dc8334f18f1c866854b3e73637b57bf81f819ed8e33119bac4e5e59 libgo-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm db3cbd8da96a6faed2fe52580f6c3f71a9a20b1e9f03497478b39194d8bd91a0 libgo-devel-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 06e42138e12240bd26855c04b2d0a0c9d20130fc82ec61e6806aa994616c5135 libgo-devel-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 234b25970bedc125bbda422eaa7ad3e6ba449a994306d427f589e2b1435ae557 libgo-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 90872368219acc06b50a09d432b545fee8d71815eee5c333e68d01d416627619 libgo-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 9892847e0ac498bbb4b29f3e52f985e88df7ac0078f694f332cb6c29ebcea6ea libgomp-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 2d906005b01c790e952efe1c5baa79adeaea354175dda5081067c5225fe047f7 libgomp-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm ca0455afb4a0cb174479d3375998d0490dbde1632ccb8a59a2de668fef876246 libitm-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 3448733d7ed594b2649d27f2b816852c8fc712cafa5632c81d8f76b8a066adc6 libitm-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 318b28eb7be71a0bcd54a273c17feadf1c5b5be0dc54448aa1eca5e0138f29b8 libitm-devel-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 6502c06bedd3ada12182f80f28b85015252c434f623a8be0f102f4e3a5a7045e libitm-devel-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm f3871dac191585ef1b8868c276cf44a1dc2d100b4210beec9083045ab38fa2b7 libitm-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 23a25d4a0d162970136944284088ab03dac85dff6737968196bcdae048a1f94c libitm-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 491eca3ed6dda690b9332c15d0999dbbbd2b286b855e7711d6d9e8b82c685ae4 libmudflap-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm fda4ca8cec246d139dc6f6651ae42be04b4226ca0699b37561545f357a213cf6 libmudflap-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 54b22f11dbaaab53fd8c2ba3b5d152721d6ab60f373bfa52329787f98795ec36 libmudflap-devel-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 17d551cdd14104ea2e828ac69193b38137e69d0b8af3513456d4f6f941585984 libmudflap-devel-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 296d553f547c3df384aca71ee95ba157eef2da6d984f0fafbf5893333d3f444b libmudflap-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 101626fb19474a75e567652ee6ca343b33f5fcda302da07e843ce32e3cc41a6b libmudflap-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 2d231346424742edcc784550a3425d3438184353de49984dbd013eea425526f9 libobjc-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 63eed0856648c9e2a26a66755bb1eca730d2de9976b6fbb0a0d73d5aaf8d59e5 libobjc-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 60ff4caeca7e2e46972c40658441fa241092e6e0b9dd2b56a6ad2b3f87a04318 libquadmath-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm f47f063eb3e24095fd660d99842b1d66ca5df580f6b81f1fee77590364897d38 libquadmath-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 73c2da60ae937be4e09ee6835afb5502c96ed886ccde0a1ef2ef00bc34cee3ef libquadmath-devel-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 74800cd68da04da2d32ad3a08ee95474500120571d63928ea3f49e246e2758e1 libquadmath-devel-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm fbbffb052969769d053acdf3ccff66f81721c9157fe4ad77481b96fbf935b6fd libquadmath-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm 9825c67fd795a92dc2ee32e4a8d43a6208ae442460e3e32b47aef947fca50c87 libquadmath-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 76941099ed3e5038981e56b90a1fb7ef6959b759a65362ade2fa2c526202d756 libstdc++-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm d5c622be13298ae08ed27c5a7203f0c4a2e45413ac24bd5426832557f9144266 libstdc++-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 8e112b1c3325960d00b9568ac0c06318c66457b2a5ff8afdefae8627c9c61839 libstdc++-devel-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm c79d2683beee90c98728855cc7359282304a2a713dffa6464567c6038ede65fa libstdc++-devel-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 827a6b99da8367255ed0212c3a9ca834537a2a6e9b66c7bed049577e5ca69cf3 libstdc++-docs-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 7109c10c9a6f08e8c6527708da0838a83746bb4a37b0ac0c0c06966d3118feb5 libstdc++-static-4.8.5-44.0.3.el7.tuxcare.els1.i686.rpm b111576e2da6c7d3c42af3d97413cdc69cd490de691d8abc3b50983ad57d609c libstdc++-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm c8e229f13e4d7750afd52707fd42cb41a5e58175bf70943b79ec2904b3c953ba libtsan-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm cda5f2100ad55ab01cc5fe20ffe138ae09def106b27ced3a137416d591576067 libtsan-static-4.8.5-44.0.3.el7.tuxcare.els1.x86_64.rpm 93bcf9351a69253568906aecce7c7d6a8e0fbb516342ca43a4be3ed99c9d420d CLSA-2025:1749569161 TuxCare License Agreement 0 - Upgrade openjdk-shenandoah-jdk8u-shenandoah-jdk8u452-b09. That fixes the following CVE: CVE-2025-21587, CVE-2025-30691 and CVE-2025-30698 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Upgrade openjdk-shenandoah-jdk8u-shenandoah-jdk8u452-b09. That fixes the following CVE: CVE-2025-21587, CVE-2025-30691 and CVE-2025-30698

0 tuxcare-oraclelinux7-els java-1.8.0-openjdk-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm 0cd9ac20859597a7c2fa552c48bd39de3004d4df240788fab42153732124d9b3 java-1.8.0-openjdk-accessibility-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm 6a858ea03676132bfcbb3a34e534c84a90fce44efbaa35bb3e9f39d5bfb74a73 java-1.8.0-openjdk-accessibility-debug-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm d3565c3063b873387d8235f8720db2b3a182d67c5196c8d696807abb8eb403a0 java-1.8.0-openjdk-debug-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm b51e8c8cedec9057b8e7bed8c46b671f8bbd56b55e2e22e32474df51b101442e java-1.8.0-openjdk-demo-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm be2929a15db36cc034c7f6081d27c5d12ccae697f905a7beb2b4a6a3703870c4 java-1.8.0-openjdk-demo-debug-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm 5707333c4784062cc422788bfeadebfab08f1e1b035ed073e37236ede8ac69fc java-1.8.0-openjdk-devel-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm f980d1b7da99ce9c5ecaacf3580eba80f77b32c4e483af6db565a5d1e9c6e993 java-1.8.0-openjdk-devel-debug-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm 17e405edbc2220dc03a02d794d51bd3e6a2dbcbf24506ac1f75cb62991b9c7aa java-1.8.0-openjdk-headless-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm 874ccd7381e99bc9aac1267f8591e07fec37c2c7475f8917923210ebe2630315 java-1.8.0-openjdk-headless-debug-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm 63fb4c6083ff35dd21db897d4aff33a7077313654fb6b0d820f61cd4afc4057d java-1.8.0-openjdk-javadoc-1.8.0.452.b09-1.el7_9.tuxcare.els1.noarch.rpm 18420af1085a52f750a776c1b6774a60c3089307199604ce8b75b5c7732ba467 java-1.8.0-openjdk-javadoc-debug-1.8.0.452.b09-1.el7_9.tuxcare.els1.noarch.rpm 1a3c1bafa3c90b1c71d3d356883c2527453d5443be1e2fc2c8f05830d6f7788c java-1.8.0-openjdk-javadoc-zip-1.8.0.452.b09-1.el7_9.tuxcare.els1.noarch.rpm 795d064f45d72a2cd134cf0d1bb8d13c95af6e503bc5cf2d85bd935638017836 java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.452.b09-1.el7_9.tuxcare.els1.noarch.rpm 937c093b563fa99e6b2405bbd1299244eb3f0b351ce82ef06ad3c29050dc8bca java-1.8.0-openjdk-src-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm 958f525723aa6309aaacf7dbae00a3d1097aadc31df7f969803e3c2fbc9d8a6f java-1.8.0-openjdk-src-debug-1.8.0.452.b09-1.el7_9.tuxcare.els1.x86_64.rpm ec862328acd27311ca7a2b79a2c5746ddc6595fe38d9afedf8b5239271681317 CLSA-2025:1749571114 TuxCare License Agreement 0 - CVE-2024-10041: fix possibility of leakage of secret information stored in memory - CVE-2024-22365: fix potential DoS via mkfifo because the openat call lacks O_DIRECTORY Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-10041: fix possibility of leakage of secret information stored in memory - CVE-2024-22365: fix potential DoS via mkfifo because the openat call lacks O_DIRECTORY

0 tuxcare-oraclelinux7-els pam-1.1.8-23.0.1.el7.tuxcare.els1.i686.rpm 0f212771f094221a5180cde8b94f70b00657661ebfa80ab7cc6c8061b85559b3 pam-1.1.8-23.0.1.el7.tuxcare.els1.x86_64.rpm 7899a6a50e1eb3398f508e399c8ad56ce9d735e5c608f3b0ff91b2f8298a8d2b pam-devel-1.1.8-23.0.1.el7.tuxcare.els1.i686.rpm 42c92240020cd99bea0e26082612742335885202e4d3f11734da63561728618c pam-devel-1.1.8-23.0.1.el7.tuxcare.els1.x86_64.rpm bf5ba3a7ca19b54b0f1a54b3e9ad176791ca926dabeb6831c343c8be781af7d9 CLSA-2025:1749822032 TuxCare License Agreement 0 - CVE-2025-32728: fix logic error in DisableForwarding option Low Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-32728: fix logic error in DisableForwarding option

0 tuxcare-oraclelinux7-els openssh-7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64.rpm 86f870d58fa9b038e3866608fba57289873ce47c247b8c807e82dae2b196423f openssh-askpass-7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64.rpm 477edadd3f2f34f694db1bf386d1f6abfac012432be829b1160fc6a7517d170f openssh-cavs-7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64.rpm 75e203ed3e090b270224628d0c31c4ca94e35cdcaea5e1144de875c084ca506e openssh-clients-7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64.rpm e42e3c3fdc9d275d64ae199b22ce46cdc6a84de663d5f5298793a1097f250305 openssh-keycat-7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64.rpm b30709e37a05e7c462b223b89d80861ba70b131a66647f416ac44afad361fc65 openssh-ldap-7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64.rpm d43391c3862a3230fc66edb5b9d7f9c7e6ad3a638b204c289d6a05bbee05dc26 openssh-server-7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64.rpm ee1eadf4dffa60665eb4652d81970ab35a8af4f3d1675caba388ac51ab0292db openssh-server-sysvinit-7.4p1-23.0.3.el7_9.tuxcare.els2.x86_64.rpm f10f878985e70618f05794f62201fd628ea316558066096630b9c924175d7c16 pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els2.i686.rpm 7e4313e62345ae0b8ea59eb4512e161a194fbf9285141fb83d0b513213d07aab pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els2.x86_64.rpm ee9d75f0e53372c32c87aa471d1369e02361407c87cefd11c34c7b14526b3ed0 CLSA-2025:1750168919 TuxCare License Agreement 0 - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702} - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014} - netfilter: validate user input for expected length {CVE-2024-35896} - nfs: fix UAF in direct writes {CVE-2024-26958} - Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982} - RDMA/srpt: Do not register event handler until srpt device is fully setup {CVE-2024-26872} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702} - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014} - netfilter: validate user input for expected length {CVE-2024-35896} - nfs: fix UAF in direct writes {CVE-2024-26958} - Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982} - RDMA/srpt: Do not register event handler until srpt device is fully setup {CVE-2024-26872}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm cb1149e69c1c71c79da21af8899c07014dc09bd6ce6e3e023c7243aa3df81602 kernel-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm 0fdb4abca950bab215d1b2103aadacdb18700ae07a7a5a17a058bf30d5dc44b5 kernel-debug-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm 638aabfb9120c7003d900c447de68f95b7ce78c2899b527876fb33f75bf3dbde kernel-debug-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm c9a4963dcf0f838cea144e1899edec69504a1629397b1cbdf12f80284ec1e431 kernel-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm 75c6604a1acf71c30ce06fc5cfa676f1b28e8eb93e1b9ed29d69b6404d1c7017 kernel-headers-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm b1aa3361d7ddc7a1a7be0ea0ce0674383b3476f138f026886c46949c18c742c9 kernel-tools-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm 8ec9aa90a4352ac717d30d6025b611351471afff50f2ee2e27308af6127b15ee kernel-tools-libs-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm 586e4254f62cf0fd4d85925087d1003a858440c33d22b941a02280525e7395de kernel-tools-libs-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm 06f63c956e3edda53587559395e95ca9bd7c707d9063f46bed71ad3781790ad0 perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm ebe790e9132c40aec0df64ea6de7858524ffb211f2085783e0c05e011e5ee0c8 python-perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els21.x86_64.rpm d6d1271b3dcfa6d69e113fdaee7872aa0e042823325cd1ec8687b1e7a4769e79 CLSA-2025:1750780979 TuxCare License Agreement 0 - CVE-2025-27363: fix OOB write when parsing font subglyph structures Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-27363: fix OOB write when parsing font subglyph structures

0 tuxcare-oraclelinux7-els freetype-2.8-14.el7_9.1.tuxcare.els2.i686.rpm 1a0a08ea7620db5a3640c2914739898d4d922419d49199cd01d7fbfdfc21cfe4 freetype-2.8-14.el7_9.1.tuxcare.els2.x86_64.rpm 711673293aaf24c5cf6e7a3ea928dbb434508e68f15c9363adb88319dc562023 freetype-demos-2.8-14.el7_9.1.tuxcare.els2.x86_64.rpm abd671439d490aaa0f63ea06cf64f9ab13e3e4bd148ddd0828409747bcbc6b3c freetype-devel-2.8-14.el7_9.1.tuxcare.els2.i686.rpm 1f5aa82a8b17591b3bf7dc8fe24b5b19b4210e859ce1070524b0097877f9f3e7 freetype-devel-2.8-14.el7_9.1.tuxcare.els2.x86_64.rpm 2f8814488790a72b81e880aecc58ba6877a3e8b1d34694e6bdde820d748994d0 CLSA-2025:1751028944 TuxCare License Agreement 0 - Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Upgrade to tzdata-2025b - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved.

0 tuxcare-oraclelinux7-els tzdata-2025b-1.el7.tuxcare.els1.noarch.rpm f103f53155d583de5e48e69c6d31d1e39501d683601474b762ddd6885530078f tzdata-java-2025b-1.el7.tuxcare.els1.noarch.rpm 8d6bd42949467fd778f29a84bd2db272ac21afda836aa34e6430cbcbcb9d1551 CLSA-2025:1751893905 TuxCare License Agreement 0 - CVE-2025-32462: fix privilege escalation vulnerability by restricting unauthorized users from gaining elevated system privileges via the Sudo host option Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-32462: fix privilege escalation vulnerability by restricting unauthorized users from gaining elevated system privileges via the Sudo host option

0 tuxcare-oraclelinux7-els sudo-1.8.23-10.el7_9.3.tuxcare.els3.x86_64.rpm 40f0d32fe3502bb90a51086ea6cb9d4a0ee5d22e8fa853ef605cf4366a7daa73 sudo-devel-1.8.23-10.el7_9.3.tuxcare.els3.i686.rpm aa881cdfada3b673542c82137a4858a82b1a8febb902ff40e2349039c1f3c478 sudo-devel-1.8.23-10.el7_9.3.tuxcare.els3.x86_64.rpm 5096f3f5d9da2c4e1cbbc00801c90e97a3279072b71ba25abbc41c4a9f0e7359 CLSA-2025:1752086959 TuxCare License Agreement 0 - update to CKBI 2.74 from NSS 3.110 - updated certificates: - # Certificate "Entrust.net Premium 2048 Secure Server CA" - # Certificate "Entrust Root Certification Authority" - # Certificate "AffirmTrust Commercial" - # Certificate "AffirmTrust Networking" - # Certificate "AffirmTrust Premium" - # Certificate "AffirmTrust Premium ECC" - # Certificate "Entrust Root Certification Authority - G2" - # Certificate "Entrust Root Certification Authority - EC1" - # Certificate "GlobalSign Root CA" - # Certificate "Baltimore CyberTrust Root" - # Certificate "Certum Root CA" - # Certificate "Comodo AAA Services root" - # Certificate "QuoVadis Root CA 2" - # Certificate "QuoVadis Root CA 3" - # Certificate "XRamp Global CA Root" - # Certificate "Go Daddy Class 2 CA" - # Certificate "Starfield Class 2 CA" - # Certificate "DigiCert Assured ID Root CA" - # Certificate "DigiCert Global Root CA" - # Certificate "DigiCert High Assurance EV Root CA" - # Certificate "SwissSign Gold CA - G2" - # Certificate "SecureTrust CA" - # Certificate "Secure Global CA" - # Certificate "COMODO Certification Authority" - # Certificate "COMODO ECC Certification Authority" - # Certificate "OISTE WISeKey Global Root GA CA" - # Certificate "Certigna" - # Certificate "ePKI Root Certification Authority" - # Certificate "certSIGN ROOT CA" - # Certificate "NetLock Arany (Class Gold) Főtanúsítvány" - # Certificate "Microsec e-Szigno Root CA 2009" - # Certificate "GlobalSign Root CA - R3" - # Certificate "Izenpe.com" - # Certificate "Go Daddy Root Certificate Authority - G2" - # Certificate "Starfield Root Certificate Authority - G2" - # Certificate "Starfield Services Root Certificate Authority - G2" - # Certificate "Certum Trusted Network CA" - # Certificate "TWCA Root Certification Authority" - # Certificate "Security Communication RootCA2" - # Certificate "Actalis Authentication Root CA" - # Certificate "D-TRUST Root Class 3 CA 2 2009" - # Certificate "D-TRUST Root Class 3 CA 2 EV 2009" - # Certificate "CA Disig Root R2" - # Certificate "ACCVRAIZ1" - # Certificate "TWCA Global Root CA" - # Certificate "TeliaSonera Root CA v1" - # Certificate "Atos TrustedRoot 2011" - # Certificate "QuoVadis Root CA 1 G3" - # Certificate "QuoVadis Root CA 2 G3" - # Certificate "QuoVadis Root CA 3 G3" - # Certificate "DigiCert Assured ID Root G2" - # Certificate "DigiCert Assured ID Root G3" - # Certificate "DigiCert Global Root G2" - # Certificate "DigiCert Global Root G3" - # Certificate "DigiCert Trusted Root G4" - # Certificate "COMODO RSA Certification Authority" - # Certificate "USERTrust RSA Certification Authority" - # Certificate "USERTrust ECC Certification Authority" - # Certificate "GlobalSign ECC Root CA - R5" - # Certificate "IdenTrust Commercial Root CA 1" - # Certificate "CFCA EV ROOT" - # Certificate "OISTE WISeKey Global Root GB CA" - # Certificate "Certum Trusted Network CA 2" - # Certificate "Hellenic Academic and Research Institutions RootCA 2015" - # Certificate "Hellenic Academic and Research Institutions ECC RootCA 2015" - # Certificate "AC RAIZ FNMT-RCM" - # Certificate "Amazon Root CA 2" - # Certificate "Amazon Root CA 4" - # Certificate "GDCA TrustAUTH R5 ROOT" - # Certificate "SSL.com Root Certification Authority RSA" - # Certificate "SSL.com Root Certification Authority ECC" - # Certificate "SSL.com EV Root Certification Authority RSA R2" - # Certificate "SSL.com EV Root Certification Authority ECC" - # Certificate "GlobalSign Root CA - R6" - # Certificate "OISTE WISeKey Global Root GC CA" - # Certificate "UCA Global G2 Root" - # Certificate "UCA Extended Validation Root" - # Certificate "Certigna Root CA" - # Certificate "emSign ECC Root CA - G3" - # Certificate "emSign ECC Root CA - C3" - # Certificate "Entrust Root Certification Authority - G4" - # Certificate "e-Szigno Root CA 2017" - # Certificate "Trustwave Global Certification Authority" - # Certificate "Trustwave Global ECC P256 Certification Authority" - # Certificate "Trustwave Global ECC P384 Certification Authority" - # Certificate "GLOBALTRUST 2020" - # Certificate "Certum EC-384 CA" - # Certificate "Certum Trusted Root CA" - # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - # Certificate "GlobalSign ECC Root CA - R4" - # Certificate "Security Communication ECC RootCA1" - # Certificate "BJCA Global Root CA1" - # Certificate "BJCA Global Root CA2" - removed certificates: - # Certificate "Certification Authority of WoSign G2" - # Certificate "CA WoSign ECC Root" - # Certificate "CCA India 2015 SPL" - # Certificate "A-Trust-Root-05" - # Certificate "A-Trust-Qual-02" - # Certificate "Certification Authority of WoSign" - # Certificate "CA 沃通根证书" - # Certificate "E-Tugra Certification Authority" - # Certificate "ADOCA02" - # Certificate "StartCom Certification Authority G2" - # Certificate "Macao Post eSignTrust Root Certification Authority (G02)" - # Certificate "Autoridade Certificadora Raiz Brasileira v2" - # Certificate "LuxTrust Global Root" - # Certificate "AC1 RAIZ MTIN" - # Certificate "CCA India 2011" - # Certificate "China Internet Network Information Center EV Certificates Root" - # Certificate "SITHS CA v3" - # Certificate "ANF Server CA" - # Certificate "KEYNECTIS ROOT CA" - # Certificate "I.CA - Standard Certification Authority, 09/2009" - # Certificate "I.CA - Qualified Certification Authority, 09/2009" - # Certificate "VI Registru Centras RCSC (RootCA)" - # Certificate "Autoridade Certificadora Raiz Brasileira v1" - # Certificate "Actalis Authentication CA G1" - # Certificate "A-Trust-Qual-03" - # Certificate "AddTrust External CA Root" - # Certificate "StartCom Certification Authority" - # Certificate "Chambers of Commerce Root - 2008" - # Certificate "Global Chambersign Root - 2008" - # Certificate "CNNIC ROOT" - # Certificate "Staat der Nederlanden Root CA - G2" - # Certificate "CA Disig" - # Certificate "I.CA - Qualified root certificate" - # Certificate "I.CA - Standard root certificate" - # Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" - # Certificate "Japanese Government" - # Certificate "AdminCA-CD-T01" - # Certificate "Admin-Root-CA" - # Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3" - # Certificate "Halcom CA FO" - # Certificate "Halcom CA PO 2" - # Certificate "ACNLB" - # Certificate "state-institutions" - # Certificate "D-TRUST Root Class 2 CA 2007" - # Certificate "D-TRUST Root Class 3 CA 2007" - # Certificate "Root CA Generalitat Valenciana" - # Certificate "EBG Elektronik Sertifika Hizmet Sağlayıcısı" - # Certificate "VAS Latvijas Pasts SSI(RCA)" - # Certificate "ANCERT Certificados CGN" - # Certificate "ANCERT Certificados Notariales" - # Certificate "ANCERT Corporaciones de Derecho Publico" - # Certificate "Certipost E-Trust Primary Qualified CA" - # Certificate "Certipost E-Trust Primary Normalised CA" - # Certificate "Cybertrust Global Root" - # Certificate "GlobalSign" - # Certificate "IGC/A" - # Certificate "Microsec e-Szigno Root CA" - # Certificate "LGPKI" - # Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado" - # Certificate "Staat der Nederlanden Root CA" - # Certificate "Juur-SK" - # Certificate "SECOM Trust.net" - # Certificate "Chambers of Commerce Root" - # Certificate "Global Chambersign Root" - # Certificate "GeoTrust Global CA" - # Certificate "GeoTrust Global CA 2" - # Certificate "QuoVadis Root Certification Authority" - # Certificate "Sonera Class2 CA" - # Certificate "VeriSign, Inc." - # Certificate "Microsoft Root Authority" - # Certificate "Microsoft Root Certificate Authority" - # Certificate "GTE CyberTrust Global Root" - # Certificate "Thawte Server CA" - # Certificate "Thawte Premium Server CA" - # Certificate "Equifax Secure Global eBusiness CA-1" - # Certificate "Equifax" - # Certificate "Class 1 Primary CA" - # Certificate "UTN-USERFirst-Object" - # Certificate "CHAMBERS OF COMMERCE ROOT - 2016" - added certificates: - # Certificate "TWCA CYBER Root CA" - # Certificate "TWCA Global Root CA G2" - # Certificate "SecureSign Root CA12" - # Certificate "SecureSign Root CA14" - # Certificate "SecureSign Root CA15" - # Certificate "D-TRUST BR Root CA 2 2023" - # Certificate "D-TRUST EV Root CA 2 2023" None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- update to CKBI 2.74 from NSS 3.110 - updated certificates: - # Certificate "Entrust.net Premium 2048 Secure Server CA" - # Certificate "Entrust Root Certification Authority" - # Certificate "AffirmTrust Commercial" - # Certificate "AffirmTrust Networking" - # Certificate "AffirmTrust Premium" - # Certificate "AffirmTrust Premium ECC" - # Certificate "Entrust Root Certification Authority - G2" - # Certificate "Entrust Root Certification Authority - EC1" - # Certificate "GlobalSign Root CA" - # Certificate "Baltimore CyberTrust Root" - # Certificate "Certum Root CA" - # Certificate "Comodo AAA Services root" - # Certificate "QuoVadis Root CA 2" - # Certificate "QuoVadis Root CA 3" - # Certificate "XRamp Global CA Root" - # Certificate "Go Daddy Class 2 CA" - # Certificate "Starfield Class 2 CA" - # Certificate "DigiCert Assured ID Root CA" - # Certificate "DigiCert Global Root CA" - # Certificate "DigiCert High Assurance EV Root CA" - # Certificate "SwissSign Gold CA - G2" - # Certificate "SecureTrust CA" - # Certificate "Secure Global CA" - # Certificate "COMODO Certification Authority" - # Certificate "COMODO ECC Certification Authority" - # Certificate "OISTE WISeKey Global Root GA CA" - # Certificate "Certigna" - # Certificate "ePKI Root Certification Authority" - # Certificate "certSIGN ROOT CA" - # Certificate "NetLock Arany (Class Gold) Főtanúsítvány" - # Certificate "Microsec e-Szigno Root CA 2009" - # Certificate "GlobalSign Root CA - R3" - # Certificate "Izenpe.com" - # Certificate "Go Daddy Root Certificate Authority - G2" - # Certificate "Starfield Root Certificate Authority - G2" - # Certificate "Starfield Services Root Certificate Authority - G2" - # Certificate "Certum Trusted Network CA" - # Certificate "TWCA Root Certification Authority" - # Certificate "Security Communication RootCA2" - # Certificate "Actalis Authentication Root CA" - # Certificate "D-TRUST Root Class 3 CA 2 2009" - # Certificate "D-TRUST Root Class 3 CA 2 EV 2009" - # Certificate "CA Disig Root R2" - # Certificate "ACCVRAIZ1" - # Certificate "TWCA Global Root CA" - # Certificate "TeliaSonera Root CA v1" - # Certificate "Atos TrustedRoot 2011" - # Certificate "QuoVadis Root CA 1 G3" - # Certificate "QuoVadis Root CA 2 G3" - # Certificate "QuoVadis Root CA 3 G3" - # Certificate "DigiCert Assured ID Root G2" - # Certificate "DigiCert Assured ID Root G3" - # Certificate "DigiCert Global Root G2" - # Certificate "DigiCert Global Root G3" - # Certificate "DigiCert Trusted Root G4" - # Certificate "COMODO RSA Certification Authority" - # Certificate "USERTrust RSA Certification Authority" - # Certificate "USERTrust ECC Certification Authority" - # Certificate "GlobalSign ECC Root CA - R5" - # Certificate "IdenTrust Commercial Root CA 1" - # Certificate "CFCA EV ROOT" - # Certificate "OISTE WISeKey Global Root GB CA" - # Certificate "Certum Trusted Network CA 2" - # Certificate "Hellenic Academic and Research Institutions RootCA 2015" - # Certificate "Hellenic Academic and Research Institutions ECC RootCA 2015" - # Certificate "AC RAIZ FNMT-RCM" - # Certificate "Amazon Root CA 2" - # Certificate "Amazon Root CA 4" - # Certificate "GDCA TrustAUTH R5 ROOT" - # Certificate "SSL.com Root Certification Authority RSA" - # Certificate "SSL.com Root Certification Authority ECC" - # Certificate "SSL.com EV Root Certification Authority RSA R2" - # Certificate "SSL.com EV Root Certification Authority ECC" - # Certificate "GlobalSign Root CA - R6" - # Certificate "OISTE WISeKey Global Root GC CA" - # Certificate "UCA Global G2 Root" - # Certificate "UCA Extended Validation Root" - # Certificate "Certigna Root CA" - # Certificate "emSign ECC Root CA - G3" - # Certificate "emSign ECC Root CA - C3" - # Certificate "Entrust Root Certification Authority - G4" - # Certificate "e-Szigno Root CA 2017" - # Certificate "Trustwave Global Certification Authority" - # Certificate "Trustwave Global ECC P256 Certification Authority" - # Certificate "Trustwave Global ECC P384 Certification Authority" - # Certificate "GLOBALTRUST 2020" - # Certificate "Certum EC-384 CA" - # Certificate "Certum Trusted Root CA" - # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - # Certificate "GlobalSign ECC Root CA - R4" - # Certificate "Security Communication ECC RootCA1" - # Certificate "BJCA Global Root CA1" - # Certificate "BJCA Global Root CA2" - removed certificates: - # Certificate "Certification Authority of WoSign G2" - # Certificate "CA WoSign ECC Root" - # Certificate "CCA India 2015 SPL" - # Certificate "A-Trust-Root-05" - # Certificate "A-Trust-Qual-02" - # Certificate "Certification Authority of WoSign" - # Certificate "CA 沃通根证书" - # Certificate "E-Tugra Certification Authority" - # Certificate "ADOCA02" - # Certificate "StartCom Certification Authority G2" - # Certificate "Macao Post eSignTrust Root Certification Authority (G02)" - # Certificate "Autoridade Certificadora Raiz Brasileira v2" - # Certificate "LuxTrust Global Root" - # Certificate "AC1 RAIZ MTIN" - # Certificate "CCA India 2011" - # Certificate "China Internet Network Information Center EV Certificates Root" - # Certificate "SITHS CA v3" - # Certificate "ANF Server CA" - # Certificate "KEYNECTIS ROOT CA" - # Certificate "I.CA - Standard Certification Authority, 09/2009" - # Certificate "I.CA - Qualified Certification Authority, 09/2009" - # Certificate "VI Registru Centras RCSC (RootCA)" - # Certificate "Autoridade Certificadora Raiz Brasileira v1" - # Certificate "Actalis Authentication CA G1" - # Certificate "A-Trust-Qual-03" - # Certificate "AddTrust External CA Root" - # Certificate "StartCom Certification Authority" - # Certificate "Chambers of Commerce Root - 2008" - # Certificate "Global Chambersign Root - 2008" - # Certificate "CNNIC ROOT" - # Certificate "Staat der Nederlanden Root CA - G2" - # Certificate "CA Disig" - # Certificate "I.CA - Qualified root certificate" - # Certificate "I.CA - Standard root certificate" - # Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" - # Certificate "Japanese Government" - # Certificate "AdminCA-CD-T01" - # Certificate "Admin-Root-CA" - # Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3" - # Certificate "Halcom CA FO" - # Certificate "Halcom CA PO 2" - # Certificate "ACNLB" - # Certificate "state-institutions" - # Certificate "D-TRUST Root Class 2 CA 2007" - # Certificate "D-TRUST Root Class 3 CA 2007" - # Certificate "Root CA Generalitat Valenciana" - # Certificate "EBG Elektronik Sertifika Hizmet Sağlayıcısı" - # Certificate "VAS Latvijas Pasts SSI(RCA)" - # Certificate "ANCERT Certificados CGN" - # Certificate "ANCERT Certificados Notariales" - # Certificate "ANCERT Corporaciones de Derecho Publico" - # Certificate "Certipost E-Trust Primary Qualified CA" - # Certificate "Certipost E-Trust Primary Normalised CA" - # Certificate "Cybertrust Global Root" - # Certificate "GlobalSign" - # Certificate "IGC/A" - # Certificate "Microsec e-Szigno Root CA" - # Certificate "LGPKI" - # Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado" - # Certificate "Staat der Nederlanden Root CA" - # Certificate "Juur-SK" - # Certificate "SECOM Trust.net" - # Certificate "Chambers of Commerce Root" - # Certificate "Global Chambersign Root" - # Certificate "GeoTrust Global CA" - # Certificate "GeoTrust Global CA 2" - # Certificate "QuoVadis Root Certification Authority" - # Certificate "Sonera Class2 CA" - # Certificate "VeriSign, Inc." - # Certificate "Microsoft Root Authority" - # Certificate "Microsoft Root Certificate Authority" - # Certificate "GTE CyberTrust Global Root" - # Certificate "Thawte Server CA" - # Certificate "Thawte Premium Server CA" - # Certificate "Equifax Secure Global eBusiness CA-1" - # Certificate "Equifax" - # Certificate "Class 1 Primary CA" - # Certificate "UTN-USERFirst-Object" - # Certificate "CHAMBERS OF COMMERCE ROOT - 2016" - added certificates: - # Certificate "TWCA CYBER Root CA" - # Certificate "TWCA Global Root CA G2" - # Certificate "SecureSign Root CA12" - # Certificate "SecureSign Root CA14" - # Certificate "SecureSign Root CA15" - # Certificate "D-TRUST BR Root CA 2 2023" - # Certificate "D-TRUST EV Root CA 2 2023"

0 tuxcare-oraclelinux7-els ca-certificates-2025.2.74_v8.0.303-71.0.1.el7_9.tuxcare.els1.noarch.rpm 8169318e53ef38db5903b069a6aa642201d97a68560100cb4640bb047a448bc4 CLSA-2025:1752088985 TuxCare License Agreement 0 - CVE-2025-32906: fix out-of-bound read vulnerability - CVE-2025-32911: fix use-after-free vulnerability - CVE-2025-32913: fix NULL pointer dereference Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-32906: fix out-of-bound read vulnerability - CVE-2025-32911: fix use-after-free vulnerability - CVE-2025-32913: fix NULL pointer dereference

0 tuxcare-oraclelinux7-els libsoup-2.62.2-2.0.1.el7.tuxcare.els4.i686.rpm 4aa78e18e8bacd587b3858221d9d4467f88824b7f458cb2ae0079028d99fb5d7 libsoup-2.62.2-2.0.1.el7.tuxcare.els4.x86_64.rpm 8304dcfed61fbdc6b2e34ec1ac0e9e1f241e3e6a01dabd8fcb76a76be65286fc libsoup-devel-2.62.2-2.0.1.el7.tuxcare.els4.i686.rpm 12d1fd301d2fb32e2ed03752edf4af5378d88cc1c41a0aa3d99cc5b2b1806ed5 libsoup-devel-2.62.2-2.0.1.el7.tuxcare.els4.x86_64.rpm 3a7bad1986d57ed6207e8f87e937fc24192ccaddb49c8ed08d2e29de8ac8ad2a CLSA-2025:1752655000 TuxCare License Agreement 0 - CVE-2025-48384: config: quote values containing CR character Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-48384: config: quote values containing CR character

0 tuxcare-oraclelinux7-els emacs-git-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm ee9c072bed6fa60ea4cf23ea6726513c6d88fbac715a575cf5e100899af526b2 emacs-git-el-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 424f3b2a7bd8affcaa6e63d3ba7f42398221171a93e2dae9d1f446c0982e3f07 git-1.8.3.1-25.el7_9.tuxcare.els4.x86_64.rpm b5ad00aa0d00690272485a272e6bb468ab3cdd5729e29b4b7c5e96690ab11a81 git-all-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 98471983e2bf1217e5daf7f84247ca74a9e932fe415131ddd2ee8d98989447a2 git-bzr-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm fe182edf4559bbfd1c4c4afd3dc7c48b58430e43ef7a1c5abbf9700499ed6c8f git-cvs-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm fd4e752aa1be5777cf35a0500f7048aa31a272f0f60f05ec13c755ee353a32c3 git-daemon-1.8.3.1-25.el7_9.tuxcare.els4.x86_64.rpm 359b345f7bf887e9ea5772d800eeafe4447ccf1353e42bfebdfba67f7e603007 git-email-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 5d5f8f4575b44ebb87476cad35cee5ffb69cd6917289720292eb4ff5dbc84559 git-gnome-keyring-1.8.3.1-25.el7_9.tuxcare.els4.x86_64.rpm 878e4bdc15486b34ae436053eae7dbbad8b33e6be3848f93f0ed9e7f24e325d9 git-gui-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 19dff187193b7479b8b351185e3055605eccb5e396a92bbf10709ff7a6a78cb0 git-hg-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm c18188d21f683fbfb2b8f75ab557d1f1692774d72df3880f21fd5befd8702ef3 git-instaweb-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 0691bcd9c37aab90ef94274284e750aeaee3adfdd34be05d702a5f9f4d92ef82 git-p4-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm a30498d6e2afbcc9520a816475a4a1d4690699ab4bfa383b139717b37cf58937 git-svn-1.8.3.1-25.el7_9.tuxcare.els4.x86_64.rpm ddd1353e7e39ad0436a96e044e1fcc8b56f5f14b6ecda3eb5d4b8277b0665d59 gitk-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 5c4d51611c0fb9fce5ff5f07d5bfbd1416c0090364fecdb874b4615bbab64700 gitweb-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 3aa775147f324d12ff6275fd0b5c58f9ebe64475a86cd0b31f397fb60d2e7bfb perl-Git-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 8e277276753b04e73b022464fa696d2e1d02a96472c5b8037897b1cad2fce535 perl-Git-SVN-1.8.3.1-25.el7_9.tuxcare.els4.noarch.rpm 8fb4be04c4b2f93fad6fca9c96d3e16fb37fecb04066f16649b672d206a93693 CLSA-2025:1753120992 TuxCare License Agreement 0 - CVE-2025-32050: fix overflow in append_param_quoted() - CVE-2025-32052: fix heap buffer overflow in soup_content_sniffer_sniff() - CVE-2025-32053: fix heap buffer overflow in sniff_feed_or_html() - CVE-2025-32907: soup-message-headers: correct merge of ranges - CVE-2025-46420: fix leak in soup_header_parse_quality_list() - CVE-2025-46421: strip authentication credentails on cross-origin redirect - CVE-2025-2784: fix heap buffer over-read when sniffing content via the skip_insight_whitespace() function Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-32050: fix overflow in append_param_quoted() - CVE-2025-32052: fix heap buffer overflow in soup_content_sniffer_sniff() - CVE-2025-32053: fix heap buffer overflow in sniff_feed_or_html() - CVE-2025-32907: soup-message-headers: correct merge of ranges - CVE-2025-46420: fix leak in soup_header_parse_quality_list() - CVE-2025-46421: strip authentication credentails on cross-origin redirect - CVE-2025-2784: fix heap buffer over-read when sniffing content via the skip_insight_whitespace() function

0 tuxcare-oraclelinux7-els libsoup-2.62.2-2.0.1.el7.tuxcare.els5.i686.rpm edf78a52a6869853cf591e711e012a9543e929e4755cfededd368cdfa8a0a082 libsoup-2.62.2-2.0.1.el7.tuxcare.els5.x86_64.rpm 4c1ac23cb764a314ee1fe7cfc151ad5379a43273fb70b761d3adee3e379abfd5 libsoup-devel-2.62.2-2.0.1.el7.tuxcare.els5.i686.rpm 20404ac8ea5bebf44e0129aa597f95d18b47300b4cb1bc103833f962cd03f871 libsoup-devel-2.62.2-2.0.1.el7.tuxcare.els5.x86_64.rpm e0720431d5e683218a722840a39eafbe1370c5c17148a21a5e6bc307fe828a66 CLSA-2025:1753298447 TuxCare License Agreement 0 - CVE-2025-49794: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements - CVE-2025-49796: fix memory corruption issue triggered by processing sch:name elements in input XML file Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-49794: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements - CVE-2025-49796: fix memory corruption issue triggered by processing sch:name elements in input XML file

0 tuxcare-oraclelinux7-els libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els5.i686.rpm 539e4711f57339210a058d882843816449638228e77ac02182bb960fbcc17d2a libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els5.x86_64.rpm 82555838a00c26e25533f94cf358d313aace0b24ceef1d05e1470964933187fa libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els5.i686.rpm 71828611567bc6388dd03d0a43a11c42d07080a56c4673786246edfb1d87ca36 libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els5.x86_64.rpm 0c4b9b7a453f5d7c38e4c3ecb1269b52dd151cac0f36170c5a03f0eca9fe60ea libxml2-python-2.9.1-6.0.3.el7_9.6.tuxcare.els5.x86_64.rpm 0f7be187e6f6f65da9fbcf7bb300da8b9ca4e4b7fc2787b7b497170d34f44a73 libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els5.i686.rpm 918727d5f61fc541dfc01523e38b52d6835868eb68431062f14cdf0c8ba324f9 libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els5.x86_64.rpm e1f85a21c23660954729222b285802c03a5584f683f5544c2cdf65491071356d CLSA-2025:1753768680 TuxCare License Agreement 0 - CVE-2025-1220: error if host contains null bytes in the middle of the string Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-1220: error if host contains null bytes in the middle of the string

0 tuxcare-oraclelinux7-els php-5.4.16-48.el7.tuxcare.els10.x86_64.rpm c4bcee716a7f279914c94743c172b67de166ed0b68be5a3734421ab197d5f4ff php-bcmath-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 1214ca5741e964066ea18e148f93a9f213eabac25dacf7bb887e80cc9a80dc37 php-cli-5.4.16-48.el7.tuxcare.els10.x86_64.rpm db07f6a37daa96d0471568d5ef8e2b87cddf981961234f97d5b75e500ca21196 php-common-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 625d46cb1c5f81b2f4614a043db8e13b2638a9d843e896e1dea917079c8517fb php-dba-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 525810c553c655da70a175b77a0d2aebced2dd97ffa09f84e2495db437c87bf5 php-devel-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 2457356d0642dd3271fde10f0472ca0a245871c5b7da72764a71b068933797d4 php-embedded-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 2d3b890540df9b95d084cdf909b0eb7edafe1c0c80eacc201b4e4a3cd252fa2a php-enchant-5.4.16-48.el7.tuxcare.els10.x86_64.rpm cc4dc55c96716e8af7293a36220abd37585c459a353d480a0f2077388d7a17ff php-fpm-5.4.16-48.el7.tuxcare.els10.x86_64.rpm ae97a9846122ebbd4dd0802c3cdd77c3df0415be11a0b3e19f26d21da6af7433 php-gd-5.4.16-48.el7.tuxcare.els10.x86_64.rpm cce42180287326dbb03765874b269f67315d7c2da91c8330155257cd70b303d1 php-intl-5.4.16-48.el7.tuxcare.els10.x86_64.rpm a890ca4be81e943c4f324c67a27b1c13cb125dd5b5ac212795ba0a2f86c48850 php-ldap-5.4.16-48.el7.tuxcare.els10.x86_64.rpm c3ed6b72f2f0dda93ca2e2d5c944baa0f623a235667ee2bd22f3231c09e5567c php-mbstring-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 1c0c742992b319536951b5d02fedf79de55ed37d5f77edad3a9164e48e3108ec php-mysql-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 18211a57b55833025217185b5bd72f5d7fc28c4d16e7dcd1ad110e5e64053504 php-mysqlnd-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 78c36f22551478cc24163c46964231d3fd0707f7257ba4b374cfb16201f6eb6e php-odbc-5.4.16-48.el7.tuxcare.els10.x86_64.rpm ca5191c0f955c2677c63205cc6f45cb2bbd183f62133916fda2911484617dc20 php-pdo-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 753c29fe02e8b2f39e52b536fa5b55b25e96159fef838fc4e2b00e0b0a7def64 php-pgsql-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 8f864adb3c2058625099f6abb8b626daeb119b7398fdb2ed1454a9563ef32d1e php-process-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 94d756ad742515d0cef6616fc870d6381af706e7af09b233b3bbccc514066368 php-pspell-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 214cb0a2e3911422c321edbeb66fa81670415857b8f15e961fb857822b7a7f4c php-recode-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 49ec389c857aed57cd786708b4aec5a9949c49034f88258d42623d31a315d31f php-snmp-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 224e460fe9c9e5e47eb9ab27defcf01ece7cada5f6ebbe6214a8671e8260a6b4 php-soap-5.4.16-48.el7.tuxcare.els10.x86_64.rpm f326aad0bf072da9cfc413813760182905d3dc99531ef342c1faa4308206269f php-xml-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 4d6a34d7fc304111992e850657f6ccc545338cf89773ba3271caee81f373fd78 php-xmlrpc-5.4.16-48.el7.tuxcare.els10.x86_64.rpm 9448dce2a78b12483de6124b323799681e5c92d605b7f8bca2d213cfb2772e94 CLSA-2025:1753953101 TuxCare License Agreement 0 - CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases

0 tuxcare-oraclelinux7-els php-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 0d434bbb8d37339bd36831bff814bb619ff6f9cd1eca9850455a67bbb7b1aa96 php-bcmath-5.4.16-48.el7.tuxcare.els11.x86_64.rpm b649356f922ef809955d9842135afa68da1fcce48b6e040650074af8a5a3f65c php-cli-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 8e2ae6a2b665d7b2ca239d2bb2f888a3e2f80e90f8c3cf0daaabd8964cb7a7b4 php-common-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 1c3c9855bae2db166a9a05bf20e90c3459bd7561388d4cd9f9e8b31f206a6c73 php-dba-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 8aa851b1259ddf3201a0c9a40d706393522cda4dd97f94b5fcf220168286386d php-devel-5.4.16-48.el7.tuxcare.els11.x86_64.rpm d8ef1686081ba2c23a13071207b3c5aa7849f9e348da96fcf79257ae09e07fc3 php-embedded-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 93c4b01f7a08b0c50405dfd721828e5442cda226560b120027730a9d11efd7c7 php-enchant-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 1cfdb870657a74043b603a05c8951cd26e7f3f8e1ba33e1ef8cfbe84e6b95eb9 php-fpm-5.4.16-48.el7.tuxcare.els11.x86_64.rpm df2e7519eee9f6877c4cff78e9d9fbb4768b7b16299f72c95a1299f256b2fb33 php-gd-5.4.16-48.el7.tuxcare.els11.x86_64.rpm ae05a97cc56bd0e90405f70498512190772a197467554775b36a8a7b5f14937d php-intl-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 65fc9e9a92b01ccdbd0920677e9ac5964bab16f099416fb99af37a898f904a0a php-ldap-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 8a6c41b51ae17acb362f6534fd4011823a14d8a969786ec6c5338862fea8b89d php-mbstring-5.4.16-48.el7.tuxcare.els11.x86_64.rpm fc4de40c4dc59a934bf6ca4dc6d81dede97f63fad34ab659201e42c9639d0ee1 php-mysql-5.4.16-48.el7.tuxcare.els11.x86_64.rpm fedb7791f7c209601f7b1f01989f6fb4ace794ff9eb108e6f315dca45735696c php-mysqlnd-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 8db06e70d10a55f7f92ee18ab1b97cdd419e6923138558c57b75baa325d54af4 php-odbc-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 6dc747e9f5e3674f1639cdcefee90d04880f9590ecd4e64124cd45b47b1c3834 php-pdo-5.4.16-48.el7.tuxcare.els11.x86_64.rpm d91725f8c4c1363f348d21898ae4a29febff16a80f974ecf43585e0dcd284646 php-pgsql-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 893078c6093584fa468e222e12f8b76d835461c04445b5b6db77a1148fd198c9 php-process-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 45a5befd773a65426c8a729da493766d4e98202ee3760a18bc0eabb7f343f5d8 php-pspell-5.4.16-48.el7.tuxcare.els11.x86_64.rpm e3852b9d91f64002fcd82944633b17a2876db4358bd58321784b4820d693dd90 php-recode-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 1a91041de980e99e35f6ad69ccfe0ac5f61dd1e05be22f99d7bad2ac5177ddb6 php-snmp-5.4.16-48.el7.tuxcare.els11.x86_64.rpm 297525a700d7163fcfbc031812b7111f7ef5a874b27cf0d1cc43fcdf6ff83d48 php-soap-5.4.16-48.el7.tuxcare.els11.x86_64.rpm c30c9ddca04e805406b7c0403d6bdef40f5588d5e92371c628e9ddf125d85f4c php-xml-5.4.16-48.el7.tuxcare.els11.x86_64.rpm b03895caf20510451bfe71941114440c97e21bc3ffc80e4801526e7ba3dd3461 php-xmlrpc-5.4.16-48.el7.tuxcare.els11.x86_64.rpm cc502d5e67f12d56e3e13084c22eb41a72172e8de908379d084b9ce7b2eef02e CLSA-2025:1753967026 TuxCare License Agreement 0 - Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u462-b08 (GA). That fixes following CVEs: - CVE-2025-30749: better Glyph drawing - CVE-2025-30754: enhance TLS protocol support - CVE-2025-30761: improve scripting supports - CVE-2025-50106: glyph out-of-memory access and crash Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u462-b08 (GA). That fixes following CVEs: - CVE-2025-30749: better Glyph drawing - CVE-2025-30754: enhance TLS protocol support - CVE-2025-30761: improve scripting supports - CVE-2025-50106: glyph out-of-memory access and crash

0 tuxcare-oraclelinux7-els java-1.8.0-openjdk-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm dad7dfedadbe576e06f03216aa217248c4cbccd4dfea1a84248558c4c776c467 java-1.8.0-openjdk-accessibility-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm ca52d2f619c2e0877804e4b3aba4394b8c5bc95e2982397df152fbad0083e7aa java-1.8.0-openjdk-accessibility-debug-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm b9badb8531e98447fe9eac3c5daf9682a04e92484d1eda8f485c335e1d19e357 java-1.8.0-openjdk-debug-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm 89297ac99840f458214cf691e64d8bd900596c7da9ece18c7965292fef06dd41 java-1.8.0-openjdk-demo-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm 9778e9ed290fb7b98931a1e92a95e7fd6765a104d6ef8e864ea1a321bca5981e java-1.8.0-openjdk-demo-debug-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm 5063f6671adf83201c6b0d3237a1275adf73fc817a39472b38b1e24db88a91cb java-1.8.0-openjdk-devel-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm d0b35d4dbcf3369f926614ec948318f717d58061c1c98060590271e3fc615183 java-1.8.0-openjdk-devel-debug-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm 21b0261d84a12fd80b94ba4e2f54ca75f155f5ee061d29d559104eef1cee52d0 java-1.8.0-openjdk-headless-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm 014062e2c7e485a76518087e056f21300a93c4e13b8096704d85a160f7b8a5b4 java-1.8.0-openjdk-headless-debug-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm 8be6a07efc9d0999c0349d7501d66740b25fc7720d7b739d5b270638d18cc12a java-1.8.0-openjdk-javadoc-1.8.0.462.b08-1.el7_9.tuxcare.els1.noarch.rpm 1d95adbf5b9407a8bcc2e9c9a1746c2a508345be7d5bc0eb0fe5f7873226bc5d java-1.8.0-openjdk-javadoc-debug-1.8.0.462.b08-1.el7_9.tuxcare.els1.noarch.rpm d0002d51f6cee7df23aba5b9c01a9a83c7bc85aae3192172b81d2f2b9e6cd9c1 java-1.8.0-openjdk-javadoc-zip-1.8.0.462.b08-1.el7_9.tuxcare.els1.noarch.rpm c5105d75e68d506dc80317349b0d27cb24224985401756c86ec2d4bc2cb88359 java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.462.b08-1.el7_9.tuxcare.els1.noarch.rpm 7eead123e7a1a4307cf397eaede052eb047c07ff7e0c0f3f5cd915037d9e416d java-1.8.0-openjdk-src-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm bb08780a0998b348d1dd6764236d479bfcff0c186b99bbcb3c39968f2488b302 java-1.8.0-openjdk-src-debug-1.8.0.462.b08-1.el7_9.tuxcare.els1.x86_64.rpm 437318c4ad168348810f83115b77be0c50257dcd5fedcd5489336f582f56dc64 CLSA-2025:1754336638 TuxCare License Agreement 0 - CVE-2025-6965: fix memory corruption issue caused by a query where the number of aggregate terms could exceed the number of columns available. Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-6965: fix memory corruption issue caused by a query where the number of aggregate terms could exceed the number of columns available.

0 tuxcare-oraclelinux7-els lemon-3.7.17-8.el7_7.1.tuxcare.els2.x86_64.rpm 26a4fcfff1ad13bab66588e3bc04647a871d72b2833ae221d00ce0aed9b0b06d sqlite-3.7.17-8.el7_7.1.tuxcare.els2.i686.rpm d49af1ee3e02e67515e8a7c86b3e9b3e2b0268dece9de73306dc8244cdd5156e sqlite-3.7.17-8.el7_7.1.tuxcare.els2.x86_64.rpm 164a0b1fefd3a66d50cc744ca1296619f9bd372f08ffb251f7239f37c7643a1d sqlite-devel-3.7.17-8.el7_7.1.tuxcare.els2.i686.rpm f4a7cb5976e8d08f9aab01e08991f10b05a844e92e5d0b0b599c31ec5928681f sqlite-devel-3.7.17-8.el7_7.1.tuxcare.els2.x86_64.rpm e5c2154c69ed9e5d064b56107234eb2a533291745ff266fb84a8620852a79986 sqlite-doc-3.7.17-8.el7_7.1.tuxcare.els2.noarch.rpm 073659d401f3c130bb623f9a187225ac538dbd27f204714d3a049419620134c9 sqlite-tcl-3.7.17-8.el7_7.1.tuxcare.els2.x86_64.rpm 32dc9f91fa36710836bb181934180664f199217ee16de2fb070b271c83086417 CLSA-2025:1754342893 TuxCare License Agreement 0 - CVE-2025-6491: fix buffer overflow vulnerability Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-6491: fix buffer overflow vulnerability

0 tuxcare-oraclelinux7-els php-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 564ee25f7a723d2e906bad773659c6da7072995a48fac8112071f5efb9a1fb55 php-bcmath-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 57bcccc31c9aa303d3838ca5662bce374940c09b40361153225ec6b4c4025169 php-cli-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 2eed3dd6ee2ffa753c664b3c42044bcb550349e0953b3dbe740cbc4506cba2ca php-common-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 6b939ed65d5afd469807f10cd3fc274ee18af64af9ce4b514befbd298a40ca73 php-dba-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 9c39ce3538458a2ff1e30a9220241a2655cf6d79b3feb91ae5a70a7cc3cb8ff6 php-devel-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 628efc0ebff0618ad9d60e8ae888fe54cf261719ffed9fa189f5e0721ce8f9fb php-embedded-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 924e8fabb0d58cd6960eb8c18eb3f2c757b982eedd3d8d7bc21ad03798c4be5f php-enchant-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 973f161796a89b0bd57bb1a3a437390721e1ba2610479674c77c26ea566944e2 php-fpm-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 7ca22c429f4620ae7f0e321d8766009c0551eb4af0151003ef255314a79bff1b php-gd-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 149a831e4e679c0f1c267d90e7ed5dba3be8f454551008aa9de4d23cb1e977f8 php-intl-5.4.16-48.el7.tuxcare.els12.x86_64.rpm decd46c541262db32636b7e17e1c47ab6cd50a4752296d350f5e83d639cae863 php-ldap-5.4.16-48.el7.tuxcare.els12.x86_64.rpm b19757b2573debb97eaddd2da3f46c09ee96837b05095979f3c34848f3928a53 php-mbstring-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 245125f411fc9ec2bfb28ca1c1ca3c4542d73ca4d53043662cea09bf9e8d3e62 php-mysql-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 4a3678e48dd3c8a0cbb6650bd67f34d2be040720480369aad778bc5910a469e4 php-mysqlnd-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 092fc4febf7f06aff2b19ea552cd40ce3b7df4d7d46d34dfef795e1899699c92 php-odbc-5.4.16-48.el7.tuxcare.els12.x86_64.rpm d11871dd18683c614ed2b3baec0bb71ab348c9e8b97151c7318e8da869de9f80 php-pdo-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 606b91fb1a5b167d6c1af49b300700fbe56760894d3b30a82e66b18ed311f8bb php-pgsql-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 8da944772fa62af2804cc47ce2a7a644328d7917d5ea0e24ac9dce37bdd6bd05 php-process-5.4.16-48.el7.tuxcare.els12.x86_64.rpm cdd52bc23c4081a0fe53f2110f09b3a84a7cc9114040cc12050e830a7fa63413 php-pspell-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 91981680700b25514425af62ec8eae76fb9d6a94e243a2d90624e1fb6aa3a1cd php-recode-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 30f9872df6e3d0c4a77cdcb768cf24757cb098b945b10ffd08697f232a4b35bf php-snmp-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 4ff66b893ed960766cd2466267cc7d33fd526de9c820f420ea6a1cb068804033 php-soap-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 3c503989ce5d08254bbe312c40c6b0b094c8e389ea8ca3b2768b62e514b0ff25 php-xml-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 1fd1fd7e71f0922b708be53d626d2422bfca29faa3ecd87019f78ad77b02c3bc php-xmlrpc-5.4.16-48.el7.tuxcare.els12.x86_64.rpm 2ab095037fd63595db645e1d422d81cec2eabb2f9ae97bfe14225889c7dfe0af CLSA-2025:1754381492 TuxCare License Agreement 0 - update to CKBI 2.74 from NSS 3.110 - updated certificates: - # Certificate "Entrust.net Premium 2048 Secure Server CA" - # Certificate "Entrust Root Certification Authority" - # Certificate "AffirmTrust Commercial" - # Certificate "AffirmTrust Networking" - # Certificate "AffirmTrust Premium" - # Certificate "AffirmTrust Premium ECC" - # Certificate "Entrust Root Certification Authority - G2" - # Certificate "Entrust Root Certification Authority - EC1" - # Certificate "Entrust Root Certification Authority - G4" - # Certificate "Security Communication ECC RootCA1" - # Certificate "BJCA Global Root CA1" - # Certificate "BJCA Global Root CA2" - added certificates: - # Certificate "D-TRUST BR Root CA 2 2023" - # Certificate "D-TRUST EV Root CA 2 2023" None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- update to CKBI 2.74 from NSS 3.110 - updated certificates: - # Certificate "Entrust.net Premium 2048 Secure Server CA" - # Certificate "Entrust Root Certification Authority" - # Certificate "AffirmTrust Commercial" - # Certificate "AffirmTrust Networking" - # Certificate "AffirmTrust Premium" - # Certificate "AffirmTrust Premium ECC" - # Certificate "Entrust Root Certification Authority - G2" - # Certificate "Entrust Root Certification Authority - EC1" - # Certificate "Entrust Root Certification Authority - G4" - # Certificate "Security Communication ECC RootCA1" - # Certificate "BJCA Global Root CA1" - # Certificate "BJCA Global Root CA2" - added certificates: - # Certificate "D-TRUST BR Root CA 2 2023" - # Certificate "D-TRUST EV Root CA 2 2023"

0 tuxcare-oraclelinux7-els nss-3.90.0-2.el7_9.tuxcare.els3.i686.rpm 0fbcc4a1f7bfe30a0e264c40fff0cc6e0e0317646763953338d95f20031e07d8 nss-3.90.0-2.el7_9.tuxcare.els3.x86_64.rpm e2598d6f18380d93657e774ece8a7bdec91e7e7f52cc68997d65ed6098cddc4e nss-devel-3.90.0-2.el7_9.tuxcare.els3.i686.rpm cd7d4717266ca230f7e29664ca27ec271bf8712a8e46215b3e723814f17323fc nss-devel-3.90.0-2.el7_9.tuxcare.els3.x86_64.rpm a247c857b993d978b95f437d3e0c9dd51ec87fcbfbb28470bcd53ab4c3200192 nss-pkcs11-devel-3.90.0-2.el7_9.tuxcare.els3.i686.rpm 7856290582328202779b7c1c445dea2f1a11890199e2d35dbd36f255412f94c0 nss-pkcs11-devel-3.90.0-2.el7_9.tuxcare.els3.x86_64.rpm b4e48a048672edc4b61cde17f53530191dc83ffa4dc425a60fbbe5c434879a7b nss-sysinit-3.90.0-2.el7_9.tuxcare.els3.x86_64.rpm dbdcea601813da325347280115a972a278e67e3ac05b7410296477777e849347 nss-tools-3.90.0-2.el7_9.tuxcare.els3.x86_64.rpm 6810456b37caf2c4eb0dfa04ffba4ed90de3d7cd4e197b701222b72edf0fcee5 CLSA-2025:1754649017 TuxCare License Agreement 0 - CVE-2024-46901: fix mod_dav_svn denial-of-service via control characters in paths Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-46901: fix mod_dav_svn denial-of-service via control characters in paths

0 tuxcare-oraclelinux7-els mod_dav_svn-1.7.14-16.el7.tuxcare.els1.x86_64.rpm c1f0ecdc133ed505cb1c3c72aa5866d75c84725ea017ecefbf92c81554678c52 subversion-1.7.14-16.el7.tuxcare.els1.i686.rpm b38167be674fc13e9adcb7d430e5e37eb17839579bfd1ba8537eda1a85a9939e subversion-1.7.14-16.el7.tuxcare.els1.x86_64.rpm e189f66b267ea1f207648f5a742c8f87b3ef3c3bf91bc508037da9f6c31857a5 subversion-devel-1.7.14-16.el7.tuxcare.els1.i686.rpm 198091a3504b77e9142acd938d163319284666bb6bd8a9db7e3aba5068ac6d61 subversion-devel-1.7.14-16.el7.tuxcare.els1.x86_64.rpm 9827a9095a76db3fcae216dc87f3a14eb6342d6e41ad6363475f04dfc597f0e1 subversion-gnome-1.7.14-16.el7.tuxcare.els1.i686.rpm b05e5721ae36b9a4b9493a3d9363e387116cdcfbaea792e8fdaecf7f3d7116d1 subversion-gnome-1.7.14-16.el7.tuxcare.els1.x86_64.rpm 91b35ae3fd0d1aa142d1c1efdabf09aeab27523b726f9a38999f559ad627b81d subversion-javahl-1.7.14-16.el7.tuxcare.els1.i686.rpm 377847e02b9979da99bbfb379aa17c4c9d06cfc0b08ff9898acc176855521936 subversion-javahl-1.7.14-16.el7.tuxcare.els1.x86_64.rpm d425af4b625d3a982bf989a3a9a734440b3d1584db129f07b9059f74424260c9 subversion-kde-1.7.14-16.el7.tuxcare.els1.i686.rpm bc0f033283dd35766595a44cf0fe41a3dde5341aebf4af2660b3670cc4f152f2 subversion-kde-1.7.14-16.el7.tuxcare.els1.x86_64.rpm 09dde612e1d133ad5c63466b5efeea5ac20c5eee6f741bc2cadd2838eefb4103 subversion-libs-1.7.14-16.el7.tuxcare.els1.i686.rpm 2057fb1b411bfdc7dcab2040d8c4ad7a1081237b567fa996a4ceb55b70337160 subversion-libs-1.7.14-16.el7.tuxcare.els1.x86_64.rpm 85c39a01baa30bf87b30b503afafae5f92a7adf9a1b63175636f69a508c43531 subversion-perl-1.7.14-16.el7.tuxcare.els1.i686.rpm 73baf379cf52e321cab510f839df78c8f2c1c2b0a324f0ff3c8ca0f1044e02a9 subversion-perl-1.7.14-16.el7.tuxcare.els1.x86_64.rpm e1d9a9d2ae2cae5ec5f00febd02c61fea196c8d7e630f47678340c76db3366be subversion-python-1.7.14-16.el7.tuxcare.els1.x86_64.rpm 9922f90d46218e736c85eb665c7fef414b7c225dc732d9e631edbe3cf652a69e subversion-ruby-1.7.14-16.el7.tuxcare.els1.i686.rpm 2e3c0a67dd0d7fe9243b7dcabb9240893f6cebf4a078fd53562359e48cec0067 subversion-ruby-1.7.14-16.el7.tuxcare.els1.x86_64.rpm aaf760c0e9a9e161fdb884cf5a7cd3899e53cf5b9ee0281c404464ef868e600c subversion-tools-1.7.14-16.el7.tuxcare.els1.x86_64.rpm 4b6b018ca8354e4e97f55ef2def34d84861fa6beef4e21405864ed4cb2265672 CLSA-2025:1754940262 TuxCare License Agreement 0 - CVE-2025-27613: fix issue where untrusted repositories could create and truncate files, with the fix implemented in versions 2.43.7 and later Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-27613: fix issue where untrusted repositories could create and truncate files, with the fix implemented in versions 2.43.7 and later

0 tuxcare-oraclelinux7-els emacs-git-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 5c6d5119d96e2e154c25fe18e3693afb87911ffe32b948339327b62bb8631e62 emacs-git-el-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm b51129bb30d8b09bbaf53a5de1cdc7307ddc2365d30f2dfca990e7f9cac3e9cb git-1.8.3.1-25.el7_9.tuxcare.els5.x86_64.rpm 155f65d522a565f987545bd9a66e1e6f205bccb67e8df051cfb7ea8d41e4a58d git-all-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm d2d173f7befe98c73b63fbb66912c11583b03b039f8e1f10beb8224d1890136b git-bzr-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 2607139a50e86967cf61e0e8ad9739eb6068c9c226562ed29b97bb5ab24eafc5 git-cvs-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 5f05dc4ca1d36a1788e7491b6004cb58983aefea0a4ef2efe8dc09ee7b0bd6cb git-daemon-1.8.3.1-25.el7_9.tuxcare.els5.x86_64.rpm b346319c1ecd73e30fef403fc7874d566c770622e2bd884660f8a26c8fcd4e21 git-email-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 3e00c574849515963028d4b8f136d69a6936d2852e289dda641379e8c10330e0 git-gnome-keyring-1.8.3.1-25.el7_9.tuxcare.els5.x86_64.rpm baf452e8211a8ea62d000494a6e00de0b2502348e4fe5e97bf5ff5104f381da3 git-gui-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 1d4220f6c68c9f6c3107e908766995afd3c47456d857ba43ec99cc1ba268c8fb git-hg-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 66d71610dea4904aee2465f8afc4e31a3f2edbdbaabe8d38d9ab0a3d4cf26586 git-instaweb-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 419f648fe4000302a8b567ac6b20a6bdf11cf1bab4474e103cb781137ed26663 git-p4-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm a0c7e1972ad9d5d7471f63519c3d2605064860a6771723d005c0737d95d4601b git-svn-1.8.3.1-25.el7_9.tuxcare.els5.x86_64.rpm a73a99a5a9ebd04ef01cc195b20830fdec56cfa140793112e465fe41bf0335d6 gitk-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 5c8f9a5a89a9d0802619b71ea6664f07557649a0f0cdde0b5ad92dfad382fc59 gitweb-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 75018c0f6dee057b6456e285e9f54002eceff708dd9493bf65dd2fb8d4771681 perl-Git-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm b8ccc799fd33b9974276f0629b36d33e7da931b045db1f1195b2276274f17485 perl-Git-SVN-1.8.3.1-25.el7_9.tuxcare.els5.noarch.rpm 2f8b2da13ac07bb3c0ae07d77b0edd1249b9dd1f632caf0a9003fbe0e3c3e85c CLSA-2025:1755707639 TuxCare License Agreement 0 - can: bcm: Fix UAF in bcm_proc_show() {CVE-2023-52922} - udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- can: bcm: Fix UAF in bcm_proc_show() {CVE-2023-52922} - udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 2a85fe370cc15146cb148d3fdb9561179971ca22aaf56db95847706e4fc2941d kernel-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm eb206d1f3cd8c3be27f235c0a353988d33c0781bb694ef0ed312207d80298ce3 kernel-debug-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 6415973f7f12b8691b1de0e01a740ce8fb393aa134fc1f103295bb140f7027c7 kernel-debug-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 8a93cf703db7488a69ce0fcf8d85f17211a182a48c6c11830783c3e0de0f671f kernel-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 8a77764dafd076142dbfdeb1104cfa2bf0027690625cf5350ef5e3ba1ced0743 kernel-headers-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 8193fa327ac21115ebd793087c766072369fc7c5f219ec01eee882cf9f9725c5 kernel-tools-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 75dc8acde3753bea8577f0c961ffb218ac61469867f0dafceadb4a27b8cd9821 kernel-tools-libs-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 15a2a68e98b384e63e6c0f8bb175ef840557331e537b7ebbc006855cccee62ad kernel-tools-libs-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 9c59a70c0caa079fea3ea4b8fe643a3ac3f4d6063e9d3ede653d4b1319142413 perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm ac6bbdd6e8b2c813a224c8ee6a083066d7ec31c0024016a22e181b7582109b1f python-perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els22.x86_64.rpm 012b5437613d97149a1c702f4bc0e61229929b75875c4e0fc771a777789a1d8a CLSA-2025:1756323917 TuxCare License Agreement 0 - CVE-2025-1736: fix incorrect validation of CRLF in http headers Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-1736: fix incorrect validation of CRLF in http headers

0 tuxcare-oraclelinux7-els php-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 6eac22afef889f553fc22ce8a6b1794e0bc38cc33daa189fe93a6eaf337a2316 php-bcmath-5.4.16-48.el7.tuxcare.els13.x86_64.rpm f0074a5a7a942790f01b032106715f29fe47893630be3c7c9632200ee5b5caf3 php-cli-5.4.16-48.el7.tuxcare.els13.x86_64.rpm f0978f7132a8b228db82f119aa7e839036c406e23e9da711eecec34d594d3723 php-common-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 6b8d1bfe886032f1f0c62b8e32a66a5d8845125fd13ad4c77999bcc67d3ca6f4 php-dba-5.4.16-48.el7.tuxcare.els13.x86_64.rpm cd18b4cbe3ad29ef0d557c1fd3d5446d25465f3da79c7e65f8d15a96d856f72b php-devel-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 5eb30caa87e96fcd32ce997f18b02f29752859af532eb72d92eed55ac7278f2f php-embedded-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 1db749fd7adaa0d4ebd6e33c118a7b32b94bb1819b0e78f63d2fbf3093e08bd4 php-enchant-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 964f0ee14a8c68fc07340e281d5ee48e74f24bbbc984ed8f26898ccd736379ed php-fpm-5.4.16-48.el7.tuxcare.els13.x86_64.rpm d40d7eab90bae23102fcdcaa654a69991bda4651066630e5fa86e49598135d5e php-gd-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 87d0add5064d1fa19664a5d9abbc51732bd2298489c6c856fa7196ab5762c087 php-intl-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 3f97135f335f4263fceca683eeb86ad94ffdedb19da3c3930e097d18c77088ae php-ldap-5.4.16-48.el7.tuxcare.els13.x86_64.rpm f6c9bdd3b1524772680d1e84548e9d5667cf16c3d1237d8bc8d135fab899a6fe php-mbstring-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 177294fa3fc73c6dfef34bf14ef47b4c6a524cf3b76f616b13ca246bc8df3017 php-mysql-5.4.16-48.el7.tuxcare.els13.x86_64.rpm f03bcf53d19a08a3f5dc54bfb92ae1af5532bac7d67c1c1b90952afdb78981ae php-mysqlnd-5.4.16-48.el7.tuxcare.els13.x86_64.rpm fe881df8aaf3431f1e9bba26db34f3cb199c71ade1514a3571180ad60c831e73 php-odbc-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 145ea807744321214ea4cd9758c76e67c85e1ef61a84beef47f7c006d5813485 php-pdo-5.4.16-48.el7.tuxcare.els13.x86_64.rpm bf5f6bc88d29cf7b38e8c2d0cfb1ae0c6da2c9837ad846794b08ba644ea8f065 php-pgsql-5.4.16-48.el7.tuxcare.els13.x86_64.rpm f1e06da95c617b8a975fa79a38d9cf40b9a2954c05be1e79f66ebe06a505ff5d php-process-5.4.16-48.el7.tuxcare.els13.x86_64.rpm bad9779e0471ddfe14418985d6eee91f80ce8d1a4f0b653a4b77edfe4097c46c php-pspell-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 81d695cdd62037b689a561b0cb01d2d39c290cb0278ef5148763ec79350e9569 php-recode-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 42c1f2955d05c7c8f7e17ee74b9d0a3303c8628ab91c1a9afed971fbe1012048 php-snmp-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 84f69947259afc665018c28eab9c2a4ad8aa8c71df0a945633c9d4edf89cc6d4 php-soap-5.4.16-48.el7.tuxcare.els13.x86_64.rpm d2053213f62c98571b0deb726ff99243d3d73570162fe49ea22916df331929d9 php-xml-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 868c521bdde4e27914a12750283c1263fd4a12929f8fd8ce43a69d3a1bf7380e php-xmlrpc-5.4.16-48.el7.tuxcare.els13.x86_64.rpm 080011d8e5e60640b249f831f5be2f374131af45a50c247e5594f3b0fb5fa9ca CLSA-2025:1756751597 TuxCare License Agreement 0 - CVE-2023-46846: fix Request/Response chunk smuggling in HTTP/1.1 and ICAP Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2023-46846: fix Request/Response chunk smuggling in HTTP/1.1 and ICAP

0 tuxcare-oraclelinux7-els squid-3.5.20-17.0.5.el7_9.13.tuxcare.els1.x86_64.rpm e8b36f81adf94e5c4991209dea7aafde7de543df102956378dc5dd2d1789e5a8 squid-migration-script-3.5.20-17.0.5.el7_9.13.tuxcare.els1.x86_64.rpm 7031cdf1010769598ab87fb472137af6776aed1b70e0e4da231660a6207019c1 squid-sysvinit-3.5.20-17.0.5.el7_9.13.tuxcare.els1.x86_64.rpm 67ba3746528eac839f2449bfbc0cdfdcc2eea7ff054c50de9ddfe252a17be844 CLSA-2025:1757015024 TuxCare License Agreement 0 - CVE-2025-54574: fix heap buffer overflow in URN parsing Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-54574: fix heap buffer overflow in URN parsing

0 tuxcare-oraclelinux7-els squid-3.5.20-17.0.5.el7_9.13.tuxcare.els2.x86_64.rpm b0c5aec856fc0ae2919679aae15d36687d44590adaa51c1e03e627a12f38072a squid-migration-script-3.5.20-17.0.5.el7_9.13.tuxcare.els2.x86_64.rpm 3e55b1cf4c85ec9abbd931f09e9541533b232c98a70dbc0e32a4121cfa8f27ac squid-sysvinit-3.5.20-17.0.5.el7_9.13.tuxcare.els2.x86_64.rpm 11e92c7ebcd718923da0e5448876efe5eba1d10a4a25470770a1fb566c027d94 CLSA-2025:1757246128 TuxCare License Agreement 0 - CVE-2016-9840: fix undefined behavior in inftrees.c Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2016-9840: fix undefined behavior in inftrees.c

0 tuxcare-oraclelinux7-els minizip-1.2.7-21.el7_9.tuxcare.els2.i686.rpm 33d34ca0637d7394ef4bdf7915ea99dffd71ed22709d0ab7a03316d9b1c836d6 minizip-1.2.7-21.el7_9.tuxcare.els2.x86_64.rpm e33b48270c7bd8b27a0526f13f5f079d2353d136a6065b437b3918be604011b5 minizip-devel-1.2.7-21.el7_9.tuxcare.els2.i686.rpm 1980ccec4e32f9dae2667375b5c38b12cad5a161150beb94196d9617aa311fab minizip-devel-1.2.7-21.el7_9.tuxcare.els2.x86_64.rpm 97c01140130f14ff6ee89d46c0a31a4b666dda8a198885c16bd89fdb2808df48 zlib-1.2.7-21.el7_9.tuxcare.els2.i686.rpm b499e3002dea2184bb0154dffe0598d0c712e9f2d2fb51ce832783ea6ac0d389 zlib-1.2.7-21.el7_9.tuxcare.els2.x86_64.rpm 23b9aeae05613e42218bf407697530a27a71c9dbe9ce6922c198a26477414d92 zlib-devel-1.2.7-21.el7_9.tuxcare.els2.i686.rpm a2293ac84b18cb64652bd0acf990688736dabf9f67cfd92f76ea85354e1620e0 zlib-devel-1.2.7-21.el7_9.tuxcare.els2.x86_64.rpm 2c016deaecc9266c5381c56dcc9ceb9d61d1960455755cbb81d96f33c84f98b3 zlib-static-1.2.7-21.el7_9.tuxcare.els2.i686.rpm 2cd3016dccd0a07570e81bf28a45029daa31bfe8b2ce1b4cea82a244f15c83d0 zlib-static-1.2.7-21.el7_9.tuxcare.els2.x86_64.rpm 8e45ec90bb3dd43a152d35620880dc0161b2e55cfa27f8354334ff1c6be5f7a7 CLSA-2025:1757415450 TuxCare License Agreement 0 - CVE-2025-7425: fix heap-use-after-free in xmlFreeID caused by 'atype' corruption - CVE-2025-6021: fix integer overflows in buffer size calculations Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-7425: fix heap-use-after-free in xmlFreeID caused by 'atype' corruption - CVE-2025-6021: fix integer overflows in buffer size calculations

0 tuxcare-oraclelinux7-els libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els7.i686.rpm 41a55ed7740caaaae5ce9af57ee9b3c9f62d7539dc72a046d3680c192266191d libxml2-2.9.1-6.0.3.el7_9.6.tuxcare.els7.x86_64.rpm 0625ed8eaeb84789aedc6afae297d39038e5c5806d727db8550bc1f994949dbc libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els7.i686.rpm 9e767401d6e8b44d7f7e2ea1912a3f4807f6a6ea209b4ff6c8c822b89b44b56a libxml2-devel-2.9.1-6.0.3.el7_9.6.tuxcare.els7.x86_64.rpm db24d5bd977b26cd58157ebe138b6504f02814ca4c9192b1346e4e85a50c65b0 libxml2-python-2.9.1-6.0.3.el7_9.6.tuxcare.els7.x86_64.rpm 5096b1912f318a982128cce22895b418009d5cf9581aaaff8520e29454d5de0a libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els7.i686.rpm 2addb355b2e3c2c59f75a87a8fa14a4286d3d431096d8f1c860c8959f1716ed2 libxml2-static-2.9.1-6.0.3.el7_9.6.tuxcare.els7.x86_64.rpm a474d7a7d2017fc818ec2d9176e71efd4cd2dea82023b343ef2a3633b027d3b2 CLSA-2025:1757531273 TuxCare License Agreement 0 - CVE-2025-6020: fix potential privilege escalation in pam_namspace Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-6020: fix potential privilege escalation in pam_namspace

0 tuxcare-oraclelinux7-els pam-1.1.8-23.0.1.el7.tuxcare.els2.i686.rpm 5baaebaabd00df755ffe9ca62d5554591968cc353e5a2c710870ac5e2f0beefb pam-1.1.8-23.0.1.el7.tuxcare.els2.x86_64.rpm a6e9a6ab4d8d5364ce8c11cfca891de4f666ebbcee7063b24eda13fed01527f8 pam-devel-1.1.8-23.0.1.el7.tuxcare.els2.i686.rpm 6fc1f859674116825d4335f7fbb91e75c7e60da76b692baa5c0c0428df340d2a pam-devel-1.1.8-23.0.1.el7.tuxcare.els2.x86_64.rpm 09c431f7bb3cb4a22ad0abc3a8d1f29558f9ad3afe73c9d9808189d3330a45a8 CLSA-2025:1757690669 TuxCare License Agreement 0 - CVE-2019-9169: fix heap-based buffer over-read in proceed_next_node in posix/regexec.c Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2019-9169: fix heap-based buffer over-read in proceed_next_node in posix/regexec.c

0 tuxcare-oraclelinux7-els glibc-2.17-326.0.9.el7_9.3.tuxcare.els1.i686.rpm 5267d80a64fe431864d854700a85033cda2b1746e976c47062d6f4cc4031b242 glibc-2.17-326.0.9.el7_9.3.tuxcare.els1.x86_64.rpm c7a68b0e891561996e4cdb6ef0ccc1cfecc8886cd311fa147d37ea59ab6ef5d6 glibc-common-2.17-326.0.9.el7_9.3.tuxcare.els1.x86_64.rpm fede43e03e6cd02d49d9ec32aa9db64b43a15eb558f9563f1ed996f231ad4ef1 glibc-devel-2.17-326.0.9.el7_9.3.tuxcare.els1.i686.rpm 83d99df7368e06ee5ac529ef7ceb668b6f8a8cad20ed9021cb490f4481f18f52 glibc-devel-2.17-326.0.9.el7_9.3.tuxcare.els1.x86_64.rpm b3c7a168a0574dfc31dc36ee638095f303874c1aae5e6248387f619c40352a37 glibc-headers-2.17-326.0.9.el7_9.3.tuxcare.els1.x86_64.rpm 101d3fedb6363fb40feef3c465fd046ffbe28c18a5258e77a33d7e0798cbbfe1 glibc-static-2.17-326.0.9.el7_9.3.tuxcare.els1.i686.rpm 41ca52b38968f4a03175637df9e91fbf688ce81d569c9b8d4d9c87a919709f48 glibc-static-2.17-326.0.9.el7_9.3.tuxcare.els1.x86_64.rpm b7aacdbb96d6d93ff6b11204161693f744ffcddb3316dacf8fabc25c34ca5b54 glibc-utils-2.17-326.0.9.el7_9.3.tuxcare.els1.x86_64.rpm 74b32f01481ec7c50c65181f7a032ef048e171607956f8b5aad04359b9c2571e nscd-2.17-326.0.9.el7_9.3.tuxcare.els1.x86_64.rpm a919544d5f2c1bac28eca217216f3b506ab1759fed61cafaa19b1f35632a6a9c CLSA-2025:1757698145 TuxCare License Agreement 0 - x86/kvm: Disable kvmclock on all CPUs on shutdown {CVE-2021-47110} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352} - cifs: fix double free race when mount fails in cifs_get_root() {CVE-2022-48919} - aio: mark AIO pseudo-fs noexec {CVE-2016-10044} - cifs: potential buffer overflow in handling symlinks {CVE-2022-49058} - NFSD: fix race between nfsd registration and exports_proc {CVE-2025-38232} - nfsd: register pernet ops last, unregister first {CVE-2025-38232} - net: atm: fix use after free in lec_send() {CVE-2025-22004} - net: atlantic: fix aq_vec index out of range error {CVE-2022-50066} - do_change_type(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498} - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - net: atm: add lec_mutex {CVE-2025-38180} - SUNRPC: make sure cache entry active before cache_show {CVE-2024-53174} - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() {CVE-2025-38399} - scsi: target: Fix crash during SPEC_I_PT handling {CVE-2025-38399} - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race {CVE-2025-38085} - drivers:md:fix a potential use-after-free bug {CVE-2022-50022} - ext4: avoid resizing to a partial cluster size {CVE-2022-50020} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928} - net/sched: Abort __tc_modify_qdisc if parent class does not exist {CVE-2025-38457} - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() {CVE-2022-49788} - dlm: fix plock invalid read {CVE-2022-49407} - net: usb: smsc75xx: Limit packet length to skb->len {CVE-2023-53125} - scsi: libfc: Fix use after free in fc_exch_abts_resp() {CVE-2022-49114} - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} - HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38495} - ext4: Fix possible corruption when moving a directory {CVE-2023-53137} - ceph: avoid putting the realm twice when decoding snaps fails {CVE-2022-49770} - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} - sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177} - ext4: check dot and dotdot of dx_root before making dir indexed {CVE-2024-42305} - ALSA: bcd2000: Fix a UAF bug on the error path of probing {CVE-2022-50229} - dm ioctl: prevent potential spectre v1 gadget {CVE-2022-49122} - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - md-raid10: fix KASAN warning {CVE-2022-50211} - scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332} - ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386} - media: cxusb: no longer judge rbuf when the write fails {CVE-2025-38229} - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} - ext4: fix off-by-one error in do_split {CVE-2025-23150} - perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init {CVE-2025-37878} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000} - i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- x86/kvm: Disable kvmclock on all CPUs on shutdown {CVE-2021-47110} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352} - cifs: fix double free race when mount fails in cifs_get_root() {CVE-2022-48919} - aio: mark AIO pseudo-fs noexec {CVE-2016-10044} - cifs: potential buffer overflow in handling symlinks {CVE-2022-49058} - NFSD: fix race between nfsd registration and exports_proc {CVE-2025-38232} - nfsd: register pernet ops last, unregister first {CVE-2025-38232} - net: atm: fix use after free in lec_send() {CVE-2025-22004} - net: atlantic: fix aq_vec index out of range error {CVE-2022-50066} - do_change_type(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498} - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - net: atm: add lec_mutex {CVE-2025-38180} - SUNRPC: make sure cache entry active before cache_show {CVE-2024-53174} - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() {CVE-2025-38399} - scsi: target: Fix crash during SPEC_I_PT handling {CVE-2025-38399} - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race {CVE-2025-38085} - drivers:md:fix a potential use-after-free bug {CVE-2022-50022} - ext4: avoid resizing to a partial cluster size {CVE-2022-50020} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928} - net/sched: Abort __tc_modify_qdisc if parent class does not exist {CVE-2025-38457} - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() {CVE-2022-49788} - dlm: fix plock invalid read {CVE-2022-49407} - net: usb: smsc75xx: Limit packet length to skb->len {CVE-2023-53125} - scsi: libfc: Fix use after free in fc_exch_abts_resp() {CVE-2022-49114} - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} - HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38495} - ext4: Fix possible corruption when moving a directory {CVE-2023-53137} - ceph: avoid putting the realm twice when decoding snaps fails {CVE-2022-49770} - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} - sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177} - ext4: check dot and dotdot of dx_root before making dir indexed {CVE-2024-42305} - ALSA: bcd2000: Fix a UAF bug on the error path of probing {CVE-2022-50229} - dm ioctl: prevent potential spectre v1 gadget {CVE-2022-49122} - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - md-raid10: fix KASAN warning {CVE-2022-50211} - scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332} - ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386} - media: cxusb: no longer judge rbuf when the write fails {CVE-2025-38229} - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} - ext4: fix off-by-one error in do_split {CVE-2025-23150} - perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init {CVE-2025-37878} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000} - i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm b0c63c0f32dbc3994c5e5565c661716a68b478d88776e8c6c04e2acbbf65eed5 kernel-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm 349efadfac17a68ba1119292053e039bbe9400e04a251ae7d80e8aac995889ef kernel-debug-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm 2c957bbf2b1020034f8820bd8a3558d1c3fcb32ccbce36333ac8e8411abfeaed kernel-debug-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm bcd6c150aa179c4b1e91a3c87128bc8fdc49ce53ba16b9b2f773cdd161bfa143 kernel-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm 5f03240e890c3aae49d267195fa2e40ecacea1eeabbd42ddab0705f2d2184c8e kernel-headers-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm b8c3c9c6f6ea9701a54e1d5a5b5ca61dc3ab3de79ec6c36506dff22d92c04b60 kernel-tools-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm 3aa799f9e75fd9f40bc6d59e98008df5f057e453391b7a83c0f8dc11b2e73c7f kernel-tools-libs-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm 12be75a8db3d7dc0349cfa408a106282b5b38aaddb124951098d9e1edbd50632 kernel-tools-libs-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm cf837cd762ab171f958f1cd9c2a27c298ff5e664ea90ceeaf1698c5e95decaa4 perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm 50296811686a6606407e5d8b793ec01024a39487f55f8be7c8b32b9d35e61146 python-perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els24.x86_64.rpm c3a0e37dbd225e1855af16a6a3be92620ab4921918abcc7040c1ce82fb68521d CLSA-2025:1757699693 TuxCare License Agreement 0 - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg {CVE-2024-21803} - net: defer final 'struct net' free in netns dismantle {CVE-2024-56658} - netfilter: validate user input for expected length {CVE-2024-35896} - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' {CVE-2024-56608} - smb: client: fix UAF in async decryption {CVE-2024-50047} - drm/amdgpu: fix usage slab after free {CVE-2024-56551} - nvme: avoid double free special payload {CVE-2024-41073} - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014} - net/sched: act_mirred: don't override retval if we already lost the skb {CVE-2024-26739} - ext4: fix timer use-after-free on failed mount {CVE-2024-49960} - smb: client: fix potential UAF in cifs_stats_proc_show() {CVE-2024-35867} - smb: client: fix potential UAF in cifs_debug_files_proc_show() {CVE-2024-26928} - RDMA/mlx5: Fix fortify source warning while accessing Eth segment {CVE-2024-26907} - stddef: Introduce DECLARE_FLEX_ARRAY() helper - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() {CVE-2025-21927} - net_sched: sch_sfq: move the limit validation {CVE-2024-57996} - net_sched: sch_sfq: use a temporary work area for validating configuration - net_sched: sch_sfq: don't allow 1 packet limit {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets - net_sched: sch_sfq: annotate data-races around q->perturb_period - squashfs: fix memory leak in squashfs_fill_super - netfilter: nf_tables: adjust lockdep assertions handling - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - KVM: x86: use array_index_nospec with indices that come from guest - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi - rds: Fix NULL ptr deref in xas_start - mm: make page_mapped_in_vma() hugetlb walk aware - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk - net_sched: sch_sfq: move the limit validation {CVE-2025-37752} - net_sched: sch_sfq: use a temporary work area for validating configuration - net_sched: sch_sfq: don't allow 1 packet limit {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets - net_sched: sch_sfq: annotate data-races around q->perturb_period - squashfs: fix memory leak in squashfs_fill_super - netfilter: nf_tables: adjust lockdep assertions handling - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - KVM: x86: use array_index_nospec with indices that come from guest - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi - rds: Fix NULL ptr deref in xas_start - mm: make page_mapped_in_vma() hugetlb walk aware - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg {CVE-2024-21803} - net: defer final 'struct net' free in netns dismantle {CVE-2024-56658} - netfilter: validate user input for expected length {CVE-2024-35896} - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' {CVE-2024-56608} - smb: client: fix UAF in async decryption {CVE-2024-50047} - drm/amdgpu: fix usage slab after free {CVE-2024-56551} - nvme: avoid double free special payload {CVE-2024-41073} - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014} - net/sched: act_mirred: don't override retval if we already lost the skb {CVE-2024-26739} - ext4: fix timer use-after-free on failed mount {CVE-2024-49960} - smb: client: fix potential UAF in cifs_stats_proc_show() {CVE-2024-35867} - smb: client: fix potential UAF in cifs_debug_files_proc_show() {CVE-2024-26928} - RDMA/mlx5: Fix fortify source warning while accessing Eth segment {CVE-2024-26907} - stddef: Introduce DECLARE_FLEX_ARRAY() helper - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() {CVE-2025-21927} - net_sched: sch_sfq: move the limit validation {CVE-2024-57996} - net_sched: sch_sfq: use a temporary work area for validating configuration - net_sched: sch_sfq: don't allow 1 packet limit {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets - net_sched: sch_sfq: annotate data-races around q->perturb_period - squashfs: fix memory leak in squashfs_fill_super - netfilter: nf_tables: adjust lockdep assertions handling - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - KVM: x86: use array_index_nospec with indices that come from guest - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi - rds: Fix NULL ptr deref in xas_start - mm: make page_mapped_in_vma() hugetlb walk aware - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk - net_sched: sch_sfq: move the limit validation {CVE-2025-37752} - net_sched: sch_sfq: use a temporary work area for validating configuration - net_sched: sch_sfq: don't allow 1 packet limit {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets - net_sched: sch_sfq: annotate data-races around q->perturb_period - squashfs: fix memory leak in squashfs_fill_super - netfilter: nf_tables: adjust lockdep assertions handling - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - KVM: x86: use array_index_nospec with indices that come from guest - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi - rds: Fix NULL ptr deref in xas_start - mm: make page_mapped_in_vma() hugetlb walk aware - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk

0 tuxcare-oraclelinux7-els bpftool-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm 42248b04fa174573772f15f752eb27417b0c7cac4defb046a78c88731bbe027f kernel-uek-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm b6bc564d53a5b72e7c510ea4a9c629230f7fbb05951a568b20ea950332c3e736 kernel-uek-container-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm e64413cc95490d6a0659c636031ef3daa152551473a1c93b0812433e2f8e0b8b kernel-uek-container-debug-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm 54aabb9fe77c44acb1a63c805823d9a0af2736e1e5be4d1dad48b4120712aeea kernel-uek-debug-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm be632571dd9a6fa603aeee1dcdbcc357e202e57879da78af691c04df794f1d01 kernel-uek-debug-devel-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm b7936276b44f6fd9d0d2c746712f8e30842baa458e76a5877f63900db23d24e9 kernel-uek-devel-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm 15cae7db44107567a115b4d941597ff850927072cac0efdeeceec4a88009befd kernel-uek-headers-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm a5801b16ddfcbd7dd49e133f91bdd66fd269c02c587a28ac66a899e9cc410dec kernel-uek-tools-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm a3bef48afa763a532ec8aa0e12b48f95aaa465a993f544fe9f6a2c7fcedd3b85 perf-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm ad0221951898d1ea8474be4bd70180bb940c43f1c025492e23a040a65465364f python-perf-5.4.17-2136.338.4.2.el7uek.tuxcare.els3.x86_64.rpm 7c9db8360a330b09b7098fdc14c0ff3e31214336f96fc2232f8c197067c2c951 CLSA-2025:1757944902 TuxCare License Agreement 0 - CVE-2017-9224: fix out-of-bounds read of a stack in match_at function - CVE-2017-9226: fix out-of-bounds write or read of a heap in next_state_val function - CVE-2017-9227: fix out-of-bounds read of a stack in mbc_enc_len function Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2017-9224: fix out-of-bounds read of a stack in match_at function - CVE-2017-9226: fix out-of-bounds write or read of a heap in next_state_val function - CVE-2017-9227: fix out-of-bounds read of a stack in mbc_enc_len function

0 tuxcare-oraclelinux7-els php-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 6067553cc1e57bf6be3553062956c460aea0f32ff6672c054627446ba8e80848 php-bcmath-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 98be1aa7a4e77b5839814ef07538361054f1106dd7ad169d2737a61c6eb62459 php-cli-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 51a9a553c717eeb3bd0c40e3cebb8662b30dc82779febac759831a75229a22c1 php-common-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 1ebf04fe4dc1ce5bf96d52d5489ad94a39bdf9cd0ac5488504cc96c19c380191 php-dba-5.4.16-48.el7.tuxcare.els14.x86_64.rpm ffcb018c690612aa67c33a4661d4ea4f5941daed93f02f76fdf886e26ffcca5b php-devel-5.4.16-48.el7.tuxcare.els14.x86_64.rpm b97bd32b1354938e8e68967a17e7930d57defdf50426ae74c7a0e9a2e5414734 php-embedded-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 869e2a20b4390d24aaf1b09e53bde16cc6c5f9cddec95a4a18197901426b06e4 php-enchant-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 34c3e7f644677923fc679e39e447c6979e7c8d2a14642168810b0134523d2c0e php-fpm-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 253cac18628f1297b82b854459db018b1c15c86271f4dc8c1ea742383f6d7418 php-gd-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 452a758113508bdf8d58aeb4b250b35c57132372c64fcb51f3bb540a12d47926 php-intl-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 8638733abeb1882a9cf3636ec4e7a51713d74cad5555e9085d169fc92816a1da php-ldap-5.4.16-48.el7.tuxcare.els14.x86_64.rpm f2640cea11491d986a65004ab63f2a0fac409636ee4c99dba5a28c0b0be1fd51 php-mbstring-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 4b6fca22eb5ffa42219876a2bc352b3b625795b62c5ce13137752c89dffa8fed php-mysql-5.4.16-48.el7.tuxcare.els14.x86_64.rpm e91dfd9c44e33ed67a4725a4786e4e94d490db98dc861805c6ebcb4fae716f2e php-mysqlnd-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 98c35bb09787bba8f01b3514f33c1d3ecd21656ff70de7e1f034cf35ebcb2260 php-odbc-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 85cc139db12c4fdb303378c79da7c8d6ed9fe51d2d43fabb8b320f2c7be2563b php-pdo-5.4.16-48.el7.tuxcare.els14.x86_64.rpm bcc189de202ad281def8225181a542d11e3c2b64cd1b35712f388efccef36a5a php-pgsql-5.4.16-48.el7.tuxcare.els14.x86_64.rpm ecb4e71054c6f54ce63f79aad4d5a3ff9a017e1a2ce5b6d38958335d1a4dd6a1 php-process-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 21d90533fb29590fe6b4aad9196c96fd1be0aaf875444c3b7945cd68e46a792b php-pspell-5.4.16-48.el7.tuxcare.els14.x86_64.rpm ea5c49d38fc647bc636115b95a6ab93defdfecd6a45f21aa0b2fa338296757cb php-recode-5.4.16-48.el7.tuxcare.els14.x86_64.rpm a78ec6dccbdbaf9dc42118450d5ebd2e77fe8184c2ee10295704ac6530bbe807 php-snmp-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 7e7510ff807e5457f016b0a4c011777e059be9293476f616795dc2afa8868f3a php-soap-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 7e163c6d276df6744298ef0d1f76f9a40b5eab5848e297b4ef3c3c13d4c46d25 php-xml-5.4.16-48.el7.tuxcare.els14.x86_64.rpm 8295436f11bd6167c1e52fde97768b5284eedabecf4fec78e6335205bbc65575 php-xmlrpc-5.4.16-48.el7.tuxcare.els14.x86_64.rpm ef8711c07d789deea5cea460e220f0b8c057bb5f52dfb4231aad8aeb5fc63302 CLSA-2025:1757963029 TuxCare License Agreement 0 - rds: tcp: block BH in TCP callbacks - kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges - module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 - module: potential uninitialized return in module_kallsyms_on_each_symbol() - module: use RCU to synchronize find_module - kallsyms: refactor {,module_}kallsyms_on_each_symbol - LTS tag: v5.4.295 - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() {CVE-2025-38320} - perf: Fix sample vs do_exit() {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly - rtc: test: Fix invalid format specifier. - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() {CVE-2025-38337} - mm/huge_memory: fix dereferencing invalid pmd migration entry {CVE-2025-37958} - rtc: Make rtc_time64_to_tm() support dates before 1970 - rtc: Improve performance of rtc_time64_to_tm(). Add tests. - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create {CVE-2022-48773} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352} - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - net: atm: add lec_mutex {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware {CVE-2025-38420} - aoe: clean device rq_list in aoedev_downdev() {CVE-2025-38326} - hwmon: (occ) fix unaligned accesses - drm/nouveau/bl: increase buffer size to avoid truncate warning - erofs: remove unused trace event erofs_destroy_inode - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged - ALSA: hda/intel: Add Thinkpad E15 to PM deny list - Input: sparcspkr - avoid unannotated fall-through - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len - scsi: s390: zfcp: Ensure synchronous unit_add - scsi: storvsc: Increase the timeouts to storvsc_timeout - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery - platform/x86: dell_rbu: Stop overwriting data buffer - platform: Add Surface platform directory - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" - tee: Prevent size calculation wraparound on 32-bit kernels - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value - watchdog: da9052_wdt: respect TWDMIN - i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() - scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332} - vxlan: Do not treat dst cache initialization errors as fatal - clk: rockchip: rk3036: mark ddrphy as critical - wifi: mac80211: do not offer a mesh path if forwarding is disabled - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() - net: dlink: add synchronization for stats update - sctp: Do not wake readers in __sctp_write_space() - emulex/benet: correct command version selection in be_cmd_get_stats() - i2c: designware: Invoke runtime suspend on quick slave re-registration - net: macb: Check return value of dma_set_mask_and_coherent() - cpufreq: Force sync policy boost with global boost on sysfs update - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() {CVE-2025-38237} - media: tc358743: ignore video while HPD is low - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB - jfs: Fix null-ptr-deref in jfs_ioc_trim {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling - drm/amdgpu/gfx8: fix CSIB handling - jfs: fix array-index-out-of-bounds read in add_missing_indices {CVE-2025-38204} - drm/amdgpu/gfx7: fix CSIB handling - drm/amdgpu/gfx10: fix CSIB handling - drm/msm/a6xx: Increase HFI response timeout - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition - drm/msm/hdmi: add runtime PM calls to DDC transfer function - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() - sunrpc: update nextcheck time when adding new cache entries - drm/amdgpu/gfx6: fix CSIB handling - ACPI: battery: negate current when discharging - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() - power: supply: bq27xxx: Retrieve again when busy - ACPICA: fix acpi parse and parseext cache leaks {CVE-2025-38344} - ACPICA: Avoid sequence overread in call to strncmp() - ACPICA: fix acpi operand cache leak in dswstate.c {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask - PCI: Fix lock symmetry in pci_slot_unlock() - PCI: Add ACS quirk for Loongson PCIe - uio_hv_generic: Use correct size for interrupt and monitor pages - regulator: max14577: Add error check for max14577_read_reg() - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS - staging: iio: ad5933: Correct settling cycles encoding per datasheet - net: ch9200: fix uninitialised access during mii_nway_restart {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346} - dm-mirror: fix a tiny race condition - mtd: nand: sunxi: Add randomizer configuration before randomizer enable - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk - mm: fix ratelimit_pages update error in dirty_ratio_handler() - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} - parisc: fix building with gcc-15 - vgacon: Add check for vc_origin address range in vgacon_scroll() {CVE-2025-38213} - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register - NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() {CVE-2025-38428} - ext4: fix calculation of credits for extent tree modification - ext4: inline: fix len overflow in ext4_prepare_inline_data {CVE-2025-38222} - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 {CVE-2025-38336} - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() - media: v4l2-dev: fix error handling in __video_register_device() - media: gspca: Add error handling for stv06xx_read_sensor() - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() {CVE-2025-38348} - gfs2: move msleep to sleepable context - configfs: Do not override creating attribute file failure in populate_attrs() - net: usb: aqc111: debug info before sanitation - calipso: unlock rcu before returning -EAFNOSUPPORT - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall - usb: Flush altsetting 0 endpoints before reinitializating them after reset. - fs/filesystems: Fix potential unsigned integer underflow in fs_name() - net/mdiobus: Fix potential out-of-bounds read/write access {CVE-2025-38111} - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option - x86/boot/compressed: prefer cc-option for CFLAGS additions - net: mdio: C22 is now optional, EOPNOTSUPP if not provided - net_sched: tbf: fix a race in tbf_change() - net_sched: red: fix a race in __red_change() {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group - net/mlx5: Wait for inactive autogroups - i40e: retry VFLR handling if there is ongoing VF reset - i40e: return false from i40e_reset_vf if reset is in progress - net_sched: sch_sfq: fix a potential crash on gso_skb handling {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes {CVE-2022-48829} - NFSD: Fix ia_size underflow {CVE-2022-48828} - Input: synaptics-rmi - fix crash with unsupported versions of F34 - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() - do_change_type(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498} - ice: create new Tx scheduler nodes for new queues only - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION - net/mlx4_en: Prevent potential integer overflow calculating Hz - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() - serial: Fix potential null-ptr-deref in mlb_usio_probe() {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe {CVE-2025-38136} - rtc: Fix offset calculation for .start_secs < 0 - rtc: sh: assign correct interrupts with DT - perf record: Fix incorrect --user-regs comments - perf tests switch-tracking: Fix timestamp comparison - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 - perf ui browser hists: Set actions->thread before calling do_zoom_thread() - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device - bus: fsl-mc: fix double-free on mc_dev {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() - nilfs2: add pointer check for nilfs_direct_propagate() - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} - ARM: dts: at91: at91sam9263: fix NAND chip selects - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select - f2fs: fix to correct check conditions in f2fs_cross_rename - f2fs: use d_inode(dentry) cleanup dentry->d_inode - calipso: Don't call calipso functions for AF_INET sk. {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy - net: usb: aqc111: fix error handling of usbnet read calls {CVE-2025-38153} - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} - bpf: Fix WARN() in get_bpf_raw_tp_regs {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access {CVE-2025-38286} - ktls, sockmap: Fix missing uncharge operation - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it - f2fs: clean up w/ fscrypt_is_bounce_page() - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h - wifi: rtw88: do not ignore hardware read error during DPK - net: ncsi: Fix GCPS 64-bit member variables - f2fs: fix to do sanity check on sbi->total_valid_block_count {CVE-2025-38163} - drm/tegra: rgb: Fix the unbound reference count - drm/vkms: Adjust vkms_state->active_planes allocation type - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() - selftests/seccomp: fix syscall_restart test for arm compat - firmware: psci: Fix refcount leak in psci_dt_init - m68k: mac: Fix macintosh_config for Mac II - drm/vmwgfx: Add seqno waiter for sync_files - spi: sh-msiof: Fix maximum DMA transfer size - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() - EDAC/skx_common: Fix general protection fault {CVE-2025-38298} - crypto: marvell/cesa - Avoid empty transfer descriptor - crypto: marvell/cesa - Handle zero-length skcipher requests {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output - perf/core: Fix broken throttling when max_samples_per_tick=1 - gfs2: gfs2_create_inode error handling fix - netfilter: nft_socket: fix sk refcount leaks {CVE-2024-46855} - thunderbolt: Do not double dequeue a configuration request {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE - pinctrl: armada-37xx: set GPIO output value before setting direction - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 - net/mlx5: Add poll-eq API to be used by ULP's - net/rds: poll eq during user-reset - perf: Fix perf_event_validate_size() lockdep splat {CVE-2023-6931} - perf: Fix perf_event_validate_size() {CVE-2023-6931} - net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery - pwm: mediatek: Ensure to disable clocks in error path - Revert "mmc: sdhci: Disable SD card clock before changing parameters" - net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350} - x86/bpf: Classic BPF program can fail when BHB barrier is used - Add Zen34 clients {CVE-2024-36350} - x86/process: Move the buffer clearing before MONITOR {CVE-2024-36350} - KVM: SVM: Advertize TSA CPUID bits to guests {CVE-2024-36350} - x86/bugs: Add a Transient Scheduler Attacks mitigation {CVE-2024-36350} - KVM: x86: add support for CPUID leaf 0x80000021 {CVE-2024-36350} - x86/bugs: Rename MDS machinery to something more generic {CVE-2024-36350} - x86/CPU/AMD: Add ZenX generations flags {CVE-2024-36350} - x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits {CVE-2024-36350} - Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older - tracing: Fix compilation warning on arm32 - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices - LTS tag: v5.4.294 - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys - spi: spi-sun4i: fix early activation - um: let 'make clean' properly clean underlying SUBARCH as well - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS - nfs: don't share pNFS DS connections between net namespaces - HID: quirks: Add ADATA XPG alpha wireless mouse support - coredump: hand a pidfd to the usermode coredump helper - fork: use pidfd_prepare() - pid: add pidfd_prepare() - pidfd: check pid has attached task in fdinfo - coredump: fix error handling for replace_fd() - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice {CVE-2025-38001} - smb: client: Reset all search buffer pointers when releasing buffer - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} - drm/i915/gvt: fix unterminated-string-initialization warning - netfilter: nf_tables: do not defer rule destruction via call_rcu {CVE-2024-56655} - netfilter: nf_tables: wait for rcu grace period on net_device removal {CVE-2024-56655} - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx - kbuild: Disable -Wdefault-const-init-unsafe - spi: spi-fsl-dspi: restrict register range for regmap access - mm/page_alloc.c: avoid infinite retries caused by cpuset race - drm/edid: fixed the bug that hdr metadata was not reset - llc: fix data loss when reading from a socket in llc_ui_recvmsg() - ALSA: pcm: Fix race of buffer access at PCM OSS layer {CVE-2025-38078} - can: bcm: add missing rcu read protection for procfs content {CVE-2025-38003} - can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004} - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000} - net: dwmac-sun8i: Use parsed internal PHY address instead of 1 - bridge: netfilter: Fix forwarding of fragmented packets - xfrm: Sanitize marks before insert - __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock {CVE-2025-38058} - xenbus: Allow PVH dom0 a non-local xenstore - btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref {CVE-2025-38034} - nvmet-tcp: don't restore null sk_state_change {CVE-2025-38035} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 - pinctrl: meson: define the pull up/down resistor value as 60 kOhm - drm: Add valid clones check - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset - regulator: ad5398: Add device tree support - wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate - bpftool: Fix readlink usage in get_fd_type - HID: usbkbd: Fix the bit shift number for LED_KANA - scsi: st: Restore some drive settings after reset - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine - rcu: fix header guard for rcu_all_qs() - rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y - vxlan: Annotate FDB data races {CVE-2025-38037} - hwmon: (xgene-hwmon) use appropriate type for the latency value - ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). - net/mlx5e: reduce rep rxq depth to 256 for ECPF - net/mlx5e: set the tx_queue_len for pfifo_fast - net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB - phy: core: don't require set_mode() callback for phy_get_mode() to work - net/mlx4_core: Avoid impossible mlx4_db_alloc() order value - smack: recognize ipv4 CIPSO w/o categories - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map - ASoC: ops: Enforce platform maximum on initial value - net/mlx5: Apply rate-limiting to high temperature warning - net/mlx5: Modify LSB bitmask in temperature event to include only the first bit - ACPI: HED: Always initialize before evged - PCI: Fix old_size lower bound in calculate_iosize() too - EDAC/ie31200: work around false positive build warning - net: pktgen: fix access outside of user given buffer in pktgen_thread_write() {CVE-2025-38061} - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU - scsi: mpt3sas: Send a diag reset if target reset fails - MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core - MIPS: Use arch specific syscall name match function - cpuidle: menu: Avoid discarding useful information - x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() - bonding: report duplicate MAC address in all situations - net: xgene-v2: remove incorrect ACPI_PTR annotation - drm/amdkfd: KFD release_work possible circular locking - net/mlx5: Avoid report two health errors on same syndrome - fpga: altera-cvp: Increase credit timeout - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence - hwmon: (gpio-fan) Add missing mutex locks - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 - net: pktgen: fix mpls maximum labels list parsing - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" - media: cx231xx: set device_caps for 417 {CVE-2025-38044} - orangefs: Do not truncate file size {CVE-2025-38065} - dm cache: prevent BUG_ON by blocking retries on failed device resumes {CVE-2025-38066} - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() - ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 - ieee802154: ca8210: Use proper setters and getters for bitwise types - rtc: ds1307: stop disabling alarms on probe - powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 - mmc: sdhci: Disable SD card clock before changing parameters - netfilter: conntrack: Bound nf_conntrack sysctl writes - posix-timers: Add cond_resched() to posix_timer_add() search loop - xen: Add support for XenServer 6.1 platform device {CVE-2025-38046} - dm: restrict dm device size to 2^63-512 bytes - kbuild: fix argument parsing in scripts/config - scsi: st: ERASE does not change tape location - scsi: st: Tighten the page format heuristics with MODE SELECT - ext4: reorder capability check last - um: Update min_low_pfn to match changes in uml_reserved - um: Store full CSGSFS and SS register from mcontext - btrfs: send: return -ENAMETOOLONG when attempting a path that is too long - btrfs: avoid linker error in btrfs_find_create_tree_block() - i2c: pxa: fix call balance of i2c->clk handling routines - mmc: host: Wait for Vdd to settle on card power off - libnvdimm/labels: Fix divide error in nd_label_data_init() {CVE-2025-38072} - pNFS/flexfiles: Report ENETDOWN as a connection error - tools/build: Don't pass test log files to linker - dql: Fix dql->limit value when reset. - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting - NFSv4: Treat ENETUNREACH errors as fatal for state recovery - fbdev: core: tileblit: Implement missing margin clearing for tileblit - fbdev: fsl-diu-fb: add missing device_remove_file() - mailbox: use error ret code of of_parse_phandle_with_args() - kconfig: merge_config: use an empty file as initfile - cgroup: Fix compilation issue due to cgroup_mutex not being exported - dma-mapping: avoid potential unused data compilation warning - scsi: target: iscsi: Fix timeout on deleted connection {CVE-2025-38075} - openvswitch: Fix unsafe attribute parsing in output_userspace() {CVE-2025-37998} - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 - Input: synaptics - enable SMBus for HP Elitebook 850 G1 - clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() - phy: renesas: rcar-gen3-usb2: Set timing registers only once - phy: Fix error handling in tegra_xusb_port_init - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() - NFSv4/pnfs: Reset the layout state after a layoutreturn - NFSv4/pnfs: pnfs_set_layout_stateid() should update the layout cred - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() - ALSA: sh: SND_AICA should depend on SH_DMA_API - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING - spi: loopback-test: Do not split 1024-byte hexdumps - nfs: handle failure of nfs_get_lock_context in unlock path {CVE-2025-38023} - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug {CVE-2025-38024} - iio: chemical: sps30: use aligned_s64 for timestamp - iio: adc: ad7768-1: Fix insufficient alignment of timestamp. - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation - staging: axis-fifo: avoid parsing ignored device tree properties - staging: axis-fifo: Remove hardware resets for user errors - staging: axis-fifo: replace spinlock with mutex - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection - do_umount(): add missing barrier before refcount checks in sync case - MIPS: Fix MAX_REG_OFFSET - iio: adc: dln2: Use aligned_s64 for timestamp - types: Complement the aligned types with signed 64-bit one - usb: usbtmc: Fix erroneous generic_read ioctl return - usb: usbtmc: Fix erroneous wait_srq ioctl return - usb: usbtmc: Fix erroneous get_stb ioctl error returns - USB: usbtmc: use interruptible sleep in usbtmc_read - usb: typec: ucsi: displayport: Fix NULL pointer access {CVE-2025-37994} - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition - ocfs2: stop quota recovery before disabling quotas - ocfs2: implement handshaking with ocfs2 recovery thread - ocfs2: switch osb->disable_recovery to enum - module: ensure that kobject_put() is safe for module type kobjects {CVE-2025-37995} - xenbus: Use kref to track req lifetime {CVE-2025-37949} - usb: uhci-platform: Make the clock really optional - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo {CVE-2025-37969} - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo {CVE-2025-37970} - iio: adis16201: Correct inclinometer channel resolution - iio: adc: ad7606: fix serial register access - staging: iio: adc: ad7816: Correct conditional logic for store mode - Input: synaptics - enable InterTouch on Dell Precision M3800 - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G - Input: synaptics - enable InterTouch on Dynabook Portege X30-D - net: dsa: b53: fix learning on VLAN unaware bridges - netfilter: ipset: fix region locking in hash types {CVE-2025-37997} - sch_htb: make htb_deactivate() idempotent {CVE-2025-37953} - dm: fix copying after src array boundaries {CVE-2025-37902} - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927} - arm64: dts: rockchip: fix iface clock-name on px30 iommus - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling - usb: chipidea: ci_hdrc_imx: use dev_err_probe() - usb: chipidea: imx: refine the error handling for hsic - usb: chipidea: imx: change hsic power regulator as optional - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() {CVE-2025-37819} - irqchip/gic-v2m: Mark a few functions __init - irqchip/gic-v2m: Add const to of_device_id - sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37953} - of: module: add buffer overflow check in of_modalias() {CVE-2024-38541} - PCI: imx6: Skip controller_id generation logic for i.MX7D - net: fec: ERR007885 Workaround for conventional TX - net: lan743x: Fix memleak issue when GSO enabled {CVE-2025-37909} - lan743x: fix endianness when accessing descriptors - lan743x: remove redundant initialization of variable current_head_index - nvme-tcp: fix premature queue removal and I/O failover - net: dlink: Correct endianness handling of led_mode - net_sched: qfq: Fix double list add in class with netem as child qdisc {CVE-2025-37913} - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890} - net_sched: drr: Fix double list add in class with netem as child qdisc {CVE-2025-37915} - net/mlx5: E-Switch, Initialize MAC Address for Default GID - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - dm: always update the array size in realloc_argv on success {CVE-2025-37902} - dm-integrity: fix a warning on invalid table line - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() {CVE-2025-37990} - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload - parisc: Fix double SIGFPE crash {CVE-2025-37991} - i2c: imx-lpi2c: Fix clock count when probe defers - EDAC/altera: Set DDR and SDMMC interrupt mask before registration - EDAC/altera: Test the correct error reg offset - scsi: qedf: Wait for stag work during unload - scsi: qedf: Don't process stag work during unload and recovery - rds: ib: Add cm_id generation scheme in order to detect new ones - x86/its: BPF can crash in bpf_jit_comp.c when ITS is enabled - shmem: add support to ignore swap - shmem: update documentation - mm: hold the source mmap write lock when copying PTEs - mm: do not write protect COW mappings when preserving across exec - mm: differentiate copying PTEs for preservation from copying for fork - mm/fork: Pass new vma pointer into copy_page_range() - xen/swiotlb: relax alignment requirements - Reapply "xen/swiotlb: add alignment check for dma buffers" - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" - nvme: unblock ctrl state transition for firmware update - memcg: always call cond_resched() after fn() - ACPI: PPTT: Fix processor subtable walk - LTS tag: v5.4.293 - MIPS: cm: Fix warning if MIPS_CM is disabled - crypto: atmel-sha204a - Set hwrng quality to lowest possible - comedi: jr3_pci: Fix synchronous deletion of timer - md/raid1: Add check for missing source disk in process_checks() - scsi: pm80xx: Set phy_attached to zero when device is gone - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls - selftests: ublk: fix test_stripe_04 - udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803} - KVM: s390: Don't use %pK through tracepoints - sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP - ntb: reduce stack usage in idt_scan_mws - qibfs: fix _another_ leak {CVE-2025-37983} - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() {CVE-2025-37881} - dmaengine: dmatest: Fix dmatest waiting less when interrupted - usb: host: max3421-hcd: Add missing spi_device_id table - parisc: PDT: Fix missing prototype warning - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() - crypto: null - Use spin lock instead of mutex {CVE-2025-37808} - MIPS: cm: Detect CM quirks from device tree - USB: VLI disk crashes if LPM is used - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive - usb: dwc3: gadget: check that event count does not exceed event buffer length {CVE-2025-37810} - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) - usb: cdns3: Fix deadlock when using NCM gadget {CVE-2025-37812} - USB: serial: simple: add OWON HDS200 series oscilloscope support - USB: serial: option: add Sierra Wireless EM9291 - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe - serial: sifive: lock port in startup()/shutdown() callbacks - USB: storage: quirk for ADATA Portable HDD CH94 - mcb: fix a double free bug in chameleon_parse_gdd() {CVE-2025-37817} - virtio_console: fix missing byte order handling for cols and rows - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} - tipc: fix NULL pointer dereference in tipc_mon_reinit_self() {CVE-2025-37824} - net: phy: leds: fix memory leak {CVE-2025-37989} - cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() {CVE-2025-37829} - drm/amd/pm: Prevent division by zero {CVE-2025-37766} - misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error - misc: pci_endpoint_test: Use INTX instead of LEGACY - PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX - iio: adc: ad7768-1: Fix conversion result sign - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check - net: dsa: mv88e6xxx: fix VTU methods for 6320 family - media: vim2m: print device name after registering device - ext4: fix OOB read when checking dotdot dir {CVE-2025-37785} - ext4: optimize __ext4_check_dir_entry() - ext4: don't over-report free space or inodes in statvfs - ext4: code cleanup for ext4_statfs_project() - ext4: simplify checking quota limits in ext4_statfs() - platform/x86: ISST: Correct command storage data length - MIPS: ds1287: Match ds1287_set_base_clock() function types - MIPS: cevt-ds1287: Add missing ds1287.h include - MIPS: dec: Declare which_prom() as static - virtio-net: Add validation for used length {CVE-2021-47352} - RDMA/srpt: Support specifying the srpt_service_guid parameter {CVE-2024-26744} - openvswitch: fix lockup on tx to unregistering netdev with carrier {CVE-2025-21681} - net: openvswitch: fix race on port output {CVE-2025-21681} - mmc: cqhci: Fix checking of CQHCI_HALT state - nvmet-fc: Remove unused functions - usb: dwc3: support continuous runtime PM with dual role - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type - misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error {CVE-2025-23140} - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). {CVE-2024-50154} - powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp - kbuild: Add '-fno-builtin-wcslen' - cpufreq: Reference count policy in cpufreq_update_limits() - drm/sti: remove duplicate object names - drm/nouveau: prime: fix ttm_bo_delayed_delete oops {CVE-2025-37765} - drm/repaper: fix integer overflows in repeat functions - module: sign with sha512 instead of sha1 by default - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR - perf/x86/intel: Allow to update user space GPRs from PEBS records - virtiofs: add filesystem context source name check {CVE-2025-37773} - riscv: Avoid fortify warning in syscall_get_arguments() - isofs: Prevent the use of too small fid {CVE-2025-37780} - i2c: cros-ec-tunnel: defer probe if parent EC is not present {CVE-2025-37781} - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key {CVE-2025-37782} - btrfs: correctly escape subvol in btrfs_show_options() - nfs: add missing selections of CONFIG_CRC32 - nfs: move nfs_fhandle_hash to common include file - NFSD: Constify @fh argument of knfsd_fh_hash() - asus-laptop: Fix an uninitialized variable - writeback: fix false warning in inode_to_wb() - net: b53: enable BPDU reception for management port - net: openvswitch: fix nested key length validation in the set() action {CVE-2025-37789} - Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" {CVE-2025-37795} - Bluetooth: btrtl: Prevent potential NULL dereference {CVE-2025-37792} - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() - scsi: iscsi: Fix missing scsi_host_put() in error path - wifi: wl1251: fix memory leak in wl1251_tx_work {CVE-2025-37982} - wifi: mac80211: Purge vif txq in ieee80211_do_stop() {CVE-2025-37794} - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() {CVE-2025-37795} - wifi: at76c50x: fix use after free access in at76_disconnect {CVE-2025-37796} - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition {CVE-2025-37838} - pwm: mediatek: always use bus clock for PWM on MT7622 - Bluetooth: hci_uart: Fix another race during initialization {CVE-2025-23139} - x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() - PCI: Fix reference leak in pci_alloc_child_bus() - of/irq: Fix device node refcount leakages in of_irq_init() - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() - of/irq: Fix device node refcount leakages in of_irq_count() - ntb: use 64-bit arithmetic for the MSI doorbell mask - gpio: zynq: Fix wakeup source leaks on device unbind - ftrace: Add cond_resched() to ftrace_graph_set_hash() {CVE-2025-37940} - dm-integrity: set ti->error on memory allocation failure - crypto: ccp - Fix check for the primary ASP device - thermal/drivers/rockchip: Add missing rk3328 mapping entry - sctp: detect and prevent references to a freed transport in sendmsg {CVE-2025-23142} - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock - sparc/mm: disable preemption in lazy mmu mode - arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string - mtd: rawnand: Add status chack in r852_ready() - mtd: inftlcore: Add error check for inftl_read_oob() {CVE-2025-37892} - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - i3c: Add NULL pointer check in i3c_master_queue_ibi() {CVE-2025-23147} - ext4: fix off-by-one error in do_split {CVE-2025-23150} - wifi: mac80211: fix integer overflow in hwmp_route_info_get() - net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family - media: venus: hfi_parser: add check to avoid out of bound access {CVE-2025-23157} - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO - media: i2c: ov7251: Set enable GPIO low in probe - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() - media: streamzap: prevent processing IR data on URB failure - mtd: rawnand: brcmnand: fix PM resume warning {CVE-2025-37840} - arm64: cputype: Add MIDR_CORTEX_A76AE - xenfs/xensyms: respect hypervisor's "next" indication - media: siano: Fix error handling in smsdvb_module_init() - media: venus: hfi: add check to handle incorrect queue size {CVE-2025-23158} - media: venus: hfi: add a check to handle OOB in sfr region {CVE-2025-23159} - media: i2c: adv748x: Fix test pattern selection mask - ext4: don't treat fhandle lookup of ea_inode as FS corruption - ext4: reject casefold inode flag without casefold feature - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags - bpf: Add endian modifiers to fix endian warnings - pwm: fsl-ftm: Handle clk_get_rate() returning 0 - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() {CVE-2025-37850} - pwm: mediatek: Always use bus clock - fbdev: omapfb: Add 'plane' value check {CVE-2025-37851} - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset - drm/amdkfd: clamp queue size to minimum - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 - drm: panel-orientation-quirks: Add support for AYANEO 2S - drm: allow encoder mode_set even when connectors change for crtc - Bluetooth: hci_uart: fix race during initialization {CVE-2025-23139} - tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER - net: vlan: don't propagate flags on open {CVE-2025-23163} - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table - scsi: st: Fix array overflow in st_setup() {CVE-2025-37857} - ext4: ignore xattrs past end {CVE-2025-37738} - ext4: protect ext4_release_dquot against freezing - ahci: add PCI ID for Marvell 88SE9215 SATA Controller - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode - jfs: add sanity check for agwidth in dbMount {CVE-2025-37740} - jfs: Prevent copying of nlink with value 0 from disk inode {CVE-2025-37741} - fs/jfs: Prevent integer overflow in AG size calculation {CVE-2025-37858} - fs/jfs: cast inactags to s64 to prevent potential overflow - page_pool: avoid infinite loop to schedule delayed worker {CVE-2025-37859} - ALSA: usb-audio: Fix CME quirk for UF series keyboards - ALSA: hda: intel: Fix Optimus when GPU has no sound - HID: pidff: Fix null pointer dereference in pidff_find_fields {CVE-2025-37862} - HID: pidff: Do not send effect envelope if it's empty - HID: pidff: Convert infinite length from Linux API to PID standard - xen/mcelog: Add __nonstring annotations for unterminated strings - perf: arm_pmu: Don't disable counter in armpmu_add() - x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine - pm: cpupower: bench: Prevent NULL dereference on malloc failure {CVE-2025-37841} - net: ppp: Add bound checking for skb data on ppp_sync_txmung {CVE-2025-37749} - ata: sata_sx4: Add error handling in pdc20621_i2c_read() - ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones - tipc: fix memory leak in tipc_link_xmit {CVE-2025-37757} - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() {CVE-2025-37758} - x86/bhi: Do not set BHI_DIS_S in 32-bit mode - x86/bpf: Add IBHF call at end of classic BPF - x86/bpf: Call branch history clearing sequence on exit - certs: Reference revocation list for all keyrings - RDS: use get_user_pages_fast() in rdma_pin_pages() - x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel - selftest/x86/bugs: Add selftests for ITS {CVE-2024-28956} - x86/its: Align RETs in BHB clear sequence to avoid thunking {CVE-2024-28956} - x86/its: Add "vmexit" option to skip mitigation on some CPUs {CVE-2024-28956} - x86/its: Enable Indirect Target Selection mitigation {CVE-2024-28956} - x86/its: Add support for ITS-safe return thunk {CVE-2024-28956} - x86/its: Add support for ITS-safe indirect thunk {CVE-2024-28956} - x86/its: Enumerate Indirect Target Selection (ITS) bug {CVE-2024-28956} - Documentation: x86/bugs/its: Add ITS documentation {CVE-2024-28956} - certs: Add new Oracle Linux Driver Signing (key 1) certificate - net/mlx5e: Don't call cleanup on profile rollback failure {CVE-2024-50146} - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() {CVE-2024-50000} - net/mlx5: Fix error path in multi-packet WQE transmit {CVE-2024-50001} - net/mlx5: Discard command completions in internal error {CVE-2024-38555} - net/mlx5e: fix a potential double-free in fs_any_create_groups {CVE-2023-52667} - net/mlx5: Reclaim max 50K pages at once - LTS tag: v5.4.292 - jfs: add index corruption check to DT_GETPAGE() - tracing: Fix use-after-free in print_graph_function_flags during tracer switching {CVE-2025-22035} - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs {CVE-2025-22045} - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() - can: flexcan: only change CAN state when link up in system PM - arcnet: Add NULL check in com20020pci_probe() {CVE-2025-22054} - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS - vsock: avoid timeout during connect() if the socket is closing - net_sched: skbprio: Remove overly strict queue assertions {CVE-2025-38637} - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets {CVE-2025-22063} - ntb: intel: Fix using link status DB's - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans {CVE-2023-53034} - spufs: fix a leak in spufs_create_context() {CVE-2025-22071} - spufs: fix a leak on spufs_new_file() failure {CVE-2025-22073} - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} - can: statistics: use atomic access in hot path - locking/semaphore: Use wake_q to wake up processes outside lock critical section - sched/deadline: Use online cpus for validating runtime - affs: don't write overlarge OFS data block size fields - affs: generate OFS sequence numbers starting at 1 - wifi: iwlwifi: fw: allocate chained SG tables for dump - sched/smt: Always inline sched_smt_active() - octeontx2-af: Fix mbox INTR handler when num VFs > 64 - ring-buffer: Fix bytes_dropped calculation issue - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() {CVE-2025-37937} - fs/procfs: fix the comment above proc_pid_wchan() - perf python: Check if there is space to copy all the event - perf python: Decrement the refcount of just created event on failure - perf python: Fixup description of sample.id event member - ocfs2: validate l_tree_depth to avoid out-of-bounds access {CVE-2025-22079} - kexec: initialize ELF lowest address to ULONG_MAX - perf units: Fix insufficient array space - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio - coresight: catu: Fix number of pages while using 64k pages - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment - mfd: sm501: Switch to BIT() to mitigate integer overflows - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow {CVE-2025-22086} - power: supply: max77693: Fix wrong conversion of charge input threshold value - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 - clk: amlogic: g12a: fix mmc A peripheral clock - clk: amlogic: gxbb: drop non existing 32k clock parent - clk: amlogic: g12b: fix cluster A parent data - IB/mad: Check available slots before posting receive WRs - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent - pinctrl: renesas: rza2: Fix missing of_node_put() call - lib: 842: Improve error handling in sw842_compress() - clk: amlogic: gxbb: drop incorrect flag on 32k clock - fbdev: sm501fb: Add some geometry checks. - mdacon: rework dependency list - fbdev: au1100fb: Move a variable assignment behind a null pointer check - PCI: pciehp: Don't enable HPIE when resuming in poll mode - PCI: Remove stray put_device() in pci_register_host_bridge() - PCI/portdrv: Only disable pciehp interrupts early when needed - PCI/ASPM: Fix link state exit during switch upstream function removal {CVE-2024-58093} - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member - ALSA: hda/realtek: Always honor no_shutup_pins - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() - PM: sleep: Fix handling devices with direct_complete set on errors - thermal: int340x: Add NULL check for adev {CVE-2025-23136} - EDAC/ie31200: Fix the error path order of ie31200_init() - EDAC/ie31200: Fix the DIMM size mask for several SoCs - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer - selinux: Chain up tool resolving errors in install_policy.sh - x86/platform: Only allow CONFIG_EISA for 32-bit - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove {CVE-2025-22020} - net: usb: qmi_wwan: add Telit Cinterion FE990B composition - net: usb: qmi_wwan: add Telit Cinterion FN990B composition - tty: serial: 8250: Add some more device IDs - counter: stm32-lptimer-cnt: fix error handling when enabling - netfilter: socket: Lookup orig tuple for IPv6 SNAT {CVE-2025-22021} - ARM: Remove address checking for MMUless devices - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() - atm: Fix NULL pointer dereference {CVE-2025-22018} - HID: hid-plantronics: Add mic mute mapping and generalize quirks - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() {CVE-2025-21996} - batman-adv: Ignore own maximum aggregation size during RX - ARM: shmobile: smp: Enforce shmobile_smp_* alignment - mmc: atmel-mci: Add missing clk_disable_unprepare() - drm/v3d: Don't run jobs that have errors flagged in its fence - i2c: omap: fix IRQ storms - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES - net: atm: fix use after free in lec_send() {CVE-2025-22004} - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). {CVE-2025-22005} - Bluetooth: Fix error code in chan_alloc_skb_cb() {CVE-2025-22007} - RDMA/hns: Fix wrong value of max_sge_rd - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path - xfrm_output: Force software GSO only in tunnel mode - firmware: imx-scu: fix OF node leak in .probe() - i2c: sis630: Fix an error handling path in sis630_probe() - i2c: ali15x3: Fix an error handling path in ali15x3_probe() - i2c: ali1535: Fix an error handling path in ali1535_probe() - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() - qlcnic: fix memory leak issues in qlcnic_sriov_common.c - drm/amd/display: Assign normalized_pix_clk when color depth = 14 {CVE-2025-21956} - drm/atomic: Filter out redundant DPMS calls - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes {CVE-2025-21991} - USB: serial: option: match on interface class for Telit FN990B - USB: serial: option: fix Telit Cinterion FE990A name - USB: serial: option: add Telit Cinterion FE990B compositions - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 - block: fix 'kmem_cache of name 'bio-108' already exists' - drm/nouveau: Do not override forced connector status - x86/irq: Define trace events conditionally - fuse: don't truncate cached, mutated symlink - nvme: only allow entering LIVE from CONNECTING state - sctp: Fix undefined behavior in left shift operation - nvmet-rdma: recheck queue state is LIVE in state lock in recv done - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() - s390/cio: Fix CHPID "configure" attribute caching - HID: ignore non-functional sensor in HP 5MP Camera {CVE-2025-21992} - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell - ACPI: resource: IRQ override for Eluktronics MECH-17 - scsi: qla1280: Fix kernel oops when debug level > 2 {CVE-2025-21957} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993} - powercap: call put_device() on an error path in powercap_register_control_type() - hrtimers: Mark is_migration_base() with __always_inline - nvme-fc: go straight to connecting state when initializing - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices - netfilter: nft_exthdr: fix offset with ipv4_find_option() - net_sched: Prevent creation of classes with TC_H_ROOT {CVE-2025-21971} - ipvs: prevent integer overflow in do_ip_vs_get_ctl() - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() {CVE-2025-21959} - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() - drivers/hv: Replace binary semaphore with mutex - netpoll: hold rcu read lock in __netpoll_send_skb() - netpoll: netpoll_send_skb() returns transmit status - netpoll: move netpoll_send_skb() out of line - netpoll: remove dev argument from netpoll_send_skb_on_dev() - netpoll: Fix use correct return type for ndo_start_xmit() - pinctrl: bcm281xx: Fix incorrect regmap max_registers value - sched/isolation: Prevent boot crash when the boot CPU is nohz_full - clockevents/drivers/i8253: Fix stop sequence for timer 0 - RDS: avoid using offlined CPU during reconnect - x86/microcode/AMD: Clean the cache if update did not load microcode - x86/microcode/AMD: Add finalize_late_load() microcode_op - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches - x86/microcode/AMD: Add some forgotten models to the SHA check - x86/microcode/AMD: Load only SHA256-checksummed patches {CVE-2025-22047} - x86/microcode/AMD: Flush patch buffer mapping after application - x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size - nvme: fix deadlock between reset and scan Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- rds: tcp: block BH in TCP callbacks - kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges - module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 - module: potential uninitialized return in module_kallsyms_on_each_symbol() - module: use RCU to synchronize find_module - kallsyms: refactor {,module_}kallsyms_on_each_symbol - LTS tag: v5.4.295 - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() {CVE-2025-38320} - perf: Fix sample vs do_exit() {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly - rtc: test: Fix invalid format specifier. - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() {CVE-2025-38337} - mm/huge_memory: fix dereferencing invalid pmd migration entry {CVE-2025-37958} - rtc: Make rtc_time64_to_tm() support dates before 1970 - rtc: Improve performance of rtc_time64_to_tm(). Add tests. - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create {CVE-2022-48773} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352} - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - net: atm: add lec_mutex {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware {CVE-2025-38420} - aoe: clean device rq_list in aoedev_downdev() {CVE-2025-38326} - hwmon: (occ) fix unaligned accesses - drm/nouveau/bl: increase buffer size to avoid truncate warning - erofs: remove unused trace event erofs_destroy_inode - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged - ALSA: hda/intel: Add Thinkpad E15 to PM deny list - Input: sparcspkr - avoid unannotated fall-through - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len - scsi: s390: zfcp: Ensure synchronous unit_add - scsi: storvsc: Increase the timeouts to storvsc_timeout - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery - platform/x86: dell_rbu: Stop overwriting data buffer - platform: Add Surface platform directory - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" - tee: Prevent size calculation wraparound on 32-bit kernels - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value - watchdog: da9052_wdt: respect TWDMIN - i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() - scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332} - vxlan: Do not treat dst cache initialization errors as fatal - clk: rockchip: rk3036: mark ddrphy as critical - wifi: mac80211: do not offer a mesh path if forwarding is disabled - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() - net: dlink: add synchronization for stats update - sctp: Do not wake readers in __sctp_write_space() - emulex/benet: correct command version selection in be_cmd_get_stats() - i2c: designware: Invoke runtime suspend on quick slave re-registration - net: macb: Check return value of dma_set_mask_and_coherent() - cpufreq: Force sync policy boost with global boost on sysfs update - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() {CVE-2025-38237} - media: tc358743: ignore video while HPD is low - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB - jfs: Fix null-ptr-deref in jfs_ioc_trim {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling - drm/amdgpu/gfx8: fix CSIB handling - jfs: fix array-index-out-of-bounds read in add_missing_indices {CVE-2025-38204} - drm/amdgpu/gfx7: fix CSIB handling - drm/amdgpu/gfx10: fix CSIB handling - drm/msm/a6xx: Increase HFI response timeout - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition - drm/msm/hdmi: add runtime PM calls to DDC transfer function - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() - sunrpc: update nextcheck time when adding new cache entries - drm/amdgpu/gfx6: fix CSIB handling - ACPI: battery: negate current when discharging - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() - power: supply: bq27xxx: Retrieve again when busy - ACPICA: fix acpi parse and parseext cache leaks {CVE-2025-38344} - ACPICA: Avoid sequence overread in call to strncmp() - ACPICA: fix acpi operand cache leak in dswstate.c {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask - PCI: Fix lock symmetry in pci_slot_unlock() - PCI: Add ACS quirk for Loongson PCIe - uio_hv_generic: Use correct size for interrupt and monitor pages - regulator: max14577: Add error check for max14577_read_reg() - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS - staging: iio: ad5933: Correct settling cycles encoding per datasheet - net: ch9200: fix uninitialised access during mii_nway_restart {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346} - dm-mirror: fix a tiny race condition - mtd: nand: sunxi: Add randomizer configuration before randomizer enable - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk - mm: fix ratelimit_pages update error in dirty_ratio_handler() - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} - parisc: fix building with gcc-15 - vgacon: Add check for vc_origin address range in vgacon_scroll() {CVE-2025-38213} - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register - NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() {CVE-2025-38428} - ext4: fix calculation of credits for extent tree modification - ext4: inline: fix len overflow in ext4_prepare_inline_data {CVE-2025-38222} - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 {CVE-2025-38336} - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() - media: v4l2-dev: fix error handling in __video_register_device() - media: gspca: Add error handling for stv06xx_read_sensor() - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() {CVE-2025-38348} - gfs2: move msleep to sleepable context - configfs: Do not override creating attribute file failure in populate_attrs() - net: usb: aqc111: debug info before sanitation - calipso: unlock rcu before returning -EAFNOSUPPORT - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall - usb: Flush altsetting 0 endpoints before reinitializating them after reset. - fs/filesystems: Fix potential unsigned integer underflow in fs_name() - net/mdiobus: Fix potential out-of-bounds read/write access {CVE-2025-38111} - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option - x86/boot/compressed: prefer cc-option for CFLAGS additions - net: mdio: C22 is now optional, EOPNOTSUPP if not provided - net_sched: tbf: fix a race in tbf_change() - net_sched: red: fix a race in __red_change() {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group - net/mlx5: Wait for inactive autogroups - i40e: retry VFLR handling if there is ongoing VF reset - i40e: return false from i40e_reset_vf if reset is in progress - net_sched: sch_sfq: fix a potential crash on gso_skb handling {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes {CVE-2022-48829} - NFSD: Fix ia_size underflow {CVE-2022-48828} - Input: synaptics-rmi - fix crash with unsupported versions of F34 - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() - do_change_type(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498} - ice: create new Tx scheduler nodes for new queues only - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION - net/mlx4_en: Prevent potential integer overflow calculating Hz - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() - serial: Fix potential null-ptr-deref in mlb_usio_probe() {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe {CVE-2025-38136} - rtc: Fix offset calculation for .start_secs < 0 - rtc: sh: assign correct interrupts with DT - perf record: Fix incorrect --user-regs comments - perf tests switch-tracking: Fix timestamp comparison - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 - perf ui browser hists: Set actions->thread before calling do_zoom_thread() - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device - bus: fsl-mc: fix double-free on mc_dev {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() - nilfs2: add pointer check for nilfs_direct_propagate() - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} - ARM: dts: at91: at91sam9263: fix NAND chip selects - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select - f2fs: fix to correct check conditions in f2fs_cross_rename - f2fs: use d_inode(dentry) cleanup dentry->d_inode - calipso: Don't call calipso functions for AF_INET sk. {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy - net: usb: aqc111: fix error handling of usbnet read calls {CVE-2025-38153} - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} - bpf: Fix WARN() in get_bpf_raw_tp_regs {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access {CVE-2025-38286} - ktls, sockmap: Fix missing uncharge operation - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it - f2fs: clean up w/ fscrypt_is_bounce_page() - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h - wifi: rtw88: do not ignore hardware read error during DPK - net: ncsi: Fix GCPS 64-bit member variables - f2fs: fix to do sanity check on sbi->total_valid_block_count {CVE-2025-38163} - drm/tegra: rgb: Fix the unbound reference count - drm/vkms: Adjust vkms_state->active_planes allocation type - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() - selftests/seccomp: fix syscall_restart test for arm compat - firmware: psci: Fix refcount leak in psci_dt_init - m68k: mac: Fix macintosh_config for Mac II - drm/vmwgfx: Add seqno waiter for sync_files - spi: sh-msiof: Fix maximum DMA transfer size - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() - EDAC/skx_common: Fix general protection fault {CVE-2025-38298} - crypto: marvell/cesa - Avoid empty transfer descriptor - crypto: marvell/cesa - Handle zero-length skcipher requests {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output - perf/core: Fix broken throttling when max_samples_per_tick=1 - gfs2: gfs2_create_inode error handling fix - netfilter: nft_socket: fix sk refcount leaks {CVE-2024-46855} - thunderbolt: Do not double dequeue a configuration request {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE - pinctrl: armada-37xx: set GPIO output value before setting direction - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 - net/mlx5: Add poll-eq API to be used by ULP's - net/rds: poll eq during user-reset - perf: Fix perf_event_validate_size() lockdep splat {CVE-2023-6931} - perf: Fix perf_event_validate_size() {CVE-2023-6931} - net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery - pwm: mediatek: Ensure to disable clocks in error path - Revert "mmc: sdhci: Disable SD card clock before changing parameters" - net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350} - x86/bpf: Classic BPF program can fail when BHB barrier is used - Add Zen34 clients {CVE-2024-36350} - x86/process: Move the buffer clearing before MONITOR {CVE-2024-36350} - KVM: SVM: Advertize TSA CPUID bits to guests {CVE-2024-36350} - x86/bugs: Add a Transient Scheduler Attacks mitigation {CVE-2024-36350} - KVM: x86: add support for CPUID leaf 0x80000021 {CVE-2024-36350} - x86/bugs: Rename MDS machinery to something more generic {CVE-2024-36350} - x86/CPU/AMD: Add ZenX generations flags {CVE-2024-36350} - x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits {CVE-2024-36350} - Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older - tracing: Fix compilation warning on arm32 - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices - LTS tag: v5.4.294 - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys - spi: spi-sun4i: fix early activation - um: let 'make clean' properly clean underlying SUBARCH as well - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS - nfs: don't share pNFS DS connections between net namespaces - HID: quirks: Add ADATA XPG alpha wireless mouse support - coredump: hand a pidfd to the usermode coredump helper - fork: use pidfd_prepare() - pid: add pidfd_prepare() - pidfd: check pid has attached task in fdinfo - coredump: fix error handling for replace_fd() - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice {CVE-2025-38001} - smb: client: Reset all search buffer pointers when releasing buffer - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} - drm/i915/gvt: fix unterminated-string-initialization warning - netfilter: nf_tables: do not defer rule destruction via call_rcu {CVE-2024-56655} - netfilter: nf_tables: wait for rcu grace period on net_device removal {CVE-2024-56655} - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx - kbuild: Disable -Wdefault-const-init-unsafe - spi: spi-fsl-dspi: restrict register range for regmap access - mm/page_alloc.c: avoid infinite retries caused by cpuset race - drm/edid: fixed the bug that hdr metadata was not reset - llc: fix data loss when reading from a socket in llc_ui_recvmsg() - ALSA: pcm: Fix race of buffer access at PCM OSS layer {CVE-2025-38078} - can: bcm: add missing rcu read protection for procfs content {CVE-2025-38003} - can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004} - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000} - net: dwmac-sun8i: Use parsed internal PHY address instead of 1 - bridge: netfilter: Fix forwarding of fragmented packets - xfrm: Sanitize marks before insert - __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock {CVE-2025-38058} - xenbus: Allow PVH dom0 a non-local xenstore - btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref {CVE-2025-38034} - nvmet-tcp: don't restore null sk_state_change {CVE-2025-38035} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 - pinctrl: meson: define the pull up/down resistor value as 60 kOhm - drm: Add valid clones check - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset - regulator: ad5398: Add device tree support - wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate - bpftool: Fix readlink usage in get_fd_type - HID: usbkbd: Fix the bit shift number for LED_KANA - scsi: st: Restore some drive settings after reset - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine - rcu: fix header guard for rcu_all_qs() - rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y - vxlan: Annotate FDB data races {CVE-2025-38037} - hwmon: (xgene-hwmon) use appropriate type for the latency value - ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). - net/mlx5e: reduce rep rxq depth to 256 for ECPF - net/mlx5e: set the tx_queue_len for pfifo_fast - net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB - phy: core: don't require set_mode() callback for phy_get_mode() to work - net/mlx4_core: Avoid impossible mlx4_db_alloc() order value - smack: recognize ipv4 CIPSO w/o categories - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map - ASoC: ops: Enforce platform maximum on initial value - net/mlx5: Apply rate-limiting to high temperature warning - net/mlx5: Modify LSB bitmask in temperature event to include only the first bit - ACPI: HED: Always initialize before evged - PCI: Fix old_size lower bound in calculate_iosize() too - EDAC/ie31200: work around false positive build warning - net: pktgen: fix access outside of user given buffer in pktgen_thread_write() {CVE-2025-38061} - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU - scsi: mpt3sas: Send a diag reset if target reset fails - MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core - MIPS: Use arch specific syscall name match function - cpuidle: menu: Avoid discarding useful information - x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() - bonding: report duplicate MAC address in all situations - net: xgene-v2: remove incorrect ACPI_PTR annotation - drm/amdkfd: KFD release_work possible circular locking - net/mlx5: Avoid report two health errors on same syndrome - fpga: altera-cvp: Increase credit timeout - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence - hwmon: (gpio-fan) Add missing mutex locks - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 - net: pktgen: fix mpls maximum labels list parsing - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" - media: cx231xx: set device_caps for 417 {CVE-2025-38044} - orangefs: Do not truncate file size {CVE-2025-38065} - dm cache: prevent BUG_ON by blocking retries on failed device resumes {CVE-2025-38066} - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() - ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 - ieee802154: ca8210: Use proper setters and getters for bitwise types - rtc: ds1307: stop disabling alarms on probe - powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 - mmc: sdhci: Disable SD card clock before changing parameters - netfilter: conntrack: Bound nf_conntrack sysctl writes - posix-timers: Add cond_resched() to posix_timer_add() search loop - xen: Add support for XenServer 6.1 platform device {CVE-2025-38046} - dm: restrict dm device size to 2^63-512 bytes - kbuild: fix argument parsing in scripts/config - scsi: st: ERASE does not change tape location - scsi: st: Tighten the page format heuristics with MODE SELECT - ext4: reorder capability check last - um: Update min_low_pfn to match changes in uml_reserved - um: Store full CSGSFS and SS register from mcontext - btrfs: send: return -ENAMETOOLONG when attempting a path that is too long - btrfs: avoid linker error in btrfs_find_create_tree_block() - i2c: pxa: fix call balance of i2c->clk handling routines - mmc: host: Wait for Vdd to settle on card power off - libnvdimm/labels: Fix divide error in nd_label_data_init() {CVE-2025-38072} - pNFS/flexfiles: Report ENETDOWN as a connection error - tools/build: Don't pass test log files to linker - dql: Fix dql->limit value when reset. - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting - NFSv4: Treat ENETUNREACH errors as fatal for state recovery - fbdev: core: tileblit: Implement missing margin clearing for tileblit - fbdev: fsl-diu-fb: add missing device_remove_file() - mailbox: use error ret code of of_parse_phandle_with_args() - kconfig: merge_config: use an empty file as initfile - cgroup: Fix compilation issue due to cgroup_mutex not being exported - dma-mapping: avoid potential unused data compilation warning - scsi: target: iscsi: Fix timeout on deleted connection {CVE-2025-38075} - openvswitch: Fix unsafe attribute parsing in output_userspace() {CVE-2025-37998} - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 - Input: synaptics - enable SMBus for HP Elitebook 850 G1 - clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() - phy: renesas: rcar-gen3-usb2: Set timing registers only once - phy: Fix error handling in tegra_xusb_port_init - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() - NFSv4/pnfs: Reset the layout state after a layoutreturn - NFSv4/pnfs: pnfs_set_layout_stateid() should update the layout cred - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() - ALSA: sh: SND_AICA should depend on SH_DMA_API - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING - spi: loopback-test: Do not split 1024-byte hexdumps - nfs: handle failure of nfs_get_lock_context in unlock path {CVE-2025-38023} - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug {CVE-2025-38024} - iio: chemical: sps30: use aligned_s64 for timestamp - iio: adc: ad7768-1: Fix insufficient alignment of timestamp. - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation - staging: axis-fifo: avoid parsing ignored device tree properties - staging: axis-fifo: Remove hardware resets for user errors - staging: axis-fifo: replace spinlock with mutex - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection - do_umount(): add missing barrier before refcount checks in sync case - MIPS: Fix MAX_REG_OFFSET - iio: adc: dln2: Use aligned_s64 for timestamp - types: Complement the aligned types with signed 64-bit one - usb: usbtmc: Fix erroneous generic_read ioctl return - usb: usbtmc: Fix erroneous wait_srq ioctl return - usb: usbtmc: Fix erroneous get_stb ioctl error returns - USB: usbtmc: use interruptible sleep in usbtmc_read - usb: typec: ucsi: displayport: Fix NULL pointer access {CVE-2025-37994} - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition - ocfs2: stop quota recovery before disabling quotas - ocfs2: implement handshaking with ocfs2 recovery thread - ocfs2: switch osb->disable_recovery to enum - module: ensure that kobject_put() is safe for module type kobjects {CVE-2025-37995} - xenbus: Use kref to track req lifetime {CVE-2025-37949} - usb: uhci-platform: Make the clock really optional - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo {CVE-2025-37969} - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo {CVE-2025-37970} - iio: adis16201: Correct inclinometer channel resolution - iio: adc: ad7606: fix serial register access - staging: iio: adc: ad7816: Correct conditional logic for store mode - Input: synaptics - enable InterTouch on Dell Precision M3800 - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G - Input: synaptics - enable InterTouch on Dynabook Portege X30-D - net: dsa: b53: fix learning on VLAN unaware bridges - netfilter: ipset: fix region locking in hash types {CVE-2025-37997} - sch_htb: make htb_deactivate() idempotent {CVE-2025-37953} - dm: fix copying after src array boundaries {CVE-2025-37902} - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927} - arm64: dts: rockchip: fix iface clock-name on px30 iommus - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling - usb: chipidea: ci_hdrc_imx: use dev_err_probe() - usb: chipidea: imx: refine the error handling for hsic - usb: chipidea: imx: change hsic power regulator as optional - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() {CVE-2025-37819} - irqchip/gic-v2m: Mark a few functions __init - irqchip/gic-v2m: Add const to of_device_id - sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37953} - of: module: add buffer overflow check in of_modalias() {CVE-2024-38541} - PCI: imx6: Skip controller_id generation logic for i.MX7D - net: fec: ERR007885 Workaround for conventional TX - net: lan743x: Fix memleak issue when GSO enabled {CVE-2025-37909} - lan743x: fix endianness when accessing descriptors - lan743x: remove redundant initialization of variable current_head_index - nvme-tcp: fix premature queue removal and I/O failover - net: dlink: Correct endianness handling of led_mode - net_sched: qfq: Fix double list add in class with netem as child qdisc {CVE-2025-37913} - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890} - net_sched: drr: Fix double list add in class with netem as child qdisc {CVE-2025-37915} - net/mlx5: E-Switch, Initialize MAC Address for Default GID - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - dm: always update the array size in realloc_argv on success {CVE-2025-37902} - dm-integrity: fix a warning on invalid table line - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() {CVE-2025-37990} - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload - parisc: Fix double SIGFPE crash {CVE-2025-37991} - i2c: imx-lpi2c: Fix clock count when probe defers - EDAC/altera: Set DDR and SDMMC interrupt mask before registration - EDAC/altera: Test the correct error reg offset - scsi: qedf: Wait for stag work during unload - scsi: qedf: Don't process stag work during unload and recovery - rds: ib: Add cm_id generation scheme in order to detect new ones - x86/its: BPF can crash in bpf_jit_comp.c when ITS is enabled - shmem: add support to ignore swap - shmem: update documentation - mm: hold the source mmap write lock when copying PTEs - mm: do not write protect COW mappings when preserving across exec - mm: differentiate copying PTEs for preservation from copying for fork - mm/fork: Pass new vma pointer into copy_page_range() - xen/swiotlb: relax alignment requirements - Reapply "xen/swiotlb: add alignment check for dma buffers" - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" - nvme: unblock ctrl state transition for firmware update - memcg: always call cond_resched() after fn() - ACPI: PPTT: Fix processor subtable walk - LTS tag: v5.4.293 - MIPS: cm: Fix warning if MIPS_CM is disabled - crypto: atmel-sha204a - Set hwrng quality to lowest possible - comedi: jr3_pci: Fix synchronous deletion of timer - md/raid1: Add check for missing source disk in process_checks() - scsi: pm80xx: Set phy_attached to zero when device is gone - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls - selftests: ublk: fix test_stripe_04 - udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803} - KVM: s390: Don't use %pK through tracepoints - sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP - ntb: reduce stack usage in idt_scan_mws - qibfs: fix _another_ leak {CVE-2025-37983} - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() {CVE-2025-37881} - dmaengine: dmatest: Fix dmatest waiting less when interrupted - usb: host: max3421-hcd: Add missing spi_device_id table - parisc: PDT: Fix missing prototype warning - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() - crypto: null - Use spin lock instead of mutex {CVE-2025-37808} - MIPS: cm: Detect CM quirks from device tree - USB: VLI disk crashes if LPM is used - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive - usb: dwc3: gadget: check that event count does not exceed event buffer length {CVE-2025-37810} - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) - usb: cdns3: Fix deadlock when using NCM gadget {CVE-2025-37812} - USB: serial: simple: add OWON HDS200 series oscilloscope support - USB: serial: option: add Sierra Wireless EM9291 - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe - serial: sifive: lock port in startup()/shutdown() callbacks - USB: storage: quirk for ADATA Portable HDD CH94 - mcb: fix a double free bug in chameleon_parse_gdd() {CVE-2025-37817} - virtio_console: fix missing byte order handling for cols and rows - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} - tipc: fix NULL pointer dereference in tipc_mon_reinit_self() {CVE-2025-37824} - net: phy: leds: fix memory leak {CVE-2025-37989} - cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() {CVE-2025-37829} - drm/amd/pm: Prevent division by zero {CVE-2025-37766} - misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error - misc: pci_endpoint_test: Use INTX instead of LEGACY - PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX - iio: adc: ad7768-1: Fix conversion result sign - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check - net: dsa: mv88e6xxx: fix VTU methods for 6320 family - media: vim2m: print device name after registering device - ext4: fix OOB read when checking dotdot dir {CVE-2025-37785} - ext4: optimize __ext4_check_dir_entry() - ext4: don't over-report free space or inodes in statvfs - ext4: code cleanup for ext4_statfs_project() - ext4: simplify checking quota limits in ext4_statfs() - platform/x86: ISST: Correct command storage data length - MIPS: ds1287: Match ds1287_set_base_clock() function types - MIPS: cevt-ds1287: Add missing ds1287.h include - MIPS: dec: Declare which_prom() as static - virtio-net: Add validation for used length {CVE-2021-47352} - RDMA/srpt: Support specifying the srpt_service_guid parameter {CVE-2024-26744} - openvswitch: fix lockup on tx to unregistering netdev with carrier {CVE-2025-21681} - net: openvswitch: fix race on port output {CVE-2025-21681} - mmc: cqhci: Fix checking of CQHCI_HALT state - nvmet-fc: Remove unused functions - usb: dwc3: support continuous runtime PM with dual role - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type - misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error {CVE-2025-23140} - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). {CVE-2024-50154} - powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp - kbuild: Add '-fno-builtin-wcslen' - cpufreq: Reference count policy in cpufreq_update_limits() - drm/sti: remove duplicate object names - drm/nouveau: prime: fix ttm_bo_delayed_delete oops {CVE-2025-37765} - drm/repaper: fix integer overflows in repeat functions - module: sign with sha512 instead of sha1 by default - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR - perf/x86/intel: Allow to update user space GPRs from PEBS records - virtiofs: add filesystem context source name check {CVE-2025-37773} - riscv: Avoid fortify warning in syscall_get_arguments() - isofs: Prevent the use of too small fid {CVE-2025-37780} - i2c: cros-ec-tunnel: defer probe if parent EC is not present {CVE-2025-37781} - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key {CVE-2025-37782} - btrfs: correctly escape subvol in btrfs_show_options() - nfs: add missing selections of CONFIG_CRC32 - nfs: move nfs_fhandle_hash to common include file - NFSD: Constify @fh argument of knfsd_fh_hash() - asus-laptop: Fix an uninitialized variable - writeback: fix false warning in inode_to_wb() - net: b53: enable BPDU reception for management port - net: openvswitch: fix nested key length validation in the set() action {CVE-2025-37789} - Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" {CVE-2025-37795} - Bluetooth: btrtl: Prevent potential NULL dereference {CVE-2025-37792} - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() - scsi: iscsi: Fix missing scsi_host_put() in error path - wifi: wl1251: fix memory leak in wl1251_tx_work {CVE-2025-37982} - wifi: mac80211: Purge vif txq in ieee80211_do_stop() {CVE-2025-37794} - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() {CVE-2025-37795} - wifi: at76c50x: fix use after free access in at76_disconnect {CVE-2025-37796} - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition {CVE-2025-37838} - pwm: mediatek: always use bus clock for PWM on MT7622 - Bluetooth: hci_uart: Fix another race during initialization {CVE-2025-23139} - x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() - PCI: Fix reference leak in pci_alloc_child_bus() - of/irq: Fix device node refcount leakages in of_irq_init() - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() - of/irq: Fix device node refcount leakages in of_irq_count() - ntb: use 64-bit arithmetic for the MSI doorbell mask - gpio: zynq: Fix wakeup source leaks on device unbind - ftrace: Add cond_resched() to ftrace_graph_set_hash() {CVE-2025-37940} - dm-integrity: set ti->error on memory allocation failure - crypto: ccp - Fix check for the primary ASP device - thermal/drivers/rockchip: Add missing rk3328 mapping entry - sctp: detect and prevent references to a freed transport in sendmsg {CVE-2025-23142} - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock - sparc/mm: disable preemption in lazy mmu mode - arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string - mtd: rawnand: Add status chack in r852_ready() - mtd: inftlcore: Add error check for inftl_read_oob() {CVE-2025-37892} - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - i3c: Add NULL pointer check in i3c_master_queue_ibi() {CVE-2025-23147} - ext4: fix off-by-one error in do_split {CVE-2025-23150} - wifi: mac80211: fix integer overflow in hwmp_route_info_get() - net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family - media: venus: hfi_parser: add check to avoid out of bound access {CVE-2025-23157} - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO - media: i2c: ov7251: Set enable GPIO low in probe - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() - media: streamzap: prevent processing IR data on URB failure - mtd: rawnand: brcmnand: fix PM resume warning {CVE-2025-37840} - arm64: cputype: Add MIDR_CORTEX_A76AE - xenfs/xensyms: respect hypervisor's "next" indication - media: siano: Fix error handling in smsdvb_module_init() - media: venus: hfi: add check to handle incorrect queue size {CVE-2025-23158} - media: venus: hfi: add a check to handle OOB in sfr region {CVE-2025-23159} - media: i2c: adv748x: Fix test pattern selection mask - ext4: don't treat fhandle lookup of ea_inode as FS corruption - ext4: reject casefold inode flag without casefold feature - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags - bpf: Add endian modifiers to fix endian warnings - pwm: fsl-ftm: Handle clk_get_rate() returning 0 - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() {CVE-2025-37850} - pwm: mediatek: Always use bus clock - fbdev: omapfb: Add 'plane' value check {CVE-2025-37851} - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset - drm/amdkfd: clamp queue size to minimum - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 - drm: panel-orientation-quirks: Add support for AYANEO 2S - drm: allow encoder mode_set even when connectors change for crtc - Bluetooth: hci_uart: fix race during initialization {CVE-2025-23139} - tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER - net: vlan: don't propagate flags on open {CVE-2025-23163} - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table - scsi: st: Fix array overflow in st_setup() {CVE-2025-37857} - ext4: ignore xattrs past end {CVE-2025-37738} - ext4: protect ext4_release_dquot against freezing - ahci: add PCI ID for Marvell 88SE9215 SATA Controller - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode - jfs: add sanity check for agwidth in dbMount {CVE-2025-37740} - jfs: Prevent copying of nlink with value 0 from disk inode {CVE-2025-37741} - fs/jfs: Prevent integer overflow in AG size calculation {CVE-2025-37858} - fs/jfs: cast inactags to s64 to prevent potential overflow - page_pool: avoid infinite loop to schedule delayed worker {CVE-2025-37859} - ALSA: usb-audio: Fix CME quirk for UF series keyboards - ALSA: hda: intel: Fix Optimus when GPU has no sound - HID: pidff: Fix null pointer dereference in pidff_find_fields {CVE-2025-37862} - HID: pidff: Do not send effect envelope if it's empty - HID: pidff: Convert infinite length from Linux API to PID standard - xen/mcelog: Add __nonstring annotations for unterminated strings - perf: arm_pmu: Don't disable counter in armpmu_add() - x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine - pm: cpupower: bench: Prevent NULL dereference on malloc failure {CVE-2025-37841} - net: ppp: Add bound checking for skb data on ppp_sync_txmung {CVE-2025-37749} - ata: sata_sx4: Add error handling in pdc20621_i2c_read() - ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones - tipc: fix memory leak in tipc_link_xmit {CVE-2025-37757} - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() {CVE-2025-37758} - x86/bhi: Do not set BHI_DIS_S in 32-bit mode - x86/bpf: Add IBHF call at end of classic BPF - x86/bpf: Call branch history clearing sequence on exit - certs: Reference revocation list for all keyrings - RDS: use get_user_pages_fast() in rdma_pin_pages() - x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel - selftest/x86/bugs: Add selftests for ITS {CVE-2024-28956} - x86/its: Align RETs in BHB clear sequence to avoid thunking {CVE-2024-28956} - x86/its: Add "vmexit" option to skip mitigation on some CPUs {CVE-2024-28956} - x86/its: Enable Indirect Target Selection mitigation {CVE-2024-28956} - x86/its: Add support for ITS-safe return thunk {CVE-2024-28956} - x86/its: Add support for ITS-safe indirect thunk {CVE-2024-28956} - x86/its: Enumerate Indirect Target Selection (ITS) bug {CVE-2024-28956} - Documentation: x86/bugs/its: Add ITS documentation {CVE-2024-28956} - certs: Add new Oracle Linux Driver Signing (key 1) certificate - net/mlx5e: Don't call cleanup on profile rollback failure {CVE-2024-50146} - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() {CVE-2024-50000} - net/mlx5: Fix error path in multi-packet WQE transmit {CVE-2024-50001} - net/mlx5: Discard command completions in internal error {CVE-2024-38555} - net/mlx5e: fix a potential double-free in fs_any_create_groups {CVE-2023-52667} - net/mlx5: Reclaim max 50K pages at once - LTS tag: v5.4.292 - jfs: add index corruption check to DT_GETPAGE() - tracing: Fix use-after-free in print_graph_function_flags during tracer switching {CVE-2025-22035} - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs {CVE-2025-22045} - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() - can: flexcan: only change CAN state when link up in system PM - arcnet: Add NULL check in com20020pci_probe() {CVE-2025-22054} - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS - vsock: avoid timeout during connect() if the socket is closing - net_sched: skbprio: Remove overly strict queue assertions {CVE-2025-38637} - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets {CVE-2025-22063} - ntb: intel: Fix using link status DB's - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans {CVE-2023-53034} - spufs: fix a leak in spufs_create_context() {CVE-2025-22071} - spufs: fix a leak on spufs_new_file() failure {CVE-2025-22073} - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} - can: statistics: use atomic access in hot path - locking/semaphore: Use wake_q to wake up processes outside lock critical section - sched/deadline: Use online cpus for validating runtime - affs: don't write overlarge OFS data block size fields - affs: generate OFS sequence numbers starting at 1 - wifi: iwlwifi: fw: allocate chained SG tables for dump - sched/smt: Always inline sched_smt_active() - octeontx2-af: Fix mbox INTR handler when num VFs > 64 - ring-buffer: Fix bytes_dropped calculation issue - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() {CVE-2025-37937} - fs/procfs: fix the comment above proc_pid_wchan() - perf python: Check if there is space to copy all the event - perf python: Decrement the refcount of just created event on failure - perf python: Fixup description of sample.id event member - ocfs2: validate l_tree_depth to avoid out-of-bounds access {CVE-2025-22079} - kexec: initialize ELF lowest address to ULONG_MAX - perf units: Fix insufficient array space - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio - coresight: catu: Fix number of pages while using 64k pages - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment - mfd: sm501: Switch to BIT() to mitigate integer overflows - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow {CVE-2025-22086} - power: supply: max77693: Fix wrong conversion of charge input threshold value - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 - clk: amlogic: g12a: fix mmc A peripheral clock - clk: amlogic: gxbb: drop non existing 32k clock parent - clk: amlogic: g12b: fix cluster A parent data - IB/mad: Check available slots before posting receive WRs - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent - pinctrl: renesas: rza2: Fix missing of_node_put() call - lib: 842: Improve error handling in sw842_compress() - clk: amlogic: gxbb: drop incorrect flag on 32k clock - fbdev: sm501fb: Add some geometry checks. - mdacon: rework dependency list - fbdev: au1100fb: Move a variable assignment behind a null pointer check - PCI: pciehp: Don't enable HPIE when resuming in poll mode - PCI: Remove stray put_device() in pci_register_host_bridge() - PCI/portdrv: Only disable pciehp interrupts early when needed - PCI/ASPM: Fix link state exit during switch upstream function removal {CVE-2024-58093} - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member - ALSA: hda/realtek: Always honor no_shutup_pins - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() - PM: sleep: Fix handling devices with direct_complete set on errors - thermal: int340x: Add NULL check for adev {CVE-2025-23136} - EDAC/ie31200: Fix the error path order of ie31200_init() - EDAC/ie31200: Fix the DIMM size mask for several SoCs - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer - selinux: Chain up tool resolving errors in install_policy.sh - x86/platform: Only allow CONFIG_EISA for 32-bit - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove {CVE-2025-22020} - net: usb: qmi_wwan: add Telit Cinterion FE990B composition - net: usb: qmi_wwan: add Telit Cinterion FN990B composition - tty: serial: 8250: Add some more device IDs - counter: stm32-lptimer-cnt: fix error handling when enabling - netfilter: socket: Lookup orig tuple for IPv6 SNAT {CVE-2025-22021} - ARM: Remove address checking for MMUless devices - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() - atm: Fix NULL pointer dereference {CVE-2025-22018} - HID: hid-plantronics: Add mic mute mapping and generalize quirks - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() {CVE-2025-21996} - batman-adv: Ignore own maximum aggregation size during RX - ARM: shmobile: smp: Enforce shmobile_smp_* alignment - mmc: atmel-mci: Add missing clk_disable_unprepare() - drm/v3d: Don't run jobs that have errors flagged in its fence - i2c: omap: fix IRQ storms - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES - net: atm: fix use after free in lec_send() {CVE-2025-22004} - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). {CVE-2025-22005} - Bluetooth: Fix error code in chan_alloc_skb_cb() {CVE-2025-22007} - RDMA/hns: Fix wrong value of max_sge_rd - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path - xfrm_output: Force software GSO only in tunnel mode - firmware: imx-scu: fix OF node leak in .probe() - i2c: sis630: Fix an error handling path in sis630_probe() - i2c: ali15x3: Fix an error handling path in ali15x3_probe() - i2c: ali1535: Fix an error handling path in ali1535_probe() - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() - qlcnic: fix memory leak issues in qlcnic_sriov_common.c - drm/amd/display: Assign normalized_pix_clk when color depth = 14 {CVE-2025-21956} - drm/atomic: Filter out redundant DPMS calls - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes {CVE-2025-21991} - USB: serial: option: match on interface class for Telit FN990B - USB: serial: option: fix Telit Cinterion FE990A name - USB: serial: option: add Telit Cinterion FE990B compositions - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 - block: fix 'kmem_cache of name 'bio-108' already exists' - drm/nouveau: Do not override forced connector status - x86/irq: Define trace events conditionally - fuse: don't truncate cached, mutated symlink - nvme: only allow entering LIVE from CONNECTING state - sctp: Fix undefined behavior in left shift operation - nvmet-rdma: recheck queue state is LIVE in state lock in recv done - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() - s390/cio: Fix CHPID "configure" attribute caching - HID: ignore non-functional sensor in HP 5MP Camera {CVE-2025-21992} - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell - ACPI: resource: IRQ override for Eluktronics MECH-17 - scsi: qla1280: Fix kernel oops when debug level > 2 {CVE-2025-21957} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993} - powercap: call put_device() on an error path in powercap_register_control_type() - hrtimers: Mark is_migration_base() with __always_inline - nvme-fc: go straight to connecting state when initializing - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices - netfilter: nft_exthdr: fix offset with ipv4_find_option() - net_sched: Prevent creation of classes with TC_H_ROOT {CVE-2025-21971} - ipvs: prevent integer overflow in do_ip_vs_get_ctl() - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() {CVE-2025-21959} - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() - drivers/hv: Replace binary semaphore with mutex - netpoll: hold rcu read lock in __netpoll_send_skb() - netpoll: netpoll_send_skb() returns transmit status - netpoll: move netpoll_send_skb() out of line - netpoll: remove dev argument from netpoll_send_skb_on_dev() - netpoll: Fix use correct return type for ndo_start_xmit() - pinctrl: bcm281xx: Fix incorrect regmap max_registers value - sched/isolation: Prevent boot crash when the boot CPU is nohz_full - clockevents/drivers/i8253: Fix stop sequence for timer 0 - RDS: avoid using offlined CPU during reconnect - x86/microcode/AMD: Clean the cache if update did not load microcode - x86/microcode/AMD: Add finalize_late_load() microcode_op - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches - x86/microcode/AMD: Add some forgotten models to the SHA check - x86/microcode/AMD: Load only SHA256-checksummed patches {CVE-2025-22047} - x86/microcode/AMD: Flush patch buffer mapping after application - x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size - nvme: fix deadlock between reset and scan

0 tuxcare-oraclelinux7-els bpftool-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm cdc8f2c9809726a21ef1caf9a6900ae544e4ad912fe7f61c21a30f10a73aac60 kernel-uek-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm d3729882566fb664571a7d19d26b2d567c38163f22af1c932d335208aee87ddb kernel-uek-container-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm f90bd19dc79d4373afd00dda3118ffc575c9088afa393f03d47a48a638a58dee kernel-uek-container-debug-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm ef2b7f3c9f09732a87894d69670d74ceae2fcd973e93511381de712374d3f2a9 kernel-uek-debug-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm fb0477d33a79023492c59046525622c772a77bb763f8838adaaacf1b6d922050 kernel-uek-debug-devel-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm 9a872b9736aff935b3a544fe338250dd741ebd5e90e6fb8d1861bb7eb854dc7d kernel-uek-devel-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm d5da3899413089665c748d0f8a8db9a6ee324e6539cf4e6acdbbd4446fad8f8a kernel-uek-headers-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm f2bafe1e7ce6ac240d10a90f3ebf252e8cd10bb0595f7c9779744fed456564a6 kernel-uek-tools-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm 9503acf7e714cec57c7a404a022531e170cc9e2f43056e9f2a7ce1bc4914ee92 perf-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm 4723f7a120cd126f3fac45bcbc072a18fd3b857c37da7d823352be2346fbc692 python-perf-5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64.rpm 8a00078f0dc18c9f7f1fe44ca55301f42a04f2dd77f8a397d432b8f80bcf758e CLSA-2025:1758022501 TuxCare License Agreement 0 - CVE-2025-32990: fix memory corruption in when parsing a template file Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-32990: fix memory corruption in when parsing a template file

0 tuxcare-oraclelinux7-els gnutls-3.3.29-9.el7_6.tuxcare.els2.i686.rpm a29f59b3949421d23176a0cb8d9a5eca8d6a496fbe45f86f35c80021fadf3b2a gnutls-3.3.29-9.el7_6.tuxcare.els2.x86_64.rpm 13fd300ae255086359289004ac1890e1dda6622097508d32b9599e9f66226b0e gnutls-c++-3.3.29-9.el7_6.tuxcare.els2.i686.rpm 03ac4aba383820ca3ca498bcf785e21f02cf32c1bbd336dfa959ac76524d1ee0 gnutls-c++-3.3.29-9.el7_6.tuxcare.els2.x86_64.rpm e39ed56927fb2e0e5024dbbafc7b55a2b43734d5dbe539f0c9d425e4c56be773 gnutls-dane-3.3.29-9.el7_6.tuxcare.els2.i686.rpm 1a1e72d84092ddf4051776d0160e1799b68ff691cbeb3a370526942eb4238522 gnutls-dane-3.3.29-9.el7_6.tuxcare.els2.x86_64.rpm 601004c2e7f67ebe308f9af4aa4657307af9a7dbdf659ada9dc7453d6d040518 gnutls-devel-3.3.29-9.el7_6.tuxcare.els2.i686.rpm 739587a8eb94d561ac0e6634ff906e956d379504bc0c2e4922f4c36c1cbbac89 gnutls-devel-3.3.29-9.el7_6.tuxcare.els2.x86_64.rpm 9b014bee6c012526695db87f253254dd2b4f1922d685b08aed90d370ee751f6c gnutls-utils-3.3.29-9.el7_6.tuxcare.els2.x86_64.rpm eb9b3ce7bf7027d72e012b1544bde471f959731987075a8ca49cbc6a2b4bc4da CLSA-2025:1758031199 TuxCare License Agreement 0 - CVE-2024-47252: escape user-supplied data in mod_ssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-47252: escape user-supplied data in mod_ssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack

0 tuxcare-oraclelinux7-els httpd-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm 913a88e2ab5f157c6612ad1cef59b7e1690cb6efb4613839023fdd2999a67943 httpd-devel-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm f05f200af91b8bc403d76b45a2c236259deeb16b968448c9e6ff35ad29a786cc httpd-manual-2.4.6-99.0.5.el7_9.1.tuxcare.els6.noarch.rpm e30c9bffcc466c8e6b42a1a47636011d3e2f9ed1dabbde0e538c7531fe4864a7 httpd-tools-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm 6dd2324d3c28522869be278cf5333852d41ab671c0d8fa85ab1f7f2c581ad94f mod_ldap-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm ae7ec0483dccbd105732e5e56a2820b47e287e716d4a526815fa95dedeb287b4 mod_proxy_html-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm 06b96e9ae26f319e39a04f039817c759ea55728c8c26bb4ede7eb0604dd4f3b9 mod_session-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm 1d04f61db46e49368d50777b1535914191485c0f899188994552b4b6f438a071 mod_ssl-2.4.6-99.0.5.el7_9.1.tuxcare.els6.x86_64.rpm 8b9525e554c5efac417a3c1ee84a9306198cafc27ecdfdeb9ccb8f38711dbfd5 CLSA-2025:1758639838 TuxCare License Agreement 0 - Update Intel CPU microcode to 20250812: - Addition of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c000401; - Addition of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000643; - Addition of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x3a; - Addition of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x437; - Addition of cpuid:A06D1/0x20 (GNR-AP/SP H0) microcode (in microcode.dat) at revision 0xa000100; - Addition of cpuid:A06D1/0x95 (GNR-AP/SP B0) microcode (in microcode.dat) at revision 0x10003d0; - Addition of cpuid:B0650/0x80 (ARL-U A1) microcode (in microcode.dat) at revision 0xa; - Addition of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x12f; - Addition of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x4129; - Addition of cpuid:B06D1/0x80 (LNL B0) microcode (in microcode.dat) at revision 0x123; - Addition of cpuid:C0652/0x82 (ARL-H A1) microcode (in microcode.dat) at revision 0x119; - Addition of cpuid:C0662/0x82 (ARL-HX 8P/S B0) microcode (in microcode.dat) at revision 0x119; - Addition of cpuid:C0664/0x82 microcode (in microcode.dat) at revision 0x119; - Addition of cpuid:C06A2/0x82 microcode (in microcode.dat) at revision 0x119; - Addition of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x210002b3; - Removal of cpuid:50656/0xbf (CLX-SP B0) microcode (in microcode.dat) at revision 0x4003605; - Removal of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c0003e0; - Removal of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000620; - Removal of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x38; - Removal of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x436; - Removal of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x12c; - Removal of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x4124; - Removal of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) at revision 0x21000291; - Removal of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x21000291; - Update of cpuid:50657/0xbf (CLX-SP/W/X B1/L1) microcode (in microcode.dat) from revision 0x5003707 up to 0x5003901; - Update of cpuid:5065B/0xbf (CPX-SP A1) microcode (in microcode.dat) from revision 0x7002904 up to 0x7002b01; - Update of cpuid:606A6/0x87 (ICX-SP D0) microcode (in microcode.dat) from revision 0xd0003f5 up to 0xd000410; - Update of cpuid:606C1/0x10 (ICL-D B0) microcode (in microcode.dat) from revision 0x10002c0 up to 0x10002e0; - Update of cpuid:706A8/0x01 (GLK-R R0) microcode (in microcode.dat) from revision 0x24 up to 0x26; - Update of cpuid:706E5/0x80 (ICL-U/Y D1) microcode (in microcode.dat) from revision 0xc6 up to 0xca; - Update of cpuid:806C1/0x80 (TGL-UP3/UP4 B1) microcode (in microcode.dat) from revision 0xb8 up to 0xbc; - Update of cpuid:806C2/0xc2 (TGL-R C0) microcode (in microcode.dat) from revision 0x38 up to 0x3c; - Update of cpuid:806D1/0xc2 (TGL-H R0) microcode (in microcode.dat) from revision 0x52 up to 0x56; - Update of cpuid:806EC/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:806F4/0x10 microcode (in microcode.dat) from revision 0x2c0003e0 up to 0x2c000401; - Update of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) from revision 0x2b000620 up to 0x2b000643; - Update of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) from revision 0x2c0003e0 up to 0x2c000401; - Update of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) from revision 0x2b000620 up to 0x2b000643; - Update of cpuid:806F6/0x10 microcode (in microcode.dat) from revision 0x2c0003e0 up to 0x2c000401; - Update of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) from revision 0x2b000620 up to 0x2b000643; - Update of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) from revision 0x2b000620 up to 0x2b000643; - Update of cpuid:90675/0x07 (ADL-S 6+0 K0) microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:906A4/0x40 (AZB A0) microcode (in microcode.dat) from revision 0x9 up to 0xa; - Update of cpuid:906A4/0x80 (ADL-P 2+8 R0) microcode (in microcode.dat) from revision 0x436 up to 0x437; - Update of cpuid:906ED/0x22 (CFL-H/S/Xeon E R0) microcode (in microcode.dat) from revision 0x102 up to 0x104; - Update of cpuid:A0652/0x20 (CML-H R1) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:A0653/0x22 (CML-S 6+2 G1) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:A0655/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:A0660/0x80 (CML-U 6+2 A0) microcode (in microcode.dat) from revision 0xfe up to 0x102; - Update of cpuid:A0661/0x80 (CML-U 6+2 v2 K1) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:A0671/0x02 (RKL-S B0) microcode (in microcode.dat) from revision 0x63 up to 0x64; - Update of cpuid:A06A4/0xe6 (MTL-H/U C0) microcode (in microcode.dat) from revision 0x20 up to 0x25; - Update of cpuid:A06F3/0x01 (SRF-SP C0) microcode (in microcode.dat) from revision 0x3000330 up to 0x3000362; - Update of cpuid:B0674/0x32 microcode (in microcode.dat) from revision 0x12c up to 0x12f; - Update of cpuid:B06A3/0xe0 (RPL-U 2+8 Q0) microcode (in microcode.dat) from revision 0x4124 up to 0x4129; - Update of cpuid:B06A8/0xe0 microcode (in microcode.dat) from revision 0x4124 up to 0x4129; - Update of cpuid:B06E0/0x19 (ADL-N A0) microcode (in microcode.dat) from revision 0x1c up to 0x1d; - Update of cpuid:B06F2/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:B06F5/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:B06F6/0x07 microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:B06F7/0x07 microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) from revision 0x21000291 up to 0x210002b3; Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Update Intel CPU microcode to 20250812: - Addition of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c000401; - Addition of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000643; - Addition of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x3a; - Addition of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x437; - Addition of cpuid:A06D1/0x20 (GNR-AP/SP H0) microcode (in microcode.dat) at revision 0xa000100; - Addition of cpuid:A06D1/0x95 (GNR-AP/SP B0) microcode (in microcode.dat) at revision 0x10003d0; - Addition of cpuid:B0650/0x80 (ARL-U A1) microcode (in microcode.dat) at revision 0xa; - Addition of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x12f; - Addition of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x4129; - Addition of cpuid:B06D1/0x80 (LNL B0) microcode (in microcode.dat) at revision 0x123; - Addition of cpuid:C0652/0x82 (ARL-H A1) microcode (in microcode.dat) at revision 0x119; - Addition of cpuid:C0662/0x82 (ARL-HX 8P/S B0) microcode (in microcode.dat) at revision 0x119; - Addition of cpuid:C0664/0x82 microcode (in microcode.dat) at revision 0x119; - Addition of cpuid:C06A2/0x82 microcode (in microcode.dat) at revision 0x119; - Addition of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x210002b3; - Removal of cpuid:50656/0xbf (CLX-SP B0) microcode (in microcode.dat) at revision 0x4003605; - Removal of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c0003e0; - Removal of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000620; - Removal of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x38; - Removal of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x436; - Removal of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x12c; - Removal of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x4124; - Removal of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) at revision 0x21000291; - Removal of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x21000291; - Update of cpuid:50657/0xbf (CLX-SP/W/X B1/L1) microcode (in microcode.dat) from revision 0x5003707 up to 0x5003901; - Update of cpuid:5065B/0xbf (CPX-SP A1) microcode (in microcode.dat) from revision 0x7002904 up to 0x7002b01; - Update of cpuid:606A6/0x87 (ICX-SP D0) microcode (in microcode.dat) from revision 0xd0003f5 up to 0xd000410; - Update of cpuid:606C1/0x10 (ICL-D B0) microcode (in microcode.dat) from revision 0x10002c0 up to 0x10002e0; - Update of cpuid:706A8/0x01 (GLK-R R0) microcode (in microcode.dat) from revision 0x24 up to 0x26; - Update of cpuid:706E5/0x80 (ICL-U/Y D1) microcode (in microcode.dat) from revision 0xc6 up to 0xca; - Update of cpuid:806C1/0x80 (TGL-UP3/UP4 B1) microcode (in microcode.dat) from revision 0xb8 up to 0xbc; - Update of cpuid:806C2/0xc2 (TGL-R C0) microcode (in microcode.dat) from revision 0x38 up to 0x3c; - Update of cpuid:806D1/0xc2 (TGL-H R0) microcode (in microcode.dat) from revision 0x52 up to 0x56; - Update of cpuid:806EC/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:806F4/0x10 microcode (in microcode.dat) from revision 0x2c0003e0 up to 0x2c000401; - Update of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) from revision 0x2b000620 up to 0x2b000643; - Update of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) from revision 0x2c0003e0 up to 0x2c000401; - Update of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) from revision 0x2b000620 up to 0x2b000643; - Update of cpuid:806F6/0x10 microcode (in microcode.dat) from revision 0x2c0003e0 up to 0x2c000401; - Update of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) from revision 0x2b000620 up to 0x2b000643; - Update of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) from revision 0x2b000620 up to 0x2b000643; - Update of cpuid:90675/0x07 (ADL-S 6+0 K0) microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:906A4/0x40 (AZB A0) microcode (in microcode.dat) from revision 0x9 up to 0xa; - Update of cpuid:906A4/0x80 (ADL-P 2+8 R0) microcode (in microcode.dat) from revision 0x436 up to 0x437; - Update of cpuid:906ED/0x22 (CFL-H/S/Xeon E R0) microcode (in microcode.dat) from revision 0x102 up to 0x104; - Update of cpuid:A0652/0x20 (CML-H R1) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:A0653/0x22 (CML-S 6+2 G1) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:A0655/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:A0660/0x80 (CML-U 6+2 A0) microcode (in microcode.dat) from revision 0xfe up to 0x102; - Update of cpuid:A0661/0x80 (CML-U 6+2 v2 K1) microcode (in microcode.dat) from revision 0xfc up to 0x100; - Update of cpuid:A0671/0x02 (RKL-S B0) microcode (in microcode.dat) from revision 0x63 up to 0x64; - Update of cpuid:A06A4/0xe6 (MTL-H/U C0) microcode (in microcode.dat) from revision 0x20 up to 0x25; - Update of cpuid:A06F3/0x01 (SRF-SP C0) microcode (in microcode.dat) from revision 0x3000330 up to 0x3000362; - Update of cpuid:B0674/0x32 microcode (in microcode.dat) from revision 0x12c up to 0x12f; - Update of cpuid:B06A3/0xe0 (RPL-U 2+8 Q0) microcode (in microcode.dat) from revision 0x4124 up to 0x4129; - Update of cpuid:B06A8/0xe0 microcode (in microcode.dat) from revision 0x4124 up to 0x4129; - Update of cpuid:B06E0/0x19 (ADL-N A0) microcode (in microcode.dat) from revision 0x1c up to 0x1d; - Update of cpuid:B06F2/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:B06F5/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:B06F6/0x07 microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:B06F7/0x07 microcode (in microcode.dat) from revision 0x38 up to 0x3a; - Update of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) from revision 0x21000291 up to 0x210002b3;

0 tuxcare-oraclelinux7-els microcode_ctl-2.1-73.20.0.2.el7_9.tuxcare.els1.x86_64.rpm 35ec505fd5f082c9e354d32965e89fa80e146097118f9358e5f64e1da0cc7d1d CLSA-2025:1758705538 TuxCare License Agreement 0 - CVE-2024-52533: fix off-by-one error leading to buffer overflow in gsocks4aproxy.c Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-52533: fix off-by-one error leading to buffer overflow in gsocks4aproxy.c

0 tuxcare-oraclelinux7-els glib2-2.56.1-9.el7_9.tuxcare.els3.i686.rpm 652715f1b4a6b5f02cac8aec1e2ee275fe5df6224b89320e52477e49538f295b glib2-2.56.1-9.el7_9.tuxcare.els3.x86_64.rpm 17771038dec9836273ad8b49372d7992bda0f0081f04d1da88088170dfa496d6 glib2-devel-2.56.1-9.el7_9.tuxcare.els3.i686.rpm 0c79c04f708d05c46767fd8c9df0ec0c32693ffd6607f17688d892b141d9d28c glib2-devel-2.56.1-9.el7_9.tuxcare.els3.x86_64.rpm 214bce7d13a5c72fe3673fe1cd4f878ef023792d2c25c6ba67e0be85e3c75bd4 glib2-doc-2.56.1-9.el7_9.tuxcare.els3.noarch.rpm ad2a0844bdcaee04ff92f63a216490959023d67e31e4baee3a5372d46bc1424f glib2-fam-2.56.1-9.el7_9.tuxcare.els3.x86_64.rpm 4cbc563fa259107a8fe2e8132c4daf6d79246088e0c186e216cbde9c04ad7787 glib2-static-2.56.1-9.el7_9.tuxcare.els3.i686.rpm 03f515469538dad6dbc37c70469fea54623a9e4b92ed89ff071ad594a29c651d glib2-static-2.56.1-9.el7_9.tuxcare.els3.x86_64.rpm e19fb57f162dc5099de48503a49a5f921c1313a741ee81eba43efc8a58714254 glib2-tests-2.56.1-9.el7_9.tuxcare.els3.x86_64.rpm a94e178d83fa949a3553f0d91962549f2a39eb7bf37be503d8effdeb5ffae712 CLSA-2025:1758892548 TuxCare License Agreement 0 - CVE-2025-4802: prevent untrusted LD_LIBRARY_PATH from loading dynamically shared libraries in statically compiled binaries that call dlopen Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-4802: prevent untrusted LD_LIBRARY_PATH from loading dynamically shared libraries in statically compiled binaries that call dlopen

0 tuxcare-oraclelinux7-els glibc-2.17-326.0.9.el7_9.3.tuxcare.els2.i686.rpm c901e587cc56eee2deef777869cdbcd660e9b45b050b1cbebbe1f74d44f61b60 glibc-2.17-326.0.9.el7_9.3.tuxcare.els2.x86_64.rpm 4660e92211d52df7489e1ac8d8707b384a49a7ff18fd155df97a5223d89f40e0 glibc-common-2.17-326.0.9.el7_9.3.tuxcare.els2.x86_64.rpm e722828b7bcc9e689a9efd99709c9f9dd3b574f537072642cd74de1d6f2cfe4a glibc-devel-2.17-326.0.9.el7_9.3.tuxcare.els2.i686.rpm c3dba4a4885a96e0aebe9ef94b1d45f60d850776ffc079c69bd3620bce395afe glibc-devel-2.17-326.0.9.el7_9.3.tuxcare.els2.x86_64.rpm 4288bf4afa1acd001a9e6f01690638809f8420207ee7abdaaeb56b6e44a56c45 glibc-headers-2.17-326.0.9.el7_9.3.tuxcare.els2.x86_64.rpm b3f957ff7f1c730b72f3d2d1c5b5e8a16d8daf62c9885738e4de5c406996b2e3 glibc-static-2.17-326.0.9.el7_9.3.tuxcare.els2.i686.rpm 7f351899d3d2633f05c159595b1d1d8f268f6daf037c804e3d44c33a6ae7b1eb glibc-static-2.17-326.0.9.el7_9.3.tuxcare.els2.x86_64.rpm eb2228b44af1560855e2a5eeb788ca72512a791274b4bb1a4b7ca46217075fc8 glibc-utils-2.17-326.0.9.el7_9.3.tuxcare.els2.x86_64.rpm 99ec10ecb272329f4f60411ed2a940acb139d94bab8a7c993dfbdf96c97fffef nscd-2.17-326.0.9.el7_9.3.tuxcare.els2.x86_64.rpm 14544beab47cc8703a17f8e7b65f5f01014883676646650827c4c149d8b7fd74 CLSA-2025:1758892982 TuxCare License Agreement 0 - CVE-2017-9228: fix heap out-of-bounds write in bitset_set_range() and parse_char_class() functions Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2017-9228: fix heap out-of-bounds write in bitset_set_range() and parse_char_class() functions

0 tuxcare-oraclelinux7-els php-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 023ad0644429b34c8755334f0ecbd86d24ce4bb4c89c01a68d85df0485486e5f php-bcmath-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 12988ef3321854ffaa96b2074ea042e747d096ff97a273a15c403b1f97ee3cfc php-cli-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 34be376f39c180955114e78dd791bd2d16b2b7f50fce03600a6b6017ab2bbb0b php-common-5.4.16-48.el7.tuxcare.els15.x86_64.rpm fe5618798f12d3f4b9771aa3ff3775250fadaa35a2c7d1f8b79644deff0776e8 php-dba-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 55d684733231be2835e20e21f1049ade932f47800e7491e1b53c7bdb5c604fa5 php-devel-5.4.16-48.el7.tuxcare.els15.x86_64.rpm c5c821fd5ee87586f1dc4b9084245ce737245528c54d769e5393fdd7251176b4 php-embedded-5.4.16-48.el7.tuxcare.els15.x86_64.rpm ab0ab4a0df72ad78faba311df19a44b23ad344cdec6d9367b3369adc34176e77 php-enchant-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 183bfd25de9bbb8aefd87d59f54692eb9ed0b1bb956beaae97327ea0c3c2976a php-fpm-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 41b051eb73b30b98ff1945c6f037b92af1be46808da8dc6cc048bb90fe020bf0 php-gd-5.4.16-48.el7.tuxcare.els15.x86_64.rpm e18894bd955260588b2975eec33df86233fcf81fd8b56d1e6863b1f58f010eb0 php-intl-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 7d300357b4b4ce0bcd446e9c994d6325f09d92aea54446448685f0997c466235 php-ldap-5.4.16-48.el7.tuxcare.els15.x86_64.rpm f1226181b95ce0f06cbf47d0551be5fe7634ccf7281dd9a8a20b90d1de8a039f php-mbstring-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 4c827e747a499ac9f7667bd38d7a55b43d79274f3448b9159e19f00579fdb2b1 php-mysql-5.4.16-48.el7.tuxcare.els15.x86_64.rpm a3c136bce5f54b6e50986c51e4062b800c4bbb57ad205493d9e6f68743e09f01 php-mysqlnd-5.4.16-48.el7.tuxcare.els15.x86_64.rpm d6155372fbb9cda126eb30e6cf6a31b297a8dfa1dc578c4bc8b4ac97dae6e753 php-odbc-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 1417b4817578f39fcd17ce5171f1e0df96a571a1190ac0dc144be062e2336cd0 php-pdo-5.4.16-48.el7.tuxcare.els15.x86_64.rpm a93cc5ba683fdd265abd5a2cd1da06c36218e3886998cabd70ce7260abcb0d89 php-pgsql-5.4.16-48.el7.tuxcare.els15.x86_64.rpm a87587023ddc0d3cbb6f6fdbc22af53af37c3c4b1ec37e4f27e1924c287dddba php-process-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 64ccf2371abe299b9c38292072cb60c860448ece52227d6f085307418618cd20 php-pspell-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 55b1a7a4c4de4f2195a98e75b6c4786b786497bc603d58cc3a6628858bb7e217 php-recode-5.4.16-48.el7.tuxcare.els15.x86_64.rpm a7d8a16f49d42e60d92920b0e08500d9b993a034b9fff7f32b90ffa2e855b2f2 php-snmp-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 907a224511906e0d1cc4110283f3ad38220923ad555cc39cb697e4d9fa847602 php-soap-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 8cfbb0ce97c0509773e3b20b7d58fca6e05e027f892e3fb99a5948b5218ec242 php-xml-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 8b5fdd9b5d033e7d249a97118340294281f4bf318d8cb919242db7c0e23b7719 php-xmlrpc-5.4.16-48.el7.tuxcare.els15.x86_64.rpm 4e500bc7e022e8917f6e6cb201f5456520987da1bfac3043d9cf1d30004f0fde CLSA-2025:1759167661 TuxCare License Agreement 0 - CVE-2025-46835: prevent malicious creating and overwriting of user's files Low Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-46835: prevent malicious creating and overwriting of user's files

0 tuxcare-oraclelinux7-els emacs-git-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 98e3afbea11fbb333a54e909809ab68e788eddac71b660a7b1ab0733c0ca1a2d emacs-git-el-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm a8fe166617c2fe91cafef0489a501de79400705d43895e0286c95a0ace0c97fe git-1.8.3.1-25.el7_9.tuxcare.els6.x86_64.rpm 5bd964c13f112a0ecb513a7a44fbcc60e0bd47e0a7a125acd6a89a436fc91192 git-all-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 4d0fe368a182316a8c2836abb78626051d2cadc5038c789f43b22fe28112d94a git-bzr-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm d4509eaf96200b823dd34b08e4b93d3e8582a4a01b795ffb5819ee0a1bd65749 git-cvs-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 111ff5280a8833a5d4e9973f3a8b0e446d77d3dd53261a7a15d1e578bdac78cd git-daemon-1.8.3.1-25.el7_9.tuxcare.els6.x86_64.rpm 9748fbd07525e5af3f58a3de2aee328e3b8764c168a6b21d4ef79d5db22515d4 git-email-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 134e4ad8ca26ed2ad9c646f257ad322683aa500be4890e50a7e60bb0da9c0d9a git-gnome-keyring-1.8.3.1-25.el7_9.tuxcare.els6.x86_64.rpm 0570a984ae8686afaf99ea5ae312e00b3625d5fba481c41ed31836240cf5cdd2 git-gui-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm b6da74aae68b830b5eb9f8f254a69708e8708635c44c468ac63c8e15b48e8aab git-hg-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 2ba92bcbcff8b2fe63664f5ee0b5fa79f70d3927cfb1d22502d608b626ed4351 git-instaweb-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm e06251d0f54d56b85f485b866db590eaff024e05ad99a6d7f2050e3ffd5f2fe2 git-p4-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 20539c82db1b55fd624fafd3a6a7ba4764930e6b7eb3f561737344e39b88219f git-svn-1.8.3.1-25.el7_9.tuxcare.els6.x86_64.rpm a419eb580600762c90516640c4452feabc341ca8831062c42cbcbbf0ef4b0e5c gitk-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 80fec9d5445d7b7adda146044d229cc53649fc5a44ac571231c45fcb1cb35b0e gitweb-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 52a810708a7270d32dbd17e24f95a51ea51114f4243e4ee846178d9c1c0213f8 perl-Git-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm c05ab4bc4a37148425054492063859e2b7645964bfa095380ff5b06d31615645 perl-Git-SVN-1.8.3.1-25.el7_9.tuxcare.els6.noarch.rpm 545b6193edbb072729fd22d1265e867f1ccb17db8daa4ea885ab214360ead9ab CLSA-2025:1759431869 TuxCare License Agreement 0 - ASoC: topology: Clean up route loading {CVE-2024-41069} - ASoC: topology: Fix references to freed memory {CVE-2024-41069} - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - Bluetooth: L2CAP: Fix not validating setsockopt user input {CVE-2024-35965} - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() {CVE-2024-35965} - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214} - Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966} - Bluetooth: SCO: Fix not validating setsockopt user input {CVE-2024-35966} - media: stk1160: fix bounds checking in stk1160_copy_video() {CVE-2024-38621} - net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350} - sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37932} - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798} - sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38350} - sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38350} - sch_htb: make htb_deactivate() idempotent {CVE-2025-38350} - sch_cbq: make cbq_qlen_notify() idempotent {CVE-2025-38000} - inet: fully convert sk->sk_rx_dst to RCU rules {CVE-2021-47103} - scsi: mpt3sas: Fix use-after-free warning {CVE-2022-48695} - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory {CVE-2024-40901} - vmci: prevent speculation leaks by sanitizing event in event_deliver() {CVE-2024-39499} - USB: core: Fix hang in usb_kill_urb by adding memory barriers {CVE-2022-48760} - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells {CVE-2021-47497} - virtio-net: Add validation for used length {CVE-2021-47352} - watchdog: Fix possible use-after-free by calling del_timer_sync() {CVE-2021-47321} - scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929} - wifi: iwlwifi: mvm: guard against invalid STA ID on removal {CVE-2024-36921} - mac802154: fix llsec key resources release in mac802154_llsec_key_del {CVE-2024-26961} - platform/x86: wmi: Fix opening of char device {CVE-2023-52864} - media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764} - wifi: mac80211: fix potential key use-after-free {CVE-2023-52530} - net: fix information leakage in /proc/net/ptype {CVE-2022-48757} - crypto: qat - resolve race condition during AER recovery {CVE-2024-26974} - perf/core: Bail out early if the request AUX area is out of bound {CVE-2023-52835} - net: ti: fix UAF in tlan_remove_one {CVE-2021-47310} - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594} - net: bridge: use DEV_STATS_INC() {CVE-2023-52578} - net: add atomic_long_t to net_device_stats fields {CVE-2023-52578} - media: dvb-core: Fix use-after-free due to race at dvb_register_device() {CVE-2022-45884} - media: dvb-core: Fix use-after-free on race condition at dvb_frontend {CVE-2022-45885} - xen/gntalloc: don't use gnttab_query_foreign_access() {CVE-2022-23039} - xen/netfront: don't use gnttab_query_foreign_access() for mapped status {CVE-2022-23037} - xen/grant-table: add gnttab_try_end_foreign_access() {CVE-2022-23038} - ovl: fail on invalid uid/gid mapping at copy up {CVE-2023-0386} - ALSA: oss: Fix PCM OSS buffer allocation overflow {CVE-2022-49292} - gfs2: Fix length of holes reported at end-of-file - gfs2: Only do glock put in gfs2_create_inode for free inodes - gfs2: Fix use-after-free in gfs2_logd after withdraw - gfs2: fix use-after-free in trans_drain - gfs2: Clean up revokes on normal withdraws - GFS2: gfs2_free_extlen can return an extent that is too long - gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe - GFS2: Refactor gfs2_remove_from_journal - GFS2: Only set PageChecked for jdata pages - gfs2: keep bios separate for each journal - gfs2: Remove active journal side effect from gfs2_write_log_header - gfs2: clean_journal improperly set sd_log_flush_head - partial "GFS2: Introduce new gfs2_log_header_v2" - gfs2: change from write to read lock for sd_log_flush_lock in journal replay - GFS2: Reduce code redundancy writing log headers - gfs2: Grab glock reference sooner in gfs2_add_revoke - gfs2: fix glock reference problem in gfs2_trans_remove_revoke - gfs2: Fix occasional glock use-after-free - gfs2: Make sure we don't miss any delayed withdraws - gfs2: Fix bad comment for trans_drain - gfs2: add some much needed cleanup for log flushes that fail - gfs2: fix trans slab error when withdraw occurs inside log_flush - gfs2: initialize transaction tr_ailX_lists earlier - GFS2: Remove extra "if" in gfs2_log_flush() - gfs2: fix use-after-free on transaction ail lists - gfs2: Trim the ordered write list in gfs2_ordered_write() - GFS2: Clean up releasepage - gfs2: Only set PageChecked if we have a transaction - gfs2: Fix case in which ail writes are done to jdata holes - gfs2: simplify gfs2_block_map - gfs2: Remove unused gfs2_iomap_alloc argument - gfs2: Be more careful with the quota sync generation - gfs2: Get rid of some unnecessary quota locking - gfs2: Add some missing quota locking - gfs2: Fold qd_fish into gfs2_quota_sync - gfs2: quota need_sync cleanup - gfs2: Fix and clean up function do_qc - gfs2: Revert "Add quota_change type" - gfs2: Revert "ignore negated quota changes" - gfs2: qd_check_sync cleanups - gfs2: Check quota consistency on mount - gfs2: Minor gfs2_quota_init error path cleanup - gfs2: fix kernel BUG in gfs2_quota_cleanup - gfs2: Clean up quota.c:print_message - gfs2: Clean up gfs2_alloc_parms initializers - gfs2: Two quota=account mode fixes - gfs2: Remove useless assignment - gfs2: simplify slot_get - gfs2: Simplify qd2offset - gfs2: Remove quota allocation info from quota file - gfs2: use constant for array size - gfs2: Set qd_sync_gen in do_sync - gfs2: Remove useless err set - gfs2: Small gfs2_quota_lock cleanup - gfs2: move qdsb_put and reduce redundancy - gfs2: Don't try to sync non-changes - gfs2: Simplify function need_sync - gfs2: remove unneeded pg_oflow variable - gfs2: remove unneeded variable done - gfs2: pass sdp to gfs2_write_buf_to_page - gfs2: pass sdp in to gfs2_write_disk_quota - gfs2: Pass sdp to gfs2_adjust_quota - gfs2: remove dead code for quota writes - gfs2: Use qd_sbd more consequently - gfs2: replace 'found' with dedicated list iterator variable - gfs2: Some whitespace cleanups - gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- ASoC: topology: Clean up route loading {CVE-2024-41069} - ASoC: topology: Fix references to freed memory {CVE-2024-41069} - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - Bluetooth: L2CAP: Fix not validating setsockopt user input {CVE-2024-35965} - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() {CVE-2024-35965} - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214} - Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966} - Bluetooth: SCO: Fix not validating setsockopt user input {CVE-2024-35966} - media: stk1160: fix bounds checking in stk1160_copy_video() {CVE-2024-38621} - net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350} - sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37932} - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798} - sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38350} - sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38350} - sch_htb: make htb_deactivate() idempotent {CVE-2025-38350} - sch_cbq: make cbq_qlen_notify() idempotent {CVE-2025-38000} - inet: fully convert sk->sk_rx_dst to RCU rules {CVE-2021-47103} - scsi: mpt3sas: Fix use-after-free warning {CVE-2022-48695} - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory {CVE-2024-40901} - vmci: prevent speculation leaks by sanitizing event in event_deliver() {CVE-2024-39499} - USB: core: Fix hang in usb_kill_urb by adding memory barriers {CVE-2022-48760} - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells {CVE-2021-47497} - virtio-net: Add validation for used length {CVE-2021-47352} - watchdog: Fix possible use-after-free by calling del_timer_sync() {CVE-2021-47321} - scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929} - wifi: iwlwifi: mvm: guard against invalid STA ID on removal {CVE-2024-36921} - mac802154: fix llsec key resources release in mac802154_llsec_key_del {CVE-2024-26961} - platform/x86: wmi: Fix opening of char device {CVE-2023-52864} - media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764} - wifi: mac80211: fix potential key use-after-free {CVE-2023-52530} - net: fix information leakage in /proc/net/ptype {CVE-2022-48757} - crypto: qat - resolve race condition during AER recovery {CVE-2024-26974} - perf/core: Bail out early if the request AUX area is out of bound {CVE-2023-52835} - net: ti: fix UAF in tlan_remove_one {CVE-2021-47310} - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594} - net: bridge: use DEV_STATS_INC() {CVE-2023-52578} - net: add atomic_long_t to net_device_stats fields {CVE-2023-52578} - media: dvb-core: Fix use-after-free due to race at dvb_register_device() {CVE-2022-45884} - media: dvb-core: Fix use-after-free on race condition at dvb_frontend {CVE-2022-45885} - xen/gntalloc: don't use gnttab_query_foreign_access() {CVE-2022-23039} - xen/netfront: don't use gnttab_query_foreign_access() for mapped status {CVE-2022-23037} - xen/grant-table: add gnttab_try_end_foreign_access() {CVE-2022-23038} - ovl: fail on invalid uid/gid mapping at copy up {CVE-2023-0386} - ALSA: oss: Fix PCM OSS buffer allocation overflow {CVE-2022-49292} - gfs2: Fix length of holes reported at end-of-file - gfs2: Only do glock put in gfs2_create_inode for free inodes - gfs2: Fix use-after-free in gfs2_logd after withdraw - gfs2: fix use-after-free in trans_drain - gfs2: Clean up revokes on normal withdraws - GFS2: gfs2_free_extlen can return an extent that is too long - gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe - GFS2: Refactor gfs2_remove_from_journal - GFS2: Only set PageChecked for jdata pages - gfs2: keep bios separate for each journal - gfs2: Remove active journal side effect from gfs2_write_log_header - gfs2: clean_journal improperly set sd_log_flush_head - partial "GFS2: Introduce new gfs2_log_header_v2" - gfs2: change from write to read lock for sd_log_flush_lock in journal replay - GFS2: Reduce code redundancy writing log headers - gfs2: Grab glock reference sooner in gfs2_add_revoke - gfs2: fix glock reference problem in gfs2_trans_remove_revoke - gfs2: Fix occasional glock use-after-free - gfs2: Make sure we don't miss any delayed withdraws - gfs2: Fix bad comment for trans_drain - gfs2: add some much needed cleanup for log flushes that fail - gfs2: fix trans slab error when withdraw occurs inside log_flush - gfs2: initialize transaction tr_ailX_lists earlier - GFS2: Remove extra "if" in gfs2_log_flush() - gfs2: fix use-after-free on transaction ail lists - gfs2: Trim the ordered write list in gfs2_ordered_write() - GFS2: Clean up releasepage - gfs2: Only set PageChecked if we have a transaction - gfs2: Fix case in which ail writes are done to jdata holes - gfs2: simplify gfs2_block_map - gfs2: Remove unused gfs2_iomap_alloc argument - gfs2: Be more careful with the quota sync generation - gfs2: Get rid of some unnecessary quota locking - gfs2: Add some missing quota locking - gfs2: Fold qd_fish into gfs2_quota_sync - gfs2: quota need_sync cleanup - gfs2: Fix and clean up function do_qc - gfs2: Revert "Add quota_change type" - gfs2: Revert "ignore negated quota changes" - gfs2: qd_check_sync cleanups - gfs2: Check quota consistency on mount - gfs2: Minor gfs2_quota_init error path cleanup - gfs2: fix kernel BUG in gfs2_quota_cleanup - gfs2: Clean up quota.c:print_message - gfs2: Clean up gfs2_alloc_parms initializers - gfs2: Two quota=account mode fixes - gfs2: Remove useless assignment - gfs2: simplify slot_get - gfs2: Simplify qd2offset - gfs2: Remove quota allocation info from quota file - gfs2: use constant for array size - gfs2: Set qd_sync_gen in do_sync - gfs2: Remove useless err set - gfs2: Small gfs2_quota_lock cleanup - gfs2: move qdsb_put and reduce redundancy - gfs2: Don't try to sync non-changes - gfs2: Simplify function need_sync - gfs2: remove unneeded pg_oflow variable - gfs2: remove unneeded variable done - gfs2: pass sdp to gfs2_write_buf_to_page - gfs2: pass sdp in to gfs2_write_disk_quota - gfs2: Pass sdp to gfs2_adjust_quota - gfs2: remove dead code for quota writes - gfs2: Use qd_sbd more consequently - gfs2: replace 'found' with dedicated list iterator variable - gfs2: Some whitespace cleanups - gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm 03f18d29daa39dc46a95f09dd52c5a6346de780fe102b830c20dd2327d9dcf63 kernel-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm a8da2b87b486f12622a91cb81e6f9eaba205f000cd09576d2e5e76808df2c8a8 kernel-debug-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm cdf8acd1f54da32a1dfadc8d56d9bae76141f2cd82a065f7ab3a397f884e5ab4 kernel-debug-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm 1fcf9b543f3688d82ca648627c73ec9cc5bd3addb9decb6dfe159e6bb7c0fee3 kernel-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm e8e3e46d277ff96347f51efcebb0dd6b022aa1d1e4ee4a82120bd9fc1b7f394a kernel-headers-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm 4eb973cc7b3faf80245d63edd47f35cd5bc246fac8f22aa72150a291f87fa855 kernel-tools-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm dd9a400ba54c3e3aa827836b9be0132e3f9d4f8addc50c166716eb388623c54a kernel-tools-libs-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm 367432fab95710ddfb27405e108ebfb53dff943a8cdf6542072e11754214691d kernel-tools-libs-devel-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm b18a71568f6d29489b85f346c5f936f1bc7d36b62736608ce4931871c3b8885a perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm 15e8733f0b3258c28c04a4a202f3939a640804fd6662e8de71b8fc49c35729e2 python-perf-3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64.rpm f45afe6f4a342db0f40a6062dc87fae6855005edd414f410269d1ec832cb28a9 CLSA-2025:1759506149 TuxCare License Agreement 0 - CVE-2025-24528: fix buffer overflow vulnerability in iprop log file writing Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-24528: fix buffer overflow vulnerability in iprop log file writing

0 tuxcare-oraclelinux7-els krb5-devel-1.15.1-55.0.7.el7_9.99.tuxcare.els1.i686.rpm cec06b5126ab7d93a6b0706b365a6211c69f2e026d6411afa6d5589d17fbb52c krb5-devel-1.15.1-55.0.7.el7_9.99.tuxcare.els1.x86_64.rpm f748fec19c26c5c9f43fa0dbf3a5f53b33f3c23297c32fe112a3a3b67e896065 krb5-libs-1.15.1-55.0.7.el7_9.99.tuxcare.els1.i686.rpm cebb257853c0e285458ad494b1ee0bb7de5c104d970cf65e2078d1c9891eb27d krb5-libs-1.15.1-55.0.7.el7_9.99.tuxcare.els1.x86_64.rpm 5195220831e95db4477d2bf3fbd955395c40e87caf39f54fe86420129c5bcab3 krb5-pkinit-1.15.1-55.0.7.el7_9.99.tuxcare.els1.x86_64.rpm 33cad65852a26ad3ab3b7829e97c03efb6acb50c38deffbcbedc105a85e3cff7 krb5-server-1.15.1-55.0.7.el7_9.99.tuxcare.els1.x86_64.rpm 26e6113da879dcd0c1d6050936714f2042bb12ed27aeaf791f55d8484fef2b6e krb5-server-ldap-1.15.1-55.0.7.el7_9.99.tuxcare.els1.x86_64.rpm b9254e025a47f6af8c10f2c630b6e1ab236eae9cc5b33ab6d1a4af5c978f26c2 krb5-workstation-1.15.1-55.0.7.el7_9.99.tuxcare.els1.x86_64.rpm 0792f6c3295b2dc24f8e8879dc70fbc208fbc727f00bffc539d242184ef4cdf6 libkadm5-1.15.1-55.0.7.el7_9.99.tuxcare.els1.i686.rpm f24a57474d69a01ee4bfe19ab305bf90e0f75c2a1ce3d922924888b60324dd76 libkadm5-1.15.1-55.0.7.el7_9.99.tuxcare.els1.x86_64.rpm 395e8a8210a149282e7cbb75fbf1cc01f2778629553b15b290566fb392a9235f CLSA-2025:1759780334 TuxCare License Agreement 0 - CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability Low Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2007-4559: implement PEP 706 - a filter in the tarfile module to prevent directory traversal vulnerability

0 tuxcare-oraclelinux7-els python3-3.6.8-21.0.1.el7_9.tuxcare.els3.i686.rpm ba0e6ffa63bdf79d0fe2301211c8e0c13ab6904a1f779986d555e9da13ae7cd3 python3-3.6.8-21.0.1.el7_9.tuxcare.els3.x86_64.rpm 20297a3974d29d93aa79056804ca56020828b528091103f8074987f2350d8e1b python3-debug-3.6.8-21.0.1.el7_9.tuxcare.els3.i686.rpm 3b526880dd55834d304b7954c83d42a5d43bfb18252d6030314fe377d29bd0f3 python3-debug-3.6.8-21.0.1.el7_9.tuxcare.els3.x86_64.rpm 4429fb92c000b2b9d8135e9f00f81c3c93a6d65e75fb5da8f5f15d6a92980a10 python3-devel-3.6.8-21.0.1.el7_9.tuxcare.els3.i686.rpm 13ee9c6de5292ad262facfae89b4e8035958d6eb50a690ce1455fe7664397f7a python3-devel-3.6.8-21.0.1.el7_9.tuxcare.els3.x86_64.rpm e38c45f1d45ed7cdbe7aad42051b954dd23fd9f68adcd117a3b5bf02278de918 python3-idle-3.6.8-21.0.1.el7_9.tuxcare.els3.i686.rpm b160f16a23ea4c18c82287dcab9ee9ffc1ff958a66c334a371b41708c05c6821 python3-idle-3.6.8-21.0.1.el7_9.tuxcare.els3.x86_64.rpm 554a1c7c271acf857fc5c9201e06e26225f39e556a33e0d51df5bb81588e2e5d python3-libs-3.6.8-21.0.1.el7_9.tuxcare.els3.i686.rpm cc03fb597d4fed4004cce4881d348526eb30b7040b9d0273a0bb0750f0cbed87 python3-libs-3.6.8-21.0.1.el7_9.tuxcare.els3.x86_64.rpm 08d3d496a457b974759ffb51e68f19ddab4b668d9628038805fa155f386241a9 python3-test-3.6.8-21.0.1.el7_9.tuxcare.els3.i686.rpm fcdedfe6f28cae58c4d72f597b1fef508100c6c14707be8f9cd98c791f6863f2 python3-test-3.6.8-21.0.1.el7_9.tuxcare.els3.x86_64.rpm 30ba8cb5bd7e8236285677e74850bdb522cf57aa2dd76cda7d5dd4dc7c37fbbe python3-tkinter-3.6.8-21.0.1.el7_9.tuxcare.els3.i686.rpm b42c8e7e773918efec84cdeecf03c9b5c05f4d27e84c473d899d37dadfaec48f python3-tkinter-3.6.8-21.0.1.el7_9.tuxcare.els3.x86_64.rpm fc0f15b59fadc18a6e5229caee6370b107b80afe77f8da2fcad08b3088a6eef3 CLSA-2025:1760022663 TuxCare License Agreement 0 - CVE-2017-5225: fix heap buffer overflow in tools/tiffcp by restricting BitsPerSample values Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2017-5225: fix heap buffer overflow in tools/tiffcp by restricting BitsPerSample values

0 tuxcare-oraclelinux7-els libtiff-4.0.3-35.el7.tuxcare.els5.i686.rpm 868e6c9039d14014fb416513cb83d557fee157e5be3236c130663a50a34e3954 libtiff-4.0.3-35.el7.tuxcare.els5.x86_64.rpm f27b0883e39d42650c6fb3454dd5a345834c49ae512675126e92fa2d4b16b943 libtiff-devel-4.0.3-35.el7.tuxcare.els5.i686.rpm 7b2f98456a182037f5dcfaab9a1d3431debeb0ed8e0cb9b13e4eff7cbfb7e233 libtiff-devel-4.0.3-35.el7.tuxcare.els5.x86_64.rpm 1185c54dc2043184c18f554956c558dc81fd69d7e2c89eb91f7045a2eb77a8c5 libtiff-static-4.0.3-35.el7.tuxcare.els5.i686.rpm 463f957e34c821ac49fd776af93a104d5893f7b069e7b9f65103150980cfbe24 libtiff-static-4.0.3-35.el7.tuxcare.els5.x86_64.rpm 48942804718f09e9209c35eae29725b4f75f86f174fc29c65018d937196c7180 libtiff-tools-4.0.3-35.el7.tuxcare.els5.x86_64.rpm 0d6fc4e9965a8f7abf620f918b6d60837e146535b15c7bf73afb34b447fd92b3 CLSA-2025:1760022881 TuxCare License Agreement 0 - version sync with OracleLinux version 7.4.629-8.0.1 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- version sync with OracleLinux version 7.4.629-8.0.1

0 tuxcare-oraclelinux7-els vim-X11-7.4.629-8.0.1.el7_9.tuxcare.els1.x86_64.rpm eb6fb57791cbb34f9fd3ac6f77b402d01a599474b1af221582516d70e628faab vim-common-7.4.629-8.0.1.el7_9.tuxcare.els1.x86_64.rpm 40fcc78f7e08195d3c6fee8192fee052d5cf376e1e6eb0f69cdb9e2704544603 vim-enhanced-7.4.629-8.0.1.el7_9.tuxcare.els1.x86_64.rpm 9f31d3cf9895798d34caac55492ec65d357ddb762ef0c2a68510e69a001fa8c7 vim-filesystem-7.4.629-8.0.1.el7_9.tuxcare.els1.x86_64.rpm 80ccd2fcc38bb6d31781e14ce2ecbe29345c73d348edb58bf6e986d2dcc042ca vim-minimal-7.4.629-8.0.1.el7_9.tuxcare.els1.x86_64.rpm 684a74b5d1138a6f33fee90d74880d4875ccc100df49cd74301103b10c13a45b CLSA-2025:1760023353 TuxCare License Agreement 0 - CVE-2019-1547: fix side-channel vulnerability in ECDSA when using explicit EC parameters without cofactor - CVE-2025-9230: fix incorrect check of unwrapped key size Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2019-1547: fix side-channel vulnerability in ECDSA when using explicit EC parameters without cofactor - CVE-2025-9230: fix incorrect check of unwrapped key size

0 tuxcare-oraclelinux7-els openssl-1.0.2k-26.el7_9.tuxcare.els6.x86_64.rpm 542629467e6b742f0578e8f59a98b80d814df3a1348dbb95973ccb09ce7d2217 openssl-devel-1.0.2k-26.el7_9.tuxcare.els6.i686.rpm 8f770d47ab0d72ed4afc559b081185d9d2ca6afd3dfe470f9b98f7bb074f6d9b openssl-devel-1.0.2k-26.el7_9.tuxcare.els6.x86_64.rpm 8655b28c9f364f24d449b8e48e97f8df56de93da3a6953b3f2d6f6a64bd5ea7f openssl-libs-1.0.2k-26.el7_9.tuxcare.els6.i686.rpm f46ac0017bc347e1d97a9179e8ba4f9146b0da7bccc9295f20bc09ebd6f72bee openssl-libs-1.0.2k-26.el7_9.tuxcare.els6.x86_64.rpm 4f4a7405877d2de393e8ea65fc906a0f076f4ad7f6a5108f5d271dbf802e24e4 openssl-perl-1.0.2k-26.el7_9.tuxcare.els6.x86_64.rpm 9f1baff20120f39a670fa055942e081db87fe76d7b0d2641a2c78e6da851346e openssl-static-1.0.2k-26.el7_9.tuxcare.els6.i686.rpm 6532d1c8c989d1994d9409936405d03b0134f43ff25953058daba9fdb1aadc0e openssl-static-1.0.2k-26.el7_9.tuxcare.els6.x86_64.rpm 6836ba60646e999c119db8a848c6d76b71695aec75f066f202446fffd6965e39 CLSA-2025:1760026282 TuxCare License Agreement 0 - CVE-2025-8837: fix use-after-free vulnerability in jpc_dec_dump() Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-8837: fix use-after-free vulnerability in jpc_dec_dump()

0 tuxcare-oraclelinux7-els jasper-1.900.1-33.el7.tuxcare.els2.x86_64.rpm 6c1d9b0029817dbde0909fb00f86dc439104f0cf555ec646f284bb3cc9448cad jasper-devel-1.900.1-33.el7.tuxcare.els2.i686.rpm a22e5540fbac95bf8cb2143b1ef1768246b203c905a74d6e5fe636824f74c4fb jasper-devel-1.900.1-33.el7.tuxcare.els2.x86_64.rpm b3430fe53e988d112671df0c53ab15ee5326344b8fed5d320e2ef12213f4742f jasper-libs-1.900.1-33.el7.tuxcare.els2.i686.rpm d89b23a84ba8c2e3347feaf613353712de459672c8dd760ae3c38d6e500fbc47 jasper-libs-1.900.1-33.el7.tuxcare.els2.x86_64.rpm cd851da6263995f8af49f4dae251f1fba3509818e8ce6c2ca37d38444b4db97b jasper-utils-1.900.1-33.el7.tuxcare.els2.x86_64.rpm 02427c0beb07567faa3a48d297d30b23ed3865c4375fb6fe1288700a2db7f54c CLSA-2025:1760459898 TuxCare License Agreement 0 - bump version to 1.2-10.0.1 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- bump version to 1.2-10.0.1

0 tuxcare-oraclelinux7-els libndp-1.2-10.0.1.el7_9.tuxcare.els1.i686.rpm 0463c42ecedd07ed4ae1c40b2dee73464e3697754a3f0e967f34bfb7e38e94d8 libndp-1.2-10.0.1.el7_9.tuxcare.els1.x86_64.rpm f173bd3a20b4fa84a831b6616a70d19203321697095192b79504fc033f3f5600 libndp-devel-1.2-10.0.1.el7_9.tuxcare.els1.i686.rpm 55c38d6c12de2f523e2f6c93706d498225b5e578e2146c794c692f82ed4feba2 libndp-devel-1.2-10.0.1.el7_9.tuxcare.els1.x86_64.rpm ea9fe77f3f65aae1367c140df2d17e5f8b8d6eef8613e89b5882bd7767739c6e CLSA-2025:1760646154 TuxCare License Agreement 0 - Additional fix for CVE-2025-49176 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Additional fix for CVE-2025-49176

0 tuxcare-oraclelinux7-els xorg-x11-server-Xdmx-1.20.4-99.el7_9.tuxcare.els7.x86_64.rpm 9db7e7bb5c79a3c241fc6f7d960586c561a0d6f26928738f022c8bb5b4c82539 xorg-x11-server-Xephyr-1.20.4-99.el7_9.tuxcare.els7.x86_64.rpm 3ae422e3382aec11420a05eec9a8e5af7eb3dd9731a949e0c109d29233cb2573 xorg-x11-server-Xnest-1.20.4-99.el7_9.tuxcare.els7.x86_64.rpm 4817618485d278f80627cb6250967ed15c57b90026e803e7d7da98307cf6aaaf xorg-x11-server-Xorg-1.20.4-99.el7_9.tuxcare.els7.x86_64.rpm fe509f58c57bc50b1436411cdea81bebde531de3874738f14631da811094d3b1 xorg-x11-server-Xvfb-1.20.4-99.el7_9.tuxcare.els7.x86_64.rpm d172b4e87eb4a39a53578ee0286f58dea5d9ac4b7684a14493145f2ece4a37e9 xorg-x11-server-Xwayland-1.20.4-99.el7_9.tuxcare.els7.x86_64.rpm 5dfe530737caf7137f977a0d9cef2cc06f9c05545e2d6f6102ad80c70686e0da xorg-x11-server-common-1.20.4-99.el7_9.tuxcare.els7.x86_64.rpm 944c4c24cb7242f3a6c05fceeb58db99c908217a47598f64851234469bc6d379 xorg-x11-server-devel-1.20.4-99.el7_9.tuxcare.els7.i686.rpm 569354044a67d2bef284061e57e331a1939e657f29a69d9507c506f762ddfc45 xorg-x11-server-devel-1.20.4-99.el7_9.tuxcare.els7.x86_64.rpm d2898b5e81019581949e05104c011b3f5623b846f8b13cc89caafb17220468ff xorg-x11-server-source-1.20.4-99.el7_9.tuxcare.els7.noarch.rpm 43aefcf08cbd79cd428f57dabc249882cc80e33210132596b9f79764f927eb59 CLSA-2025:1760646561 TuxCare License Agreement 0 - Rebuilt with xorg-x11-server-1.20.4-99.el7_9.tuxcare.els7, mitigating the security vulnerabilities identified by the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597 CVE-2025-26598, CVE-2025-26599, CVE-2025-26600 and CVE-2025-26601, CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Rebuilt with xorg-x11-server-1.20.4-99.el7_9.tuxcare.els7, mitigating the security vulnerabilities identified by the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597 CVE-2025-26598, CVE-2025-26599, CVE-2025-26600 and CVE-2025-26601, CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180

0 tuxcare-oraclelinux7-els tigervnc-1.8.0-33.0.7.el7_9.tuxcare.els1.x86_64.rpm 9e9953b6b7ea2ba4858486f31d7c22ba2d4a6e8b92b4d3012d789b5bf8d223f6 tigervnc-icons-1.8.0-33.0.7.el7_9.tuxcare.els1.noarch.rpm 9e4fa9bbbde64138bc0bcf40d3f313c16f2c9117ac696cb0139b0b88a049dba6 tigervnc-license-1.8.0-33.0.7.el7_9.tuxcare.els1.noarch.rpm 85e71c770324fbdce966f48f009a2bd19a74e3ac4c5d35a60371b1477fa41b8e tigervnc-server-1.8.0-33.0.7.el7_9.tuxcare.els1.x86_64.rpm c727ff5c38b5e7998c32b9b6e5cd2bbfe574f02369923ff5e47d6b907a8842c8 tigervnc-server-applet-1.8.0-33.0.7.el7_9.tuxcare.els1.noarch.rpm 7a801febb37cf57a1817b1a197e2e60dcfd9da85e6df6061b09d8c8e65ca0b98 tigervnc-server-minimal-1.8.0-33.0.7.el7_9.tuxcare.els1.x86_64.rpm e6e95d082f4cdd2ad018957191202ca2ddd849540bc94c8a980bf73d7b152cd7 tigervnc-server-module-1.8.0-33.0.7.el7_9.tuxcare.els1.x86_64.rpm cadfe447aec05c9f6a1562c25b2a2c555c651fabd35c80a5ed37e767f928da4f CLSA-2025:1760704001 TuxCare License Agreement 0 - Bump version to 1.8.23-10.0.1.3 None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bump version to 1.8.23-10.0.1.3

0 tuxcare-oraclelinux7-els sudo-1.8.23-10.0.1.el7_9.3.tuxcare.els1.x86_64.rpm 88810f7e6ffefea623bc11c41139c554e3075b5b17da106daa7cc85fb0a2ad64 sudo-devel-1.8.23-10.0.1.el7_9.3.tuxcare.els1.i686.rpm 2a2b5554e372e8cade2f6b2514fdf50a81d6d9b517e3c2e32e11ca11290edbfb sudo-devel-1.8.23-10.0.1.el7_9.3.tuxcare.els1.x86_64.rpm 66d5e6964398b8c83215722caf9fc57ad169964264f94c358af2d50f51defad5 CLSA-2025:1760716390 TuxCare License Agreement 0 - Bump version to 3.1.2-12.0.1 None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bump version to 3.1.2-12.0.1

0 tuxcare-oraclelinux7-els rsync-3.1.2-12.0.1.el7_9.tuxcare.els1.x86_64.rpm 39b389cace6dd89d7a3d75df33e58cdc2f47f23cd15958f07a1c31c53ddacc9d CLSA-2025:1760982776 TuxCare License Agreement 0 - Bump package Release to 21.0.5 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bump package Release to 21.0.5 - CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative

0 tuxcare-oraclelinux7-els python3-3.6.8-21.0.5.el7_9.tuxcare.els1.i686.rpm 790719fbf7eda76688826e3ca90e89d2211a9d7d78cd30f55c3444d4b423666a python3-3.6.8-21.0.5.el7_9.tuxcare.els1.x86_64.rpm c185eb646e8eba0f9187615ba5dfc2fd2013200918eb01a91771ec5fa3669523 python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els1.i686.rpm 961eb82b606e0dfb996c04546783e3cbb901d284cbbd3a74a18ae41514a8c46d python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els1.x86_64.rpm fdf621685203eb05ff5b65428802ec00a8d0da80ce88f4d720a83132e7fd1919 python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els1.i686.rpm 51d5e978305da31825feb3d2c95e32f8455b595f724498c7252ba95015d1cefe python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els1.x86_64.rpm 145ec7fa203ecb413e0dd756e33d47335a835b523170d302286a7fa47e86f263 python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els1.i686.rpm 515ac8eb078754460a8d652efc0c2bf29a1d30b1b010a7ef802ff3bd63733584 python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els1.x86_64.rpm d282ab918a5624128dbb4c17f5ed1f1043d9ed69a7ffaa885442596133b2ab6f python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els1.i686.rpm 4a40cb65bf798bdcfa908fdee7025fc4d4521a327a546807e64394126b2cbd04 python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els1.x86_64.rpm a3dd99b564028c4e24a648570a76c218ca408245292b5204b23bc12440670227 python3-test-3.6.8-21.0.5.el7_9.tuxcare.els1.i686.rpm 5d5e3f0c25555bb2e40c12903f805fd6b2125baf4bd7047f0ab281b01a7c68d3 python3-test-3.6.8-21.0.5.el7_9.tuxcare.els1.x86_64.rpm b9b96a4dd1d1b9d34da92b88ee56752ac1882ffe240a2aca15a5bca205b4e857 python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els1.i686.rpm 08796872645313f310e7192bde2da1f761d390fd07baa4981409384d7df596e1 python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els1.x86_64.rpm 3e3899b69c295e3735f74df665700b1103855043674479124c0c968473a61e7c CLSA-2025:1761051864 TuxCare License Agreement 0 - CVE-2022-40897: fix Regular Expression Denial of Service (ReDoS) in package_index.py - CVE-2024-6345: fix remote code execution in package_index module Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2022-40897: fix Regular Expression Denial of Service (ReDoS) in package_index.py - CVE-2024-6345: fix remote code execution in package_index module

0 tuxcare-oraclelinux7-els python3-setuptools-39.2.0-10.0.5.el7.tuxcare.els1.noarch.rpm 261a01454b91d972ddabde139cf98c158132a564436d91a3622c654e3630de2f CLSA-2025:1761056432 TuxCare License Agreement 0 - Bump version to 1.1.28-6.0.3.tuxcare.els1 None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bump version to 1.1.28-6.0.3.tuxcare.els1

0 tuxcare-oraclelinux7-els libxslt-1.1.28-6.0.3.el7.tuxcare.els1.i686.rpm 8c04226c1f20252b3e58d3718c90dcf216420808a884713b34f34a8725f47213 libxslt-1.1.28-6.0.3.el7.tuxcare.els1.x86_64.rpm a966cd2a2902387087f5fd9dfff95451540546ea6b26ba1983afda777fc90dff libxslt-devel-1.1.28-6.0.3.el7.tuxcare.els1.i686.rpm e9ef7c367585f52f0be7e115bd42a0ac6ddc723d1dfcc7ee78f7f1b220931e84 libxslt-devel-1.1.28-6.0.3.el7.tuxcare.els1.x86_64.rpm ad8e3ab821b5fa5ab5240f4ca53a6cc1f9772c94da206e9c41065569c7b3f9bf libxslt-python-1.1.28-6.0.3.el7.tuxcare.els1.x86_64.rpm a6f8c1ae93d615942f81d7998fd371c0f5a3a54a10e7657aca48ca1806ba729a CLSA-2025:1761073890 TuxCare License Agreement 0 - Addition AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F21(ver:0x0B002151), cpuid:0x00B10F10(ver:0x0B10104E); - Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F11(ver:0x0A0011DE), cpuid:0x00A00F12(ver:0x0A001247), cpuid:0x00A00F82(ver:0x0A00820D), cpuid:0x00A10F11(ver:0x0A101158), cpuid:0x00A10F12(ver:0x0A101253), cpuid:0x00A10F81(ver:0x0A108109), cpuid:0x00A20F10(ver:0x0A20102E), cpuid:0x00A20F12(ver:0x0A201211), cpuid:0x00A40F41(ver:0x0A404108), cpuid:0x00A50F00(ver:0x0A500012), cpuid:0x00A60F12(ver:0x0A60120A), cpuid:0x00A70F41(ver:0x0A704108), cpuid:0x00A70F52(ver:0x0A705208), cpuid:0x00A70F80(ver:0x0A708008), cpuid:0x00A70FC0(ver:0x0A70C008), cpuid:0x00AA0F02(ver:0x0AA0021C); None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Addition AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F21(ver:0x0B002151), cpuid:0x00B10F10(ver:0x0B10104E); - Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F11(ver:0x0A0011DE), cpuid:0x00A00F12(ver:0x0A001247), cpuid:0x00A00F82(ver:0x0A00820D), cpuid:0x00A10F11(ver:0x0A101158), cpuid:0x00A10F12(ver:0x0A101253), cpuid:0x00A10F81(ver:0x0A108109), cpuid:0x00A20F10(ver:0x0A20102E), cpuid:0x00A20F12(ver:0x0A201211), cpuid:0x00A40F41(ver:0x0A404108), cpuid:0x00A50F00(ver:0x0A500012), cpuid:0x00A60F12(ver:0x0A60120A), cpuid:0x00A70F41(ver:0x0A704108), cpuid:0x00A70F52(ver:0x0A705208), cpuid:0x00A70F80(ver:0x0A708008), cpuid:0x00A70FC0(ver:0x0A70C008), cpuid:0x00AA0F02(ver:0x0AA0021C);

0 tuxcare-oraclelinux7-els iwl100-firmware-39.31.5.1-999.41.el7.tuxcare.els2.noarch.rpm a11e2a68a7d42bd16a14c3e59703f2ddb7be9b7cfef47f3ed94b74f9306994c3 iwl1000-firmware-39.31.5.1-999.41.el7.tuxcare.els2.noarch.rpm 95d89b3cb45d1c38060b09fdedec31a3058697f9183813ceb13e05ae3ec8a030 iwl105-firmware-18.168.6.1-999.41.el7.tuxcare.els2.noarch.rpm 6bdf7bbfff09631d8eb9c83ed622f0cdb29b20ffe1a24ce65afe8fb92aea65ac iwl135-firmware-18.168.6.1-999.41.el7.tuxcare.els2.noarch.rpm 2662d7ebf00a6ef01c6fe5d3bdc68a886764de3714337a0e5f67e3e0f48e735e iwl2000-firmware-18.168.6.1-999.41.el7.tuxcare.els2.noarch.rpm 88e4410b6e40093308eba49d56158b68038a4e798201f8bbdf196f576639f14d iwl2030-firmware-18.168.6.1-999.41.el7.tuxcare.els2.noarch.rpm ae63b49bfd0e2a1737cbe66ea64d414aa40c69f447e624fca381a250dc823b47 iwl3160-firmware-22.0.7.0-999.41.el7.tuxcare.els2.noarch.rpm 2035d7d4b03089c959eb47c5d4c2523a2fb1588cd0181c96f5dc29863936f26d iwl3945-firmware-15.32.2.9-999.41.el7.tuxcare.els2.noarch.rpm d0d2126af59e1eada56747767a801efb479566a79215edf8430130908fd1bc1b iwl4965-firmware-228.61.2.24-999.41.el7.tuxcare.els2.noarch.rpm c798cff99f7c64c939c6ac3057a8ab58f4470af5421257da79b47cb769e691da iwl5000-firmware-8.83.5.1_1-999.41.el7.tuxcare.els2.noarch.rpm d03591a8eed9e4cdaeb8ce286ea6914ea2e2fd0c8be188ace7c6f183bd86e0a7 iwl5150-firmware-8.24.2.2-999.41.el7.tuxcare.els2.noarch.rpm 76090786339c92f32d9a402d099f0bd198e06b8d521e0b8dd80931ef0c853584 iwl6000-firmware-9.221.4.1-999.41.el7.tuxcare.els2.noarch.rpm 6679b2219e58693b7f0129834d5b9462066dec9b371c18e46e03031f4f804f0a iwl6000g2a-firmware-17.168.5.3-999.41.el7.tuxcare.els2.noarch.rpm 0e4d039c9b4dcc9193f58d7b288b7fdc26d4838d93653aa63ffdd5adba3888ad iwl6000g2b-firmware-17.168.5.2-999.41.el7.tuxcare.els2.noarch.rpm a1141f9189c11c8b77f0ab66be79b352db6df5bca34f79eed275abfa803d6c6a iwl6050-firmware-41.28.5.1-999.41.el7.tuxcare.els2.noarch.rpm bed688c7e6ec20cce34df5940e16059cddd5db3bb8359208530f9b9d379e4ff3 iwl7260-firmware-22.0.7.0-999.41.el7.tuxcare.els2.noarch.rpm 744600c23b62483999da67351df5ca987e97d3727273364308f3e3f536d659ba iwlax2xx-firmware-20250611-999.41.el7.tuxcare.els2.noarch.rpm 563cf7fb3cbaf4adc56092ae536007823378af820532af024d178d9595330ca4 linux-firmware-20250611-999.41.git356f06bf.el7.tuxcare.els2.noarch.rpm 2535fa32d470a2f9c5d3c44e3371579873365c301e34c67414b8c7ba6881bba1 linux-nano-firmware-20250611-999.41.git356f06bf.el7.tuxcare.els2.noarch.rpm c9cfe1b3897d5bceb13111ae71b734b5c399e697bafd0547d12487010aacfbad CLSA-2025:1761074108 TuxCare License Agreement 0 - Update version None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Update version

0 tuxcare-oraclelinux7-els freetype-2.8-14.0.1.el7_9.1.tuxcare.els1.i686.rpm 40abc53698c47931ca251d8d9b3152cde22be57d141f3136d03758765b368eea freetype-2.8-14.0.1.el7_9.1.tuxcare.els1.x86_64.rpm a860bbae93b504999ea9a20e3f66d1788520c0d2d8f982f4a67e7ece8715ff14 freetype-demos-2.8-14.0.1.el7_9.1.tuxcare.els1.x86_64.rpm f699c359e678a64990b02361a3cf8b26d03d9f3a5c0a21aa7da2af98f29cf8db freetype-devel-2.8-14.0.1.el7_9.1.tuxcare.els1.i686.rpm 2e42248fb518a7839e87549527d73cede42b61d3840cba7c7353c2063524dfad freetype-devel-2.8-14.0.1.el7_9.1.tuxcare.els1.x86_64.rpm db288cf3c391d70e10489d99455750025f35b986e3a8d8adff9f368be6034af1 CLSA-2025:1761595580 TuxCare License Agreement 0 - CVE-2025-4948: fix integer underflow in soup_multipart_new_from_message() - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soup_multipart_new_from_message() None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-4948: fix integer underflow in soup_multipart_new_from_message() - CVE-2025-32049: fix Denial of Service attack to websocket server - CVE-2025-32914: fix OOB Read through soup_multipart_new_from_message()

0 tuxcare-oraclelinux7-els libsoup-2.62.2-2.0.5.el7.tuxcare.els1.i686.rpm 9fe9ee073c941b10e9ee782ea3777a7a050bea5236c6901c387ca7f3df15d92b libsoup-2.62.2-2.0.5.el7.tuxcare.els1.x86_64.rpm 7e6f9e9729763890c253dc60964fc82a77a83290f65f0ea9ae020082276ca9df libsoup-devel-2.62.2-2.0.5.el7.tuxcare.els1.i686.rpm 0b308f177a97338bbc559153875eef05bf6d4a13ff8484a5b0fd73e4922888b6 libsoup-devel-2.62.2-2.0.5.el7.tuxcare.els1.x86_64.rpm 805dc7da6e16df0bb1a3f603b3cc5a1dc943deed6ec1d5f79213b67c2552662f CLSA-2025:1761596531 TuxCare License Agreement 0 - Update version - Drop releasenote.md file None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Update version - Drop releasenote.md file

0 tuxcare-oraclelinux7-els microcode_ctl-2.1-73.23.0.20250812.el7_9.tuxcare.els1.x86_64.rpm e3088abc21cfc917228d6c93a40a982318e749a129b232eb6ae09cbe676057bf CLSA-2025:1761596679 TuxCare License Agreement 0 - gcc48-cfns-fix-protos: fix arm cross building inline issue None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- gcc48-cfns-fix-protos: fix arm cross building inline issue

0 tuxcare-oraclelinux7-els cpp-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm f7055de063c4116717c6c49c569a9e9b328e8009feb9f0d706624354eafb1f44 gcc-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 58979d6e9e25228948273f422a94f99885bdc2879b492acf6a84bb562c464ce9 gcc-c++-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 404043ede57cea6a0d220f627cd61c8430ba8181eef8c1d54a4ac97b5f72d2a1 gcc-gfortran-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm e7d77ac7f3a765ba786289d8ef8851df43433c10659db257b6fd670ca65f902a gcc-gnat-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm fb47a7fc93439b014548a8d4790cd59060962761151326e70c91e03dfc744047 gcc-go-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm e7d785c2c5956b7977aa26316bdc82ec82873ae9283a2146f7bb9a3b044213d7 gcc-objc++-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm d637e8f1f8a77da68c02de7249ee022ac3fdfca97802a6fdda4fc3f107feacfa gcc-objc-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 01fd6805ddde440443e0d9870c18766cdc8ff777fc8ad008b6cd337f71c300d6 gcc-plugin-devel-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm a38784b9a5cc27068007bc3519566ee77ee9180088ba97bd38ffe3e81928c9de libasan-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 8765f7d2e13f048e6e17e18f32de8251b6da7258644a6f2261df58c019978148 libasan-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 912769ec7acfbbaba545f7a4417786742fddb27f6cb7d6b337fbe88e1d4003b5 libasan-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 419fda946566daff27a97b5f1d25d1328bbfa5ff863394de85d437d27d346264 libasan-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 724faa0f83c287edaab0d8d84e9198f162d509cee48ff2773e2b125eb492fe2f libatomic-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 9a0d439a062bc804898095540c08a1f3bcb14727dec0ac75590a57b5fffa65e4 libatomic-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 2fb69946251dfd4068f6750355d35ee2869101f9780fbd5006ae0086a64ed6a9 libatomic-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm ebe7c9f6083b1efbce8e52f2b27633d5f6878f9398d0396d217b63d126a89601 libatomic-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm d5f3d97e0cbf9371a52f9e2368ebd5725336df57537abde6cae53f769e560108 libgcc-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 6e09aa6250c72c1939acaa502d477eb1abd8e41a47918ec6689f6b4fd86b4254 libgcc-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 89f8314e393182d77a722ecdd668e239df0006a1b6e0f70cd2560edb0d74181f libgfortran-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 31d1cc0fc4e69f3d7567b30d0985f50c042206cd654d59a6cff025919b0e630b libgfortran-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 064126cd8d9c6e7f92a82120b6edec6dfdbf7d9594ca9269febef92f27cad373 libgfortran-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm e60bd750c39baedfd62c1dd561f2420046151547293f385bf5a273bd34abc7a8 libgfortran-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm fd18f351a0128dc50712879b754d57bc701bea51701e68d3123df79d5d090faa libgnat-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 946700d8c29b7cf20e3d4665187ba712dc3c7bbdebbf673871a6fb8a879427a6 libgnat-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 902ffebf4c06d3a170b43e3a8becbb4ebb9cd2dd8396b6f89b7a93febde1f7a8 libgnat-devel-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm c0b4aec5277e009566a6906ff6d143cb4cbad132280a7a1733bb5745d6568330 libgnat-devel-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 73e8eeac3cabddf2958653fadc58e9c31872ca2eb257bc3eda215fdaab21be91 libgnat-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm eb8de03841d8263891bd7115fdc692f85fc81457d14774c999ca6c10494da908 libgnat-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 59e8dac672ed309e59aedc76f1e94869a119f1e1ebea12df960c50fea8e12ade libgo-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 896bb5e76f11c8c8a21f526ae2f49661ede6eff8e8c2fd18ec6e52b7219824e6 libgo-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm fbf680b0928d7aaa836442c5117e13560ba9dfd0f16ee0ff8d18ac2865137600 libgo-devel-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 88d11df5d9286ec3d6b1bd925eb5322bfb281e24a665f29de4f53b93deb1b038 libgo-devel-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 703fc955367f43d0943f2e42e71b99f935130f6ed6a1c30e49cb714cc37cd215 libgo-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm ed28d248c88d894dcab829da474feed09f2bff1bfe43010737cff4caa3326382 libgo-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 0784af90c93b59e17382fbb20db4a0bf2aaff3ce302c8feda182adc1a157c072 libgomp-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm c8461361524991c6c3322c286bd8ec47ed02f252f99ee05f25bad3c6d63cd0e1 libgomp-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 311c6a80bf5b26f4373af5923bba60e9163ed17cf0d6a393a20bfa0386df69e4 libitm-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 92cc1e3b8afe376e2619f9335478ddaec038992acc615e369540856cc1ed51d6 libitm-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 5e4b7cba61d8fba451f935a706b5125fafa64a564c916f34d7c0165b64247694 libitm-devel-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 21567b48012008e70d1fbe02cb51f9cade447fb87f1ad2385baa0eeef033134f libitm-devel-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm e2ef937d3517e290cef48e57fe38a3114a9763f1382a938f9cd78a98a9e65f2d libitm-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 0fe95865e8a52919945bbe4f5cd63b298b47c464150f5719d8dc72569d6130c8 libitm-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 30ee9eed4500ef13aff6116d748ec1e2552f3c7b252677ef2ecaa6bacba0d234 libmudflap-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm ee7e709add50e543ee2e4c96ae2e4c97d4586192337cf90cc4f2d7b72a571c77 libmudflap-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 238b74401aa873fde9d0b0500d265ac773ad4d2dfe0700a8dd104b9f785135a9 libmudflap-devel-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm e2118c623bede2f4332804985c357cdca3e84ef2794c794744b0a00dac2416f1 libmudflap-devel-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 76d5ba4aed715dd12fe2cdd397b5c365e2c15346a4ad653b28fa2dfabfd59bef libmudflap-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 4f1bfdddd1503c98c1ab8020460e6960670692cd77511be70f0f6026ec55cb73 libmudflap-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 852c2ddf2ca9ef93f9a8790ea92a41562e8b564d8f0fc07507b087e600f522ae libobjc-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm b679c2bc3b99adeec6d55d93caa46dd8888b78edad52367d050c4e71d91ba37c libobjc-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 6a45338a6121ae5d6cb09d5cb6bdc9a339fc4a86116ebf50cde1bc011701a468 libquadmath-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 3098bb8c18a16bbcc9917ac79f686d7ee3cc5f80c910f4a5db7329a01c8d3ec2 libquadmath-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 17adbaf1936094403fb9918c2fd8d3a38a36cf2fdeb7cb668507cd378040f322 libquadmath-devel-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 239ab1d17095485c8cb323b55245c4d260b730a4f96c04aacf057504f1bcf658 libquadmath-devel-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 1fe1e08fcf6d26a88ef902bd2ce9f1f751418e450e51ea61ab7eea47e75b4442 libquadmath-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 2e03fc5b992ad7834fc7c5d20301505e73074975a4c3f08c89be8ad42c2a85ea libquadmath-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 48174851d157eaeda75ad9e63b5606e35cfe7d9232f5081e1e6c67e6128af5e8 libstdc++-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 17842b1920cd86078e07605ed363f1638ca749ab898cd4aa440dea53caf8e0b8 libstdc++-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm e9ba8d5634cad3157aa1d2aecc4b517497613206ca50d5cc2a21cab26b1dc128 libstdc++-devel-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 412c60301a99faa4d4299a672b88bf2b9535a1bc697ecfb0a39102d9271202b0 libstdc++-devel-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 94ddfc5440682eb5370a9f56de92b3dda2d7de63f14f2d21f699296fa4704eea libstdc++-docs-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 190659f612cf6dbd3f3d727688ed5a2e83df4bc71e12f578525066fd7e68c491 libstdc++-static-4.8.5-45.0.3.el7.tuxcare.els2.i686.rpm 8840bf2ddfa7461af5a045a2ba3d549c9f20445da40e609d85bd9a9e44c73883 libstdc++-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 5666596e7b3b4eb6caf91998c54f6ecdd33337bc566753e55b2bb8ff8db740d4 libtsan-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm a24ad96660c8c37c120c6dadb584d0b4926fa2f20cf329c291800f171198b8a5 libtsan-static-4.8.5-45.0.3.el7.tuxcare.els2.x86_64.rpm 7ccfae4c502fb8d559a7427106f08d2939b5184153bd080fa489f7a06bcdbb9c CLSA-2025:1762244592 TuxCare License Agreement 0 - ext4: fix possible UAF when remounting r/o a mmp-protected file system {CVE-2021-47342} - ext4: fix memory leak in ext4_fill_super - net: defer final 'struct net' free in netns dismantle {CVE-2024-56658} - net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701} - fix: virtio-net: Add validation for used length {CVE-2021-47352} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- ext4: fix possible UAF when remounting r/o a mmp-protected file system {CVE-2021-47342} - ext4: fix memory leak in ext4_fill_super - net: defer final 'struct net' free in netns dismantle {CVE-2024-56658} - net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701} - fix: virtio-net: Add validation for used length {CVE-2021-47352}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 7b37ee02e98b87d0a82e1866278644a0e3885dece6a900e2b6e233042fcea11a kernel-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 32c4d56c4219aa7f6b5bec71e9834765b990acacbc277fabf567dd7b3ae7849a kernel-debug-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 47a830e01119042db338320a422ce68668241b9f44ef34a480757745312155a0 kernel-debug-devel-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm ab5e6bd2da839cd88cb00c3dbb74bdc3b78c3d2d9322961475d0112a50e38357 kernel-devel-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 60cba14b1c7694dc499b6991ceed37ff039616ed1469c3525ea9bdb476633ea4 kernel-headers-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 5ec175b91e616d710762f7447e2b351d79cbfc4bab0527715830ddf438c4077c kernel-tools-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 71f7cc0b05b8f64591d34ccc85595ac273c6fa8d9b8325c119579a6bdd9af4a0 kernel-tools-libs-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 5f9f1286440f501e3fb76f4a7dac8dd0512d7a58f06524e36faf2eab17564fd0 kernel-tools-libs-devel-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm e05bdeb0d54b16833cdf5627b1b1eaf44ee0638759401745dd6e3015d396f97b perf-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 1b4680729f12093ed820547ecc894b627531f2987a4250235f77d1f52450c8fc python-perf-3.10.0-1160.139.1.el7.tuxcare.els2.x86_64.rpm 8ac5941dc85fc02438646e4b915b1c79c385b4831c2d2115d315292bd39673e1 CLSA-2025:1762423156 TuxCare License Agreement 0 - CVE-2025-58060: fix authentication bypass by checking password when AuthType is set to anything but Basic. Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-58060: fix authentication bypass by checking password when AuthType is set to anything but Basic.

0 tuxcare-oraclelinux7-els cups-1.6.3-52.el7_9.tuxcare.els2.x86_64.rpm 53b24654f0dbea8ff27eab724a84927d0102f37c3bd46e5f1a27c1f2fcff2184 cups-client-1.6.3-52.el7_9.tuxcare.els2.x86_64.rpm 09253e14d0909f0c975ad60f282d1c9ce1e0115bbdcb3adc0b1ea792d2865a36 cups-devel-1.6.3-52.el7_9.tuxcare.els2.i686.rpm f7607885c418a3523aab9b2c822592910e57246f42cecb4d4b454e840dcfeb7d cups-devel-1.6.3-52.el7_9.tuxcare.els2.x86_64.rpm 2e29cc75d8624ca00cb700b769e335f324c82116bbd925967076e9183ce887d7 cups-filesystem-1.6.3-52.el7_9.tuxcare.els2.noarch.rpm 0cfefea2d29250f5f0c9b22488eaae260200909d59908148147832f742783f68 cups-ipptool-1.6.3-52.el7_9.tuxcare.els2.x86_64.rpm 8c3aab51bfe1df954484bb24ad2b21fb9127d388ee105a97b5973da72aafa78f cups-libs-1.6.3-52.el7_9.tuxcare.els2.i686.rpm 932d9c484f0c939e4ae6358ca8ef3e37f1640ec743f38eba73cf6019f514cfc0 cups-libs-1.6.3-52.el7_9.tuxcare.els2.x86_64.rpm 16b81828d2b1543efc440d41685e0944551d9aecaa1bc927a2e1b2030b085e62 cups-lpd-1.6.3-52.el7_9.tuxcare.els2.x86_64.rpm 40f8df0ce94cf660fcbfa63c77b27341566b4c2a22c2d0e8c13ef83bd4c726dd CLSA-2025:1762537123 TuxCare License Agreement 0 - CVE-2024-35235: patch arbitrary chmod vulnerability in cupsd process when starting server with symbolic link Listen configuration item Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-35235: patch arbitrary chmod vulnerability in cupsd process when starting server with symbolic link Listen configuration item

0 tuxcare-oraclelinux7-els cups-1.6.3-52.el7_9.tuxcare.els3.x86_64.rpm 184fa64a53c82855bfca8ccc1f287a09e79a1aecd1d9e34f6c34f4bf15bc5aa2 cups-client-1.6.3-52.el7_9.tuxcare.els3.x86_64.rpm 9b7cb8929be34c4fc95526f0652d93fd3a64fe649755ea394b5b310b5a0b276e cups-devel-1.6.3-52.el7_9.tuxcare.els3.i686.rpm 464de8d94a02994ff9f73e49138928feac261308122c08e4845f74bcbb7544dc cups-devel-1.6.3-52.el7_9.tuxcare.els3.x86_64.rpm c3949f9d31dc7becc2a198a0432d8a022c41731cf66fbc54eece24046ddbe4ec cups-filesystem-1.6.3-52.el7_9.tuxcare.els3.noarch.rpm 60fc347f99e4366336184984444f50643487bceb8bd7435c8db3e05fdb6da915 cups-ipptool-1.6.3-52.el7_9.tuxcare.els3.x86_64.rpm 5bd6e9aef9ff47dbab41386abd8b858e9fea32fffec64d00bbfc5982ac78f0d0 cups-libs-1.6.3-52.el7_9.tuxcare.els3.i686.rpm f4e575ba34a9fc57296594712a120a0a31887a50bfe266dc1bd60f135dca34c0 cups-libs-1.6.3-52.el7_9.tuxcare.els3.x86_64.rpm 374b3d34fa6ad1911388ce73f749d06a837f0c97a54c7f8d2b36aae44b0daf89 cups-lpd-1.6.3-52.el7_9.tuxcare.els3.x86_64.rpm 7ebaffa2a02c46ee09f8dd86d611777ce90a90c6d25a9986361b88541f6b5417 CLSA-2025:1762539974 TuxCare License Agreement 0 - CVE-2025-9900: fix write-what-where vulnerability in processing TIFF image files Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-9900: fix write-what-where vulnerability in processing TIFF image files

0 tuxcare-oraclelinux7-els libtiff-4.0.3-35.el7.tuxcare.els6.i686.rpm 696e9e08f5eb00714c82a2277c959529e7a5628181ec115507eaa4b5078546ec libtiff-4.0.3-35.el7.tuxcare.els6.x86_64.rpm d7d832068e5f832707ed126ff6615ddc47f66661cbf07ebe3361ae8a159ed3e4 libtiff-devel-4.0.3-35.el7.tuxcare.els6.i686.rpm 020b5c8f06833465b30814aca060b4c2b0015f67d5f5947c3b428712596b7346 libtiff-devel-4.0.3-35.el7.tuxcare.els6.x86_64.rpm c5e065ec0df72ed0f0c84ecd1b997ad19355f06ef389d1e5448e4c5e13ab2d32 libtiff-static-4.0.3-35.el7.tuxcare.els6.i686.rpm 9d8d18783824dbc2997604a5d7208cb2439f2da77844d0d7cc9be07143252ee3 libtiff-static-4.0.3-35.el7.tuxcare.els6.x86_64.rpm f052394df3d51628de9360c9f3ed93f849275a6a1897475c2da22451d10dc743 libtiff-tools-4.0.3-35.el7.tuxcare.els6.x86_64.rpm e0345c07e6ae0fa379a6841ec810418dc8378bbc1d1f5d977df7776694614840 CLSA-2025:1762540366 TuxCare License Agreement 0 - CVE-2016-9840: fix improper pointer arithmetic in inftrees.c Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2016-9840: fix improper pointer arithmetic in inftrees.c

0 tuxcare-oraclelinux7-els rsync-3.1.2-12.0.1.el7_9.tuxcare.els2.x86_64.rpm ee4600bae97cddbc67ac1005dcf92d1720cb04da6f421caa7a6cc7f42eec81ce CLSA-2025:1762958654 TuxCare License Agreement 0 - CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses (filter="tar"/filter="data") Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses (filter="tar"/filter="data")

0 tuxcare-oraclelinux7-els python3-3.6.8-21.0.5.el7_9.tuxcare.els2.i686.rpm dbc052012e08a8a847bcb330155358021812cee1d87ec3267ee84033cac3edb3 python3-3.6.8-21.0.5.el7_9.tuxcare.els2.x86_64.rpm d3247599e3e2014e7e2202b65cf5b02422ece01d66f89e167c8be568a8b9468a python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els2.i686.rpm 26aa2bfd1fb4ee17f6e46a616b6eb1f0d062c2022a9145b8047ac03c157bc95f python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els2.x86_64.rpm 655cc370f5676d26e8c71792f99ebaa5946e6512442bb2aa3e0377be5a031b3e python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els2.i686.rpm dc2c4dcad9076db37be955ddafb275e8e156ad741a45b342b2518f27a336a127 python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els2.x86_64.rpm 83b47e477b128872597a59994ad915de4f35bf8f6f323a767d00b77637a0123c python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els2.i686.rpm 102aaf9941d32f347707a0869bb65e5e88fa4699ac401bc854facaee2561448d python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els2.x86_64.rpm 9d30a39c7112b606a90fe7616abb26ca806c08dc29323ff94c21adb282df8d2f python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els2.i686.rpm 923272e66aaa70f85aff01db49437abad3b085d2131c030496e5514086db47d4 python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els2.x86_64.rpm f0ebed2426d7efee1f19b3cd567ad6a73ffe1e70362cd49dfcee7da01cd94956 python3-test-3.6.8-21.0.5.el7_9.tuxcare.els2.i686.rpm 01f09680491c50bc6160cb74bfafd99ef560c2ed69a7c4d298d9b7a06780d533 python3-test-3.6.8-21.0.5.el7_9.tuxcare.els2.x86_64.rpm d5dc7ca6b9b77db70a345b5f49893c450fdc44e34368f4f0e4709217a9ba38f9 python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els2.i686.rpm 9f0ff0fae59198e1ca3fea58904019b59701c73c2f2b7f1f1deb69cfde29999b python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els2.x86_64.rpm 79f87cd18b3f096dbda33daca55169b09cfda611f90d4a7e8f87914ad04a1280 CLSA-2025:1763033745 TuxCare License Agreement 0 - CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs

0 tuxcare-oraclelinux7-els python-2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64.rpm 3691d9eb5742aacea4e080ec6eddfb1ddd60a11155234ff20f41a6382b36ce99 python-debug-2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64.rpm 90e946618724175b927763ab7b84889251333ec30d7e3964d5cffc7b7db1f06c python-devel-2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64.rpm 3c5797c4b11fb968d7e6bf1d4a789ae1ff239be4b443b0dffedd30c604692d82 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els2.i686.rpm 030830600cc1d0ce86c43ad292367ada1270139f1834ddc627938a04c51051b0 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64.rpm 804fd159c4e6b5055b9bbabbdaa7e504d444b05541a15cb2a606f1a7dc8a40b3 python-test-2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64.rpm 23c77392d42f07266813c3b3a0a195add7ef6ba799913c601d927cf73b71eb13 python-tools-2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64.rpm 2c435a9153984729f6646272b69e2b7a8405dbad9b8010dc51df8f0a91d79f0a tkinter-2.7.5-94.0.1.el7_9.tuxcare.els2.x86_64.rpm 954f38d406b31221b869df56f6dc90e1a11b6582864272158d5fdbb2c244ddf2 CLSA-2025:1763371545 TuxCare License Agreement 0 - CVE-2025-7345: fix heap buffer overflow during base64 encoding in gdk_pixbuf__jpeg_image_load_increment() Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-7345: fix heap buffer overflow during base64 encoding in gdk_pixbuf__jpeg_image_load_increment()

0 tuxcare-oraclelinux7-els gdk-pixbuf2-2.36.12-3.el7.tuxcare.els1.i686.rpm c0dd7cd2c2e7a47a8a8465c44c6acceec7ae9a1e67be65548b462820f83880d7 gdk-pixbuf2-2.36.12-3.el7.tuxcare.els1.x86_64.rpm 5784ea0c49cd51099dafcaf0413a4823f8fc982219fa8a0455ce59856adc2057 gdk-pixbuf2-devel-2.36.12-3.el7.tuxcare.els1.i686.rpm cde157c3d2a949b7008c09ecb992399d58b6f4c3e5bd8fd295b64dd6b0c4db8d gdk-pixbuf2-devel-2.36.12-3.el7.tuxcare.els1.x86_64.rpm 57c63b160effd4aefaf0ba4108ffe96e7d6e879e5567f24d9de535bf30321f19 gdk-pixbuf2-tests-2.36.12-3.el7.tuxcare.els1.x86_64.rpm f2f18f757b663dc6600cb73af2aa396ae8044dbbea1ad9539ee0ab8c0f564d27 CLSA-2025:1763371827 TuxCare License Agreement 0 - CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-11561: prevent unexpected Kerberos principal-to-account mappings when SSSD's localauth plugin cannot resolve a principal

0 tuxcare-oraclelinux7-els libipa_hbac-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm 2611561a40ea303ebedc6915a7c71ae2f33a950e836e31959ee773f78f6a86cb libipa_hbac-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm eb2d335477c6f8114594312fe4e668995a0faf583ea2bdc35d4787ce33a36ac8 libipa_hbac-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm f5ef4b4d7a9c1319df151bed14bd9954caa23121be51d0a6941dff6002d6ccb3 libipa_hbac-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 10ca0aea6b74e092b27ddd0002a386eaff80cac4f9e9acc44df62b6ba1bee162 libsss_autofs-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm fb2736f0a3996a0fa78329c45d5364688638bf185653d3ea390fa21aedf688fc libsss_certmap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm 5acfde56dd615deaf4430814f41731a6356c2c25254628fc156fbfdcad01b575 libsss_certmap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 24cd60498899c0142cd9d22ab3e395e0534f964cbf274e9d3e100cb361bc3043 libsss_certmap-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm 9954f6cab2ad1f147a7c83a11bc466c4991221e7f0954d68af797e10d057d7dc libsss_certmap-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 430572f74505e6130d5452e97d70b4f38b6ea24972f4174ee960b19ceaccdd55 libsss_idmap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm 69090bdb191a8a158d45ea86c79b95eac8e6f81681067c1fbd3c3d63c0573152 libsss_idmap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 76094e5ddf68cd20e2ba3eedac69e2309ee7d7f36a8582b877b6f75f90fe7b7a libsss_idmap-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm 491b86352de9215c50480fa1ca9d7ddbaf6a005237c040c2b1523e43dbe32b84 libsss_idmap-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm b82f94013d1e709acb0075cfdddd867a3d78b5309b84c28db22d3ecff27fb904 libsss_nss_idmap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm 433b9b421673b58f55d069327b801edc9f59b77b06c6e33bb94a0e452441f07e libsss_nss_idmap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 3c35a35a03a94ed26f07a466ed5abe48edd763af5cc17a44eeac8764afdf6bf9 libsss_nss_idmap-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm ed1b1cb64bc848bc4eabdd1a0991d059a16d00e5c7d4ed04572666dc25252b6e libsss_nss_idmap-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm a46efae62729e52d143051292ab4564a5e34db5a77dc2ceb66a8e2cfa7672ca3 libsss_simpleifp-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm 4de0869aaf28eba2348354c2dd665807bbac2a1b6943031b26ec35afbb9265b9 libsss_simpleifp-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm bc5745f3d9abcb10a78446ba9e88a63e0337e10df572a2733cd2a6a619698161 libsss_simpleifp-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm 7801cee735287494099286930a6db272a38aa75ef448508b41dafa03d97cdbd4 libsss_simpleifp-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 64c64224372fb21372eab8a5ad8798170d43421fba36297af9d62a56247bf3d3 libsss_sudo-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 197f5256366455a1980042b9d75ed7f65d473a00147844516164826f02b4e356 python-libipa_hbac-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 573e0df46db1a16c10edc5110181e8c0e5fbe5a4960a2621b22cbe7694b032ff python-libsss_nss_idmap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 02be8ee8cb2803f2eca9c775a2ee7ab50e8d3505b6bc6656151cc30f81be20f3 python-sss-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm b14b0a2c66bb2e28e9516b816c5c15588c6fb88fc06fa6e92e367b5480a0d153 python-sss-murmur-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm b958eed67d85785969c35961b36b7bddb1a857ae15f8d5677646cbf9bc9b8e48 python-sssdconfig-1.16.5-10.0.3.el7_9.16.tuxcare.els1.noarch.rpm c72177e02506a827acfb7085e138f8a3e95f3f4dca17c732f0bff665e3613253 sssd-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 549248a0a0822eed17cb4256a06d08a9a8ec0d2a3aa8ed2c909b3640a0e93889 sssd-ad-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm b9e7ad2134df9344c07c5f8416c92feda395b7db0493a92676730d690392824e sssd-client-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm b2a45da754a199c73595b41287a7c4d2a1faf377a36babd81d081f821607040e sssd-client-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm d5709659f2a0d103932b3bd80278572cc0588352399d8dcf3710ef858edd9267 sssd-common-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm b541bcad9f1916b8638c17c3e7d7fa676891779b8c35e6146e885091422ff265 sssd-common-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 7771c677e8174462657d0021930b2e1862b42f5458fbab6a029de44957a8cbfc sssd-common-pac-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 6e5e640b4e9eb22a681491ee5cf934130bff65b1c3ddeab176960734a9c2674f sssd-dbus-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm e2d1c06ecf41a61883c8f9ba64868ac2e23df4270a20eb02c24c729e133a9d67 sssd-ipa-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm d8562e2f878dcb0cfe68715017118c34f41fd4fc43a5d1f39ad552cc7fc80ea7 sssd-kcm-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm e1d49ea6996f284a0d4df4ed3900f3893d6f9c9fc681a4c14fd2cf9939fe7e0f sssd-krb5-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm f86ce7d4cf92db6ccdff3f195e648759beda93c157643e8418bc3a3989b39fb3 sssd-krb5-common-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 43be5107c0999f24b76bc3415b995d8e1f4acafbe6c97634ba60916720478212 sssd-ldap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 4261a7fbad71e8f651bb08c8ba0d168cf8a196d71bae3035e0cb6476460e94da sssd-libwbclient-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm c61546c8ec23adebd3076c55202779d10b6eec0f9069e8921e99fa9eab74ade5 sssd-libwbclient-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.i686.rpm a52a498e15f959ce4abd1471a35e0187e83c506143e706889e12ce4e6aec3eae sssd-libwbclient-devel-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 2ab0154a4a0a5d957b903f5600f70494cfd473c4979825030382db7fd299f174 sssd-polkit-rules-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 7454cdfbd257a2fbea5d75d47166e43004c2505a84400d9ff55454382499a231 sssd-proxy-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 0487d16666442b14c3245db54a6cd7348290fb86f3da044b6ccafaa3d7ae21c2 sssd-tools-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 76fab7d3837ae081c435dd0e8a04915a98f08a99b22ad424e2651aff16bd14a1 sssd-winbind-idmap-1.16.5-10.0.3.el7_9.16.tuxcare.els1.x86_64.rpm 294b989de5de4ea4a987884c077150b45c2c58b69ae44456435c0f9710d07ecd CLSA-2025:1763647795 TuxCare License Agreement 0 - Merge python-setuptools-0.9.8-7.0.1.el7.src.rpm Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Merge python-setuptools-0.9.8-7.0.1.el7.src.rpm

0 tuxcare-oraclelinux7-els python-setuptools-0.9.8-7.0.1.el7.tuxcare.els1.noarch.rpm 981007dc64a888163e7990e1df19727dffe61e6e8eaf3c8d3b40f6e06a8d5c85 CLSA-2025:1764085382 TuxCare License Agreement 0 - drm/amd/display: Skip on writeback when it's not applicable {CVE-2024-36914} - ASoC: topology: Fix references to freed memory {CVE-2024-41069} - Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966} - Bluetooth: SCO: Fix not validating setsockopt user input - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - xfs: don't walk off the end of a directory data block {CVE-2024-41013} - wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937} - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - net/rds: Fix rs_recv_pending counting issue - LTS tag: v5.4.301 - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg - media: s5p-mfc: remove an unused/uninitialized variable - NFSD: Fix last write offset handling in layoutcommit - NFSD: Minor cleanup in layoutcommit processing - padata: Reset next CPU when reorder sequence wraps around - KEYS: trusted_tpm1: Compare HMAC values in constant time - NFSD: Define a proc_layoutcommit for the FlexFiles layout type {CVE-2025-40087} - vfs: Don't leak disconnected dentries on umount {CVE-2025-40105} - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination {CVE-2025-40167} - drm/amdgpu: use atomic functions with memory barriers for vm fault info - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() {CVE-2025-40198} - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Flush posted register writes before INDAC access - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - memory: samsung: exynos-srom: Correct alignment - arm64: errata: Apply workarounds for Neoverse-V3AE - arm64: cputype: Add Neoverse-V3AE definitions - comedi: fix divide-by-zero in comedi_buf_munge() {CVE-2025-40106} - binder: remove "invalid inc weak" check - xhci: dbc: enable back DbC in resume if it was enabled before suspend - usb/core/quirks: Add Huawei ME906S to wakeup quirk - USB: serial: option: add Telit FN920C04 ECM compositions - USB: serial: option: add Quectel RG255C - USB: serial: option: add UNISOC UIS7720 - net: ravb: Ensure memory write completes before ringing TX doorbell - net: usb: rtl8150: Fix frame padding - ocfs2: clear extent cache after moving/defragmenting extents - MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering - Revert "cpuidle: menu: Avoid discarding useful information" - net: bonding: fix possible peer notify event loss or dup issue - sctp: avoid NULL dereference when chunk data buffer is missing - arm64, mm: avoid always making PTE dirty in pte_mkwrite() - net: enetc: correct the value of ENETC_RXB_TRUESIZE - rtnetlink: Allow deleting FDB entries in user namespace - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del - net: add ndo_fdb_del_bulk - net: rtnetlink: add bulk delete support flag - net: netlink: add NLM_F_BULK delete request modifier - net: rtnetlink: use BIT for flag values - net: rtnetlink: add helper to extract msg type's kind - net: rtnetlink: add msg kind names - net: rtnetlink: remove redundant assignment to variable err - m68k: bitops: Fix find_*_bit() signatures - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - dlm: check for defined force value in dlm_lockspace_release - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: make proper initalization of struct hfs_find_data - hfs: clear offset and space out of valid records in b-tree node - exec: Fix incorrect type for ret - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() {CVE-2025-40088} - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - sched/fair: Fix pelt lost idle time detection - sched/balancing: Rename newidle_balance() => sched_balance_newidle() - sched/fair: Trivial correction of the newidle_balance() comment - sched: Make newidle_balance() static again - tls: don't rely on tx_work during send() - tls: always set record_type in tls_process_cmsg - tg3: prevent use of uninitialized remote_adv and local_adv variables - tcp: fix tcp_tso_should_defer() vs large RTT - amd-xgbe: Avoid spurious link down messages during interface toggle - net/ip6_tunnel: Prevent perpetual tunnel growth {CVE-2025-40173} - net: dlink: handle dma_map_single() failure properly - net: dl2k: switch from 'pci_' to 'dma_' API - media: pci: ivtv: Add missing check after DMA map - media: pci/ivtv: switch from 'pci_' to 'dma_' API {CVE-2024-43877} - xen/events: Update virq_to_irq on migration - media: lirc: Fix error handling in lirc_register() - media: rc: Directly use ida_free() - drm/exynos: exynos7_drm_decon: remove ctx->suspended - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() {CVE-2025-40205} - pwm: berlin: Fix wrong register in suspend/resume {CVE-2025-40188} - media: cx18: Add missing check after DMA map - xen/events: Cleanup find_virq() return codes - cramfs: Verify inode mode when loading from disk - fs: Add 'initramfs_options' to set initramfs mount options - pid: Add a judgment for ns null in pid_nr_ns {CVE-2025-40178} - minixfs: Verify inode mode when loading from disk - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference {CVE-2025-40042} - dm: fix NULL pointer dereference in __dm_suspend() {CVE-2025-40134} - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - Squashfs: reject negative file sizes in squashfs_read_inode() {CVE-2025-40200} - Squashfs: add additional inode sanity checking - media: mc: Clear minor number before put device {CVE-2025-40197} - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - fs: udf: fix OOB read in lengthAllocDescs handling {CVE-2025-40044} - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O {CVE-2025-40026} - net/9p: fix double req put in p9_fd_cancelled {CVE-2025-40027} - ext4: guard against EA inode refcount underflow in xattr update {CVE-2025-40190} - ext4: correctly handle queries for metadata mappings - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - x86/umip: Check that the instruction opcode is at least two bytes - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - rseq/selftests: Use weak symbol reference, not definition, to link with glibc - rtc: interface: Fix long-standing race when setting alarm - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - mmc: core: SPI mode remove cmd7 - mtd: rawnand: fsmc: Default to autodetect buswidth - sparc: fix error handling in scan_one_device() - sparc64: fix hugetlb for sun4u - sctp: Fix MAC comparison to be constant-time {CVE-2025-40204} - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - parisc: don't reference obsolete termio struct for TC* constants - lib/genalloc: fix device leak in of_gen_pool_get() - iio: frequency: adf4350: Fix prescaler usage. - iio: dac: ad5421: use int type to store negative error codes - iio: dac: ad5360: use int type to store negative error codes - crypto: atmel - Fix dma_unmap_sg() direction - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() {CVE-2025-40194} - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - media: i2c: mt9v111: fix incorrect type for ret - firmware: meson_sm: fix device leak at probe - xen/manage: Fix suspend error path - arm64: dts: qcom: msm8916: Add missing MDSS reset - ACPI: debug: fix signedness issues in read/write helpers - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - tpm, tpm_tis: Claim locality before writing interrupt registers - crypto: essiv - Check ssize for decryption and in-place encryption {CVE-2025-40019} - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - tools build: Align warning options with perf - net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). {CVE-2025-40186} - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() {CVE-2025-40187} - drm/vmwgfx: Fix Use-after-free in validation {CVE-2025-40111} - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue {CVE-2025-40001} - scsi: mvsas: Use sas_task_find_rq() for tagging - scsi: mvsas: Delete mvs_tag_init() - scsi: libsas: Add sas_task_find_rq() - clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver - clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() - perf session: Fix handling when buffer exceeds 2 GiB - rtc: x1205: Fix Xicor X1205 vendor prefix - perf util: Fix compression checks returning -1 as bool - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - clocksource/drivers/clps711x: Fix resource leaks in error paths - pinctrl: check the return value of pinmux_ops::get_function_name() {CVE-2025-40030} - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak {CVE-2025-40035} - mm: hugetlb: avoid soft lockup when mprotect to large memory area {CVE-2025-40153} - uio_hv_generic: Let userspace take care of interrupt mask {CVE-2025-40048} - Squashfs: fix uninit-value in squashfs_get_parent {CVE-2025-40049} - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - nfp: fix RSS hash key size when RSS is not supported - drivers/base/node: fix double free in register_one_node() - ocfs2: fix double free in user_cluster_connect() {CVE-2025-40055} - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast {CVE-2025-40140} - RDMA/siw: Always report immediate post SQ errors - usb: vhci-hcd: Prevent suspending virtually attached devices - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() {CVE-2025-40115} - ipvs: Defer ip_vs_ftp unregister during netns cleanup {CVE-2025-40018} - NFSv4.1: fix backchannel max_resp_sz verification check - remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - sparc: fix accurate exception reporting in copy_{from,to}_user for M7 - sparc: fix accurate exception reporting in copy_to_user for Niagara 4 - sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara {CVE-2025-40112} - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III {CVE-2025-40124} - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC {CVE-2025-40126} - IB/sa: Fix sa_local_svc_timeout_ms read race - RDMA/core: Resolve MAC of next-hop device without ARP support - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - drivers/base/node: handle error properly in register_one_node() - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog - netfilter: ipset: Remove unused htable_bits in macro ahash_region - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping {CVE-2025-40121} - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154} - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - pps: fix warning in pps_register_cdev when register device fail {CVE-2025-40070} - misc: genwqe: Fix incorrect cmd field being reported in error - usb: gadget: configfs: Correctly set use_os_string at bind - usb: phy: twl6030: Fix incorrect type for ret - tcp: fix __tcp_close() to only send RST when required - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - wifi: mwifiex: send world regulatory domain to driver - ALSA: lx_core: use int type to store negative error codes - media: rj54n1cb0c: Fix memleak in rj54n1_probe() - scsi: myrs: Fix dma_alloc_coherent() error check - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod {CVE-2025-40118} - serial: max310x: Add error checking in probe() - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup {CVE-2025-40116} - drm/radeon/r600_cs: clean up of dead code in r600_cs - i2c: designware: Add disabling clocks when probe fails - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - bpf: Explicitly check accesses to bpf_sock_addr {CVE-2025-40078} - selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported - pwm: tiehrpwm: Fix corner case in clock divisor calculation - block: use int to store blk_stack_limits() return value - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx {CVE-2025-40125} - pinctrl: meson-gxl: add missing i2c_d pinmux - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - regmap: Remove superfluous check for !config in __regmap_init() - x86/vdso: Fix output operand size of RDPID - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() {CVE-2025-40081} - driver core/PM: Set power.no_callbacks along with power.no_pm - staging: axis-fifo: flush RX FIFO on read errors - staging: axis-fifo: fix maximum TX packet length check - perf subcmd: avoid crash in exclude_cmds when excludes is empty - dm-integrity: limit MAX_TAG_SIZE to 255 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - USB: serial: option: add SIMCom 8230C compositions - media: rc: fix races with imon_disconnect() {CVE-2025-39993} - media: imon: grab lock earlier in imon_ir_change_protocol() - media: imon: reorganize serialization - media: rc: Add support for another iMON 0xffdc device - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe {CVE-2025-39995} - media: tuner: xc5000: Fix use-after-free in xc5000_release {CVE-2025-39994} - media: tunner: xc5000: Refactor firmware load - udp: Fix memory accounting leak. {CVE-2025-22058} - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove {CVE-2025-39996} - scsi: target: target_core_configfs: Add length check to avoid buffer overflow {CVE-2025-39998} - LTS tag: v5.4.300 - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - mm/hugetlb: fix folio is still mapped when deleted {CVE-2025-40006} - i40e: add mask to apply valid bits for itr_idx - i40e: fix validation of VF state in get resources {CVE-2025-39969} - i40e: fix idx validation in config queues msg {CVE-2025-39971} - i40e: add validation for ring_len param {CVE-2025-39973} - i40e: increase max descriptors for XL710 - mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() {CVE-2025-21861} - fbcon: Fix OOB access in font allocation - fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967} - i40e: add max boundary check for VF filters {CVE-2025-39968} - i40e: fix input validation logic for action_meta {CVE-2025-39970} - i40e: fix idx validation in i40e_validate_queue_map {CVE-2025-39972} - drm/gma500: Fix null dereference in hdmi teardown {CVE-2025-40011} - can: peak_usb: fix shift-out-of-bounds issue {CVE-2025-40020} - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39985} - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39986} - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39987} - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - usb: core: Add 0x prefix to quirks debug output - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - ALSA: usb-audio: Convert comma to semicolon - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer {CVE-2025-39937} - net: rfkill: gpio: add DT support - serial: sc16is7xx: fix bug in flow control levels init - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - usb: gadget: dummy_hcd: remove usage of list iterator past the loop body - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - ASoC: wm8974: Correct PLL rate rounding - ASoC: wm8940: Correct typo in control name - mmc: mvsdio: Fix dma_unmap_sg() nents value - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} - net: liquidio: fix overflow in octeon_init_instr_queue() - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955} - i40e: remove redundant memory barrier when cleaning Tx descs - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - cgroup: split cgroup_destroy_wq into 3 workqueues {CVE-2025-39953} - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch - wifi: mac80211: fix incorrect type for ret - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883} - phy: ti-pipe3: fix device leak at unbind - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees {CVE-2025-39923} - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map {CVE-2025-39869} - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911} - i40e: Use irq_update_affinity_hint() - genirq: Provide new interfaces for affinity hints - genirq: Export affinity setter for modules - genirq/affinity: Add irq_update_affinity_desc() - igb: fix link test skipping when interface is admin down - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() {CVE-2025-39876} - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing - mtd: nand: raw: atmel: Fix comment in timings preparation - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer {CVE-2025-39907} - mm/khugepaged: fix the address passed to notifier on testing young - fuse: prevent overflow in copy_file_range return value - fuse: check if copy_file_range() returns larger than requested size - mtd: rawnand: stm32_fmc2: fix ECC overwrite - ocfs2: fix recursive semaphore deadlock in fiemap call {CVE-2025-39885} - EDAC/altera: Delete an inappropriate dma_free_coherent() call - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. {CVE-2025-39913} - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. {CVE-2025-23143} - device-dax: correct pgoff align in dax_set_mapping() {CVE-2024-50022} - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer - rds: Free all frags when rds_ib_recv_cache_put() fails - bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags - NFSv4: Don't clear capabilities that won't be reset - power: supply: bq27xxx: restrict no-battery detection to bq27000 - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - usb: hub: Fix flushing of delayed work used for post resume purposes - soc: qcom: mdt_loader: Deal with zero e_shentsize - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - LTS tag: v5.4.299 - scsi: lpfc: Fix buffer free/clear order in deferred receive path {CVE-2025-39841} - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() - cifs: fix integer overflow in match_server() - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort - spi: spi-fsl-lpspi: Set correct chip-select polarity bit - spi: spi-fsl-lpspi: Fix transmissions when using CONT - pcmcia: Add error handling for add_interval() in do_validate_mem() {CVE-2025-39920} - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - randstruct: gcc-plugin: Fix attribute addition - randstruct: gcc-plugin: Remove bogus void member - vmxnet3: update MTU after device quiesce - net: dsa: microchip: linearize skb for tail-tagging switches - net: dsa: microchip: update tag_ksz masks for KSZ9477 family - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup - gpio: pca953x: fix IRQ storm on system wake up - iio: light: opt3001: fix deadlock due to concurrent flag access {CVE-2025-37968} - iio: chemical: pms7003: use aligned_s64 for timestamp - cpufreq/sched: Explicitly synchronize limits_changed flag handling - mm/slub: avoid accessing metadata when pointer is invalid in object_err() {CVE-2025-39902} - mm/khugepaged: fix ->anon_vma race {CVE-2023-52935} - e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898} - batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839} - drm/amdgpu: drop hw access in non-DC audio fini - wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891} - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() {CVE-2025-39846} - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - ppp: fix memory leak in pad_compress_skb {CVE-2025-39847} - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ax25: properly unshare skbs in ax25_kiss_rcv() {CVE-2025-39848} - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net: thunder_bgx: add a missing of_node_put - wifi: libertas: cap SSID len in lbs_associate() - wifi: cw1200: cap SSID length in cw1200_do_join() - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853} - icmp: fix icmp_ndo_send address translation for reply direction - mISDN: Fix memory leak in dsp_hwec_enable() - xirc2ps_cs: fix register access when enabling FullDuplex - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() {CVE-2025-39860} - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: cfg80211: fix use-after-free in cmp_bss() {CVE-2025-39864} - powerpc: boot: Remove leading zero in label in udelay() - hugetlbfs: take read_lock on i_mmap for PMD sharing - kallsyms: add module_kallsyms_on_each_symbol_locked - kallsyms: export module_kallsyms_on_each_symbol - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499} - x86/vmscape: Warn when STIBP is disabled with SMT - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Enable the mitigation - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Add old Intel CPUs to affected list - x86/vmscape: Enumerate VMSCAPE bug - Documentation/hw-vuln: Add VMSCAPE documentation - LTS tag: v5.4.298 - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() {CVE-2025-39808} - HID: wacom: Add a new Art Pen 2 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824} - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} - sctp: initialize more fields in sctp_v6_from_sk() {CVE-2025-39812} - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net/mlx5e: Set local Xoff after FW update - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Update and set Xon/Xoff upon MTU set - net: dlink: fix multicast stats being counted incorrectly - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). {CVE-2025-39828} - net/atm: remove the atmdev_ops {get, set}sockopt methods - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - powerpc/kvm: Fix ifdef to remove build warning - net: ipv4: fix regression in local-broadcast routes - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - scsi: core: sysfs: Correct sysfs attributes access rights - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump {CVE-2025-39813} - pinctrl: STMFX: add missing HAS_IOMEM dependency - LTS tag: v5.4.297 - alloc_fdtable(): change calling conventions. - s390/hypfs: Enable limited access during lockdown - s390/hypfs: Avoid unnecessary ioctl registration in debugfs - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit {CVE-2025-39766} - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - scsi: qla4xxx: Prevent a potential error pointer dereference {CVE-2025-39676} - usb: xhci: Fix slot_id resource race conflict - nfs: fix UAF in direct writes {CVE-2024-26958} - NFS: Fix up commit deadlocks - cifs: Fix UAF in cifs_demultiplex_thread() {CVE-2023-52572} - Bluetooth: fix use-after-free in device_for_each_child() {CVE-2024-53237} - act_mirred: use the backlog for nested calls to mirred ingress {CVE-2022-4269} - net/sched: act_mirred: better wording on protection against excessive stack growth - net/sched: act_mirred: refactor the handle of xmit - selftests: forwarding: tc_actions.sh: add matchall mirror test - net: sched: don't expose action qstats to skb_tc_reinsert() - net: sched: extract qstats update code into functions - net: sched: extract bstats update code into function - net: sched: extract common action counters update code into function - mm: perform the mapping_map_writable() check after call_mmap() - mm: update memfd seal write check to include F_SEAL_WRITE - mm: drop the assumption that VM_SHARED always implies writable - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798} - sch_qfq: make qfq_qlen_notify() idempotent - sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177} - sch_drr: make drr_qlen_notify() idempotent - btrfs: populate otime when logging an inode item - media: venus: hfi: explicitly release IRQ during teardown - f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677} - media: venus: protect against spurious interrupts during probe {CVE-2025-39709} - media: qcom: camss: cleanup media device allocated resource on error path - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - pwm: mediatek: Fix duty and period setting - pwm: mediatek: Handle hardware enable and clock enable separately - pwm: mediatek: Implement .apply() callback - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() {CVE-2025-39713} - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: v4l2-ctrls: always copy the controls on completion - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - soc: qcom: mdt_loader: Ensure we don't read past the ELF header {CVE-2025-39787} - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - usb: musb: omap2430: fix device leak at unbind - NFS: Fix the setting of capabilities when automounting a new filesystem {CVE-2025-39798} - NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() - NFSv4: Fix nfs4_bitmap_copy_adjust() - usb: typec: fusb302: cache PD RX state - cdc-acm: fix race between initial clearing halt and open - USB: cdc-acm: do not log successful probe on later errors - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock {CVE-2025-39736} - mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - x86/fpu: Delay instruction pointer fixup until after warning - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - tracing: Add down_write(trace_event_sem) when adding trace event {CVE-2025-38539} - usb: hub: Don't try to recover devices lost during warm reset. - usb: hub: avoid warm port reset during USB3 disconnect - x86/mce/amd: Add default names for MCA banks and blocks - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - f2fs: fix to do sanity check on ino and xnid {CVE-2025-38347} - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() - drm/sched: Remove optimization that causes hang when killing dependent jobs - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() {CVE-2025-38664} - net: usbnet: Fix the wrong netif_carrier_on() call - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value {CVE-2022-50327} - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large {CVE-2025-38481} - comedi: Fix initialization of data for instructions that write to subdevice {CVE-2025-38478} - kbuild: Add KBUILD_CPPFLAGS to as-option invocation - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS - kbuild: Add CLANG_FLAGS to as-instr - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation - kbuild: Update assembler calls to use proper flags and language target - ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - iio: proximity: isl29501: fix buffered read on big-endian systems - ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689} - fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() - use uniform permission checks for all mount propagation changes - move_mount: allow to add a mount into an existing group - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - memstick: Fix deadlock by moving removing flag earlier - media: venus: Add a check for packet size after reading from shared memory {CVE-2025-39710} - media: ov2659: Fix memory leaks in ov2659_probe() - media: usbtv: Lock resolution while streaming {CVE-2025-39714} - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: gspca: Add bounds checking to firmware parser - soc/tegra: pmc: Ensure power-domains are in a known state - jbd2: prevent softlockup in jbd2_log_do_checkpoint() {CVE-2025-39782} - PCI: endpoint: Fix configfs group removal on driver teardown - PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783} - mtd: rawnand: fsmc: Add missing check after DMA map - pwm: imx-tpm: Reset counter if CMOD is 0 - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - zynq_fpga: use sgtable-based scatterlist wrappers - ata: libata-scsi: Fix ata_to_sense_error() status handling - ext4: fix reserved gdt blocks handling in fsmap - ext4: fix fsmap end of range reporting with bigalloc - ext4: check fast symlink for ea_inode correctly - vt: defkeymap: Map keycodes above 127 to K_HOLE - vt: keyboard: Don't process Unicode characters in K_OFF mode - usb: dwc3: meson-g12a: fix device leaks at unbind - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - m68k: Fix lost column on framebuffer debug console - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() - serial: 8250: fix panic due to PSLVERR {CVE-2025-39724} - media: uvcvideo: Do not mark valid metadata as invalid - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() {CVE-2025-39737} - parisc: Makefile: fix a typo in palo.conf - btrfs: fix log tree replay failure due to file with 0 links and extents - thunderbolt: Fix copy+paste error in match_service_id() - comedi: fix race between polling and detaching {CVE-2025-38687} - misc: rtsx: usb: Ensure mmc child device is active when card is present - drm/amdgpu: fix incorrect vm flags to map bo - scsi: lpfc: Remove redundant assignment to avoid memory leak - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - pNFS: Fix uninited ptr deref in block/scsi layout {CVE-2025-38691} - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Fix stripe mapping in block/scsi layout - net: phy: smsc: add proper reset flags for LAN8710A - ipmi: Fix strcpy source and destination the same - kconfig: lxdialog: fix 'space' to (de)select options - kconfig: gconf: fix potential memory leak in renderer_edited() - kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - kconfig: nconf: Ensure null termination where strncpy is used - kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c - i3c: don't fail if GETHDRCAP is unsupported - PCI: pnv_php: Work around switches with broken presence detection - i3c: add missing include to internal header - media: uvcvideo: Fix bandwidth issue for Alcor camera - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar {CVE-2025-38693} - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() {CVE-2025-38694} - media: usb: hdpvr: disable zero-length read messages - media: tc358743: Increase FIFO trigger level to 374 - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt - media: tc358743: Check I2C succeeded during probe - pinctrl: stm32: Manage irq affinity settings - scsi: mpt3sas: Correctly handle ATA device errors - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure {CVE-2025-38695} - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() {CVE-2025-39742} - MIPS: Don't crash in stack_top() for tasks without ABI or vDSO {CVE-2025-38696} - jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697} - jfs: Regular file corruption check {CVE-2025-38698} - jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743} - scsi: bfa: Double-free fix {CVE-2025-38699} - MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: dw_wdt: Fix default timeout - fs/orangefs: use snprintf() instead of sprintf() - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated {CVE-2025-38700} - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr {CVE-2025-38701} - cifs: Fix calling CIFSFindFirst() for root path without msearch - vhost: fail early when __vhost_add_used() fails - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - uapi: in6: restore visibility of most IPv6 socket options - net: ncsi: Fix buffer overflow in fetching version id - net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - wifi: iwlegacy: Check rate_idx range after addition - netmem: fix skb_frag_address_safe with unreadable skbs - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - net: fec: allow disable coalescing - (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer - s390/stp: Remove udelay from stp_sync_clock() - wifi: iwlwifi: mvm: fix scan request validation - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: ipv4: fix incorrect MTU in broadcast routes - wifi: cfg80211: Fix interface type validation - rcu: Protect ->defer_qs_iw_pending from data race {CVE-2025-39749} - net: ag71xx: Add missing check after DMA map - et131x: Add missing check after DMA map - be2net: Use correct byte order and format string for TCP seq and ack_seq - s390/time: Use monotonic clock in get_cycles() - wifi: cfg80211: reject HTC bit for management frames - ktest.pl: Prevent recursion of default variable options - ASoC: codecs: rt5640: Retry DEVICE_ID verification - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - usb: core: usb_submit_urb: downgrade type check - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - ACPI: processor: fix acpi_object initialization - PM: sleep: console: Fix the black screen issue - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - selftests: tracing: Use mutex_unlock for testing glob filter - ARM: tegra: Use I/O memcpy to write to IRAM {CVE-2025-39794} - gpio: tps65912: check the return value of regmap_update_bits() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - ARM: rockchip: fix kernel hang during smp initialization {CVE-2025-39752} - cpufreq: Exit governor when failed to start old governor - usb: xhci: Avoid showing errors during surprise removal - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing warnings for dying controller - selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t - usb: xhci: print xhci->xhc_state when queue_command failed - securityfs: don't pin dentries twice, once is enough... - hfs: fix not erasing deleted b-tree node issue - drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708} - udf: Verify partition map count - arm64: Handle KCOV __init vs inline mismatches - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() {CVE-2025-38712} - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-40082} - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714} - hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715} - sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} - netfilter: ctnetlink: fix refcount leak on table dump {CVE-2025-38721} - udp: also consider secpath when evaluating ipsec use for checksumming - ACPI: processor: perflib: Move problematic pr->performance check {CVE-2025-39799} - ACPI: processor: perflib: Fix initial _PPC limit application - Documentation: ACPI: Fix parent device references - fs: Prevent file descriptor table allocations exceeding INT_MAX {CVE-2025-39756} - sunvdc: Balance device refcount in vdc_port_mpgroup_check - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - net: dpaa: fix device leak when querying time stamp info - net: gianfar: fix device leak when querying time stamp info - netlink: avoid infinite retry looping in netlink_unicast() {CVE-2025-38727} - ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} - io_uring: don't use int for ABI - usb: gadget : fix use-after-free in composite_dev_cleanup() {CVE-2025-38555} - MIPS: mm: tlb-r4k: Uniquify TLB entries on init - USB: serial: option: add Foxconn T99W709 - vsock: Do not allow binding to VMADDR_PORT_ANY {CVE-2025-38618} - net/packet: fix a race in packet_set_ring() and packet_notifier() {CVE-2025-38617} - perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563} - perf/core: Exit early on perf_mmap() fail {CVE-2025-38565} - perf/core: Don't leak AUX buffer refcount on allocation failure - pptp: fix pptp_xmit() error path - smb: client: let recv_done() cleanup before notifying the callers. - benet: fix BUG when creating VFs {CVE-2025-38569} - net: drop UFO packets in udp_rcv_segment() {CVE-2025-38622} - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} - netpoll: prevent hanging NAPI when netcons gets enabled - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() {CVE-2025-39730} - pci/hotplug/pnv-php: Wrap warnings in macro - pci/hotplug/pnv-php: Improve error msg on power state change failure - usb: chipidea: udc: fix sleeping function called from invalid context - f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652} - f2fs: fix to avoid panic in f2fs_evict_inode {CVE-2025-38577} - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() {CVE-2025-38578} - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: ds1307: fix incorrect maximum clock rate handling - module: Restore the moduleparam prefix length check - bpf: Check flow_dissector ctx accesses are aligned - mtd: rawnand: atmel: set pmecc data setup time - mtd: rawnand: atmel: Fix dma_mapping_error() address - jfs: fix metapage reference count leak in dbAllocCtl - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref {CVE-2025-38630} - crypto: qat - fix seq_file position update in adf_ring_next() - dmaengine: nbpfaxi: Add missing check after DMA map - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - fs/orangefs: Allow 2 more characters in do_c_string() - soundwire: stream: restore params when prepare ports fail - crypto: img-hash - Fix dma_unmap_sg() nents value - hwrng: mtk - handle devm_pm_runtime_enable errors - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() - scsi: isci: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - clk: sunxi-ng: v3s: Fix de clock definition - perf tests bp_account: Fix leaked file descriptor - crypto: ccp - Fix crash when rebind ccp device for ccp.ko {CVE-2025-38581} - pinctrl: sunxi: Fix memory leak on krealloc failure - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - clk: davinci: Add NULL check in davinci_lpsc_clk_register() {CVE-2025-38635} - mtd: fix possible integer overflow in erase_xfer() - crypto: marvell/cesa - Fix engine load inaccuracy - PCI: rockchip-host: Fix "Unexpected Completion" log message - vrf: Drop existing dst reference in vrf_ip6_input_dst - selftests: rtnetlink.sh: remove esp4_offload after test - netfilter: xt_nfacct: don't assume acct name is null-terminated {CVE-2025-38639} - can: kvaser_usb: Assign netdev.dev_port based on device channel index - can: kvaser_pciefd: Store device channel index - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - mwl8k: Add missing check after DMA map - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - net/sched: Restrict conditions for adding duplicating netems to qdisc tree {CVE-2025-38553} - arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - m68k: Don't unregister boot console needlessly - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - iwlwifi: Add missing check for alloc_ordered_workqueue {CVE-2025-38656} - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - wifi: rtl818x: Kill URBs before clearing tx status queue {CVE-2025-38604} - caif: reduce stack size, again - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls {CVE-2025-38608} - staging: nvec: Fix incorrect null termination of battery manufacturer - samples: mei: Fix building on musl libc - cpufreq: Init policy->rwsem before it may be possibly used - ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface - usb: early: xhci-dbc: Fix early_ioremap leak - Revert "vmci: Prevent the dispatching of uninitialized payloads" {CVE-2025-38611} - pps: fix poll support - vmci: Prevent the dispatching of uninitialized payloads {CVE-2025-38611} - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() {CVE-2025-38612} - ARM: dts: vfxxx: Correctly use two tuples for timer address - hfsplus: remove mutex_lock check in hfsplus_free_extents {CVE-2025-38650} - ASoC: Intel: fix SND_SOC_SOF dependencies - ethernet: intel: fix building with large NR_CPUS - usb: phy: mxs: disconnect line when USB charger is attached - usb: chipidea: add USB PHY event - usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use - usb: chipidea: udc: protect usb interrupt enable - usb: chipidea: udc: add new API ci_hdrc_gadget_connect - ALSA: hda: Add missing NVIDIA HDA codec IDs - comedi: comedi_test: Fix possible deletion of uninitialized timers - nilfs2: reject invalid file types when reading inodes {CVE-2025-38663} - i2c: qup: jump out of the loop in case of timeout {CVE-2025-38671} - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666} - net: appletalk: fix kerneldoc warnings - RDMA/core: Rate limit GID cache warning messages - regulator: core: fix NULL dereference on unbind due to stale coupling data {CVE-2025-38668} - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - net_sched: sch_sfq: reject invalid perturb period {CVE-2025-38193} - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition {CVE-2023-33288} - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync - power: supply: bq24190_charger: Fix runtime PM imbalance on error - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS - virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375} - ASoC: fsl_sai: Force a software reset when starting in consumer mode - usb: dwc3: qcom: Don't leave BCR asserted - usb: musb: fix gadget state on disconnect - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree {CVE-2025-38468} - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime {CVE-2025-38470} - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() {CVE-2025-38473} - usb: net: sierra: check for no status endpoint {CVE-2025-38474} - net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} - net: emaclite: Fix missing pointer increment in aligned_read() - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() {CVE-2025-38480} - comedi: Fix some signed shift left operations - comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482} - comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483} - comedi: aio_iiro_16: Fix bit shift out of bounds {CVE-2025-38529} - comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530} - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled {CVE-2025-38487} - soc: aspeed: lpc-snoop: Cleanup resources in stack-order - mmc: sdhci_am654: Workaround for Errata i2312 - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - mmc: bcm2835: Fix dma_unmap_sg() nents value - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - isofs: Verify inode mode when loading from disk - dmaengine: nbpfaxi: Fix memory corruption in probe() {CVE-2025-38538} - af_packet: fix soft lockup issue caused by tpacket_snd() - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38495} - pch_uart: Fix dma_sync_sg_for_device() nents value - Input: xpad - set correct controller type for Acer NGR200 - i2c: stm32: fix the device used for the DMA map - usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497} - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - USB: serial: option: add Foxconn T99W640 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - LTS tag: v5.4.296 - x86/mm: Disable hugetlb page table sharing on 32-bit - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras {CVE-2025-38540} - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - vt: add missing notification when switching back to text mode - net: usb: qmi_wwan: add SIMCom 8230C composition - atm: idt77252: Add missing `dma_map_error()` - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT {CVE-2025-38439} - bnxt_en: Fix DCB ETS validation - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - net: appletalk: Fix device refcount leak in atrtr_create() {CVE-2025-38542} - md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445} - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() {CVE-2025-38513} - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 - Input: xpad - support Acer NGR 200 Controller - Input: xpad - add VID for Turtle Beach controllers - Input: xpad - add support for Amazon Game Controller - NFSv4/flexfiles: Fix handling of NFS level errors in I/O - flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes - RDMA/mlx5: Fix vport loopback for MPV device - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - Revert "ACPI: battery: negate current when discharging" - usb: gadget: u_serial: Fix race condition in TTY wakeup {CVE-2025-38448} - drm/sched: Increment job count before swapping tail spsc queue {CVE-2025-38515} - pinctrl: qcom: msm: mark certain pins as invalid for interrupts {CVE-2025-38516} - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - x86/mce: Don't remove sysfs if thresholding sysfs init fails - x86/mce/amd: Fix threshold limit reset - rxrpc: Fix oops due to non-existence of prealloc backlog struct {CVE-2025-38514} - net/sched: Abort __tc_modify_qdisc if parent class does not exist {CVE-2025-38457} - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() {CVE-2025-38458} - atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} - atm: clip: Fix memory leak of struct clip_vcc. {CVE-2025-38546} - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). {CVE-2025-38460} - tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464} - netlink: Fix wraparounds of sk->sk_rmem_alloc. {CVE-2025-38465} - fix proc_sys_compare() handling of in-lookup dentries - proc: Clear the pieces of proc_inode that proc_evict_inode cares about - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling {CVE-2025-38467} - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() - media: uvcvideo: Rollback non processed entities on error - media: uvcvideo: Send control events for partial succeeds - media: uvcvideo: Return the number of processed controls - ACPI: PAD: fix crash in exit_round_robin() {CVE-2024-49935} - usb: typec: displayport: Fix potential deadlock {CVE-2025-38404} - Logitech C-270 even more broken - rose: fix dangling neighbour pointers in rose_rt_device_down() {CVE-2025-38377} - net: rose: Fix fall-through warnings for Clang - drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389} - drm/i915/selftests: Change mock_request() to return error pointers - spi: spi-fsl-dspi: Clear completion counter before initiating transfer - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write - dpaa2-eth: fix xdp_rxq_info leak - ethernet: atl1: Add missing DMA mapping error checks and count errors - btrfs: use btrfs_record_snapshot_destroy() during rmdir - btrfs: propagate last_unlink_trans earlier when doing a rmdir - RDMA/mlx5: Fix CC counters query for MPV - RDMA/core: Create and destroy counters in the ib_core - scsi: ufs: core: Fix spelling of a sysfs attribute name - drm/v3d: Disable interrupts before resetting the GPU {CVE-2025-38371} - mtk-sd: reset host->mrq on prepare_data() error - mtk-sd: Prevent memory corruption from DMA map failure {CVE-2025-38401} - mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods {CVE-2025-38395} - regulator: gpio: Add input_supply support in gpio_regulator_config - ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames - powerpc: Fix struct termio related ioctl macros - ata: pata_cs5536: fix build on 32-bit UML - ALSA: sb: Force to disable DMAs once when DMA mode is changed - nui: Fix dma_mapping_error() check - enic: fix incorrect MTU comparison in enic_change_mtu() - amd-xgbe: align CL37 AN sequence as per databook - lib: test_objagg: Set error message in check_expect_hints_stats() - drm/exynos: fimd: Guard display clock control with runtime PM calls - btrfs: fix missing error handling when searching for inode refs during log replay - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert {CVE-2025-38387} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data - usb: typec: altmodes/displayport: do not index invalid pin_assignments {CVE-2025-38391} - mmc: sdhci: Add a helper function for dump register in dynamic debug mode - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume {CVE-2024-26644} - arm64: Restrict pagetable teardown to avoid false warning - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS - drm/bridge: cdns-dsi: Check return value when getting default PHY config - drm/bridge: cdns-dsi: Fix connecting to next bridge - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() - drm/tegra: Assign plane type before registration - HID: wacom: fix kobject reference count leak - HID: wacom: fix memory leak on sysfs attribute creation failure - HID: wacom: fix memory leak on kobject creation failure - dm-raid: fix variable in journal device check - Bluetooth: L2CAP: Fix L2CAP MTU negotiation - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} - net: enetc: Correct endianness handling in _enetc_rd_reg64 - um: ubd: Add missing error check in start_io_thread() - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors - wifi: mac80211: fix beacon interval calculation overflow - attach_recursive_mnt(): do not lock the covering tree when sliding something under it - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() {CVE-2025-38249} - i2c: robotfuzz-osif: disable zero-length read messages - i2c: tiny-usb: disable zero-length read messages - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211} - RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private - media: vivid: Change the siize of the composing {CVE-2025-38226} - media: omap3isp: use sgtable-based scatterlist wrappers - media: cxusb: no longer judge rbuf when the write fails {CVE-2025-38229} - media: cxusb: use dev_dbg() rather than hand-rolled debug - jfs: validate AG parameters in dbMount() to prevent crashes {CVE-2025-38230} - fs/jfs: consolidate sanity checking in dbMount - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing - of: Add of_property_present() helper - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally - kbuild: hdrcheck: fix cross build with clang - kbuild: add --target to correctly cross-compile UAPI headers with Clang - bpfilter: match bit size of bpfilter_umh to that of the kernel - kbuild: use -MMD instead of -MD to exclude system headers from dependency - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102} - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} - ovl: Check for NULL d_inode() in ovl_dentry_upper() - ceph: fix possible integer overflow in ceph_zero_objects() - ALSA: hda: Ignore unsol events for cards being shut down - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode {CVE-2025-38404} - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s - usb: Add checks for snprintf() calls in usb_alloc_dev() - tty: serial: uartlite: register uart driver in init {CVE-2025-38262} - usb: potential integer overflow in usbg_make_tpg() - iio: pressure: zpa2326: Use aligned_s64 for the timestamp - md/md-bitmap: fix dm-raid max_write_behind setting - dmaengine: xilinx_dma: Set dma_device directions - mfd: max14577: Fix wakeup source leaks on device unbind - mailbox: Not protect module_put with spin_lock_irqsave - cifs: Fix cifs_query_path_info() for Windows NT servers - net/rds: Fix rs_recv_pending counting issue - LTS tag: v5.4.301 - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg - media: s5p-mfc: remove an unused/uninitialized variable - NFSD: Fix last write offset handling in layoutcommit - NFSD: Minor cleanup in layoutcommit processing - padata: Reset next CPU when reorder sequence wraps around - KEYS: trusted_tpm1: Compare HMAC values in constant time - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - vfs: Don't leak disconnected dentries on umount - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - drm/amdgpu: use atomic functions with memory barriers for vm fault info - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Flush posted register writes before INDAC access - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - memory: samsung: exynos-srom: Correct alignment - arm64: errata: Apply workarounds for Neoverse-V3AE - arm64: cputype: Add Neoverse-V3AE definitions - comedi: fix divide-by-zero in comedi_buf_munge() - binder: remove "invalid inc weak" check - xhci: dbc: enable back DbC in resume if it was enabled before suspend - usb/core/quirks: Add Huawei ME906S to wakeup quirk - USB: serial: option: add Telit FN920C04 ECM compositions - USB: serial: option: add Quectel RG255C - USB: serial: option: add UNISOC UIS7720 - net: ravb: Ensure memory write completes before ringing TX doorbell - net: usb: rtl8150: Fix frame padding - ocfs2: clear extent cache after moving/defragmenting extents - MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering - Revert "cpuidle: menu: Avoid discarding useful information" - net: bonding: fix possible peer notify event loss or dup issue - sctp: avoid NULL dereference when chunk data buffer is missing - arm64, mm: avoid always making PTE dirty in pte_mkwrite() - net: enetc: correct the value of ENETC_RXB_TRUESIZE - rtnetlink: Allow deleting FDB entries in user namespace - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del - net: add ndo_fdb_del_bulk - net: rtnetlink: add bulk delete support flag - net: netlink: add NLM_F_BULK delete request modifier - net: rtnetlink: use BIT for flag values - net: rtnetlink: add helper to extract msg type's kind - net: rtnetlink: add msg kind names - net: rtnetlink: remove redundant assignment to variable err - m68k: bitops: Fix find_*_bit() signatures - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - dlm: check for defined force value in dlm_lockspace_release - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: make proper initalization of struct hfs_find_data - hfs: clear offset and space out of valid records in b-tree node - exec: Fix incorrect type for ret - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - sched/fair: Fix pelt lost idle time detection - sched/balancing: Rename newidle_balance() => sched_balance_newidle() - sched/fair: Trivial correction of the newidle_balance() comment - sched: Make newidle_balance() static again - tls: don't rely on tx_work during send() - tls: always set record_type in tls_process_cmsg - tg3: prevent use of uninitialized remote_adv and local_adv variables - tcp: fix tcp_tso_should_defer() vs large RTT - amd-xgbe: Avoid spurious link down messages during interface toggle - net/ip6_tunnel: Prevent perpetual tunnel growth - net: dlink: handle dma_map_single() failure properly - net: dl2k: switch from 'pci_' to 'dma_' API - media: pci: ivtv: Add missing check after DMA map - media: pci/ivtv: switch from 'pci_' to 'dma_' API - xen/events: Update virq_to_irq on migration - media: lirc: Fix error handling in lirc_register() - media: rc: Directly use ida_free() - drm/exynos: exynos7_drm_decon: remove ctx->suspended - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - pwm: berlin: Fix wrong register in suspend/resume - media: cx18: Add missing check after DMA map - xen/events: Cleanup find_virq() return codes - cramfs: Verify inode mode when loading from disk - fs: Add 'initramfs_options' to set initramfs mount options - pid: Add a judgment for ns null in pid_nr_ns - minixfs: Verify inode mode when loading from disk - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - dm: fix NULL pointer dereference in __dm_suspend() - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - Squashfs: reject negative file sizes in squashfs_read_inode() - Squashfs: add additional inode sanity checking - media: mc: Clear minor number before put device - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - fs: udf: fix OOB read in lengthAllocDescs handling - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O - net/9p: fix double req put in p9_fd_cancelled - ext4: guard against EA inode refcount underflow in xattr update - ext4: correctly handle queries for metadata mappings - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - x86/umip: Check that the instruction opcode is at least two bytes - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - rseq/selftests: Use weak symbol reference, not definition, to link with glibc - rtc: interface: Fix long-standing race when setting alarm - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - mmc: core: SPI mode remove cmd7 - mtd: rawnand: fsmc: Default to autodetect buswidth - sparc: fix error handling in scan_one_device() - sparc64: fix hugetlb for sun4u - sctp: Fix MAC comparison to be constant-time - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - parisc: don't reference obsolete termio struct for TC* constants - lib/genalloc: fix device leak in of_gen_pool_get() - iio: frequency: adf4350: Fix prescaler usage. - iio: dac: ad5421: use int type to store negative error codes - iio: dac: ad5360: use int type to store negative error codes - crypto: atmel - Fix dma_unmap_sg() direction - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - media: i2c: mt9v111: fix incorrect type for ret - firmware: meson_sm: fix device leak at probe - xen/manage: Fix suspend error path - arm64: dts: qcom: msm8916: Add missing MDSS reset - ACPI: debug: fix signedness issues in read/write helpers - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - tpm, tpm_tis: Claim locality before writing interrupt registers - crypto: essiv - Check ssize for decryption and in-place encryption - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - tools build: Align warning options with perf - net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - drm/vmwgfx: Fix Use-after-free in validation - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue - scsi: mvsas: Use sas_task_find_rq() for tagging - scsi: mvsas: Delete mvs_tag_init() - scsi: libsas: Add sas_task_find_rq() - clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver - clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() - perf session: Fix handling when buffer exceeds 2 GiB - rtc: x1205: Fix Xicor X1205 vendor prefix - perf util: Fix compression checks returning -1 as bool - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - clocksource/drivers/clps711x: Fix resource leaks in error paths - pinctrl: check the return value of pinmux_ops::get_function_name() - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - mm: hugetlb: avoid soft lockup when mprotect to large memory area - uio_hv_generic: Let userspace take care of interrupt mask - Squashfs: fix uninit-value in squashfs_get_parent - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - nfp: fix RSS hash key size when RSS is not supported - drivers/base/node: fix double free in register_one_node() - ocfs2: fix double free in user_cluster_connect() - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - RDMA/siw: Always report immediate post SQ errors - usb: vhci-hcd: Prevent suspending virtually attached devices - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - ipvs: Defer ip_vs_ftp unregister during netns cleanup - NFSv4.1: fix backchannel max_resp_sz verification check - remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - sparc: fix accurate exception reporting in copy_{from,to}_user for M7 - sparc: fix accurate exception reporting in copy_to_user for Niagara 4 - sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC - IB/sa: Fix sa_local_svc_timeout_ms read race - RDMA/core: Resolve MAC of next-hop device without ARP support - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - drivers/base/node: handle error properly in register_one_node() - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog - netfilter: ipset: Remove unused htable_bits in macro ahash_region - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - pps: fix warning in pps_register_cdev when register device fail - misc: genwqe: Fix incorrect cmd field being reported in error - usb: gadget: configfs: Correctly set use_os_string at bind - usb: phy: twl6030: Fix incorrect type for ret - tcp: fix __tcp_close() to only send RST when required - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - wifi: mwifiex: send world regulatory domain to driver - ALSA: lx_core: use int type to store negative error codes - media: rj54n1cb0c: Fix memleak in rj54n1_probe() - scsi: myrs: Fix dma_alloc_coherent() error check - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - serial: max310x: Add error checking in probe() - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup - drm/radeon/r600_cs: clean up of dead code in r600_cs - i2c: designware: Add disabling clocks when probe fails - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - bpf: Explicitly check accesses to bpf_sock_addr - selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported - pwm: tiehrpwm: Fix corner case in clock divisor calculation - block: use int to store blk_stack_limits() return value - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - pinctrl: meson-gxl: add missing i2c_d pinmux - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - regmap: Remove superfluous check for !config in __regmap_init() - x86/vdso: Fix output operand size of RDPID - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - driver core/PM: Set power.no_callbacks along with power.no_pm - staging: axis-fifo: flush RX FIFO on read errors - staging: axis-fifo: fix maximum TX packet length check - perf subcmd: avoid crash in exclude_cmds when excludes is empty - dm-integrity: limit MAX_TAG_SIZE to 255 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - USB: serial: option: add SIMCom 8230C compositions - media: rc: fix races with imon_disconnect() - media: imon: grab lock earlier in imon_ir_change_protocol() - media: imon: reorganize serialization - media: rc: Add support for another iMON 0xffdc device - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: tunner: xc5000: Refactor firmware load - udp: Fix memory accounting leak. - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - LTS tag: v5.4.300 - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - mm/hugetlb: fix folio is still mapped when deleted - i40e: add mask to apply valid bits for itr_idx - i40e: fix validation of VF state in get resources - i40e: fix idx validation in config queues msg - i40e: add validation for ring_len param - i40e: increase max descriptors for XL710 - mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() - fbcon: Fix OOB access in font allocation - fbcon: fix integer overflow in fbcon_do_set_font - i40e: add max boundary check for VF filters - i40e: fix input validation logic for action_meta - i40e: fix idx validation in i40e_validate_queue_map - drm/gma500: Fix null dereference in hdmi teardown - can: peak_usb: fix shift-out-of-bounds issue - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - usb: core: Add 0x prefix to quirks debug output - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - ALSA: usb-audio: Convert comma to semicolon - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - net: rfkill: gpio: add DT support - serial: sc16is7xx: fix bug in flow control levels init - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - usb: gadget: dummy_hcd: remove usage of list iterator past the loop body - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - ASoC: wm8974: Correct PLL rate rounding - ASoC: wm8940: Correct typo in control name - mmc: mvsdio: Fix dma_unmap_sg() nents value - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - cnic: Fix use-after-free bugs in cnic_delete_task - net: liquidio: fix overflow in octeon_init_instr_queue() - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - i40e: remove redundant memory barrier when cleaning Tx descs - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - cgroup: split cgroup_destroy_wq into 3 workqueues - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch - wifi: mac80211: fix incorrect type for ret - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - phy: ti-pipe3: fix device leak at unbind - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - i40e: Use irq_update_affinity_hint() - genirq: Provide new interfaces for affinity hints - genirq: Export affinity setter for modules - genirq/affinity: Add irq_update_affinity_desc() - igb: fix link test skipping when interface is admin down - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing - mtd: nand: raw: atmel: Fix comment in timings preparation - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - mm/khugepaged: fix the address passed to notifier on testing young - fuse: prevent overflow in copy_file_range return value - fuse: check if copy_file_range() returns larger than requested size - mtd: rawnand: stm32_fmc2: fix ECC overwrite - ocfs2: fix recursive semaphore deadlock in fiemap call - EDAC/altera: Delete an inappropriate dma_free_coherent() call - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. - device-dax: correct pgoff align in dax_set_mapping() {CVE-2024-50022} - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer - rds: Free all frags when rds_ib_recv_cache_put() fails - bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags - NFSv4: Don't clear capabilities that won't be reset - power: supply: bq27xxx: restrict no-battery detection to bq27000 - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - usb: hub: Fix flushing of delayed work used for post resume purposes - soc: qcom: mdt_loader: Deal with zero e_shentsize - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - LTS tag: v5.4.299 - scsi: lpfc: Fix buffer free/clear order in deferred receive path - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() - cifs: fix integer overflow in match_server() - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort - spi: spi-fsl-lpspi: Set correct chip-select polarity bit - spi: spi-fsl-lpspi: Fix transmissions when using CONT - pcmcia: Add error handling for add_interval() in do_validate_mem() - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - randstruct: gcc-plugin: Fix attribute addition - randstruct: gcc-plugin: Remove bogus void member - vmxnet3: update MTU after device quiesce - net: dsa: microchip: linearize skb for tail-tagging switches - net: dsa: microchip: update tag_ksz masks for KSZ9477 family - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup - gpio: pca953x: fix IRQ storm on system wake up - iio: light: opt3001: fix deadlock due to concurrent flag access - iio: chemical: pms7003: use aligned_s64 for timestamp - cpufreq/sched: Explicitly synchronize limits_changed flag handling - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - mm/khugepaged: fix ->anon_vma race - e1000e: fix heap overflow in e1000_set_eeprom - batman-adv: fix OOB read/write in network-coding decode - drm/amdgpu: drop hw access in non-DC audio fini - wifi: mwifiex: Initialize the chan_stats array to zero - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - ppp: fix memory leak in pad_compress_skb - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ax25: properly unshare skbs in ax25_kiss_rcv() - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net: thunder_bgx: add a missing of_node_put - wifi: libertas: cap SSID len in lbs_associate() - wifi: cw1200: cap SSID length in cw1200_do_join() - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - i40e: Fix potential invalid access when MAC list is empty - icmp: fix icmp_ndo_send address translation for reply direction - mISDN: Fix memory leak in dsp_hwec_enable() - xirc2ps_cs: fix register access when enabling FullDuplex - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: cfg80211: fix use-after-free in cmp_bss() - powerpc: boot: Remove leading zero in label in udelay() - hugetlbfs: take read_lock on i_mmap for PMD sharing - kallsyms: add module_kallsyms_on_each_symbol_locked - kallsyms: export module_kallsyms_on_each_symbol - uek-rpm: Move ifb module to nano modules - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499} - x86/vmscape: Warn when STIBP is disabled with SMT - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Enable the mitigation - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Add old Intel CPUs to affected list - x86/vmscape: Enumerate VMSCAPE bug - Documentation/hw-vuln: Add VMSCAPE documentation - LTS tag: v5.4.298 - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - HID: wacom: Add a new Art Pen 2 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - sctp: initialize more fields in sctp_v6_from_sk() - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net/mlx5e: Set local Xoff after FW update - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Update and set Xon/Xoff upon MTU set - net: dlink: fix multicast stats being counted incorrectly - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - net/atm: remove the atmdev_ops {get, set}sockopt methods - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - powerpc/kvm: Fix ifdef to remove build warning - net: ipv4: fix regression in local-broadcast routes - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - scsi: core: sysfs: Correct sysfs attributes access rights - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - pinctrl: STMFX: add missing HAS_IOMEM dependency - LTS tag: v5.4.297 - alloc_fdtable(): change calling conventions. - s390/hypfs: Enable limited access during lockdown - s390/hypfs: Avoid unnecessary ioctl registration in debugfs - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - scsi: qla4xxx: Prevent a potential error pointer dereference - usb: xhci: Fix slot_id resource race conflict - nfs: fix UAF in direct writes - NFS: Fix up commit deadlocks - cifs: Fix UAF in cifs_demultiplex_thread() - Bluetooth: fix use-after-free in device_for_each_child() - act_mirred: use the backlog for nested calls to mirred ingress - net/sched: act_mirred: better wording on protection against excessive stack growth - net/sched: act_mirred: refactor the handle of xmit - selftests: forwarding: tc_actions.sh: add matchall mirror test - net: sched: don't expose action qstats to skb_tc_reinsert() - net: sched: extract qstats update code into functions - net: sched: extract bstats update code into function - net: sched: extract common action counters update code into function - mm: perform the mapping_map_writable() check after call_mmap() - mm: update memfd seal write check to include F_SEAL_WRITE - mm: drop the assumption that VM_SHARED always implies writable - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() - sch_qfq: make qfq_qlen_notify() idempotent - sch_hfsc: make hfsc_qlen_notify() idempotent - sch_drr: make drr_qlen_notify() idempotent - btrfs: populate otime when logging an inode item - media: venus: hfi: explicitly release IRQ during teardown - f2fs: fix to avoid out-of-boundary access in dnode page - media: venus: protect against spurious interrupts during probe - media: qcom: camss: cleanup media device allocated resource on error path - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - pwm: mediatek: Fix duty and period setting - pwm: mediatek: Handle hardware enable and clock enable separately - pwm: mediatek: Implement .apply() callback - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: v4l2-ctrls: always copy the controls on completion - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - soc: qcom: mdt_loader: Ensure we don't read past the ELF header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - usb: musb: omap2430: fix device leak at unbind - NFS: Fix the setting of capabilities when automounting a new filesystem - NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() - NFSv4: Fix nfs4_bitmap_copy_adjust() - usb: typec: fusb302: cache PD RX state - cdc-acm: fix race between initial clearing halt and open - USB: cdc-acm: do not log successful probe on later errors - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - x86/fpu: Delay instruction pointer fixup until after warning - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - tracing: Add down_write(trace_event_sem) when adding trace event - usb: hub: Don't try to recover devices lost during warm reset. - usb: hub: avoid warm port reset during USB3 disconnect - x86/mce/amd: Add default names for MCA banks and blocks - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - f2fs: fix to do sanity check on ino and xnid - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() - drm/sched: Remove optimization that causes hang when killing dependent jobs - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - net: usbnet: Fix the wrong netif_carrier_on() call - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large - comedi: Fix initialization of data for instructions that write to subdevice - kbuild: Add KBUILD_CPPFLAGS to as-option invocation - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS - kbuild: Add CLANG_FLAGS to as-instr - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation - kbuild: Update assembler calls to use proper flags and language target - ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - iio: proximity: isl29501: fix buffered read on big-endian systems - ftrace: Also allocate and copy hash for reading of filter files - fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() - use uniform permission checks for all mount propagation changes - move_mount: allow to add a mount into an existing group - fs/buffer: fix use-after-free when call bh_read() helper - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - memstick: Fix deadlock by moving removing flag earlier - media: venus: Add a check for packet size after reading from shared memory - media: ov2659: Fix memory leaks in ov2659_probe() - media: usbtv: Lock resolution while streaming - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: gspca: Add bounds checking to firmware parser - soc/tegra: pmc: Ensure power-domains are in a known state - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - PCI: endpoint: Fix configfs group removal on driver teardown - PCI: endpoint: Fix configfs group list head handling - mtd: rawnand: fsmc: Add missing check after DMA map - pwm: imx-tpm: Reset counter if CMOD is 0 - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - zynq_fpga: use sgtable-based scatterlist wrappers - ata: libata-scsi: Fix ata_to_sense_error() status handling - ext4: fix reserved gdt blocks handling in fsmap - ext4: fix fsmap end of range reporting with bigalloc - ext4: check fast symlink for ea_inode correctly - vt: defkeymap: Map keycodes above 127 to K_HOLE - vt: keyboard: Don't process Unicode characters in K_OFF mode - usb: dwc3: meson-g12a: fix device leaks at unbind - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - m68k: Fix lost column on framebuffer debug console - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() - serial: 8250: fix panic due to PSLVERR - media: uvcvideo: Do not mark valid metadata as invalid - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - parisc: Makefile: fix a typo in palo.conf - btrfs: fix log tree replay failure due to file with 0 links and extents - thunderbolt: Fix copy+paste error in match_service_id() - comedi: fix race between polling and detaching - misc: rtsx: usb: Ensure mmc child device is active when card is present - drm/amdgpu: fix incorrect vm flags to map bo - scsi: lpfc: Remove redundant assignment to avoid memory leak - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - pNFS: Fix uninited ptr deref in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Fix stripe mapping in block/scsi layout - net: phy: smsc: add proper reset flags for LAN8710A - ipmi: Fix strcpy source and destination the same - kconfig: lxdialog: fix 'space' to (de)select options - kconfig: gconf: fix potential memory leak in renderer_edited() - kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - kconfig: nconf: Ensure null termination where strncpy is used - kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c - i3c: don't fail if GETHDRCAP is unsupported - PCI: pnv_php: Work around switches with broken presence detection - i3c: add missing include to internal header - media: uvcvideo: Fix bandwidth issue for Alcor camera - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: usb: hdpvr: disable zero-length read messages - media: tc358743: Increase FIFO trigger level to 374 - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt - media: tc358743: Check I2C succeeded during probe - pinctrl: stm32: Manage irq affinity settings - scsi: mpt3sas: Correctly handle ATA device errors - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - MIPS: Don't crash in stack_top() for tasks without ABI or vDSO - jfs: upper bound check of tree index in dbAllocAG - jfs: Regular file corruption check - jfs: truncate good inode pages when hard link is 0 - scsi: bfa: Double-free fix - MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: dw_wdt: Fix default timeout - fs/orangefs: use snprintf() instead of sprintf() - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - cifs: Fix calling CIFSFindFirst() for root path without msearch - vhost: fail early when __vhost_add_used() fails - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - uapi: in6: restore visibility of most IPv6 socket options - net: ncsi: Fix buffer overflow in fetching version id - net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - wifi: iwlegacy: Check rate_idx range after addition - netmem: fix skb_frag_address_safe with unreadable skbs - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - net: fec: allow disable coalescing - (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer - s390/stp: Remove udelay from stp_sync_clock() - wifi: iwlwifi: mvm: fix scan request validation - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: ipv4: fix incorrect MTU in broadcast routes - wifi: cfg80211: Fix interface type validation - rcu: Protect ->defer_qs_iw_pending from data race - net: ag71xx: Add missing check after DMA map - et131x: Add missing check after DMA map - be2net: Use correct byte order and format string for TCP seq and ack_seq - s390/time: Use monotonic clock in get_cycles() - wifi: cfg80211: reject HTC bit for management frames - ktest.pl: Prevent recursion of default variable options - ASoC: codecs: rt5640: Retry DEVICE_ID verification - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - usb: core: usb_submit_urb: downgrade type check - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - ACPI: processor: fix acpi_object initialization - PM: sleep: console: Fix the black screen issue - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - selftests: tracing: Use mutex_unlock for testing glob filter - ARM: tegra: Use I/O memcpy to write to IRAM - gpio: tps65912: check the return value of regmap_update_bits() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - ARM: rockchip: fix kernel hang during smp initialization - cpufreq: Exit governor when failed to start old governor - usb: xhci: Avoid showing errors during surprise removal - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing warnings for dying controller - selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t - usb: xhci: print xhci->xhc_state when queue_command failed - securityfs: don't pin dentries twice, once is enough... - hfs: fix not erasing deleted b-tree node issue - drbd: add missing kref_get in handle_write_conflicts - udf: Verify partition map count - arm64: Handle KCOV __init vs inline mismatches - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - sctp: linearize cloned gso packets in sctp_rcv - netfilter: ctnetlink: fix refcount leak on table dump - udp: also consider secpath when evaluating ipsec use for checksumming - ACPI: processor: perflib: Move problematic pr->performance check - ACPI: processor: perflib: Fix initial _PPC limit application - Documentation: ACPI: Fix parent device references - fs: Prevent file descriptor table allocations exceeding INT_MAX - sunvdc: Balance device refcount in vdc_port_mpgroup_check - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - net: dpaa: fix device leak when querying time stamp info - net: gianfar: fix device leak when querying time stamp info - netlink: avoid infinite retry looping in netlink_unicast() - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - io_uring: don't use int for ABI - usb: gadget : fix use-after-free in composite_dev_cleanup() - MIPS: mm: tlb-r4k: Uniquify TLB entries on init - USB: serial: option: add Foxconn T99W709 - vsock: Do not allow binding to VMADDR_PORT_ANY - net/packet: fix a race in packet_set_ring() and packet_notifier() - perf/core: Prevent VMA split of buffer mappings - perf/core: Exit early on perf_mmap() fail - perf/core: Don't leak AUX buffer refcount on allocation failure - pptp: fix pptp_xmit() error path - smb: client: let recv_done() cleanup before notifying the callers. - benet: fix BUG when creating VFs - net: drop UFO packets in udp_rcv_segment() - ipv6: reject malicious packets in ipv6_gso_segment() - pptp: ensure minimal skb length in pptp_xmit() - netpoll: prevent hanging NAPI when netcons gets enabled - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - pci/hotplug/pnv-php: Wrap warnings in macro - pci/hotplug/pnv-php: Improve error msg on power state change failure - usb: chipidea: udc: fix sleeping function called from invalid context - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: ds1307: fix incorrect maximum clock rate handling - module: Restore the moduleparam prefix length check - bpf: Check flow_dissector ctx accesses are aligned - mtd: rawnand: atmel: set pmecc data setup time - mtd: rawnand: atmel: Fix dma_mapping_error() address - jfs: fix metapage reference count leak in dbAllocCtl - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - crypto: qat - fix seq_file position update in adf_ring_next() - dmaengine: nbpfaxi: Add missing check after DMA map - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - fs/orangefs: Allow 2 more characters in do_c_string() - soundwire: stream: restore params when prepare ports fail - crypto: img-hash - Fix dma_unmap_sg() nents value - hwrng: mtk - handle devm_pm_runtime_enable errors - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() - scsi: isci: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - clk: sunxi-ng: v3s: Fix de clock definition - perf tests bp_account: Fix leaked file descriptor - crypto: ccp - Fix crash when rebind ccp device for ccp.ko - pinctrl: sunxi: Fix memory leak on krealloc failure - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - clk: davinci: Add NULL check in davinci_lpsc_clk_register() - mtd: fix possible integer overflow in erase_xfer() - crypto: marvell/cesa - Fix engine load inaccuracy - PCI: rockchip-host: Fix "Unexpected Completion" log message - vrf: Drop existing dst reference in vrf_ip6_input_dst - selftests: rtnetlink.sh: remove esp4_offload after test - netfilter: xt_nfacct: don't assume acct name is null-terminated - can: kvaser_usb: Assign netdev.dev_port based on device channel index - can: kvaser_pciefd: Store device channel index - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - mwl8k: Add missing check after DMA map - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - m68k: Don't unregister boot console needlessly - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - wifi: rtl818x: Kill URBs before clearing tx status queue - caif: reduce stack size, again - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - staging: nvec: Fix incorrect null termination of battery manufacturer - samples: mei: Fix building on musl libc - cpufreq: Init policy->rwsem before it may be possibly used - ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface - usb: early: xhci-dbc: Fix early_ioremap leak - Revert "vmci: Prevent the dispatching of uninitialized payloads" - pps: fix poll support - vmci: Prevent the dispatching of uninitialized payloads - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() - ARM: dts: vfxxx: Correctly use two tuples for timer address - hfsplus: remove mutex_lock check in hfsplus_free_extents - ASoC: Intel: fix SND_SOC_SOF dependencies - ethernet: intel: fix building with large NR_CPUS - usb: phy: mxs: disconnect line when USB charger is attached - usb: chipidea: add USB PHY event - usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use - usb: chipidea: udc: protect usb interrupt enable - usb: chipidea: udc: add new API ci_hdrc_gadget_connect - ALSA: hda: Add missing NVIDIA HDA codec IDs - comedi: comedi_test: Fix possible deletion of uninitialized timers - nilfs2: reject invalid file types when reading inodes - i2c: qup: jump out of the loop in case of timeout - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - net: appletalk: Fix use-after-free in AARP proxy probe - net: appletalk: fix kerneldoc warnings - RDMA/core: Rate limit GID cache warning messages - regulator: core: fix NULL dereference on unbind due to stale coupling data - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - net_sched: sch_sfq: reject invalid perturb period - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync - power: supply: bq24190_charger: Fix runtime PM imbalance on error - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS - virtio-net: ensure the received length does not exceed allocated size - ASoC: fsl_sai: Force a software reset when starting in consumer mode - usb: dwc3: qcom: Don't leave BCR asserted - usb: musb: fix gadget state on disconnect - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - usb: net: sierra: check for no status endpoint - net/sched: sch_qfq: Fix race condition on qfq_aggregate - net: emaclite: Fix missing pointer increment in aligned_read() - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() - comedi: Fix some signed shift left operations - comedi: das6402: Fix bit shift out of bounds - comedi: das16m1: Fix bit shift out of bounds - comedi: aio_iiro_16: Fix bit shift out of bounds - comedi: pcl812: Fix bit shift out of bounds - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - soc: aspeed: lpc-snoop: Cleanup resources in stack-order - mmc: sdhci_am654: Workaround for Errata i2312 - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - mmc: bcm2835: Fix dma_unmap_sg() nents value - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - isofs: Verify inode mode when loading from disk - dmaengine: nbpfaxi: Fix memory corruption in probe() - af_packet: fix soft lockup issue caused by tpacket_snd() - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - HID: core: do not bypass hid_hw_raw_request - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: ensure the allocated report buffer can contain the reserved report ID - pch_uart: Fix dma_sync_sg_for_device() nents value - Input: xpad - set correct controller type for Acer NGR200 - i2c: stm32: fix the device used for the DMA map - usb: gadget: configfs: Fix OOB read on empty string write - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - USB: serial: option: add Foxconn T99W640 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - LTS tag: v5.4.296 - x86/mm: Disable hugetlb page table sharing on 32-bit - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - vt: add missing notification when switching back to text mode - net: usb: qmi_wwan: add SIMCom 8230C composition - atm: idt77252: Add missing `dma_map_error()` - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - bnxt_en: Fix DCB ETS validation - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - net: appletalk: Fix device refcount leak in atrtr_create() - md/raid1: Fix stack memory use after return in raid1_reshape - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 - Input: xpad - support Acer NGR 200 Controller - Input: xpad - add VID for Turtle Beach controllers - Input: xpad - add support for Amazon Game Controller - NFSv4/flexfiles: Fix handling of NFS level errors in I/O - flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes - RDMA/mlx5: Fix vport loopback for MPV device - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - Revert "ACPI: battery: negate current when discharging" - usb: gadget: u_serial: Fix race condition in TTY wakeup - drm/sched: Increment job count before swapping tail spsc queue - pinctrl: qcom: msm: mark certain pins as invalid for interrupts - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - x86/mce: Don't remove sysfs if thresholding sysfs init fails - x86/mce/amd: Fix threshold limit reset - rxrpc: Fix oops due to non-existence of prealloc backlog struct - net/sched: Abort __tc_modify_qdisc if parent class does not exist - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - tipc: Fix use-after-free in tipc_conn_close(). - netlink: Fix wraparounds of sk->sk_rmem_alloc. - fix proc_sys_compare() handling of in-lookup dentries - proc: Clear the pieces of proc_inode that proc_evict_inode cares about - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() - media: uvcvideo: Rollback non processed entities on error - media: uvcvideo: Send control events for partial succeeds - media: uvcvideo: Return the number of processed controls - ACPI: PAD: fix crash in exit_round_robin() - usb: typec: displayport: Fix potential deadlock - Logitech C-270 even more broken - rose: fix dangling neighbour pointers in rose_rt_device_down() - net: rose: Fix fall-through warnings for Clang - drm/i915/gt: Fix timeline left held on VMA alloc error - drm/i915/selftests: Change mock_request() to return error pointers - spi: spi-fsl-dspi: Clear completion counter before initiating transfer - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write - dpaa2-eth: fix xdp_rxq_info leak - ethernet: atl1: Add missing DMA mapping error checks and count errors - btrfs: use btrfs_record_snapshot_destroy() during rmdir - btrfs: propagate last_unlink_trans earlier when doing a rmdir - RDMA/mlx5: Fix CC counters query for MPV - RDMA/core: Create and destroy counters in the ib_core - scsi: ufs: core: Fix spelling of a sysfs attribute name - drm/v3d: Disable interrupts before resetting the GPU - mtk-sd: reset host->mrq on prepare_data() error - mtk-sd: Prevent memory corruption from DMA map failure - mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods - regulator: gpio: Add input_supply support in gpio_regulator_config - ACPICA: Refuse to evaluate a method if arguments are missing - wifi: ath6kl: remove WARN on bad firmware input - wifi: mac80211: drop invalid source address OCB frames - powerpc: Fix struct termio related ioctl macros - ata: pata_cs5536: fix build on 32-bit UML - ALSA: sb: Force to disable DMAs once when DMA mode is changed - nui: Fix dma_mapping_error() check - enic: fix incorrect MTU comparison in enic_change_mtu() - amd-xgbe: align CL37 AN sequence as per databook - lib: test_objagg: Set error message in check_expect_hints_stats() - drm/exynos: fimd: Guard display clock control with runtime PM calls - btrfs: fix missing error handling when searching for inode refs during log replay - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data - usb: typec: altmodes/displayport: do not index invalid pin_assignments - mmc: sdhci: Add a helper function for dump register in dynamic debug mode - vsock/vmci: Clear the vmci transport packet properly when initializing it - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume - arm64: Restrict pagetable teardown to avoid false warning - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS - drm/bridge: cdns-dsi: Check return value when getting default PHY config - drm/bridge: cdns-dsi: Fix connecting to next bridge - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() - drm/tegra: Assign plane type before registration - HID: wacom: fix kobject reference count leak - HID: wacom: fix memory leak on sysfs attribute creation failure - HID: wacom: fix memory leak on kobject creation failure - dm-raid: fix variable in journal device check - Bluetooth: L2CAP: Fix L2CAP MTU negotiation - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). - net: enetc: Correct endianness handling in _enetc_rd_reg64 - um: ubd: Add missing error check in start_io_thread() - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors - wifi: mac80211: fix beacon interval calculation overflow - attach_recursive_mnt(): do not lock the covering tree when sliding something under it - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() - i2c: robotfuzz-osif: disable zero-length read messages - i2c: tiny-usb: disable zero-length read messages - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction - RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private - media: vivid: Change the siize of the composing - media: omap3isp: use sgtable-based scatterlist wrappers - media: cxusb: no longer judge rbuf when the write fails - media: cxusb: use dev_dbg() rather than hand-rolled debug - jfs: validate AG parameters in dbMount() to prevent crashes - fs/jfs: consolidate sanity checking in dbMount - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing - of: Add of_property_present() helper - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally - kbuild: hdrcheck: fix cross build with clang - kbuild: add --target to correctly cross-compile UAPI headers with Clang - bpfilter: match bit size of bpfilter_umh to that of the kernel - kbuild: use -MMD instead of -MD to exclude system headers from dependency - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF - ovl: Check for NULL d_inode() in ovl_dentry_upper() - ceph: fix possible integer overflow in ceph_zero_objects() - ALSA: hda: Ignore unsol events for cards being shut down - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s - usb: Add checks for snprintf() calls in usb_alloc_dev() - tty: serial: uartlite: register uart driver in init - usb: potential integer overflow in usbg_make_tpg() - iio: pressure: zpa2326: Use aligned_s64 for the timestamp - md/md-bitmap: fix dm-raid max_write_behind setting - dmaengine: xilinx_dma: Set dma_device directions - mfd: max14577: Fix wakeup source leaks on device unbind - mailbox: Not protect module_put with spin_lock_irqsave - cifs: Fix cifs_query_path_info() for Windows NT servers Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- drm/amd/display: Skip on writeback when it's not applicable {CVE-2024-36914} - ASoC: topology: Fix references to freed memory {CVE-2024-41069} - Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966} - Bluetooth: SCO: Fix not validating setsockopt user input - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - xfs: don't walk off the end of a directory data block {CVE-2024-41013} - wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937} - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - net/rds: Fix rs_recv_pending counting issue - LTS tag: v5.4.301 - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg - media: s5p-mfc: remove an unused/uninitialized variable - NFSD: Fix last write offset handling in layoutcommit - NFSD: Minor cleanup in layoutcommit processing - padata: Reset next CPU when reorder sequence wraps around - KEYS: trusted_tpm1: Compare HMAC values in constant time - NFSD: Define a proc_layoutcommit for the FlexFiles layout type {CVE-2025-40087} - vfs: Don't leak disconnected dentries on umount {CVE-2025-40105} - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination {CVE-2025-40167} - drm/amdgpu: use atomic functions with memory barriers for vm fault info - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() {CVE-2025-40198} - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Flush posted register writes before INDAC access - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - memory: samsung: exynos-srom: Correct alignment - arm64: errata: Apply workarounds for Neoverse-V3AE - arm64: cputype: Add Neoverse-V3AE definitions - comedi: fix divide-by-zero in comedi_buf_munge() {CVE-2025-40106} - binder: remove "invalid inc weak" check - xhci: dbc: enable back DbC in resume if it was enabled before suspend - usb/core/quirks: Add Huawei ME906S to wakeup quirk - USB: serial: option: add Telit FN920C04 ECM compositions - USB: serial: option: add Quectel RG255C - USB: serial: option: add UNISOC UIS7720 - net: ravb: Ensure memory write completes before ringing TX doorbell - net: usb: rtl8150: Fix frame padding - ocfs2: clear extent cache after moving/defragmenting extents - MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering - Revert "cpuidle: menu: Avoid discarding useful information" - net: bonding: fix possible peer notify event loss or dup issue - sctp: avoid NULL dereference when chunk data buffer is missing - arm64, mm: avoid always making PTE dirty in pte_mkwrite() - net: enetc: correct the value of ENETC_RXB_TRUESIZE - rtnetlink: Allow deleting FDB entries in user namespace - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del - net: add ndo_fdb_del_bulk - net: rtnetlink: add bulk delete support flag - net: netlink: add NLM_F_BULK delete request modifier - net: rtnetlink: use BIT for flag values - net: rtnetlink: add helper to extract msg type's kind - net: rtnetlink: add msg kind names - net: rtnetlink: remove redundant assignment to variable err - m68k: bitops: Fix find_*_bit() signatures - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - dlm: check for defined force value in dlm_lockspace_release - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: make proper initalization of struct hfs_find_data - hfs: clear offset and space out of valid records in b-tree node - exec: Fix incorrect type for ret - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() {CVE-2025-40088} - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - sched/fair: Fix pelt lost idle time detection - sched/balancing: Rename newidle_balance() => sched_balance_newidle() - sched/fair: Trivial correction of the newidle_balance() comment - sched: Make newidle_balance() static again - tls: don't rely on tx_work during send() - tls: always set record_type in tls_process_cmsg - tg3: prevent use of uninitialized remote_adv and local_adv variables - tcp: fix tcp_tso_should_defer() vs large RTT - amd-xgbe: Avoid spurious link down messages during interface toggle - net/ip6_tunnel: Prevent perpetual tunnel growth {CVE-2025-40173} - net: dlink: handle dma_map_single() failure properly - net: dl2k: switch from 'pci_' to 'dma_' API - media: pci: ivtv: Add missing check after DMA map - media: pci/ivtv: switch from 'pci_' to 'dma_' API {CVE-2024-43877} - xen/events: Update virq_to_irq on migration - media: lirc: Fix error handling in lirc_register() - media: rc: Directly use ida_free() - drm/exynos: exynos7_drm_decon: remove ctx->suspended - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() {CVE-2025-40205} - pwm: berlin: Fix wrong register in suspend/resume {CVE-2025-40188} - media: cx18: Add missing check after DMA map - xen/events: Cleanup find_virq() return codes - cramfs: Verify inode mode when loading from disk - fs: Add 'initramfs_options' to set initramfs mount options - pid: Add a judgment for ns null in pid_nr_ns {CVE-2025-40178} - minixfs: Verify inode mode when loading from disk - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference {CVE-2025-40042} - dm: fix NULL pointer dereference in __dm_suspend() {CVE-2025-40134} - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - Squashfs: reject negative file sizes in squashfs_read_inode() {CVE-2025-40200} - Squashfs: add additional inode sanity checking - media: mc: Clear minor number before put device {CVE-2025-40197} - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - fs: udf: fix OOB read in lengthAllocDescs handling {CVE-2025-40044} - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O {CVE-2025-40026} - net/9p: fix double req put in p9_fd_cancelled {CVE-2025-40027} - ext4: guard against EA inode refcount underflow in xattr update {CVE-2025-40190} - ext4: correctly handle queries for metadata mappings - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - x86/umip: Check that the instruction opcode is at least two bytes - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - rseq/selftests: Use weak symbol reference, not definition, to link with glibc - rtc: interface: Fix long-standing race when setting alarm - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - mmc: core: SPI mode remove cmd7 - mtd: rawnand: fsmc: Default to autodetect buswidth - sparc: fix error handling in scan_one_device() - sparc64: fix hugetlb for sun4u - sctp: Fix MAC comparison to be constant-time {CVE-2025-40204} - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - parisc: don't reference obsolete termio struct for TC* constants - lib/genalloc: fix device leak in of_gen_pool_get() - iio: frequency: adf4350: Fix prescaler usage. - iio: dac: ad5421: use int type to store negative error codes - iio: dac: ad5360: use int type to store negative error codes - crypto: atmel - Fix dma_unmap_sg() direction - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() {CVE-2025-40194} - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - media: i2c: mt9v111: fix incorrect type for ret - firmware: meson_sm: fix device leak at probe - xen/manage: Fix suspend error path - arm64: dts: qcom: msm8916: Add missing MDSS reset - ACPI: debug: fix signedness issues in read/write helpers - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - tpm, tpm_tis: Claim locality before writing interrupt registers - crypto: essiv - Check ssize for decryption and in-place encryption {CVE-2025-40019} - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - tools build: Align warning options with perf - net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). {CVE-2025-40186} - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() {CVE-2025-40187} - drm/vmwgfx: Fix Use-after-free in validation {CVE-2025-40111} - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue {CVE-2025-40001} - scsi: mvsas: Use sas_task_find_rq() for tagging - scsi: mvsas: Delete mvs_tag_init() - scsi: libsas: Add sas_task_find_rq() - clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver - clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() - perf session: Fix handling when buffer exceeds 2 GiB - rtc: x1205: Fix Xicor X1205 vendor prefix - perf util: Fix compression checks returning -1 as bool - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - clocksource/drivers/clps711x: Fix resource leaks in error paths - pinctrl: check the return value of pinmux_ops::get_function_name() {CVE-2025-40030} - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak {CVE-2025-40035} - mm: hugetlb: avoid soft lockup when mprotect to large memory area {CVE-2025-40153} - uio_hv_generic: Let userspace take care of interrupt mask {CVE-2025-40048} - Squashfs: fix uninit-value in squashfs_get_parent {CVE-2025-40049} - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - nfp: fix RSS hash key size when RSS is not supported - drivers/base/node: fix double free in register_one_node() - ocfs2: fix double free in user_cluster_connect() {CVE-2025-40055} - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast {CVE-2025-40140} - RDMA/siw: Always report immediate post SQ errors - usb: vhci-hcd: Prevent suspending virtually attached devices - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() {CVE-2025-40115} - ipvs: Defer ip_vs_ftp unregister during netns cleanup {CVE-2025-40018} - NFSv4.1: fix backchannel max_resp_sz verification check - remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - sparc: fix accurate exception reporting in copy_{from,to}_user for M7 - sparc: fix accurate exception reporting in copy_to_user for Niagara 4 - sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara {CVE-2025-40112} - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III {CVE-2025-40124} - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC {CVE-2025-40126} - IB/sa: Fix sa_local_svc_timeout_ms read race - RDMA/core: Resolve MAC of next-hop device without ARP support - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - drivers/base/node: handle error properly in register_one_node() - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog - netfilter: ipset: Remove unused htable_bits in macro ahash_region - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping {CVE-2025-40121} - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154} - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - pps: fix warning in pps_register_cdev when register device fail {CVE-2025-40070} - misc: genwqe: Fix incorrect cmd field being reported in error - usb: gadget: configfs: Correctly set use_os_string at bind - usb: phy: twl6030: Fix incorrect type for ret - tcp: fix __tcp_close() to only send RST when required - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - wifi: mwifiex: send world regulatory domain to driver - ALSA: lx_core: use int type to store negative error codes - media: rj54n1cb0c: Fix memleak in rj54n1_probe() - scsi: myrs: Fix dma_alloc_coherent() error check - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod {CVE-2025-40118} - serial: max310x: Add error checking in probe() - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup {CVE-2025-40116} - drm/radeon/r600_cs: clean up of dead code in r600_cs - i2c: designware: Add disabling clocks when probe fails - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - bpf: Explicitly check accesses to bpf_sock_addr {CVE-2025-40078} - selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported - pwm: tiehrpwm: Fix corner case in clock divisor calculation - block: use int to store blk_stack_limits() return value - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx {CVE-2025-40125} - pinctrl: meson-gxl: add missing i2c_d pinmux - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - regmap: Remove superfluous check for !config in __regmap_init() - x86/vdso: Fix output operand size of RDPID - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() {CVE-2025-40081} - driver core/PM: Set power.no_callbacks along with power.no_pm - staging: axis-fifo: flush RX FIFO on read errors - staging: axis-fifo: fix maximum TX packet length check - perf subcmd: avoid crash in exclude_cmds when excludes is empty - dm-integrity: limit MAX_TAG_SIZE to 255 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - USB: serial: option: add SIMCom 8230C compositions - media: rc: fix races with imon_disconnect() {CVE-2025-39993} - media: imon: grab lock earlier in imon_ir_change_protocol() - media: imon: reorganize serialization - media: rc: Add support for another iMON 0xffdc device - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe {CVE-2025-39995} - media: tuner: xc5000: Fix use-after-free in xc5000_release {CVE-2025-39994} - media: tunner: xc5000: Refactor firmware load - udp: Fix memory accounting leak. {CVE-2025-22058} - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove {CVE-2025-39996} - scsi: target: target_core_configfs: Add length check to avoid buffer overflow {CVE-2025-39998} - LTS tag: v5.4.300 - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - mm/hugetlb: fix folio is still mapped when deleted {CVE-2025-40006} - i40e: add mask to apply valid bits for itr_idx - i40e: fix validation of VF state in get resources {CVE-2025-39969} - i40e: fix idx validation in config queues msg {CVE-2025-39971} - i40e: add validation for ring_len param {CVE-2025-39973} - i40e: increase max descriptors for XL710 - mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() {CVE-2025-21861} - fbcon: Fix OOB access in font allocation - fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967} - i40e: add max boundary check for VF filters {CVE-2025-39968} - i40e: fix input validation logic for action_meta {CVE-2025-39970} - i40e: fix idx validation in i40e_validate_queue_map {CVE-2025-39972} - drm/gma500: Fix null dereference in hdmi teardown {CVE-2025-40011} - can: peak_usb: fix shift-out-of-bounds issue {CVE-2025-40020} - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39985} - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39986} - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39987} - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - usb: core: Add 0x prefix to quirks debug output - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - ALSA: usb-audio: Convert comma to semicolon - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer {CVE-2025-39937} - net: rfkill: gpio: add DT support - serial: sc16is7xx: fix bug in flow control levels init - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - usb: gadget: dummy_hcd: remove usage of list iterator past the loop body - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - ASoC: wm8974: Correct PLL rate rounding - ASoC: wm8940: Correct typo in control name - mmc: mvsdio: Fix dma_unmap_sg() nents value - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} - net: liquidio: fix overflow in octeon_init_instr_queue() - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955} - i40e: remove redundant memory barrier when cleaning Tx descs - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - cgroup: split cgroup_destroy_wq into 3 workqueues {CVE-2025-39953} - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch - wifi: mac80211: fix incorrect type for ret - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883} - phy: ti-pipe3: fix device leak at unbind - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees {CVE-2025-39923} - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map {CVE-2025-39869} - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911} - i40e: Use irq_update_affinity_hint() - genirq: Provide new interfaces for affinity hints - genirq: Export affinity setter for modules - genirq/affinity: Add irq_update_affinity_desc() - igb: fix link test skipping when interface is admin down - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() {CVE-2025-39876} - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing - mtd: nand: raw: atmel: Fix comment in timings preparation - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer {CVE-2025-39907} - mm/khugepaged: fix the address passed to notifier on testing young - fuse: prevent overflow in copy_file_range return value - fuse: check if copy_file_range() returns larger than requested size - mtd: rawnand: stm32_fmc2: fix ECC overwrite - ocfs2: fix recursive semaphore deadlock in fiemap call {CVE-2025-39885} - EDAC/altera: Delete an inappropriate dma_free_coherent() call - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. {CVE-2025-39913} - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. {CVE-2025-23143} - device-dax: correct pgoff align in dax_set_mapping() {CVE-2024-50022} - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer - rds: Free all frags when rds_ib_recv_cache_put() fails - bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags - NFSv4: Don't clear capabilities that won't be reset - power: supply: bq27xxx: restrict no-battery detection to bq27000 - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - usb: hub: Fix flushing of delayed work used for post resume purposes - soc: qcom: mdt_loader: Deal with zero e_shentsize - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - LTS tag: v5.4.299 - scsi: lpfc: Fix buffer free/clear order in deferred receive path {CVE-2025-39841} - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() - cifs: fix integer overflow in match_server() - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort - spi: spi-fsl-lpspi: Set correct chip-select polarity bit - spi: spi-fsl-lpspi: Fix transmissions when using CONT - pcmcia: Add error handling for add_interval() in do_validate_mem() {CVE-2025-39920} - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - randstruct: gcc-plugin: Fix attribute addition - randstruct: gcc-plugin: Remove bogus void member - vmxnet3: update MTU after device quiesce - net: dsa: microchip: linearize skb for tail-tagging switches - net: dsa: microchip: update tag_ksz masks for KSZ9477 family - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup - gpio: pca953x: fix IRQ storm on system wake up - iio: light: opt3001: fix deadlock due to concurrent flag access {CVE-2025-37968} - iio: chemical: pms7003: use aligned_s64 for timestamp - cpufreq/sched: Explicitly synchronize limits_changed flag handling - mm/slub: avoid accessing metadata when pointer is invalid in object_err() {CVE-2025-39902} - mm/khugepaged: fix ->anon_vma race {CVE-2023-52935} - e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898} - batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839} - drm/amdgpu: drop hw access in non-DC audio fini - wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891} - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() {CVE-2025-39846} - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - ppp: fix memory leak in pad_compress_skb {CVE-2025-39847} - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ax25: properly unshare skbs in ax25_kiss_rcv() {CVE-2025-39848} - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net: thunder_bgx: add a missing of_node_put - wifi: libertas: cap SSID len in lbs_associate() - wifi: cw1200: cap SSID length in cw1200_do_join() - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853} - icmp: fix icmp_ndo_send address translation for reply direction - mISDN: Fix memory leak in dsp_hwec_enable() - xirc2ps_cs: fix register access when enabling FullDuplex - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() {CVE-2025-39860} - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: cfg80211: fix use-after-free in cmp_bss() {CVE-2025-39864} - powerpc: boot: Remove leading zero in label in udelay() - hugetlbfs: take read_lock on i_mmap for PMD sharing - kallsyms: add module_kallsyms_on_each_symbol_locked - kallsyms: export module_kallsyms_on_each_symbol - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499} - x86/vmscape: Warn when STIBP is disabled with SMT - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Enable the mitigation - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Add old Intel CPUs to affected list - x86/vmscape: Enumerate VMSCAPE bug - Documentation/hw-vuln: Add VMSCAPE documentation - LTS tag: v5.4.298 - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() {CVE-2025-39808} - HID: wacom: Add a new Art Pen 2 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824} - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} - sctp: initialize more fields in sctp_v6_from_sk() {CVE-2025-39812} - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net/mlx5e: Set local Xoff after FW update - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Update and set Xon/Xoff upon MTU set - net: dlink: fix multicast stats being counted incorrectly - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). {CVE-2025-39828} - net/atm: remove the atmdev_ops {get, set}sockopt methods - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - powerpc/kvm: Fix ifdef to remove build warning - net: ipv4: fix regression in local-broadcast routes - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - scsi: core: sysfs: Correct sysfs attributes access rights - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump {CVE-2025-39813} - pinctrl: STMFX: add missing HAS_IOMEM dependency - LTS tag: v5.4.297 - alloc_fdtable(): change calling conventions. - s390/hypfs: Enable limited access during lockdown - s390/hypfs: Avoid unnecessary ioctl registration in debugfs - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit {CVE-2025-39766} - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - scsi: qla4xxx: Prevent a potential error pointer dereference {CVE-2025-39676} - usb: xhci: Fix slot_id resource race conflict - nfs: fix UAF in direct writes {CVE-2024-26958} - NFS: Fix up commit deadlocks - cifs: Fix UAF in cifs_demultiplex_thread() {CVE-2023-52572} - Bluetooth: fix use-after-free in device_for_each_child() {CVE-2024-53237} - act_mirred: use the backlog for nested calls to mirred ingress {CVE-2022-4269} - net/sched: act_mirred: better wording on protection against excessive stack growth - net/sched: act_mirred: refactor the handle of xmit - selftests: forwarding: tc_actions.sh: add matchall mirror test - net: sched: don't expose action qstats to skb_tc_reinsert() - net: sched: extract qstats update code into functions - net: sched: extract bstats update code into function - net: sched: extract common action counters update code into function - mm: perform the mapping_map_writable() check after call_mmap() - mm: update memfd seal write check to include F_SEAL_WRITE - mm: drop the assumption that VM_SHARED always implies writable - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798} - sch_qfq: make qfq_qlen_notify() idempotent - sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177} - sch_drr: make drr_qlen_notify() idempotent - btrfs: populate otime when logging an inode item - media: venus: hfi: explicitly release IRQ during teardown - f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677} - media: venus: protect against spurious interrupts during probe {CVE-2025-39709} - media: qcom: camss: cleanup media device allocated resource on error path - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - pwm: mediatek: Fix duty and period setting - pwm: mediatek: Handle hardware enable and clock enable separately - pwm: mediatek: Implement .apply() callback - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() {CVE-2025-39713} - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: v4l2-ctrls: always copy the controls on completion - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - soc: qcom: mdt_loader: Ensure we don't read past the ELF header {CVE-2025-39787} - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - usb: musb: omap2430: fix device leak at unbind - NFS: Fix the setting of capabilities when automounting a new filesystem {CVE-2025-39798} - NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() - NFSv4: Fix nfs4_bitmap_copy_adjust() - usb: typec: fusb302: cache PD RX state - cdc-acm: fix race between initial clearing halt and open - USB: cdc-acm: do not log successful probe on later errors - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock {CVE-2025-39736} - mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - x86/fpu: Delay instruction pointer fixup until after warning - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - tracing: Add down_write(trace_event_sem) when adding trace event {CVE-2025-38539} - usb: hub: Don't try to recover devices lost during warm reset. - usb: hub: avoid warm port reset during USB3 disconnect - x86/mce/amd: Add default names for MCA banks and blocks - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - f2fs: fix to do sanity check on ino and xnid {CVE-2025-38347} - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() - drm/sched: Remove optimization that causes hang when killing dependent jobs - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() {CVE-2025-38664} - net: usbnet: Fix the wrong netif_carrier_on() call - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value {CVE-2022-50327} - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large {CVE-2025-38481} - comedi: Fix initialization of data for instructions that write to subdevice {CVE-2025-38478} - kbuild: Add KBUILD_CPPFLAGS to as-option invocation - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS - kbuild: Add CLANG_FLAGS to as-instr - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation - kbuild: Update assembler calls to use proper flags and language target - ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - iio: proximity: isl29501: fix buffered read on big-endian systems - ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689} - fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() - use uniform permission checks for all mount propagation changes - move_mount: allow to add a mount into an existing group - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - memstick: Fix deadlock by moving removing flag earlier - media: venus: Add a check for packet size after reading from shared memory {CVE-2025-39710} - media: ov2659: Fix memory leaks in ov2659_probe() - media: usbtv: Lock resolution while streaming {CVE-2025-39714} - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: gspca: Add bounds checking to firmware parser - soc/tegra: pmc: Ensure power-domains are in a known state - jbd2: prevent softlockup in jbd2_log_do_checkpoint() {CVE-2025-39782} - PCI: endpoint: Fix configfs group removal on driver teardown - PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783} - mtd: rawnand: fsmc: Add missing check after DMA map - pwm: imx-tpm: Reset counter if CMOD is 0 - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - zynq_fpga: use sgtable-based scatterlist wrappers - ata: libata-scsi: Fix ata_to_sense_error() status handling - ext4: fix reserved gdt blocks handling in fsmap - ext4: fix fsmap end of range reporting with bigalloc - ext4: check fast symlink for ea_inode correctly - vt: defkeymap: Map keycodes above 127 to K_HOLE - vt: keyboard: Don't process Unicode characters in K_OFF mode - usb: dwc3: meson-g12a: fix device leaks at unbind - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - m68k: Fix lost column on framebuffer debug console - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() - serial: 8250: fix panic due to PSLVERR {CVE-2025-39724} - media: uvcvideo: Do not mark valid metadata as invalid - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() {CVE-2025-39737} - parisc: Makefile: fix a typo in palo.conf - btrfs: fix log tree replay failure due to file with 0 links and extents - thunderbolt: Fix copy+paste error in match_service_id() - comedi: fix race between polling and detaching {CVE-2025-38687} - misc: rtsx: usb: Ensure mmc child device is active when card is present - drm/amdgpu: fix incorrect vm flags to map bo - scsi: lpfc: Remove redundant assignment to avoid memory leak - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - pNFS: Fix uninited ptr deref in block/scsi layout {CVE-2025-38691} - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Fix stripe mapping in block/scsi layout - net: phy: smsc: add proper reset flags for LAN8710A - ipmi: Fix strcpy source and destination the same - kconfig: lxdialog: fix 'space' to (de)select options - kconfig: gconf: fix potential memory leak in renderer_edited() - kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - kconfig: nconf: Ensure null termination where strncpy is used - kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c - i3c: don't fail if GETHDRCAP is unsupported - PCI: pnv_php: Work around switches with broken presence detection - i3c: add missing include to internal header - media: uvcvideo: Fix bandwidth issue for Alcor camera - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar {CVE-2025-38693} - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() {CVE-2025-38694} - media: usb: hdpvr: disable zero-length read messages - media: tc358743: Increase FIFO trigger level to 374 - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt - media: tc358743: Check I2C succeeded during probe - pinctrl: stm32: Manage irq affinity settings - scsi: mpt3sas: Correctly handle ATA device errors - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure {CVE-2025-38695} - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() {CVE-2025-39742} - MIPS: Don't crash in stack_top() for tasks without ABI or vDSO {CVE-2025-38696} - jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697} - jfs: Regular file corruption check {CVE-2025-38698} - jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743} - scsi: bfa: Double-free fix {CVE-2025-38699} - MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: dw_wdt: Fix default timeout - fs/orangefs: use snprintf() instead of sprintf() - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated {CVE-2025-38700} - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr {CVE-2025-38701} - cifs: Fix calling CIFSFindFirst() for root path without msearch - vhost: fail early when __vhost_add_used() fails - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - uapi: in6: restore visibility of most IPv6 socket options - net: ncsi: Fix buffer overflow in fetching version id - net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - wifi: iwlegacy: Check rate_idx range after addition - netmem: fix skb_frag_address_safe with unreadable skbs - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - net: fec: allow disable coalescing - (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer - s390/stp: Remove udelay from stp_sync_clock() - wifi: iwlwifi: mvm: fix scan request validation - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: ipv4: fix incorrect MTU in broadcast routes - wifi: cfg80211: Fix interface type validation - rcu: Protect ->defer_qs_iw_pending from data race {CVE-2025-39749} - net: ag71xx: Add missing check after DMA map - et131x: Add missing check after DMA map - be2net: Use correct byte order and format string for TCP seq and ack_seq - s390/time: Use monotonic clock in get_cycles() - wifi: cfg80211: reject HTC bit for management frames - ktest.pl: Prevent recursion of default variable options - ASoC: codecs: rt5640: Retry DEVICE_ID verification - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - usb: core: usb_submit_urb: downgrade type check - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - ACPI: processor: fix acpi_object initialization - PM: sleep: console: Fix the black screen issue - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - selftests: tracing: Use mutex_unlock for testing glob filter - ARM: tegra: Use I/O memcpy to write to IRAM {CVE-2025-39794} - gpio: tps65912: check the return value of regmap_update_bits() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - ARM: rockchip: fix kernel hang during smp initialization {CVE-2025-39752} - cpufreq: Exit governor when failed to start old governor - usb: xhci: Avoid showing errors during surprise removal - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing warnings for dying controller - selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t - usb: xhci: print xhci->xhc_state when queue_command failed - securityfs: don't pin dentries twice, once is enough... - hfs: fix not erasing deleted b-tree node issue - drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708} - udf: Verify partition map count - arm64: Handle KCOV __init vs inline mismatches - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() {CVE-2025-38712} - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-40082} - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714} - hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715} - sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} - netfilter: ctnetlink: fix refcount leak on table dump {CVE-2025-38721} - udp: also consider secpath when evaluating ipsec use for checksumming - ACPI: processor: perflib: Move problematic pr->performance check {CVE-2025-39799} - ACPI: processor: perflib: Fix initial _PPC limit application - Documentation: ACPI: Fix parent device references - fs: Prevent file descriptor table allocations exceeding INT_MAX {CVE-2025-39756} - sunvdc: Balance device refcount in vdc_port_mpgroup_check - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - net: dpaa: fix device leak when querying time stamp info - net: gianfar: fix device leak when querying time stamp info - netlink: avoid infinite retry looping in netlink_unicast() {CVE-2025-38727} - ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} - io_uring: don't use int for ABI - usb: gadget : fix use-after-free in composite_dev_cleanup() {CVE-2025-38555} - MIPS: mm: tlb-r4k: Uniquify TLB entries on init - USB: serial: option: add Foxconn T99W709 - vsock: Do not allow binding to VMADDR_PORT_ANY {CVE-2025-38618} - net/packet: fix a race in packet_set_ring() and packet_notifier() {CVE-2025-38617} - perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563} - perf/core: Exit early on perf_mmap() fail {CVE-2025-38565} - perf/core: Don't leak AUX buffer refcount on allocation failure - pptp: fix pptp_xmit() error path - smb: client: let recv_done() cleanup before notifying the callers. - benet: fix BUG when creating VFs {CVE-2025-38569} - net: drop UFO packets in udp_rcv_segment() {CVE-2025-38622} - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} - netpoll: prevent hanging NAPI when netcons gets enabled - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() {CVE-2025-39730} - pci/hotplug/pnv-php: Wrap warnings in macro - pci/hotplug/pnv-php: Improve error msg on power state change failure - usb: chipidea: udc: fix sleeping function called from invalid context - f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652} - f2fs: fix to avoid panic in f2fs_evict_inode {CVE-2025-38577} - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() {CVE-2025-38578} - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: ds1307: fix incorrect maximum clock rate handling - module: Restore the moduleparam prefix length check - bpf: Check flow_dissector ctx accesses are aligned - mtd: rawnand: atmel: set pmecc data setup time - mtd: rawnand: atmel: Fix dma_mapping_error() address - jfs: fix metapage reference count leak in dbAllocCtl - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref {CVE-2025-38630} - crypto: qat - fix seq_file position update in adf_ring_next() - dmaengine: nbpfaxi: Add missing check after DMA map - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - fs/orangefs: Allow 2 more characters in do_c_string() - soundwire: stream: restore params when prepare ports fail - crypto: img-hash - Fix dma_unmap_sg() nents value - hwrng: mtk - handle devm_pm_runtime_enable errors - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() - scsi: isci: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - clk: sunxi-ng: v3s: Fix de clock definition - perf tests bp_account: Fix leaked file descriptor - crypto: ccp - Fix crash when rebind ccp device for ccp.ko {CVE-2025-38581} - pinctrl: sunxi: Fix memory leak on krealloc failure - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - clk: davinci: Add NULL check in davinci_lpsc_clk_register() {CVE-2025-38635} - mtd: fix possible integer overflow in erase_xfer() - crypto: marvell/cesa - Fix engine load inaccuracy - PCI: rockchip-host: Fix "Unexpected Completion" log message - vrf: Drop existing dst reference in vrf_ip6_input_dst - selftests: rtnetlink.sh: remove esp4_offload after test - netfilter: xt_nfacct: don't assume acct name is null-terminated {CVE-2025-38639} - can: kvaser_usb: Assign netdev.dev_port based on device channel index - can: kvaser_pciefd: Store device channel index - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - mwl8k: Add missing check after DMA map - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - net/sched: Restrict conditions for adding duplicating netems to qdisc tree {CVE-2025-38553} - arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - m68k: Don't unregister boot console needlessly - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - iwlwifi: Add missing check for alloc_ordered_workqueue {CVE-2025-38656} - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - wifi: rtl818x: Kill URBs before clearing tx status queue {CVE-2025-38604} - caif: reduce stack size, again - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls {CVE-2025-38608} - staging: nvec: Fix incorrect null termination of battery manufacturer - samples: mei: Fix building on musl libc - cpufreq: Init policy->rwsem before it may be possibly used - ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface - usb: early: xhci-dbc: Fix early_ioremap leak - Revert "vmci: Prevent the dispatching of uninitialized payloads" {CVE-2025-38611} - pps: fix poll support - vmci: Prevent the dispatching of uninitialized payloads {CVE-2025-38611} - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() {CVE-2025-38612} - ARM: dts: vfxxx: Correctly use two tuples for timer address - hfsplus: remove mutex_lock check in hfsplus_free_extents {CVE-2025-38650} - ASoC: Intel: fix SND_SOC_SOF dependencies - ethernet: intel: fix building with large NR_CPUS - usb: phy: mxs: disconnect line when USB charger is attached - usb: chipidea: add USB PHY event - usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use - usb: chipidea: udc: protect usb interrupt enable - usb: chipidea: udc: add new API ci_hdrc_gadget_connect - ALSA: hda: Add missing NVIDIA HDA codec IDs - comedi: comedi_test: Fix possible deletion of uninitialized timers - nilfs2: reject invalid file types when reading inodes {CVE-2025-38663} - i2c: qup: jump out of the loop in case of timeout {CVE-2025-38671} - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666} - net: appletalk: fix kerneldoc warnings - RDMA/core: Rate limit GID cache warning messages - regulator: core: fix NULL dereference on unbind due to stale coupling data {CVE-2025-38668} - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - net_sched: sch_sfq: reject invalid perturb period {CVE-2025-38193} - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition {CVE-2023-33288} - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync - power: supply: bq24190_charger: Fix runtime PM imbalance on error - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS - virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375} - ASoC: fsl_sai: Force a software reset when starting in consumer mode - usb: dwc3: qcom: Don't leave BCR asserted - usb: musb: fix gadget state on disconnect - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree {CVE-2025-38468} - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime {CVE-2025-38470} - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() {CVE-2025-38473} - usb: net: sierra: check for no status endpoint {CVE-2025-38474} - net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} - net: emaclite: Fix missing pointer increment in aligned_read() - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() {CVE-2025-38480} - comedi: Fix some signed shift left operations - comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482} - comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483} - comedi: aio_iiro_16: Fix bit shift out of bounds {CVE-2025-38529} - comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530} - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled {CVE-2025-38487} - soc: aspeed: lpc-snoop: Cleanup resources in stack-order - mmc: sdhci_am654: Workaround for Errata i2312 - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - mmc: bcm2835: Fix dma_unmap_sg() nents value - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - isofs: Verify inode mode when loading from disk - dmaengine: nbpfaxi: Fix memory corruption in probe() {CVE-2025-38538} - af_packet: fix soft lockup issue caused by tpacket_snd() - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38495} - pch_uart: Fix dma_sync_sg_for_device() nents value - Input: xpad - set correct controller type for Acer NGR200 - i2c: stm32: fix the device used for the DMA map - usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497} - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - USB: serial: option: add Foxconn T99W640 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - LTS tag: v5.4.296 - x86/mm: Disable hugetlb page table sharing on 32-bit - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras {CVE-2025-38540} - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - vt: add missing notification when switching back to text mode - net: usb: qmi_wwan: add SIMCom 8230C composition - atm: idt77252: Add missing `dma_map_error()` - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT {CVE-2025-38439} - bnxt_en: Fix DCB ETS validation - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - net: appletalk: Fix device refcount leak in atrtr_create() {CVE-2025-38542} - md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445} - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() {CVE-2025-38513} - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 - Input: xpad - support Acer NGR 200 Controller - Input: xpad - add VID for Turtle Beach controllers - Input: xpad - add support for Amazon Game Controller - NFSv4/flexfiles: Fix handling of NFS level errors in I/O - flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes - RDMA/mlx5: Fix vport loopback for MPV device - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - Revert "ACPI: battery: negate current when discharging" - usb: gadget: u_serial: Fix race condition in TTY wakeup {CVE-2025-38448} - drm/sched: Increment job count before swapping tail spsc queue {CVE-2025-38515} - pinctrl: qcom: msm: mark certain pins as invalid for interrupts {CVE-2025-38516} - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - x86/mce: Don't remove sysfs if thresholding sysfs init fails - x86/mce/amd: Fix threshold limit reset - rxrpc: Fix oops due to non-existence of prealloc backlog struct {CVE-2025-38514} - net/sched: Abort __tc_modify_qdisc if parent class does not exist {CVE-2025-38457} - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() {CVE-2025-38458} - atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} - atm: clip: Fix memory leak of struct clip_vcc. {CVE-2025-38546} - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). {CVE-2025-38460} - tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464} - netlink: Fix wraparounds of sk->sk_rmem_alloc. {CVE-2025-38465} - fix proc_sys_compare() handling of in-lookup dentries - proc: Clear the pieces of proc_inode that proc_evict_inode cares about - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling {CVE-2025-38467} - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() - media: uvcvideo: Rollback non processed entities on error - media: uvcvideo: Send control events for partial succeeds - media: uvcvideo: Return the number of processed controls - ACPI: PAD: fix crash in exit_round_robin() {CVE-2024-49935} - usb: typec: displayport: Fix potential deadlock {CVE-2025-38404} - Logitech C-270 even more broken - rose: fix dangling neighbour pointers in rose_rt_device_down() {CVE-2025-38377} - net: rose: Fix fall-through warnings for Clang - drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389} - drm/i915/selftests: Change mock_request() to return error pointers - spi: spi-fsl-dspi: Clear completion counter before initiating transfer - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write - dpaa2-eth: fix xdp_rxq_info leak - ethernet: atl1: Add missing DMA mapping error checks and count errors - btrfs: use btrfs_record_snapshot_destroy() during rmdir - btrfs: propagate last_unlink_trans earlier when doing a rmdir - RDMA/mlx5: Fix CC counters query for MPV - RDMA/core: Create and destroy counters in the ib_core - scsi: ufs: core: Fix spelling of a sysfs attribute name - drm/v3d: Disable interrupts before resetting the GPU {CVE-2025-38371} - mtk-sd: reset host->mrq on prepare_data() error - mtk-sd: Prevent memory corruption from DMA map failure {CVE-2025-38401} - mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods {CVE-2025-38395} - regulator: gpio: Add input_supply support in gpio_regulator_config - ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames - powerpc: Fix struct termio related ioctl macros - ata: pata_cs5536: fix build on 32-bit UML - ALSA: sb: Force to disable DMAs once when DMA mode is changed - nui: Fix dma_mapping_error() check - enic: fix incorrect MTU comparison in enic_change_mtu() - amd-xgbe: align CL37 AN sequence as per databook - lib: test_objagg: Set error message in check_expect_hints_stats() - drm/exynos: fimd: Guard display clock control with runtime PM calls - btrfs: fix missing error handling when searching for inode refs during log replay - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert {CVE-2025-38387} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data - usb: typec: altmodes/displayport: do not index invalid pin_assignments {CVE-2025-38391} - mmc: sdhci: Add a helper function for dump register in dynamic debug mode - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume {CVE-2024-26644} - arm64: Restrict pagetable teardown to avoid false warning - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS - drm/bridge: cdns-dsi: Check return value when getting default PHY config - drm/bridge: cdns-dsi: Fix connecting to next bridge - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() - drm/tegra: Assign plane type before registration - HID: wacom: fix kobject reference count leak - HID: wacom: fix memory leak on sysfs attribute creation failure - HID: wacom: fix memory leak on kobject creation failure - dm-raid: fix variable in journal device check - Bluetooth: L2CAP: Fix L2CAP MTU negotiation - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} - net: enetc: Correct endianness handling in _enetc_rd_reg64 - um: ubd: Add missing error check in start_io_thread() - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors - wifi: mac80211: fix beacon interval calculation overflow - attach_recursive_mnt(): do not lock the covering tree when sliding something under it - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() {CVE-2025-38249} - i2c: robotfuzz-osif: disable zero-length read messages - i2c: tiny-usb: disable zero-length read messages - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211} - RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private - media: vivid: Change the siize of the composing {CVE-2025-38226} - media: omap3isp: use sgtable-based scatterlist wrappers - media: cxusb: no longer judge rbuf when the write fails {CVE-2025-38229} - media: cxusb: use dev_dbg() rather than hand-rolled debug - jfs: validate AG parameters in dbMount() to prevent crashes {CVE-2025-38230} - fs/jfs: consolidate sanity checking in dbMount - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing - of: Add of_property_present() helper - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally - kbuild: hdrcheck: fix cross build with clang - kbuild: add --target to correctly cross-compile UAPI headers with Clang - bpfilter: match bit size of bpfilter_umh to that of the kernel - kbuild: use -MMD instead of -MD to exclude system headers from dependency - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102} - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} - ovl: Check for NULL d_inode() in ovl_dentry_upper() - ceph: fix possible integer overflow in ceph_zero_objects() - ALSA: hda: Ignore unsol events for cards being shut down - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode {CVE-2025-38404} - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s - usb: Add checks for snprintf() calls in usb_alloc_dev() - tty: serial: uartlite: register uart driver in init {CVE-2025-38262} - usb: potential integer overflow in usbg_make_tpg() - iio: pressure: zpa2326: Use aligned_s64 for the timestamp - md/md-bitmap: fix dm-raid max_write_behind setting - dmaengine: xilinx_dma: Set dma_device directions - mfd: max14577: Fix wakeup source leaks on device unbind - mailbox: Not protect module_put with spin_lock_irqsave - cifs: Fix cifs_query_path_info() for Windows NT servers - net/rds: Fix rs_recv_pending counting issue - LTS tag: v5.4.301 - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg - media: s5p-mfc: remove an unused/uninitialized variable - NFSD: Fix last write offset handling in layoutcommit - NFSD: Minor cleanup in layoutcommit processing - padata: Reset next CPU when reorder sequence wraps around - KEYS: trusted_tpm1: Compare HMAC values in constant time - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - vfs: Don't leak disconnected dentries on umount - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - drm/amdgpu: use atomic functions with memory barriers for vm fault info - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Flush posted register writes before INDAC access - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - memory: samsung: exynos-srom: Correct alignment - arm64: errata: Apply workarounds for Neoverse-V3AE - arm64: cputype: Add Neoverse-V3AE definitions - comedi: fix divide-by-zero in comedi_buf_munge() - binder: remove "invalid inc weak" check - xhci: dbc: enable back DbC in resume if it was enabled before suspend - usb/core/quirks: Add Huawei ME906S to wakeup quirk - USB: serial: option: add Telit FN920C04 ECM compositions - USB: serial: option: add Quectel RG255C - USB: serial: option: add UNISOC UIS7720 - net: ravb: Ensure memory write completes before ringing TX doorbell - net: usb: rtl8150: Fix frame padding - ocfs2: clear extent cache after moving/defragmenting extents - MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering - Revert "cpuidle: menu: Avoid discarding useful information" - net: bonding: fix possible peer notify event loss or dup issue - sctp: avoid NULL dereference when chunk data buffer is missing - arm64, mm: avoid always making PTE dirty in pte_mkwrite() - net: enetc: correct the value of ENETC_RXB_TRUESIZE - rtnetlink: Allow deleting FDB entries in user namespace - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del - net: add ndo_fdb_del_bulk - net: rtnetlink: add bulk delete support flag - net: netlink: add NLM_F_BULK delete request modifier - net: rtnetlink: use BIT for flag values - net: rtnetlink: add helper to extract msg type's kind - net: rtnetlink: add msg kind names - net: rtnetlink: remove redundant assignment to variable err - m68k: bitops: Fix find_*_bit() signatures - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - dlm: check for defined force value in dlm_lockspace_release - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: make proper initalization of struct hfs_find_data - hfs: clear offset and space out of valid records in b-tree node - exec: Fix incorrect type for ret - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - sched/fair: Fix pelt lost idle time detection - sched/balancing: Rename newidle_balance() => sched_balance_newidle() - sched/fair: Trivial correction of the newidle_balance() comment - sched: Make newidle_balance() static again - tls: don't rely on tx_work during send() - tls: always set record_type in tls_process_cmsg - tg3: prevent use of uninitialized remote_adv and local_adv variables - tcp: fix tcp_tso_should_defer() vs large RTT - amd-xgbe: Avoid spurious link down messages during interface toggle - net/ip6_tunnel: Prevent perpetual tunnel growth - net: dlink: handle dma_map_single() failure properly - net: dl2k: switch from 'pci_' to 'dma_' API - media: pci: ivtv: Add missing check after DMA map - media: pci/ivtv: switch from 'pci_' to 'dma_' API - xen/events: Update virq_to_irq on migration - media: lirc: Fix error handling in lirc_register() - media: rc: Directly use ida_free() - drm/exynos: exynos7_drm_decon: remove ctx->suspended - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - pwm: berlin: Fix wrong register in suspend/resume - media: cx18: Add missing check after DMA map - xen/events: Cleanup find_virq() return codes - cramfs: Verify inode mode when loading from disk - fs: Add 'initramfs_options' to set initramfs mount options - pid: Add a judgment for ns null in pid_nr_ns - minixfs: Verify inode mode when loading from disk - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - dm: fix NULL pointer dereference in __dm_suspend() - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - Squashfs: reject negative file sizes in squashfs_read_inode() - Squashfs: add additional inode sanity checking - media: mc: Clear minor number before put device - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - fs: udf: fix OOB read in lengthAllocDescs handling - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O - net/9p: fix double req put in p9_fd_cancelled - ext4: guard against EA inode refcount underflow in xattr update - ext4: correctly handle queries for metadata mappings - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - x86/umip: Check that the instruction opcode is at least two bytes - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - rseq/selftests: Use weak symbol reference, not definition, to link with glibc - rtc: interface: Fix long-standing race when setting alarm - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - mmc: core: SPI mode remove cmd7 - mtd: rawnand: fsmc: Default to autodetect buswidth - sparc: fix error handling in scan_one_device() - sparc64: fix hugetlb for sun4u - sctp: Fix MAC comparison to be constant-time - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - parisc: don't reference obsolete termio struct for TC* constants - lib/genalloc: fix device leak in of_gen_pool_get() - iio: frequency: adf4350: Fix prescaler usage. - iio: dac: ad5421: use int type to store negative error codes - iio: dac: ad5360: use int type to store negative error codes - crypto: atmel - Fix dma_unmap_sg() direction - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - media: i2c: mt9v111: fix incorrect type for ret - firmware: meson_sm: fix device leak at probe - xen/manage: Fix suspend error path - arm64: dts: qcom: msm8916: Add missing MDSS reset - ACPI: debug: fix signedness issues in read/write helpers - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - tpm, tpm_tis: Claim locality before writing interrupt registers - crypto: essiv - Check ssize for decryption and in-place encryption - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - tools build: Align warning options with perf - net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - drm/vmwgfx: Fix Use-after-free in validation - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue - scsi: mvsas: Use sas_task_find_rq() for tagging - scsi: mvsas: Delete mvs_tag_init() - scsi: libsas: Add sas_task_find_rq() - clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver - clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() - perf session: Fix handling when buffer exceeds 2 GiB - rtc: x1205: Fix Xicor X1205 vendor prefix - perf util: Fix compression checks returning -1 as bool - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - clocksource/drivers/clps711x: Fix resource leaks in error paths - pinctrl: check the return value of pinmux_ops::get_function_name() - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - mm: hugetlb: avoid soft lockup when mprotect to large memory area - uio_hv_generic: Let userspace take care of interrupt mask - Squashfs: fix uninit-value in squashfs_get_parent - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - nfp: fix RSS hash key size when RSS is not supported - drivers/base/node: fix double free in register_one_node() - ocfs2: fix double free in user_cluster_connect() - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - RDMA/siw: Always report immediate post SQ errors - usb: vhci-hcd: Prevent suspending virtually attached devices - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - ipvs: Defer ip_vs_ftp unregister during netns cleanup - NFSv4.1: fix backchannel max_resp_sz verification check - remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - sparc: fix accurate exception reporting in copy_{from,to}_user for M7 - sparc: fix accurate exception reporting in copy_to_user for Niagara 4 - sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC - IB/sa: Fix sa_local_svc_timeout_ms read race - RDMA/core: Resolve MAC of next-hop device without ARP support - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - drivers/base/node: handle error properly in register_one_node() - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog - netfilter: ipset: Remove unused htable_bits in macro ahash_region - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - pps: fix warning in pps_register_cdev when register device fail - misc: genwqe: Fix incorrect cmd field being reported in error - usb: gadget: configfs: Correctly set use_os_string at bind - usb: phy: twl6030: Fix incorrect type for ret - tcp: fix __tcp_close() to only send RST when required - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - wifi: mwifiex: send world regulatory domain to driver - ALSA: lx_core: use int type to store negative error codes - media: rj54n1cb0c: Fix memleak in rj54n1_probe() - scsi: myrs: Fix dma_alloc_coherent() error check - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - serial: max310x: Add error checking in probe() - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup - drm/radeon/r600_cs: clean up of dead code in r600_cs - i2c: designware: Add disabling clocks when probe fails - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - bpf: Explicitly check accesses to bpf_sock_addr - selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported - pwm: tiehrpwm: Fix corner case in clock divisor calculation - block: use int to store blk_stack_limits() return value - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - pinctrl: meson-gxl: add missing i2c_d pinmux - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - regmap: Remove superfluous check for !config in __regmap_init() - x86/vdso: Fix output operand size of RDPID - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - driver core/PM: Set power.no_callbacks along with power.no_pm - staging: axis-fifo: flush RX FIFO on read errors - staging: axis-fifo: fix maximum TX packet length check - perf subcmd: avoid crash in exclude_cmds when excludes is empty - dm-integrity: limit MAX_TAG_SIZE to 255 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - USB: serial: option: add SIMCom 8230C compositions - media: rc: fix races with imon_disconnect() - media: imon: grab lock earlier in imon_ir_change_protocol() - media: imon: reorganize serialization - media: rc: Add support for another iMON 0xffdc device - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: tunner: xc5000: Refactor firmware load - udp: Fix memory accounting leak. - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - LTS tag: v5.4.300 - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - mm/hugetlb: fix folio is still mapped when deleted - i40e: add mask to apply valid bits for itr_idx - i40e: fix validation of VF state in get resources - i40e: fix idx validation in config queues msg - i40e: add validation for ring_len param - i40e: increase max descriptors for XL710 - mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() - fbcon: Fix OOB access in font allocation - fbcon: fix integer overflow in fbcon_do_set_font - i40e: add max boundary check for VF filters - i40e: fix input validation logic for action_meta - i40e: fix idx validation in i40e_validate_queue_map - drm/gma500: Fix null dereference in hdmi teardown - can: peak_usb: fix shift-out-of-bounds issue - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - usb: core: Add 0x prefix to quirks debug output - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - ALSA: usb-audio: Convert comma to semicolon - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - net: rfkill: gpio: add DT support - serial: sc16is7xx: fix bug in flow control levels init - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - usb: gadget: dummy_hcd: remove usage of list iterator past the loop body - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - ASoC: wm8974: Correct PLL rate rounding - ASoC: wm8940: Correct typo in control name - mmc: mvsdio: Fix dma_unmap_sg() nents value - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - cnic: Fix use-after-free bugs in cnic_delete_task - net: liquidio: fix overflow in octeon_init_instr_queue() - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - i40e: remove redundant memory barrier when cleaning Tx descs - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - cgroup: split cgroup_destroy_wq into 3 workqueues - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch - wifi: mac80211: fix incorrect type for ret - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - phy: ti-pipe3: fix device leak at unbind - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - i40e: Use irq_update_affinity_hint() - genirq: Provide new interfaces for affinity hints - genirq: Export affinity setter for modules - genirq/affinity: Add irq_update_affinity_desc() - igb: fix link test skipping when interface is admin down - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing - mtd: nand: raw: atmel: Fix comment in timings preparation - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - mm/khugepaged: fix the address passed to notifier on testing young - fuse: prevent overflow in copy_file_range return value - fuse: check if copy_file_range() returns larger than requested size - mtd: rawnand: stm32_fmc2: fix ECC overwrite - ocfs2: fix recursive semaphore deadlock in fiemap call - EDAC/altera: Delete an inappropriate dma_free_coherent() call - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. - device-dax: correct pgoff align in dax_set_mapping() {CVE-2024-50022} - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer - rds: Free all frags when rds_ib_recv_cache_put() fails - bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags - NFSv4: Don't clear capabilities that won't be reset - power: supply: bq27xxx: restrict no-battery detection to bq27000 - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - usb: hub: Fix flushing of delayed work used for post resume purposes - soc: qcom: mdt_loader: Deal with zero e_shentsize - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - LTS tag: v5.4.299 - scsi: lpfc: Fix buffer free/clear order in deferred receive path - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() - cifs: fix integer overflow in match_server() - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort - spi: spi-fsl-lpspi: Set correct chip-select polarity bit - spi: spi-fsl-lpspi: Fix transmissions when using CONT - pcmcia: Add error handling for add_interval() in do_validate_mem() - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - randstruct: gcc-plugin: Fix attribute addition - randstruct: gcc-plugin: Remove bogus void member - vmxnet3: update MTU after device quiesce - net: dsa: microchip: linearize skb for tail-tagging switches - net: dsa: microchip: update tag_ksz masks for KSZ9477 family - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup - gpio: pca953x: fix IRQ storm on system wake up - iio: light: opt3001: fix deadlock due to concurrent flag access - iio: chemical: pms7003: use aligned_s64 for timestamp - cpufreq/sched: Explicitly synchronize limits_changed flag handling - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - mm/khugepaged: fix ->anon_vma race - e1000e: fix heap overflow in e1000_set_eeprom - batman-adv: fix OOB read/write in network-coding decode - drm/amdgpu: drop hw access in non-DC audio fini - wifi: mwifiex: Initialize the chan_stats array to zero - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - ppp: fix memory leak in pad_compress_skb - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ax25: properly unshare skbs in ax25_kiss_rcv() - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net: thunder_bgx: add a missing of_node_put - wifi: libertas: cap SSID len in lbs_associate() - wifi: cw1200: cap SSID length in cw1200_do_join() - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - i40e: Fix potential invalid access when MAC list is empty - icmp: fix icmp_ndo_send address translation for reply direction - mISDN: Fix memory leak in dsp_hwec_enable() - xirc2ps_cs: fix register access when enabling FullDuplex - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: cfg80211: fix use-after-free in cmp_bss() - powerpc: boot: Remove leading zero in label in udelay() - hugetlbfs: take read_lock on i_mmap for PMD sharing - kallsyms: add module_kallsyms_on_each_symbol_locked - kallsyms: export module_kallsyms_on_each_symbol - uek-rpm: Move ifb module to nano modules - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499} - x86/vmscape: Warn when STIBP is disabled with SMT - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Enable the mitigation - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Add old Intel CPUs to affected list - x86/vmscape: Enumerate VMSCAPE bug - Documentation/hw-vuln: Add VMSCAPE documentation - LTS tag: v5.4.298 - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - HID: wacom: Add a new Art Pen 2 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - sctp: initialize more fields in sctp_v6_from_sk() - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net/mlx5e: Set local Xoff after FW update - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Update and set Xon/Xoff upon MTU set - net: dlink: fix multicast stats being counted incorrectly - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - net/atm: remove the atmdev_ops {get, set}sockopt methods - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - powerpc/kvm: Fix ifdef to remove build warning - net: ipv4: fix regression in local-broadcast routes - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - scsi: core: sysfs: Correct sysfs attributes access rights - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - pinctrl: STMFX: add missing HAS_IOMEM dependency - LTS tag: v5.4.297 - alloc_fdtable(): change calling conventions. - s390/hypfs: Enable limited access during lockdown - s390/hypfs: Avoid unnecessary ioctl registration in debugfs - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - scsi: qla4xxx: Prevent a potential error pointer dereference - usb: xhci: Fix slot_id resource race conflict - nfs: fix UAF in direct writes - NFS: Fix up commit deadlocks - cifs: Fix UAF in cifs_demultiplex_thread() - Bluetooth: fix use-after-free in device_for_each_child() - act_mirred: use the backlog for nested calls to mirred ingress - net/sched: act_mirred: better wording on protection against excessive stack growth - net/sched: act_mirred: refactor the handle of xmit - selftests: forwarding: tc_actions.sh: add matchall mirror test - net: sched: don't expose action qstats to skb_tc_reinsert() - net: sched: extract qstats update code into functions - net: sched: extract bstats update code into function - net: sched: extract common action counters update code into function - mm: perform the mapping_map_writable() check after call_mmap() - mm: update memfd seal write check to include F_SEAL_WRITE - mm: drop the assumption that VM_SHARED always implies writable - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() - sch_qfq: make qfq_qlen_notify() idempotent - sch_hfsc: make hfsc_qlen_notify() idempotent - sch_drr: make drr_qlen_notify() idempotent - btrfs: populate otime when logging an inode item - media: venus: hfi: explicitly release IRQ during teardown - f2fs: fix to avoid out-of-boundary access in dnode page - media: venus: protect against spurious interrupts during probe - media: qcom: camss: cleanup media device allocated resource on error path - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - pwm: mediatek: Fix duty and period setting - pwm: mediatek: Handle hardware enable and clock enable separately - pwm: mediatek: Implement .apply() callback - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: v4l2-ctrls: always copy the controls on completion - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - soc: qcom: mdt_loader: Ensure we don't read past the ELF header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - usb: musb: omap2430: fix device leak at unbind - NFS: Fix the setting of capabilities when automounting a new filesystem - NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() - NFSv4: Fix nfs4_bitmap_copy_adjust() - usb: typec: fusb302: cache PD RX state - cdc-acm: fix race between initial clearing halt and open - USB: cdc-acm: do not log successful probe on later errors - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - x86/fpu: Delay instruction pointer fixup until after warning - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - tracing: Add down_write(trace_event_sem) when adding trace event - usb: hub: Don't try to recover devices lost during warm reset. - usb: hub: avoid warm port reset during USB3 disconnect - x86/mce/amd: Add default names for MCA banks and blocks - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - f2fs: fix to do sanity check on ino and xnid - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() - drm/sched: Remove optimization that causes hang when killing dependent jobs - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - net: usbnet: Fix the wrong netif_carrier_on() call - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large - comedi: Fix initialization of data for instructions that write to subdevice - kbuild: Add KBUILD_CPPFLAGS to as-option invocation - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS - kbuild: Add CLANG_FLAGS to as-instr - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation - kbuild: Update assembler calls to use proper flags and language target - ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - iio: proximity: isl29501: fix buffered read on big-endian systems - ftrace: Also allocate and copy hash for reading of filter files - fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() - use uniform permission checks for all mount propagation changes - move_mount: allow to add a mount into an existing group - fs/buffer: fix use-after-free when call bh_read() helper - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - memstick: Fix deadlock by moving removing flag earlier - media: venus: Add a check for packet size after reading from shared memory - media: ov2659: Fix memory leaks in ov2659_probe() - media: usbtv: Lock resolution while streaming - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: gspca: Add bounds checking to firmware parser - soc/tegra: pmc: Ensure power-domains are in a known state - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - PCI: endpoint: Fix configfs group removal on driver teardown - PCI: endpoint: Fix configfs group list head handling - mtd: rawnand: fsmc: Add missing check after DMA map - pwm: imx-tpm: Reset counter if CMOD is 0 - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - zynq_fpga: use sgtable-based scatterlist wrappers - ata: libata-scsi: Fix ata_to_sense_error() status handling - ext4: fix reserved gdt blocks handling in fsmap - ext4: fix fsmap end of range reporting with bigalloc - ext4: check fast symlink for ea_inode correctly - vt: defkeymap: Map keycodes above 127 to K_HOLE - vt: keyboard: Don't process Unicode characters in K_OFF mode - usb: dwc3: meson-g12a: fix device leaks at unbind - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - m68k: Fix lost column on framebuffer debug console - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() - serial: 8250: fix panic due to PSLVERR - media: uvcvideo: Do not mark valid metadata as invalid - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - parisc: Makefile: fix a typo in palo.conf - btrfs: fix log tree replay failure due to file with 0 links and extents - thunderbolt: Fix copy+paste error in match_service_id() - comedi: fix race between polling and detaching - misc: rtsx: usb: Ensure mmc child device is active when card is present - drm/amdgpu: fix incorrect vm flags to map bo - scsi: lpfc: Remove redundant assignment to avoid memory leak - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - pNFS: Fix uninited ptr deref in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Fix stripe mapping in block/scsi layout - net: phy: smsc: add proper reset flags for LAN8710A - ipmi: Fix strcpy source and destination the same - kconfig: lxdialog: fix 'space' to (de)select options - kconfig: gconf: fix potential memory leak in renderer_edited() - kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - kconfig: nconf: Ensure null termination where strncpy is used - kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c - i3c: don't fail if GETHDRCAP is unsupported - PCI: pnv_php: Work around switches with broken presence detection - i3c: add missing include to internal header - media: uvcvideo: Fix bandwidth issue for Alcor camera - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: usb: hdpvr: disable zero-length read messages - media: tc358743: Increase FIFO trigger level to 374 - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt - media: tc358743: Check I2C succeeded during probe - pinctrl: stm32: Manage irq affinity settings - scsi: mpt3sas: Correctly handle ATA device errors - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - MIPS: Don't crash in stack_top() for tasks without ABI or vDSO - jfs: upper bound check of tree index in dbAllocAG - jfs: Regular file corruption check - jfs: truncate good inode pages when hard link is 0 - scsi: bfa: Double-free fix - MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: dw_wdt: Fix default timeout - fs/orangefs: use snprintf() instead of sprintf() - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - cifs: Fix calling CIFSFindFirst() for root path without msearch - vhost: fail early when __vhost_add_used() fails - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - uapi: in6: restore visibility of most IPv6 socket options - net: ncsi: Fix buffer overflow in fetching version id - net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - wifi: iwlegacy: Check rate_idx range after addition - netmem: fix skb_frag_address_safe with unreadable skbs - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - net: fec: allow disable coalescing - (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer - s390/stp: Remove udelay from stp_sync_clock() - wifi: iwlwifi: mvm: fix scan request validation - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: ipv4: fix incorrect MTU in broadcast routes - wifi: cfg80211: Fix interface type validation - rcu: Protect ->defer_qs_iw_pending from data race - net: ag71xx: Add missing check after DMA map - et131x: Add missing check after DMA map - be2net: Use correct byte order and format string for TCP seq and ack_seq - s390/time: Use monotonic clock in get_cycles() - wifi: cfg80211: reject HTC bit for management frames - ktest.pl: Prevent recursion of default variable options - ASoC: codecs: rt5640: Retry DEVICE_ID verification - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - usb: core: usb_submit_urb: downgrade type check - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - ACPI: processor: fix acpi_object initialization - PM: sleep: console: Fix the black screen issue - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - selftests: tracing: Use mutex_unlock for testing glob filter - ARM: tegra: Use I/O memcpy to write to IRAM - gpio: tps65912: check the return value of regmap_update_bits() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - ARM: rockchip: fix kernel hang during smp initialization - cpufreq: Exit governor when failed to start old governor - usb: xhci: Avoid showing errors during surprise removal - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing warnings for dying controller - selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t - usb: xhci: print xhci->xhc_state when queue_command failed - securityfs: don't pin dentries twice, once is enough... - hfs: fix not erasing deleted b-tree node issue - drbd: add missing kref_get in handle_write_conflicts - udf: Verify partition map count - arm64: Handle KCOV __init vs inline mismatches - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - sctp: linearize cloned gso packets in sctp_rcv - netfilter: ctnetlink: fix refcount leak on table dump - udp: also consider secpath when evaluating ipsec use for checksumming - ACPI: processor: perflib: Move problematic pr->performance check - ACPI: processor: perflib: Fix initial _PPC limit application - Documentation: ACPI: Fix parent device references - fs: Prevent file descriptor table allocations exceeding INT_MAX - sunvdc: Balance device refcount in vdc_port_mpgroup_check - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - net: dpaa: fix device leak when querying time stamp info - net: gianfar: fix device leak when querying time stamp info - netlink: avoid infinite retry looping in netlink_unicast() - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - io_uring: don't use int for ABI - usb: gadget : fix use-after-free in composite_dev_cleanup() - MIPS: mm: tlb-r4k: Uniquify TLB entries on init - USB: serial: option: add Foxconn T99W709 - vsock: Do not allow binding to VMADDR_PORT_ANY - net/packet: fix a race in packet_set_ring() and packet_notifier() - perf/core: Prevent VMA split of buffer mappings - perf/core: Exit early on perf_mmap() fail - perf/core: Don't leak AUX buffer refcount on allocation failure - pptp: fix pptp_xmit() error path - smb: client: let recv_done() cleanup before notifying the callers. - benet: fix BUG when creating VFs - net: drop UFO packets in udp_rcv_segment() - ipv6: reject malicious packets in ipv6_gso_segment() - pptp: ensure minimal skb length in pptp_xmit() - netpoll: prevent hanging NAPI when netcons gets enabled - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - pci/hotplug/pnv-php: Wrap warnings in macro - pci/hotplug/pnv-php: Improve error msg on power state change failure - usb: chipidea: udc: fix sleeping function called from invalid context - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: ds1307: fix incorrect maximum clock rate handling - module: Restore the moduleparam prefix length check - bpf: Check flow_dissector ctx accesses are aligned - mtd: rawnand: atmel: set pmecc data setup time - mtd: rawnand: atmel: Fix dma_mapping_error() address - jfs: fix metapage reference count leak in dbAllocCtl - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - crypto: qat - fix seq_file position update in adf_ring_next() - dmaengine: nbpfaxi: Add missing check after DMA map - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - fs/orangefs: Allow 2 more characters in do_c_string() - soundwire: stream: restore params when prepare ports fail - crypto: img-hash - Fix dma_unmap_sg() nents value - hwrng: mtk - handle devm_pm_runtime_enable errors - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() - scsi: isci: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - clk: sunxi-ng: v3s: Fix de clock definition - perf tests bp_account: Fix leaked file descriptor - crypto: ccp - Fix crash when rebind ccp device for ccp.ko - pinctrl: sunxi: Fix memory leak on krealloc failure - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - clk: davinci: Add NULL check in davinci_lpsc_clk_register() - mtd: fix possible integer overflow in erase_xfer() - crypto: marvell/cesa - Fix engine load inaccuracy - PCI: rockchip-host: Fix "Unexpected Completion" log message - vrf: Drop existing dst reference in vrf_ip6_input_dst - selftests: rtnetlink.sh: remove esp4_offload after test - netfilter: xt_nfacct: don't assume acct name is null-terminated - can: kvaser_usb: Assign netdev.dev_port based on device channel index - can: kvaser_pciefd: Store device channel index - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - mwl8k: Add missing check after DMA map - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - m68k: Don't unregister boot console needlessly - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - wifi: rtl818x: Kill URBs before clearing tx status queue - caif: reduce stack size, again - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - staging: nvec: Fix incorrect null termination of battery manufacturer - samples: mei: Fix building on musl libc - cpufreq: Init policy->rwsem before it may be possibly used - ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface - usb: early: xhci-dbc: Fix early_ioremap leak - Revert "vmci: Prevent the dispatching of uninitialized payloads" - pps: fix poll support - vmci: Prevent the dispatching of uninitialized payloads - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() - ARM: dts: vfxxx: Correctly use two tuples for timer address - hfsplus: remove mutex_lock check in hfsplus_free_extents - ASoC: Intel: fix SND_SOC_SOF dependencies - ethernet: intel: fix building with large NR_CPUS - usb: phy: mxs: disconnect line when USB charger is attached - usb: chipidea: add USB PHY event - usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use - usb: chipidea: udc: protect usb interrupt enable - usb: chipidea: udc: add new API ci_hdrc_gadget_connect - ALSA: hda: Add missing NVIDIA HDA codec IDs - comedi: comedi_test: Fix possible deletion of uninitialized timers - nilfs2: reject invalid file types when reading inodes - i2c: qup: jump out of the loop in case of timeout - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - net: appletalk: Fix use-after-free in AARP proxy probe - net: appletalk: fix kerneldoc warnings - RDMA/core: Rate limit GID cache warning messages - regulator: core: fix NULL dereference on unbind due to stale coupling data - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - net_sched: sch_sfq: reject invalid perturb period - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync - power: supply: bq24190_charger: Fix runtime PM imbalance on error - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS - virtio-net: ensure the received length does not exceed allocated size - ASoC: fsl_sai: Force a software reset when starting in consumer mode - usb: dwc3: qcom: Don't leave BCR asserted - usb: musb: fix gadget state on disconnect - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - usb: net: sierra: check for no status endpoint - net/sched: sch_qfq: Fix race condition on qfq_aggregate - net: emaclite: Fix missing pointer increment in aligned_read() - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() - comedi: Fix some signed shift left operations - comedi: das6402: Fix bit shift out of bounds - comedi: das16m1: Fix bit shift out of bounds - comedi: aio_iiro_16: Fix bit shift out of bounds - comedi: pcl812: Fix bit shift out of bounds - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - soc: aspeed: lpc-snoop: Cleanup resources in stack-order - mmc: sdhci_am654: Workaround for Errata i2312 - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - mmc: bcm2835: Fix dma_unmap_sg() nents value - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - isofs: Verify inode mode when loading from disk - dmaengine: nbpfaxi: Fix memory corruption in probe() - af_packet: fix soft lockup issue caused by tpacket_snd() - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - HID: core: do not bypass hid_hw_raw_request - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: ensure the allocated report buffer can contain the reserved report ID - pch_uart: Fix dma_sync_sg_for_device() nents value - Input: xpad - set correct controller type for Acer NGR200 - i2c: stm32: fix the device used for the DMA map - usb: gadget: configfs: Fix OOB read on empty string write - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - USB: serial: option: add Foxconn T99W640 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - LTS tag: v5.4.296 - x86/mm: Disable hugetlb page table sharing on 32-bit - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - vt: add missing notification when switching back to text mode - net: usb: qmi_wwan: add SIMCom 8230C composition - atm: idt77252: Add missing `dma_map_error()` - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - bnxt_en: Fix DCB ETS validation - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - net: appletalk: Fix device refcount leak in atrtr_create() - md/raid1: Fix stack memory use after return in raid1_reshape - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 - Input: xpad - support Acer NGR 200 Controller - Input: xpad - add VID for Turtle Beach controllers - Input: xpad - add support for Amazon Game Controller - NFSv4/flexfiles: Fix handling of NFS level errors in I/O - flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes - RDMA/mlx5: Fix vport loopback for MPV device - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - Revert "ACPI: battery: negate current when discharging" - usb: gadget: u_serial: Fix race condition in TTY wakeup - drm/sched: Increment job count before swapping tail spsc queue - pinctrl: qcom: msm: mark certain pins as invalid for interrupts - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - x86/mce: Don't remove sysfs if thresholding sysfs init fails - x86/mce/amd: Fix threshold limit reset - rxrpc: Fix oops due to non-existence of prealloc backlog struct - net/sched: Abort __tc_modify_qdisc if parent class does not exist - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - tipc: Fix use-after-free in tipc_conn_close(). - netlink: Fix wraparounds of sk->sk_rmem_alloc. - fix proc_sys_compare() handling of in-lookup dentries - proc: Clear the pieces of proc_inode that proc_evict_inode cares about - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() - media: uvcvideo: Rollback non processed entities on error - media: uvcvideo: Send control events for partial succeeds - media: uvcvideo: Return the number of processed controls - ACPI: PAD: fix crash in exit_round_robin() - usb: typec: displayport: Fix potential deadlock - Logitech C-270 even more broken - rose: fix dangling neighbour pointers in rose_rt_device_down() - net: rose: Fix fall-through warnings for Clang - drm/i915/gt: Fix timeline left held on VMA alloc error - drm/i915/selftests: Change mock_request() to return error pointers - spi: spi-fsl-dspi: Clear completion counter before initiating transfer - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write - dpaa2-eth: fix xdp_rxq_info leak - ethernet: atl1: Add missing DMA mapping error checks and count errors - btrfs: use btrfs_record_snapshot_destroy() during rmdir - btrfs: propagate last_unlink_trans earlier when doing a rmdir - RDMA/mlx5: Fix CC counters query for MPV - RDMA/core: Create and destroy counters in the ib_core - scsi: ufs: core: Fix spelling of a sysfs attribute name - drm/v3d: Disable interrupts before resetting the GPU - mtk-sd: reset host->mrq on prepare_data() error - mtk-sd: Prevent memory corruption from DMA map failure - mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods - regulator: gpio: Add input_supply support in gpio_regulator_config - ACPICA: Refuse to evaluate a method if arguments are missing - wifi: ath6kl: remove WARN on bad firmware input - wifi: mac80211: drop invalid source address OCB frames - powerpc: Fix struct termio related ioctl macros - ata: pata_cs5536: fix build on 32-bit UML - ALSA: sb: Force to disable DMAs once when DMA mode is changed - nui: Fix dma_mapping_error() check - enic: fix incorrect MTU comparison in enic_change_mtu() - amd-xgbe: align CL37 AN sequence as per databook - lib: test_objagg: Set error message in check_expect_hints_stats() - drm/exynos: fimd: Guard display clock control with runtime PM calls - btrfs: fix missing error handling when searching for inode refs during log replay - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data - usb: typec: altmodes/displayport: do not index invalid pin_assignments - mmc: sdhci: Add a helper function for dump register in dynamic debug mode - vsock/vmci: Clear the vmci transport packet properly when initializing it - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume - arm64: Restrict pagetable teardown to avoid false warning - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS - drm/bridge: cdns-dsi: Check return value when getting default PHY config - drm/bridge: cdns-dsi: Fix connecting to next bridge - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() - drm/tegra: Assign plane type before registration - HID: wacom: fix kobject reference count leak - HID: wacom: fix memory leak on sysfs attribute creation failure - HID: wacom: fix memory leak on kobject creation failure - dm-raid: fix variable in journal device check - Bluetooth: L2CAP: Fix L2CAP MTU negotiation - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). - net: enetc: Correct endianness handling in _enetc_rd_reg64 - um: ubd: Add missing error check in start_io_thread() - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors - wifi: mac80211: fix beacon interval calculation overflow - attach_recursive_mnt(): do not lock the covering tree when sliding something under it - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() - i2c: robotfuzz-osif: disable zero-length read messages - i2c: tiny-usb: disable zero-length read messages - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction - RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private - media: vivid: Change the siize of the composing - media: omap3isp: use sgtable-based scatterlist wrappers - media: cxusb: no longer judge rbuf when the write fails - media: cxusb: use dev_dbg() rather than hand-rolled debug - jfs: validate AG parameters in dbMount() to prevent crashes - fs/jfs: consolidate sanity checking in dbMount - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing - of: Add of_property_present() helper - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally - kbuild: hdrcheck: fix cross build with clang - kbuild: add --target to correctly cross-compile UAPI headers with Clang - bpfilter: match bit size of bpfilter_umh to that of the kernel - kbuild: use -MMD instead of -MD to exclude system headers from dependency - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF - ovl: Check for NULL d_inode() in ovl_dentry_upper() - ceph: fix possible integer overflow in ceph_zero_objects() - ALSA: hda: Ignore unsol events for cards being shut down - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s - usb: Add checks for snprintf() calls in usb_alloc_dev() - tty: serial: uartlite: register uart driver in init - usb: potential integer overflow in usbg_make_tpg() - iio: pressure: zpa2326: Use aligned_s64 for the timestamp - md/md-bitmap: fix dm-raid max_write_behind setting - dmaengine: xilinx_dma: Set dma_device directions - mfd: max14577: Fix wakeup source leaks on device unbind - mailbox: Not protect module_put with spin_lock_irqsave - cifs: Fix cifs_query_path_info() for Windows NT servers

0 tuxcare-oraclelinux7-els bpftool-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 1c4cd41389525b491feb476c0b02f435dd8ac03ab9b8f2adceed106fa1f8568d kernel-uek-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 390e4a3339ea26cd48b8b32303d5fdfdd60ce271e45a701c63b1da72ce153892 kernel-uek-container-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 5de8b2212439df32f5d276410093829f344b30ed77c0b6d6fee3c274b2d0d1ec kernel-uek-container-debug-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 791cff87294aba58a7e630dc2650d1daa56e190b305838417c2d5567c53f5944 kernel-uek-debug-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm e95f886367c844b1dba3b95cda2dbd8c6b40c359a6037d765782857594831ce0 kernel-uek-debug-devel-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 2f88fe35d416d404217e41d791f81be527afef104dcb29ef4bcd06804406ad2b kernel-uek-devel-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 026af27ddb85acfc23bc1666a8824aa811ffa6d421257df631dcdafc46f037be kernel-uek-headers-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 3d5e716199466b1915378136868096fea85d5094d827ec13272810f4b98fb341 kernel-uek-tools-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 83fc7df87c7579be397eee3122666c116360fa03af0bd03396bae3a7939dffae perf-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 8959295bbf967f7119a9d22358d4b56e681134318e6737fd523aeb78874d6503 python-perf-5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64.rpm 6ddfa3aa79ddf5197529d4e6760c51bd61f52758e5c77365210a2d036d96ab9d CLSA-2025:1764151964 TuxCare License Agreement 0 - CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - email_err_data directive now defaults to 'off' for security (previously 'on') Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - email_err_data directive now defaults to 'off' for security (previously 'on')

0 tuxcare-oraclelinux7-els squid-3.5.20-17.0.5.el7_9.99.tuxcare.els2.x86_64.rpm 30a01b7dd8ab8783cdacd195154aa4183da42e4fd54136ffe8924438338e167c squid-migration-script-3.5.20-17.0.5.el7_9.99.tuxcare.els2.x86_64.rpm 48ec26218ab276dc3169d90348ef0c9e34b91bc089fe22161b4cb7980857e01f squid-sysvinit-3.5.20-17.0.5.el7_9.99.tuxcare.els2.x86_64.rpm 2dea618bd4c2223ab7d8d7ee26520a716adf8fe56e3ecad45d8c14902edca322 CLSA-2025:1764235944 TuxCare License Agreement 0 - CVE-2025-25724: fix buffer overflow vulnerability in libarchive Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-25724: fix buffer overflow vulnerability in libarchive

0 tuxcare-oraclelinux7-els bsdcpio-3.1.2-14.el7_7.tuxcare.els2.x86_64.rpm 282ffd56fbb758570d7f384df882e4159f0b796a96dcca219d0ac01d1a0c5029 bsdtar-3.1.2-14.el7_7.tuxcare.els2.x86_64.rpm 6ecaf1630bfa43287745e00018a28d2744474f8192d492930dc7c944d0fb6bb5 libarchive-3.1.2-14.el7_7.tuxcare.els2.i686.rpm b70cec1da9af0183359509b0dc468f904e7986dea66d5b67adef196a997d7601 libarchive-3.1.2-14.el7_7.tuxcare.els2.x86_64.rpm 7f26ab54fba18db5f1d1192768f17d30be4e67bb14e612991bcee4d8f9f69017 libarchive-devel-3.1.2-14.el7_7.tuxcare.els2.i686.rpm d45124fd1e2996d20c6fb7f33ee0a89e1fd700676e9387a85c0e28ee2984187f libarchive-devel-3.1.2-14.el7_7.tuxcare.els2.x86_64.rpm 8b9adfc51e810f7286d967b2714667a4b01644537643acb5aaf164ebbbd85685 CLSA-2025:1764321881 TuxCare License Agreement 0 - CVE-2025-40907: fix integer overflow and heap-based buffer overflow in fcgi2 library Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-40907: fix integer overflow and heap-based buffer overflow in fcgi2 library

0 tuxcare-oraclelinux7-els perl-FCGI-0.74-8.el7.tuxcare.els1.x86_64.rpm cb2e2c1fdf57749a2384a38781afe75eac9c9773c80773b282c75dc91098d18e CLSA-2025:1764322066 TuxCare License Agreement 0 - CVE-2024-47606: allocator: avoid integer overflow when allocating sysmem - Fix documentation build with the newer gtk-doc Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-47606: allocator: avoid integer overflow when allocating sysmem - Fix documentation build with the newer gtk-doc

0 tuxcare-oraclelinux7-els gstreamer1-1.10.4-2.el7.tuxcare.els1.i686.rpm b05f5f6a574c1b283fe890c827ed8eab2584bc98b27ced420d4830c1e33ba80f gstreamer1-1.10.4-2.el7.tuxcare.els1.x86_64.rpm 6b8aa53be957f6aae6c124e8bccf0cff44cd7d2816cbde504802b4f41db93627 gstreamer1-devel-1.10.4-2.el7.tuxcare.els1.i686.rpm 21897dc88d1b49e455cf5f8d9a49641699aff59e3d5fec2be18ccebac1166fa8 gstreamer1-devel-1.10.4-2.el7.tuxcare.els1.x86_64.rpm 8cdc2d4507bd8aab9ab99d6efdeef18147596c0fee1f69c17d9b2dbc97d59b3e gstreamer1-devel-docs-1.10.4-2.el7.tuxcare.els1.noarch.rpm 6ede543049188a884d1ff6224a2c1f59834e41172b9f9143d713b74476e58e2b CLSA-2025:1764325063 TuxCare License Agreement 0 - CVE-2025-6019: don't allow suid and dev set on fs resize Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-6019: don't allow suid and dev set on fs resize

0 tuxcare-oraclelinux7-els libblockdev-2.18-5.el7.tuxcare.els1.i686.rpm 582d6d4f765a67bb4457552272b4f8619cd7ac645d086d01ffa686ad8f283d8c libblockdev-2.18-5.el7.tuxcare.els1.x86_64.rpm 0ee91f56f4f1c6fbac5220007ef3c3ecf278527b5bf149be047dd30247be3551 libblockdev-btrfs-2.18-5.el7.tuxcare.els1.i686.rpm e8710737176b6f33957fbdfafbb6d39c9f7e853d96529d1396646d8b54ed06fc libblockdev-btrfs-2.18-5.el7.tuxcare.els1.x86_64.rpm 4f6868eb9226186b65bd371cb7e3a933cf5ba98b020dfb27133052639f611ced libblockdev-btrfs-devel-2.18-5.el7.tuxcare.els1.i686.rpm 7b6de91a214698afa584cbecf150282324033d5671a3e7b5fac6ae36f0abbe74 libblockdev-btrfs-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm 661407d6c6b709c77c93bc1d95a87b29f23ee23cc7e5456ea4e29e9a5fae103d libblockdev-crypto-2.18-5.el7.tuxcare.els1.i686.rpm 4126c24a6cecf203aae5f8a2cd1ad9eca8d2ae763e8a003bca082963cf07ef63 libblockdev-crypto-2.18-5.el7.tuxcare.els1.x86_64.rpm d6e3a9bf83ed19ac5e3376ebf78ca9530b681e79ab174076a19b265b0fac9942 libblockdev-crypto-devel-2.18-5.el7.tuxcare.els1.i686.rpm 21d9d775e5adecc43bbf93e86923d481ad06c5cf567cbae5b2e78239c0367b9f libblockdev-crypto-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm 8da26fa2830d6bb333b3d28ae5b9cce6caff4f8fdd1fa9d7aef8b20bce9b103b libblockdev-devel-2.18-5.el7.tuxcare.els1.i686.rpm 03f8d52b58fdc1b5693e13be848a25e27fd1d0b8cdbee1bccdd2b63dbb04323d libblockdev-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm 7b01567d72dbb14b2d1f74725e4f402d239d99213b12f0e93de3bea2caa2d854 libblockdev-dm-2.18-5.el7.tuxcare.els1.i686.rpm 63d34585aa18f334c79febf01b0cea5cebdb5544cb9cfb41b861f781a5c6e8b4 libblockdev-dm-2.18-5.el7.tuxcare.els1.x86_64.rpm c2f667659357acdae3d34a3080d062147a77023120e8ffdcb91b923dc3e052a9 libblockdev-dm-devel-2.18-5.el7.tuxcare.els1.i686.rpm 8b5fd4a880ba01bcf9c2e9fa4aded7a2aeaa759ae018df10ce95a448866dcb46 libblockdev-dm-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm f0f4be009a59423f80fd8eacb5231970f5093f5199b2cfb1382defafe16524c8 libblockdev-fs-2.18-5.el7.tuxcare.els1.i686.rpm 71fde37bc9447ddde29baa7fc5c86d76a6ddb1ecb5ba9c7423b3088459726b25 libblockdev-fs-2.18-5.el7.tuxcare.els1.x86_64.rpm 4b7c1efcc7bd904ec6cbb98cba332568f0d3a1c2d7da969d540a68bcf6314c21 libblockdev-fs-devel-2.18-5.el7.tuxcare.els1.i686.rpm 8305777b04604566e2318aa5da2531c90db73cad52b29d7d658b7399171d05fc libblockdev-fs-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm aa73125782fcef6575426c1772b8fb95d70eeaf3d54fb0bc87fcf7273e18985d libblockdev-kbd-2.18-5.el7.tuxcare.els1.i686.rpm aec94c2d92f8b152b6b39f87cd27f236275936ab9f6fc210590a1a0629c0495d libblockdev-kbd-2.18-5.el7.tuxcare.els1.x86_64.rpm 8db829d09039da0e5be1ee57986c53d914501e2303b6f081cbd1edd2ea473681 libblockdev-kbd-devel-2.18-5.el7.tuxcare.els1.i686.rpm 8d795ec1bc2faa540e5cb50a74481b92613fadccd10f95acbf1fc24141a13c1f libblockdev-kbd-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm dff215da3fdd41deb0a77f89e399af5c21aecb4442a15e193503b28c683ed51f libblockdev-loop-2.18-5.el7.tuxcare.els1.i686.rpm aa1316adda311c2b04ad86bc46af5007b41097a454e1134b8c60d021612ff381 libblockdev-loop-2.18-5.el7.tuxcare.els1.x86_64.rpm 9def26ef4f8f5b47be659f7d6d4653c94908716bba03aa859a169c4679363bc5 libblockdev-loop-devel-2.18-5.el7.tuxcare.els1.i686.rpm 97e39d654759832812778d442f1cba1c8e6130e90893d3d54b8633cb36717824 libblockdev-loop-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm f97ab940db288b6e1f90b118a937f6c8be17accc393bac7e07b1b0b2ffe057b2 libblockdev-lvm-2.18-5.el7.tuxcare.els1.i686.rpm 69733a76bea984900b8ad1f225520ca6fba8ffafc73607134b2fb8ae27b46570 libblockdev-lvm-2.18-5.el7.tuxcare.els1.x86_64.rpm 87d8bcec210920065b410a5f9e9e8bbaf4de5714501a4969588b6766a2d716c9 libblockdev-lvm-devel-2.18-5.el7.tuxcare.els1.i686.rpm 7421f7ce1b16a63c3c3110b2cbbe7dfba44e495d02e9d7e57976c0421f42748f libblockdev-lvm-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm e18abbbd9dc725031bff1c7ba1ae518942120974b9ff136fecfcde4b88351dd1 libblockdev-mdraid-2.18-5.el7.tuxcare.els1.i686.rpm e9e7c63e2af227c804781afc1cd7bd726b21f686eb80be07aca2eaf1b7c2a726 libblockdev-mdraid-2.18-5.el7.tuxcare.els1.x86_64.rpm 03bf8246246812711e95148e25615463e5f7bdd502a43ff82d5dc1e9564b70e5 libblockdev-mdraid-devel-2.18-5.el7.tuxcare.els1.i686.rpm aa320bb0c71c60f03cb06582cb97485ed270f8681fdcc4560c1f34bc68bf9908 libblockdev-mdraid-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm 285a2aef400b1d32371c078ba5608ca47b12ae73c1390490845cd0740709e820 libblockdev-mpath-2.18-5.el7.tuxcare.els1.i686.rpm bb28f41e12be70f9ae5b562eda54bd7189c9b96856642f70b1f194ff952a5813 libblockdev-mpath-2.18-5.el7.tuxcare.els1.x86_64.rpm 9a09494add791e86f10f744c682f658c31fe2ccc6df8bf9a662a2fa1ee6f4355 libblockdev-mpath-devel-2.18-5.el7.tuxcare.els1.i686.rpm 7fae0f49abd2efc440efd4187ed56e20a375a340a16dec634f78c866e00d07d9 libblockdev-mpath-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm b822acb2080d16976cb3a9675164029e24e3a795ffd66233aecbdb5123872882 libblockdev-nvdimm-2.18-5.el7.tuxcare.els1.i686.rpm 381b0b47c365b1666fec953eccfe206725dc137aaf5343ed91012f02590470d1 libblockdev-nvdimm-2.18-5.el7.tuxcare.els1.x86_64.rpm 507968a948063fa918b35930744c1e7c1e41e8f5313499c0cca9bcb4b1facf3a libblockdev-nvdimm-devel-2.18-5.el7.tuxcare.els1.i686.rpm 61688b3e8706c84620acc43a457636c99e21ad4c922d6b6e147a544f07fa8440 libblockdev-nvdimm-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm e5283405f29b175c128da2808f531bd52e2331c17e35cd850d84d6fbc4c073b5 libblockdev-part-2.18-5.el7.tuxcare.els1.i686.rpm 3c66e6db850ef97f540cde4cdae8cadece3265ad1f5ed568a0b9f6de46d72adc libblockdev-part-2.18-5.el7.tuxcare.els1.x86_64.rpm 6cdaa34cc8e5405be7dfff5e227665c462563f0800721f6fd111487f7aa20078 libblockdev-part-devel-2.18-5.el7.tuxcare.els1.i686.rpm 94edd280eff7dababc74700ef07272e8a815b435cc6a6fc68f55f46e775d8f1d libblockdev-part-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm 9bd8151eb52590881f9c9d8375641ea46895de9f2e84b8753926b41ea8666847 libblockdev-plugins-all-2.18-5.el7.tuxcare.els1.x86_64.rpm 2e1d07446742643662351548b8c92e4b9aa93e19d59b3643bbba6a5e7e2f41e6 libblockdev-swap-2.18-5.el7.tuxcare.els1.i686.rpm ecced6c3a5693e4e2205935f868f7287376b5b2d0352d3dcfc140d3e4004f7cd libblockdev-swap-2.18-5.el7.tuxcare.els1.x86_64.rpm 2316fdb6dc816ef62cc045fffe581eab244a6791630a0ed81d94ceea40c8faae libblockdev-swap-devel-2.18-5.el7.tuxcare.els1.i686.rpm 778bddcf39adf63aac64c30d3ccba4417dceb8c1196dd74bb9e23bfa2ed4e839 libblockdev-swap-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm 7951ce010902d8016fae0fc311829c11dbfb0edabf44abed186ad19a7da14d21 libblockdev-utils-2.18-5.el7.tuxcare.els1.i686.rpm 9c22687e8c19076efb8e557f5d938592f0479b62b31459b51b6c19cc014635bd libblockdev-utils-2.18-5.el7.tuxcare.els1.x86_64.rpm 515d4876fd472205ef92858ef0f30e55f266eca9ac882afc4ae227a7af706727 libblockdev-utils-devel-2.18-5.el7.tuxcare.els1.i686.rpm b15549703c3b393065c9e0545c1a85017914730bef5c590549611c30840abc00 libblockdev-utils-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm c0346bc493866fd105329109dfd0ad9baa6f4e4015e86b2cda3d0b8b69c93783 libblockdev-vdo-2.18-5.el7.tuxcare.els1.x86_64.rpm 3dec04e35ceaf19f44c357a6a112fded9c393c21dd0bc81aee7e255c1b0b21d5 libblockdev-vdo-devel-2.18-5.el7.tuxcare.els1.x86_64.rpm f65bd3a50038bae6b0318e14582f178ddf8cd00d65e23500bb2422600d9cc881 python2-blockdev-2.18-5.el7.tuxcare.els1.x86_64.rpm ffbc1fd05954cbd514e499fe62971c4b7b2cb5285c4a8171eb62b61e884ecd34 CLSA-2025:1764325377 TuxCare License Agreement 0 - CVE-2024-47615: fix OOB-Write in gst_parse_vorbis_setup_packet by validating integer size input to prevent memory corruption Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-47615: fix OOB-Write in gst_parse_vorbis_setup_packet by validating integer size input to prevent memory corruption

0 tuxcare-oraclelinux7-els gstreamer1-plugins-base-1.10.4-2.el7.tuxcare.els3.i686.rpm 3da11de2fcbf54b2e40a882a17aa11ef27bf8529d417ecb36ea647351c9a8517 gstreamer1-plugins-base-1.10.4-2.el7.tuxcare.els3.x86_64.rpm cc486bd9ec94c5c6f299f4420e7204a7c00b44114164db23af633030d785ff05 gstreamer1-plugins-base-devel-1.10.4-2.el7.tuxcare.els3.i686.rpm 759bcb8eb554e6a06aa760fd28757f13c9c1437297bf88c42eb9636447027043 gstreamer1-plugins-base-devel-1.10.4-2.el7.tuxcare.els3.x86_64.rpm 48119b488f89bc47127f07965196260ac223e6dcd7dad5854326d6ddecae7510 gstreamer1-plugins-base-devel-docs-1.10.4-2.el7.tuxcare.els3.noarch.rpm 51954214628e84b8dd4ce4941f79f30405cda34ecd7f8cb2868c991dcdfb2231 gstreamer1-plugins-base-tools-1.10.4-2.el7.tuxcare.els3.x86_64.rpm a8975fc4f14f834c8c3a1a7019f16657c8d02e159222574d23e55ff998b70ec0 CLSA-2025:1764325574 TuxCare License Agreement 0 - CVE-2024-47606: qtdemux: avoid integer overflow when parsing Theora extension - Fix documentation build with the newer gtk-doc Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-47606: qtdemux: avoid integer overflow when parsing Theora extension - Fix documentation build with the newer gtk-doc

0 tuxcare-oraclelinux7-els gstreamer1-plugins-good-1.10.4-2.el7.tuxcare.els1.i686.rpm 62ae6d512617e5df2da5d5965e15a14fd52babc24103311963bc6840b029fb07 gstreamer1-plugins-good-1.10.4-2.el7.tuxcare.els1.x86_64.rpm 5f798dc0ff2b810fe90509c07fd9937a9a03d33078455a1512574613aa3c8267 CLSA-2025:1764688338 TuxCare License Agreement 0 - CVE-2024-47537: qtdemux: fix integer overflow when allocating the samples table for fragmented MP4 Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-47537: qtdemux: fix integer overflow when allocating the samples table for fragmented MP4

0 tuxcare-oraclelinux7-els gstreamer1-plugins-good-1.10.4-2.el7.tuxcare.els2.i686.rpm b8988b75f0933165fe613e2702d5a4847427354363979605d2dbb61322799111 gstreamer1-plugins-good-1.10.4-2.el7.tuxcare.els2.x86_64.rpm 71b3b7d435f0c94c695f123a35f4814916076165a6af93fc4419ba892b12744a CLSA-2025:1764778336 TuxCare License Agreement 0 - CVE-2025-5917: fix overflow in build_ustar_entry - CVE-2025-5918: do not skip past EOF while reading Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-5917: fix overflow in build_ustar_entry - CVE-2025-5918: do not skip past EOF while reading

0 tuxcare-oraclelinux7-els bsdcpio-3.1.2-14.el7_7.tuxcare.els3.x86_64.rpm 35de6059d4d8dbc896d7045a6056b884031eeb6612779144839735691f4ac6c2 bsdtar-3.1.2-14.el7_7.tuxcare.els3.x86_64.rpm 1b138d35be0a2ed911c452bb0a07b76ccac07f729d32e3ddecd115a1a5613d15 libarchive-3.1.2-14.el7_7.tuxcare.els3.i686.rpm 4be71e4e48ca309303b918b5d5c8a2fd5e19e3cc6a2e581f62d1fbb85e804f12 libarchive-3.1.2-14.el7_7.tuxcare.els3.x86_64.rpm 9bff9480d4086c33f29ed09eb4011b34c8f857cb3ac20df29d38106efda95098 libarchive-devel-3.1.2-14.el7_7.tuxcare.els3.i686.rpm 7af8b3d64bee4938fa5d41b29eb7dfb89ab87c9f49fb52cad9dff47a0a9b1509 libarchive-devel-3.1.2-14.el7_7.tuxcare.els3.x86_64.rpm b2e1beebbd390bb2a64c1ca7009d370e80d35c1c07fe0305675586719bd89a6a CLSA-2025:1764850038 TuxCare License Agreement 0 - Bump release to 23.0.1.1.tuxcare.els1 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bump release to 23.0.1.1.tuxcare.els1

0 tuxcare-oraclelinux7-els emacs-24.3-23.0.1.el7_9.1.tuxcare.els1.x86_64.rpm 4debb36228acd5321962d1b49fe0c37c29059b2fc1da6a2e20bb3e5057909d1e emacs-common-24.3-23.0.1.el7_9.1.tuxcare.els1.x86_64.rpm dfe51404adf512435a5f4c9181c8faf86d011bb4b10aea3281b1d0b381941ff1 emacs-el-24.3-23.0.1.el7_9.1.tuxcare.els1.noarch.rpm c79f05c1c39c89b5574094f90d63239c92a30cf11b69b405f5417eb0976a4142 emacs-filesystem-24.3-23.0.1.el7_9.1.tuxcare.els1.noarch.rpm 42b1e6aca4b95dbdfd940c53a93a7f59eda2f655508c575106aebc74962d0130 emacs-nox-24.3-23.0.1.el7_9.1.tuxcare.els1.x86_64.rpm ab618c0f72c49d1a474a6848963cdf14c2a8ce8ec18bd6bb8199a8876dd0fcf5 emacs-terminal-24.3-23.0.1.el7_9.1.tuxcare.els1.noarch.rpm c17e58e5aa9c582fdceeb5fdba5228d142937a9a84e5f66cecfbc61125a774aa CLSA-2025:1764850495 TuxCare License Agreement 0 - Bump version to 3.1.1-4.0.1 Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bump version to 3.1.1-4.0.1

0 tuxcare-oraclelinux7-els mpfr-3.1.1-4.0.1.el7.tuxcare.els1.i686.rpm 756858f0e41b77caa213fb7fd71a7cb513cd7099e7637ac0e3959a4e4b278e0c mpfr-3.1.1-4.0.1.el7.tuxcare.els1.x86_64.rpm c4fcff262eb734fb502e6f29b1669a8cdc8c767630030dab4139da745065043d mpfr-devel-3.1.1-4.0.1.el7.tuxcare.els1.i686.rpm 80e987bc771ebe07811a81017cfeeae203d5d93ffd26f3cfef886cb0d9b7ed1b mpfr-devel-3.1.1-4.0.1.el7.tuxcare.els1.x86_64.rpm 987d06732a964a2ae23bc3cf9fbb5b5eba1b0cc07fe8cf5d19aa21b5185aad16 CLSA-2025:1764677929 TuxCare License Agreement 0 - CVE-2025-4945: fix integer overflow vulnerability in date/time parsing - CVE-2025-11021: fix out-of-bounds memory read in cookie date handling logic Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-4945: fix integer overflow vulnerability in date/time parsing - CVE-2025-11021: fix out-of-bounds memory read in cookie date handling logic

0 tuxcare-oraclelinux7-els libsoup-2.62.2-2.0.5.el7.tuxcare.els2.i686.rpm 5e0cc97a1e699bb4f0cbdd34962d6f7b992c01ecb89b1e71dcb3b2d17a1fc9d3 libsoup-2.62.2-2.0.5.el7.tuxcare.els2.x86_64.rpm c655d2961c1106c4e9910d99468178a370f6c5226575976f45f3a166a43b828f libsoup-devel-2.62.2-2.0.5.el7.tuxcare.els2.i686.rpm e285f2d8fdd2895854b9ad47058a374e5c681d7439e4a68783a833c0b1d2077e libsoup-devel-2.62.2-2.0.5.el7.tuxcare.els2.x86_64.rpm 319a6d56058f317d42c4a77800b7221ef40883019fcd8b14b5f2f64d1ec6a0f8 CLSA-2025:1764885482 TuxCare License Agreement 0 - CVE-2025-8067: fix issue allowing unprivileged users to create loop devices with negative index values Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-8067: fix issue allowing unprivileged users to create loop devices with negative index values

0 tuxcare-oraclelinux7-els libudisks2-2.8.4-1.el7.tuxcare.els1.i686.rpm 5fcdc4bd23abf7e10938589ad6b6db3befb8f6beda4907ea0a7b346986db1fa0 libudisks2-2.8.4-1.el7.tuxcare.els1.x86_64.rpm 7bbeefc2edbc269a99407cd792ec57d9dd602e1b496f4f54cfa51996becf93c6 libudisks2-devel-2.8.4-1.el7.tuxcare.els1.i686.rpm 271cd584260050ccbcebe9cf9365cf67f6855a0142b933d88738d0aefc8a0998 libudisks2-devel-2.8.4-1.el7.tuxcare.els1.x86_64.rpm 17ebd1f402baeb1b8351c3f60fbe56163ace41b62c36cabda2b98194817cd352 udisks2-2.8.4-1.el7.tuxcare.els1.x86_64.rpm 2f3d12c8ed30be2a7d3252338c82ca4506fd67f04510201848cba4f872d12028 udisks2-iscsi-2.8.4-1.el7.tuxcare.els1.x86_64.rpm 98a3929b3a10e563a64c19515b8c9b7d0d692d5a3ee277c90a888d4bb41cdf73 udisks2-lsm-2.8.4-1.el7.tuxcare.els1.x86_64.rpm d25f85b4e3e4b7bcee400f9f4bc0ae1ee5f147ea650103d5e9dc90452f680510 udisks2-lvm2-2.8.4-1.el7.tuxcare.els1.x86_64.rpm 880aa9aa98b69b4b0f759d0f014747b485b23e53efa9dc7423945bfcd1345972 CLSA-2025:1765208809 TuxCare License Agreement 0 - Rebuilt with xorg-x11-server-1.20.4-99.el7_9.tuxcare.els8, mitigating the security vulnerabilities identified by the following CVEs: CVE-2025-62229, CVE-2025-62230, CVE-2025-62231 - Moved CVE-2024-9632 patch to xorg-x11-server package Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Rebuilt with xorg-x11-server-1.20.4-99.el7_9.tuxcare.els8, mitigating the security vulnerabilities identified by the following CVEs: CVE-2025-62229, CVE-2025-62230, CVE-2025-62231 - Moved CVE-2024-9632 patch to xorg-x11-server package

0 tuxcare-oraclelinux7-els tigervnc-1.8.0-33.0.7.el7_9.tuxcare.els2.x86_64.rpm 226676040f7d111baf4535d5151e271efce91cda522605ebdf620b4aa1d62c29 tigervnc-icons-1.8.0-33.0.7.el7_9.tuxcare.els2.noarch.rpm da9109a0aa3d0fd3d0c04ff87a5c197a2e12136cd192863149659089bf9bd314 tigervnc-license-1.8.0-33.0.7.el7_9.tuxcare.els2.noarch.rpm 2996b5151683512cd158f5e1139c8f6e4325818b0013fc94948b2fdf717891b0 tigervnc-server-1.8.0-33.0.7.el7_9.tuxcare.els2.x86_64.rpm 6a28181a0f667f0d6b0f5b495cac868bc7629a27c567d87166b7e9212f6353df tigervnc-server-applet-1.8.0-33.0.7.el7_9.tuxcare.els2.noarch.rpm 89681e399a5b72d20226c19a8451acbdba4306db57a8874344c1cdfd412df0e1 tigervnc-server-minimal-1.8.0-33.0.7.el7_9.tuxcare.els2.x86_64.rpm 0505ecd4df96c9d68cdbe8aee2b4e72cc64c0b822d59e612da0ff78a56008387 tigervnc-server-module-1.8.0-33.0.7.el7_9.tuxcare.els2.x86_64.rpm add1b3569a9118bcdceec742cb2e8c1ba03900947f6369fa33a478e083e757b0 CLSA-2025:1765209058 TuxCare License Agreement 0 - CVE-2025-9632: fix buffer overflow in _XkbSetCompatMap() - CVE-2025-62229: fix use-after-free condition due improper error handling during notification creation leading to DoS - CVE-2025-62230: fix use-after-free condition due freeing certain data structures without properly detaching related resources - CVE-2025-62231: fix unsigned short overflow in XkbSetCompatMap() function Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-9632: fix buffer overflow in _XkbSetCompatMap() - CVE-2025-62229: fix use-after-free condition due improper error handling during notification creation leading to DoS - CVE-2025-62230: fix use-after-free condition due freeing certain data structures without properly detaching related resources - CVE-2025-62231: fix unsigned short overflow in XkbSetCompatMap() function

0 tuxcare-oraclelinux7-els xorg-x11-server-Xdmx-1.20.4-99.el7_9.tuxcare.els8.x86_64.rpm 4261c429173b70fd602a223e2212f8576858a5f6967892c29207cda89a87dd2c xorg-x11-server-Xephyr-1.20.4-99.el7_9.tuxcare.els8.x86_64.rpm 36a1a6c8828d603fb87e54bb9c89b8cde8d64c312dd3b0eba3518c7e20bbdab3 xorg-x11-server-Xnest-1.20.4-99.el7_9.tuxcare.els8.x86_64.rpm e54d36748532b9d7f968cc2f13119aae0bd8c6c086cf5091db4049cb8a7d5d68 xorg-x11-server-Xorg-1.20.4-99.el7_9.tuxcare.els8.x86_64.rpm feea94a12f5370883779680cb13e13d2bc057bbd28d4766216e7dfe4a5df9bb6 xorg-x11-server-Xvfb-1.20.4-99.el7_9.tuxcare.els8.x86_64.rpm 6d95ddc1a3cfc28b01308be21ec0571c72d33aa2963a0d0d506b1e393a5408ab xorg-x11-server-Xwayland-1.20.4-99.el7_9.tuxcare.els8.x86_64.rpm b083f456b2e5d6374215c51cdfc51fc5ba31150729fb73605bfb247b0c702346 xorg-x11-server-common-1.20.4-99.el7_9.tuxcare.els8.x86_64.rpm 0793a9555673bd1ea9ebc37902beccc6230ba332490aa680a03f7de78fce1f0c xorg-x11-server-devel-1.20.4-99.el7_9.tuxcare.els8.i686.rpm 865696f374a082e1fad457581acbef5353a1d8c90cf2aa985e2c05d4f5b627f9 xorg-x11-server-devel-1.20.4-99.el7_9.tuxcare.els8.x86_64.rpm 6153952b32da92c12ca258a4357fce17e7ccd7628dd13c71a086224a90ac8ef9 xorg-x11-server-source-1.20.4-99.el7_9.tuxcare.els8.noarch.rpm 32da819f0a4db01fdeba56509fd8fee1420ed86c5ae3015d9435f3361fb97339 CLSA-2025:1765214003 TuxCare License Agreement 0 - Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u472-b08 (GA). Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u472-b08 (GA).

0 tuxcare-oraclelinux7-els java-1.8.0-openjdk-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm a80e1f84a62404752b9cf287c9b46c2ee6ec72b25992b94b2109666ef2c2c823 java-1.8.0-openjdk-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm ab04cb6511ab4e5084e4dcd82ffa1f6dadf695a29d2fe3505cac68e0864b0b60 java-1.8.0-openjdk-accessibility-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 9dbfcb8a91db3f871f9f1064247b518ea2403be67851866ef16f43df270412c2 java-1.8.0-openjdk-accessibility-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm 40c7c43f9b9fa7b46de8f4a020aec81bb7b1fa1c1098fa3cefc83dd3aa02ac01 java-1.8.0-openjdk-accessibility-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 826c7862d8a0ba57f6185a34452203a7c39b02caeced409589603eec70fed631 java-1.8.0-openjdk-accessibility-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm 554d6b8953d52b95fcf20733fe606ec609a989251dff3b7b5c876062dc76861d java-1.8.0-openjdk-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 08c1e5da75627060bc5103da4583516059f54cb688472a05817f1bb3dd6756f5 java-1.8.0-openjdk-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm e5c1952f7f6621af2aa69b6a32d0521020f9974fbcf995bf0dcea77d19fd66d6 java-1.8.0-openjdk-demo-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 2b2b4b1f9c5fac29458e793d4dd9a43769c54e076df684ec3b05fdb79d861ce8 java-1.8.0-openjdk-demo-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm df7f75390107360994d764b4963eaba671c2e46f41e2e30d78e973bb34447084 java-1.8.0-openjdk-demo-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 4cc98696dbc55a86a9deee9afec8ec2b0ae2df765fcaa2bea84e407db9b6fde6 java-1.8.0-openjdk-demo-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm 8489bacdf26643b82c5938b7ff7edee2681f7c2cd1a5a7a543af378cddcbd628 java-1.8.0-openjdk-devel-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 8d058327d5070d7604639fc4eec12ebe38e640310c5f99f0050537affb0b0e8a java-1.8.0-openjdk-devel-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm a4d317daf92120751b78a83e46d039b3d4ce00c50a676da225b1e5d1d5246f41 java-1.8.0-openjdk-devel-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 5bf16724dd0e22759022983cfe7694b40403ad815631cd2db33b2dafb27e2861 java-1.8.0-openjdk-devel-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm 0cc07f5dbb15582cb21fd7fcd55a8061353eee06f64a1c58e6d46a6b7bef3c20 java-1.8.0-openjdk-headless-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm b0847ec5210cbeb7639e05537918e81513c05749feab480a589458cc0098b6ee java-1.8.0-openjdk-headless-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm 48c83b758e40e3ebfcfe576bb8ae13a55315cd7e9c3a097303672f64e16847c0 java-1.8.0-openjdk-headless-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 33703faa39861eea3e62885a800cf558cfbc3953048d89348bce15e30103a1c7 java-1.8.0-openjdk-headless-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm 4a083eec14546a6516fa0d905c56cd17e19ed447d549e269d2d3c0c0aa9f3ee9 java-1.8.0-openjdk-javadoc-1.8.0.472.b08-1.el7_9.tuxcare.els1.noarch.rpm ece1bdf6f4c89ca6e61d7ff2399c8e16d9841924eefc12390a0844fefa08cabb java-1.8.0-openjdk-javadoc-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.noarch.rpm 2f20572fdf657f196c92819ea5b3ee087480425d3e397b4f7c164766a853a844 java-1.8.0-openjdk-javadoc-zip-1.8.0.472.b08-1.el7_9.tuxcare.els1.noarch.rpm f2a576e38d3e83c0cd161c46cbddd8ccadc93490ac1cafc429117240dbfbcdbb java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.noarch.rpm bd8fb9e20a6f79084111ae86f7e4106f01b396df9857a0030b1501af2bd2e7f2 java-1.8.0-openjdk-src-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 3e91322d6c7a6734a22d8a2de63f5ce9aa70cf394844179ee505da3e5e6d0896 java-1.8.0-openjdk-src-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm b96975540e9772f5750af95cd9c03093ca0b182c68492f5d702edb327a80ed93 java-1.8.0-openjdk-src-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.i686.rpm 20c9280a2f9ba2aa9fa9744eb9d43917dd2d7c77d270d6b28848e80d8eb6299a java-1.8.0-openjdk-src-debug-1.8.0.472.b08-1.el7_9.tuxcare.els1.x86_64.rpm 841155c6d29dd751998c8156afa76577cf2ea41955fdb4b7a0b13cbee44c96af CLSA-2025:1756827524 TuxCare License Agreement 0 - CVE-2024-55549: fix use-after-free issue related to exclusion of result prefixes Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-55549: fix use-after-free issue related to exclusion of result prefixes

0 tuxcare-oraclelinux7-els libxslt-1.1.28-6.0.1.el7.tuxcare.els3.i686.rpm 7069f1d84cc9cd264df78f005d6d12ba16c77b092468e1ca99ac080f50be61af libxslt-1.1.28-6.0.1.el7.tuxcare.els3.x86_64.rpm 4b2bfce628d47a72144e993107943ef330511209453d88a10100ba6b1561c19c libxslt-devel-1.1.28-6.0.1.el7.tuxcare.els3.i686.rpm ff5b45558dffbdf59328f6d845f60ac85575ce18c05c6953ed52e7c86f0e9347 libxslt-devel-1.1.28-6.0.1.el7.tuxcare.els3.x86_64.rpm 6b4459d1b5225b28c52cabefcabbc1d3b25908a9e530cef619bc2f43925baa50 libxslt-python-1.1.28-6.0.1.el7.tuxcare.els3.x86_64.rpm 6f4611f59c493b99dfb95adc8a94acd02a64a051d9dde8c81d3d25080fbb152d CLSA-2025:1765282338 TuxCare License Agreement 0 - CVE-2023-50868: avoid availabiluty of the remote attackers to cause a denial of service using DNSSEC Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2023-50868: avoid availabiluty of the remote attackers to cause a denial of service using DNSSEC

0 tuxcare-oraclelinux7-els unbound-1.6.6-5.el7_8.tuxcare.els3.x86_64.rpm d3d9aac815197019bd9f1141a160cd72ad3de4391815064438b94b219abec747 unbound-devel-1.6.6-5.el7_8.tuxcare.els3.i686.rpm ae2434fd7c438e8408bc45c95d5d74ff82e497096d3ad1c37be45027ab9ab341 unbound-devel-1.6.6-5.el7_8.tuxcare.els3.x86_64.rpm 9f8f7a2c1572428644f9b470af125c1e4c13b1a8edddac2a811424a99fff1aa4 unbound-libs-1.6.6-5.el7_8.tuxcare.els3.i686.rpm 31a3b5fda6518c66e2f9d766980778e20ed39b339fc72fd7a0328162847d91ad unbound-libs-1.6.6-5.el7_8.tuxcare.els3.x86_64.rpm 2d9f00a61918931853c39595f1893417a73ae95c083ee23deba1e6d094164fd5 unbound-python-1.6.6-5.el7_8.tuxcare.els3.x86_64.rpm c62a9ec6dd3a9e939c8f691aad548da2a710087b87a43c5a9240e5e35e72e49c CLSA-2025:1765287413 TuxCare License Agreement 0 - CVE-2024-56326: fix format string vulnerability impacting users of applications which execute untrusted template Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-56326: fix format string vulnerability impacting users of applications which execute untrusted template

0 tuxcare-oraclelinux7-els python-jinja2-2.7.2-4.el7.tuxcare.els1.noarch.rpm 206bb18a03d7cb28a84a762a0b58b642af02e4905b8551f4c131e095bd82cec2 CLSA-2025:1765287627 TuxCare License Agreement 0 - Bump release to 9.2.24-9.0.3.tuxcare.els1 Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bump release to 9.2.24-9.0.3.tuxcare.els1

0 tuxcare-oraclelinux7-els postgresql-9.2.24-9.0.3.el7_9.tuxcare.els1.i686.rpm 37cac22a4ceb0d4e0365d37f6204183b7ffab60870ad2e07b0060463ea5677f0 postgresql-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm b6c8a7e21702cfd3b61256d297f61747854e09c74bbf830044ea76c2d16b05fa postgresql-contrib-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm 12008efabe8a4aff6b1c573eb23c67202a521e62639da1395b6c2f4eb37f973f postgresql-devel-9.2.24-9.0.3.el7_9.tuxcare.els1.i686.rpm 4df24d667df3d894d8cffd4e51ec2d61e3df5439dbd49179dafc5dd5b9ab7833 postgresql-devel-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm ccabce728e866adde7e2ab2f8bea5542e6da51daaf2e0bd34c429a9f05ef5a53 postgresql-docs-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm fb578825e264a9ee3064c8de4df3a1a9b061a857f74fe8cc87374b4e6d4f670b postgresql-libs-9.2.24-9.0.3.el7_9.tuxcare.els1.i686.rpm 33aa2c736261aeb26196e393e060fc8c5eba2e8e56d814bad6742ff8e31d6108 postgresql-libs-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm afd15869fa2d1c876b5296d925398aeaa4de7ddf98321f85af52ef27bdcaa5ec postgresql-plperl-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm 4c9a809f3fe4659536d152d8d5c6b69e0f6728bda282f0793821da4c07dab651 postgresql-plpython-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm a07a1e3e9a7ed2a1e40eca51b16e59c094dbeb8c990cd9bf1d0a7a2ba4b3a45e postgresql-pltcl-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm 9b288e77dd3fb6592288d0bb7116cc5d67d19dd8d784efaee648ab574ada68ff postgresql-server-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm e1802bc833925b93fd69a3d00859ba29c1911eaef1541f1b3cbdd6b8220e0314 postgresql-static-9.2.24-9.0.3.el7_9.tuxcare.els1.i686.rpm d0bf41f27c478b1a9d39bc765830474036edfe418bbd9131e3beb61520be7a9b postgresql-static-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm f49574e84b0779191599b2eb4d4065c9da00b1ebffe7b96d2f0b17213f74b084 postgresql-test-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm 3838a8a046e73324a89b6a4b39162abd60087801c9b309428b2dd9f6a5fc999d postgresql-upgrade-9.2.24-9.0.3.el7_9.tuxcare.els1.x86_64.rpm b8cca9ad34f57561dc1d641fea5b838830d7d7ba6ec808a73ce99fdc47935f45 CLSA-2025:1765545248 TuxCare License Agreement 0 - Bump release to 6.9.10.68-7.0.3.tuxcare.els1 Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Bump release to 6.9.10.68-7.0.3.tuxcare.els1

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els1.i686.rpm 73b1553ff3091a3aeb2287b3accdb9f50fff99e65be5f52f172e76bc1346354c ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els1.x86_64.rpm 1e59a22155c42fa30e3733923492124e5cc3555f3c5c8547ab11ec8d65336111 ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els1.i686.rpm c34873eb2897ece526d89dce77f4b4f329e245713bca44c708eaced258648bcf ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els1.x86_64.rpm fde2a41d4968a47f7325007bf024a2385fa8ab7f875c60cc72b2dda3972010a5 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els1.i686.rpm d62970d01055935e5da99062ac55bee2c649658c1fe8df418d61bf2b0bc65155 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els1.x86_64.rpm 9444aedd3ed8d3f04d4e3576326d653e2ea5aa6e4070bf6ab3fd0c38dcb48b01 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els1.i686.rpm 1335dab2cc4ab615f02ead58efba09b97c813ff62149b541e42494db993d011f ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els1.x86_64.rpm 5dfdc9759e825e4348d43e77026f19fd6d71d22ed46b2360fd2af5c94e68bda5 ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els1.x86_64.rpm 068b205846791bc13a609f1a93a8013cb1badb0088cc77468f0c45f5e0ede49b ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els1.x86_64.rpm 3a9e5c343926b7f32b06a160a491c6f6287a1daafbc45050552fad86801213d9 CLSA-2025:1765902454 TuxCare License Agreement 0 - CVE-2024-8508: limit number of name compression calculations per packet to prevent denial of service attacks. Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-8508: limit number of name compression calculations per packet to prevent denial of service attacks.

0 tuxcare-oraclelinux7-els unbound-1.6.6-5.el7_8.tuxcare.els4.x86_64.rpm 18b0f823356b6c0500c4da719bebb5a05c51a1ebed7e817072cf1be9c7adb714 unbound-devel-1.6.6-5.el7_8.tuxcare.els4.i686.rpm dbdcd9cf73072aaf42229ffa00ec305ab190cc8e7d67563a69ea50e1d183d490 unbound-devel-1.6.6-5.el7_8.tuxcare.els4.x86_64.rpm 8ee4aea0a8ae9767ef9f70c44fed301160b066f413c75ddbacde1f9cca60b1ea unbound-libs-1.6.6-5.el7_8.tuxcare.els4.i686.rpm 05308c0d5258a6c3a4a4c236b4d5fbded8127b58c006e753e8722d0f325e7213 unbound-libs-1.6.6-5.el7_8.tuxcare.els4.x86_64.rpm 1503bd7f8e093234d6477c45e5d840adef4b0b9cd3687fdf96b9002b199017ab unbound-python-1.6.6-5.el7_8.tuxcare.els4.x86_64.rpm dcc42b28b52ff21ee06fd23d32087690cd573a2376d86e29a1ae1765f88cad56 CLSA-2025:1766135952 TuxCare License Agreement 0 - CVE-2025-64505: fix heap buffer over-read vulnerability in png_do_quantize function by validating palette_lookup array bounds Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-64505: fix heap buffer over-read vulnerability in png_do_quantize function by validating palette_lookup array bounds

0 tuxcare-oraclelinux7-els libpng-1.5.13-8.el7.tuxcare.els1.i686.rpm b59fea4fe4c73454da6f76b22a589bd2dcb1424f0006841708ad2240c4cd3bd8 libpng-1.5.13-8.el7.tuxcare.els1.x86_64.rpm dbc53961f673494440814ffa6f44ab6bf9b843d40486ec8c50493dceaa5ee4cb libpng-devel-1.5.13-8.el7.tuxcare.els1.i686.rpm da4cdac9adb0db6b1fb118c0ef2b030807825901105de3bf9fd8224c587d1025 libpng-devel-1.5.13-8.el7.tuxcare.els1.x86_64.rpm 82161e894e28d2fc6390e8dbc11dea4c767bdf9284f7da9d25d06085ff8eb4e6 libpng-static-1.5.13-8.el7.tuxcare.els1.i686.rpm 8f60a147f5f1ca92644244919bb51c5b00a74e79bc1c142af9972a41e1e8fd3f libpng-static-1.5.13-8.el7.tuxcare.els1.x86_64.rpm 0a2d9520edb2ba0054edc885e1616bd9281244f04a6f223ab3a1ac63a4b2cc73 CLSA-2025:1766599987 TuxCare License Agreement 0 - xfrm: Duplicate SPI Handling {CVE-2025-39965} - xfrm: state: use atomic_inc_not_zero to increment refcount - padata: Fix pd UAF once and for all {CVE-2025-38584} - padata: Remove broken queue flushing {CVE-2023-52854} - padata: ensure padata_do_serial() runs on the correct CPU - Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() {CVE-2022-50408} - sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} - ip6mr: Fix skb_under_panic in ip6mr_cache_report() {CVE-2023-53365} - Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386} - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put {CVE-2022-3640} - ipvs: fix WARNING in ip_vs_app_net_cleanup() {CVE-2022-49917} - ipvs: fix WARNING in __ip_vs_cleanup_batch() {CVE-2022-49918} - ipvs: use explicitly signed chars - vt: Clear selection before changing the font {CVE-2022-49948} - fs: prevent out-of-bounds array speculation when closing a file descriptor {CVE-2023-53117} - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() {CVE-2022-48900} - netlink: prevent potential spectre v1 gadgets {CVE-2023-53000} - igb: Do not free q_vector unless new one was allocated {CVE-2022-50252} - scsi: target: Fix WRITE_SAME No Data Buffer crash {CVE-2022-21546} - net: mdio: fix undefined behavior in bit shift for __mdiobus_register {CVE-2022-49907} - dm raid: fix address sanitizer warning in raid_status {CVE-2022-50084} - dm raid: fix address sanitizer warning in raid_resume {CVE-2022-50085} - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK {CVE-2022-49870} - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() {CVE-2022-50258} - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling {CVE-2025-37882} - Bluetooth: hci_core: Fix use-after-free in vhci_flush() {CVE-2025-38250} - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - net_sched: hfsc: Fix a UAF vulnerability in class handling - crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- xfrm: Duplicate SPI Handling {CVE-2025-39965} - xfrm: state: use atomic_inc_not_zero to increment refcount - padata: Fix pd UAF once and for all {CVE-2025-38584} - padata: Remove broken queue flushing {CVE-2023-52854} - padata: ensure padata_do_serial() runs on the correct CPU - Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() {CVE-2022-50408} - sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} - ip6mr: Fix skb_under_panic in ip6mr_cache_report() {CVE-2023-53365} - Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386} - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put {CVE-2022-3640} - ipvs: fix WARNING in ip_vs_app_net_cleanup() {CVE-2022-49917} - ipvs: fix WARNING in __ip_vs_cleanup_batch() {CVE-2022-49918} - ipvs: use explicitly signed chars - vt: Clear selection before changing the font {CVE-2022-49948} - fs: prevent out-of-bounds array speculation when closing a file descriptor {CVE-2023-53117} - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() {CVE-2022-48900} - netlink: prevent potential spectre v1 gadgets {CVE-2023-53000} - igb: Do not free q_vector unless new one was allocated {CVE-2022-50252} - scsi: target: Fix WRITE_SAME No Data Buffer crash {CVE-2022-21546} - net: mdio: fix undefined behavior in bit shift for __mdiobus_register {CVE-2022-49907} - dm raid: fix address sanitizer warning in raid_status {CVE-2022-50084} - dm raid: fix address sanitizer warning in raid_resume {CVE-2022-50085} - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK {CVE-2022-49870} - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() {CVE-2022-50258} - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling {CVE-2025-37882} - Bluetooth: hci_core: Fix use-after-free in vhci_flush() {CVE-2025-38250} - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - net_sched: hfsc: Fix a UAF vulnerability in class handling - crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm d68d0c3c80b3d305db3d9e3c7765fb5565feedc85fc5a80d2b6a173b38dc627a kernel-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm 48ca18148c7a0d9a7e453b980d341cd469aa406ea6cff7c2bd1f7a019b5b4dce kernel-debug-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm 41d81d50490c94102ed469dd71380be5f7b0c3a2b67c1eeaaa1f7a8567c60ca1 kernel-debug-devel-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm bb977037ca3fdc579b22fa9bc5f41ce0f1fe4cef2a9e204af18d07da1bc9974e kernel-devel-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm cbf947dc97990f5483b2093f5f1639854db8945ab92e0d56515c7cd90973ab81 kernel-headers-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm ce20c519b0eccf08d7002c0f89508c82d7178e35b407d7ac4df8cb75a0cc0092 kernel-tools-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm ae883a296cc96b9715f7501387cf8628c63633c499ade8d80ff4e29d5ae245ee kernel-tools-libs-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm cd35ebf5c5ace31b3204c1242a0f46e3166d6214b671b41f95ea138b67b49681 kernel-tools-libs-devel-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm e19745049e307cd70c9a5c8ebdc5e360949992ddc435e12c4817f240d3b1b0b3 perf-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm 92640a54e49bd67092456293c3801451f4c4dc6b7fe725309cc24b9e3140492f python-perf-3.10.0-1160.139.1.el7.tuxcare.els3.x86_64.rpm 5492813f49ce8119419c1927b21aa7b6b84efa70bf487bd4f6ea6958f7ec16eb CLSA-2026:1767867153 TuxCare License Agreement 0 - crypto: lzo - Fix compression buffer overrun {CVE-2025-38068} - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work {CVE-2025-39863} - NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945} - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-40186} - can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004} - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} - ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} - ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403} - scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322} - fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-2978} - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} - ipv6: Fix infinite recursion in fib6_dump_done(). {CVE-2024-35886} - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} - atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- crypto: lzo - Fix compression buffer overrun {CVE-2025-38068} - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work {CVE-2025-39863} - NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945} - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-40186} - can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004} - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} - ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} - ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403} - scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322} - fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-2978} - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} - ipv6: Fix infinite recursion in fib6_dump_done(). {CVE-2024-35886} - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} - atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm 4afd47df55f55fb20f3b60e05958318d3f5cd1d6ae60281f8179055a17f71c16 kernel-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm e8adc6c38706681f069c7db189e8861552083959071076a2929b26738f689fff kernel-debug-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm cf11913cb94cd4a93398623965d433b1242e049b47e418bf1727c0bb0f526daa kernel-debug-devel-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm 805641745d83843cc6d8813994141080827d60b83f2c55ce3fecd47640bef0fd kernel-devel-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm ace1bdcee28b579685c6a94d9150b45e689a38ee6eef723294cdd263aa8640fc kernel-headers-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm a0cfc3fa4f7adeb22c5770542ecbc18b523f4f690db224526bc6bde9bf911f10 kernel-tools-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm ddfdbb5ce6fef0e09ad4f177f0526dc4566c286d1101bf4aa7b6c3a8232ce517 kernel-tools-libs-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm 227e8fc837113da4763a4de210b366ad38b3cff1b51af6d6dfe0e54604fbda71 kernel-tools-libs-devel-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm 9d62868f480793893c722ecbd25f1c98ee2c0d1e3627a0dac0c6a94d6a670515 perf-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm 4059f22ef1ae5b78c2fea52297908f5e081c47906f351aabc9fbf3237473b785 python-perf-3.10.0-1160.139.1.el7.tuxcare.els4.x86_64.rpm 680b16ec6b804ebd83f38c5316bd21c8bdd81776e33870c7fd073681d5a0e058 CLSA-2026:1768210963 TuxCare License Agreement 0 - CVE-2025-52005: add sideband.allowControlCharacters config which gives a possibility to avoid control characters in sideband - CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-52005: add sideband.allowControlCharacters config which gives a possibility to avoid control characters in sideband - CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration

0 tuxcare-oraclelinux7-els emacs-git-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm a2115e279ef013f0c336b23fbc2f383683d4c252204f4fb9a7a2012bfc0a198e emacs-git-el-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm d49475515f6783047ec4e2cfb44f0240268ab4444a5c6c5063213bee24ad9d17 git-1.8.3.1-25.el7_9.tuxcare.els7.x86_64.rpm 6f1f1a6bfedfbd5e296c32a62c69a558b34b27be085e6ad22c75999797c2f559 git-all-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm 334d698b3d6320a359de74d7b61bc04f452b156924bbb48ed43727488a8fb5bb git-bzr-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm efde200e132b4fe3122bca7f51703d3e413eadfc3428c8e534628dfe087caaef git-cvs-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm 465643a07c363c8f68f32d3c426551e9af29b4f2660bd032ab3baa8f38c46c12 git-daemon-1.8.3.1-25.el7_9.tuxcare.els7.x86_64.rpm a89fac8084e358f6cb8c549f9d74440489e87897b2bef0bc36b556685da644d9 git-email-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm 47705cb2ac84ba7a6e78ee159b64dc151824fece20304b4b5e244f63359c2bad git-gnome-keyring-1.8.3.1-25.el7_9.tuxcare.els7.x86_64.rpm ec7517588a35b8e807f2bbb4b24511cf1f8022c30e4d7c19bee6e94d7f71d503 git-gui-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm e02cab589436dc5677c9355bbe0a890dc87b47b05878f95587110cc869f7bec3 git-hg-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm 9d8abc32c4205ab0120ab326a9a03e28fa76a7b7ba81ab8b673c523c0c13b874 git-instaweb-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm ed03e519f267d31093883d4c7512574c4afb455278dde46b4c1c0557522c31a9 git-p4-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm a932fb37fef5848631ac43d0c92b94927d1863a50bba8459b42a1ba29030fa64 git-svn-1.8.3.1-25.el7_9.tuxcare.els7.x86_64.rpm 51c5a141b24543cb821d4747c62fa21cca340c631dd459caf087265ebcc547f7 gitk-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm f62ac28664c7bd6c2e18a47d34c1b4a3a886ee8c1405cb39a370edc101228819 gitweb-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm cfe86234409c2645477ee2f498dc9359c878478e8022d76d3d159c1e3e3e41bf perl-Git-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm 8f50ad132f5bd100c1d94ebf27f27a36438e9c92880f5e245c8bc65403fe4997 perl-Git-SVN-1.8.3.1-25.el7_9.tuxcare.els7.noarch.rpm 00733d2b45279776aa0fc3ba3c3ce8ddae8770088100ca3440b344201b912f1a CLSA-2026:1768223815 TuxCare License Agreement 0 - CVE-2023-31484: add verify_SSL=>1 to HTTP::Tiny to verify https server identity Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2023-31484: add verify_SSL=>1 to HTTP::Tiny to verify https server identity

0 tuxcare-oraclelinux7-els perl-5.16.3-299.el7_9.tuxcare.els1.x86_64.rpm 9d2cb10daf8230a42678db2cbb41cee7dedf7674685e6c7e6c1607815d084770 perl-CPAN-1.9800-299.el7_9.tuxcare.els1.noarch.rpm 8580b4c8ca589c6c56eb3b2565f0cefe286357af3603825300ede19a4db8e42a perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.tuxcare.els1.noarch.rpm 78dfe1cabbd21be1fc3c7f24c32a64e7dc3ff80d9120252f7167a10c2b8864a4 perl-ExtUtils-Embed-1.30-299.el7_9.tuxcare.els1.noarch.rpm f4a342a586845e41f22a0996a9c13041136d42f9bb3c239633b1e9ea860e646f perl-ExtUtils-Install-1.58-299.el7_9.tuxcare.els1.noarch.rpm 87ed9481c48b297c242fe353328b3dfa042961af9a2052b3b725e7f8b727aed5 perl-IO-Zlib-1.10-299.el7_9.tuxcare.els1.noarch.rpm 00ab0dbe0f83826fd0af4dc7f1160963216e16fa189dc432eb120db43ba6f7ef perl-Locale-Maketext-Simple-0.21-299.el7_9.tuxcare.els1.noarch.rpm 65467f53f24860adb85f92516f6e5bacbbe51729d89397ecc4de5baca6860429 perl-Module-CoreList-2.76.02-299.el7_9.tuxcare.els1.noarch.rpm baaa40a51624d6a21c05eec73ee1b68bc157b56f68cd3534c74b20442858efd4 perl-Module-Loaded-0.08-299.el7_9.tuxcare.els1.noarch.rpm 0d3cd9e7dc1a452381496ac28fe0ae3ad50004ad4b23569f3408813b7c0f00c7 perl-Object-Accessor-0.42-299.el7_9.tuxcare.els1.noarch.rpm d2ca508ba190a71fcbc73b1658719a55afb63a6dc898533b9db56d36249f5b18 perl-Package-Constants-0.02-299.el7_9.tuxcare.els1.noarch.rpm 1ea3d226a97c78a9c74d0b55fbd1974be9a6a09296503a711f4d48b2d0c05941 perl-Pod-Escapes-1.04-299.el7_9.tuxcare.els1.noarch.rpm 9cdd0944164ea3a7f9b0e421edcc02114579909ee54ad566e55d84bb30f74f22 perl-Time-Piece-1.20.1-299.el7_9.tuxcare.els1.x86_64.rpm 37115562440052f7311d343fd739fe29ec3a647c2e385c92d7b504934d106b97 perl-core-5.16.3-299.el7_9.tuxcare.els1.x86_64.rpm 2ad6afb4a3f51a68c56a598afaf182eb79b85be8f1b8b78dfb14ad1b297491da perl-devel-5.16.3-299.el7_9.tuxcare.els1.i686.rpm 9cdeb696e4a4796627bbcebd1161616c90602517e54fac0297a5e63e1212089f perl-devel-5.16.3-299.el7_9.tuxcare.els1.x86_64.rpm 9e5348395740d31af465a2efae2efeac8fbbb7f361e89e2d627c4bdf4123c444 perl-libs-5.16.3-299.el7_9.tuxcare.els1.i686.rpm ec2f78dc2c574a267e9fa319fc844ae98473c58c933b19b92c9bc9264cb0d8fc perl-libs-5.16.3-299.el7_9.tuxcare.els1.x86_64.rpm 6fb9e99bdc754dbc8bea907f6bed39502b9324585c05d92ffeb0b10f80496248 perl-macros-5.16.3-299.el7_9.tuxcare.els1.x86_64.rpm 5fd9995626e72c72b430b01a515eb3bf2ed7a4caa955b115ebbfc2e55ee09a15 perl-tests-5.16.3-299.el7_9.tuxcare.els1.x86_64.rpm 33e4e18e0e58631655804f46864170a34ee42b895603185195254557b1a87f97 CLSA-2026:1768301920 TuxCare License Agreement 0 - CVE-2024-50349: fix ANSI escape sequence vulnerability that occurs when asking for credentials interactively Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-50349: fix ANSI escape sequence vulnerability that occurs when asking for credentials interactively

0 tuxcare-oraclelinux7-els emacs-git-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm a4bdccc7829087d62599d6eb4be77e6cd603c27c980b29f64c2f664485658ecc emacs-git-el-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm 27f4d9274c955626d42ba0ca6f56a55bd51f54f980b196d7e4449e3db949bd04 git-1.8.3.1-25.el7_9.tuxcare.els9.x86_64.rpm e02823d988a1178340a0c61d95ec1f6f00b8fc1f981fdcc56a7421d41a6c0f8b git-all-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm e9b559aaee2e2c352c07a8f59ee39a69f8cde90d6edbd07284af3f8809430bfb git-bzr-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm 446de6e61083faa84fccdcfff47abf2c9e6cd4f772757cf62e363274ddbec4f6 git-cvs-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm 298f5200b6ac81b4cad85aa28c07fc93a8d236770238c632979edb5fe73f8b9e git-daemon-1.8.3.1-25.el7_9.tuxcare.els9.x86_64.rpm 64002d2c3b97c06f9192fd3b1a5e669713e870711ccddc558d273dd58acfec38 git-email-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm 6eca4bc7adfccbd9de0dff1863685cd19870abc27d8fcc2fe4533cc76d729ad9 git-gnome-keyring-1.8.3.1-25.el7_9.tuxcare.els9.x86_64.rpm 4794869693b8320419f63b25538314c8f704e03157842eb6b6d45e3e75d18c2b git-gui-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm 925cf235a6e4f8a562317c024b22840e95ee639087fd64879a1a0ddc4e69a2af git-hg-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm 75f63dab65e03f31c856cc14e7197e7f5d4c4937819ce4e27958c36706373e42 git-instaweb-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm 6f1b34b92ec9cc961b6ebc147fc4f67862b2d40706eabc4ddaeaa44823c4bc4a git-p4-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm dd1ef3e51f1816057edd3abf3ac5c7b3ac9dfcd6d5e74d5df0cb6213d69b45a1 git-svn-1.8.3.1-25.el7_9.tuxcare.els9.x86_64.rpm 8abbef8d2712189060432343d27351085e391b5c27a93a1e0a513b1228684856 gitk-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm cf0436f8541636a21057c937c7bf3ef9ab5b06a13c32c755f9b4f55bb2538ab3 gitweb-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm f0d1da33f8b188446113624870b389133e245e4d368a4e116aa64d562b932866 perl-Git-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm c96e9c772c1eb72757069739afea2def1685c3dc81e4501ba96483e47fac4f36 perl-Git-SVN-1.8.3.1-25.el7_9.tuxcare.els9.noarch.rpm e90b7f865bf6afce6c10de7b33e3b431ac5b2d8f3ae907df89d2a7ecbd22ee12 CLSA-2026:1768313573 TuxCare License Agreement 0 - CVE-2025-55160: fix function pointer type mismatch in Clone* functions Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-55160: fix function pointer type mismatch in Clone* functions

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els2.i686.rpm 0ed3496177945fbe2061b048555ca792969de4f5974f14034fe9e55b02888236 ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els2.x86_64.rpm e5e56b31d9fc287a1288e587e1e89f9180945382024d60df3226389cfe4ad3a1 ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els2.i686.rpm 66162f0a0245e55bb05a57cfbec37c55ebbc9137369c5cca86ec28e807d069df ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els2.x86_64.rpm d51b809a8af1728a128b688595004ac44ffd4ec77f747f6a9c20281ef31c0fdc ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els2.i686.rpm 05f9a4052b394801a1322fe8ed586b06fc4c994d28216a732c265d78288dee2a ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els2.x86_64.rpm a483f231b2e192acbc0491d4e1c21393a7eb2269cd2fcefc269df2a24495c9b9 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els2.i686.rpm ff66302b3004553537675e1ad23664fb39e5b80d6e2d8edc2b2940e644812e9d ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els2.x86_64.rpm 6135ce0df1c06096b88b89db0aa3e96bf2d142cc2f4820e2676d5df4f4d94331 ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els2.x86_64.rpm 5a1bf02a52bc43e19e99fb2d0fa74d3665220402cfaba632e9a968150f3daf93 ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els2.x86_64.rpm 06f0f529bf8ed0be81c0707468f5c955fb8cbd1f883d6865c6475e37a163bcce CLSA-2026:1767949942 TuxCare License Agreement 0 - CVE-2025-58098: fix passes the shell-escaped query string to #exec cmd="..." directives Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-58098: fix passes the shell-escaped query string to #exec cmd="..." directives

0 tuxcare-oraclelinux7-els httpd-2.4.6-99.0.5.el7_9.1.tuxcare.els7.x86_64.rpm ee04ad61824a998c2d80815e880dd81ea98ea4097f45856611b62b49fb0cb5d7 httpd-devel-2.4.6-99.0.5.el7_9.1.tuxcare.els7.x86_64.rpm 70951f4f0c7dbb74e0bd09182f1ee146c271dc36fa938b09c508a7c7854c7bd4 httpd-manual-2.4.6-99.0.5.el7_9.1.tuxcare.els7.noarch.rpm 79fca3e9d5ec7c67a43e620cbdb3666d4c0ac0794ee9e0d8520dc5f5842bc4bd httpd-tools-2.4.6-99.0.5.el7_9.1.tuxcare.els7.x86_64.rpm 9aefa33e267325ee25cfbf940d6e1e44402bbf60e4c19fa159908ebe010d7271 mod_ldap-2.4.6-99.0.5.el7_9.1.tuxcare.els7.x86_64.rpm 4401b3cb069b356cce4e02f1331af193004cc96ae7970aa5117dd394e4f6fe35 mod_proxy_html-2.4.6-99.0.5.el7_9.1.tuxcare.els7.x86_64.rpm 774de11f5ab9c962ec45960c427a0908ebb51d024f81ab9e1cd57b7e1795cf9c mod_session-2.4.6-99.0.5.el7_9.1.tuxcare.els7.x86_64.rpm e7b68b2bebd78805d8ff63a1f5da14d1477a8dbccdf5ae677521d96f43653d8d mod_ssl-2.4.6-99.0.5.el7_9.1.tuxcare.els7.x86_64.rpm 55ca7de469db215751fdb448a91a7462629133e1bddab205c5a0b1421a2bca75 CLSA-2026:1768410745 TuxCare License Agreement 0 - CVE-2025-54389: escape filenames in error/log messages to prevent terminal escape sequence injection Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-54389: escape filenames in error/log messages to prevent terminal escape sequence injection

0 tuxcare-oraclelinux7-els aide-0.15.1-13.0.1.el7_9.1.tuxcare.els1.x86_64.rpm 4d5a59f44384fb92695a9095b79536886e50dcf9b08ceb294074ba86a257679f CLSA-2026:1768824748 TuxCare License Agreement 0 - fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271} - fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-2978} - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp {CVE-2023-53297} - net: sched: sfb: fix null pointer access issue when sfb_init() fails {CVE-2022-50356} - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - nfsd: don't ignore the return code of svc_proc_register() {CVE-2025-22026} - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull {CVE-2023-53104} - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - HID: stop exporting hid_snto32() - HID: simplify snto32() - HID: core: fix shift-out-of-bounds in hid_report_raw_event {CVE-2022-48978} - HID: core: detect and skip invalid inputs to snto32() - HID: core: don't use negative operands when shift Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271} - fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-2978} - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp {CVE-2023-53297} - net: sched: sfb: fix null pointer access issue when sfb_init() fails {CVE-2022-50356} - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - nfsd: don't ignore the return code of svc_proc_register() {CVE-2025-22026} - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull {CVE-2023-53104} - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - HID: stop exporting hid_snto32() - HID: simplify snto32() - HID: core: fix shift-out-of-bounds in hid_report_raw_event {CVE-2022-48978} - HID: core: detect and skip invalid inputs to snto32() - HID: core: don't use negative operands when shift

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm d4015c9335bc99f8794e6e5bca507608b64e9d756e412890b7a9b8feb1ee8591 kernel-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm ff028643b7bc61b8cccc090dc20cc755ccd8ab881076073889ef5c5afd6979e9 kernel-debug-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm 5685ac209056baa3b084fe422811abb1a31e0a8925a7e9613bb0f0b1c8f9dbc8 kernel-debug-devel-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm d1b68514765d1aa435419116575d01da6d13a5cf717911e5477bf9c5939d3559 kernel-devel-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm 56b13865bd274a83074de891564b8e800b9a84cfd2aacc815583f3b316435aad kernel-headers-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm 8396cc205203628970ea646daafefdd16e184b3f77a7447c57a0dc7d05a060e6 kernel-tools-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm 6648b590fa07104bef02c13174b755cf697ca2ca46cf4d9e43666fe844c9432a kernel-tools-libs-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm 76f785765cd2239d41aed201c6cca5cb405eefd09be8d7dc0588f18fa1007176 kernel-tools-libs-devel-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm 0eb4ec50144b5d199568cb94c107de661563c720d0a8afb6f26a95a98a4ed1ee perf-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm f349fcb09e5f849cf44f84d61cd66ae066f0dceed46f93d081225b3e226307f8 python-perf-3.10.0-1160.142.1.el7.tuxcare.els1.x86_64.rpm f8718cd10d4c74a84fe4e378ea7595a7bc0655a3f9c88f90ce99cc07870e38d7 CLSA-2026:1768909961 TuxCare License Agreement 0 - CVE-2025-64720: fix buffer overflow in png_init_read_transformations function during palette compositing with optimized alpha Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-64720: fix buffer overflow in png_init_read_transformations function during palette compositing with optimized alpha

0 tuxcare-oraclelinux7-els libpng-1.5.13-8.el7.tuxcare.els2.i686.rpm ca5e04b2dc24ca0dd001c19c1468f3f05cb896fc50368ba4118a710baeca9e91 libpng-1.5.13-8.el7.tuxcare.els2.x86_64.rpm 72f1ad6acfed79d4ca659ec40cb0390e49d2bf92d37d200232b30058e670f699 libpng-devel-1.5.13-8.el7.tuxcare.els2.i686.rpm 567bbb3d1772b5085e5f126c41ce81f233b5d771c157c84e51bad4b020ed0a19 libpng-devel-1.5.13-8.el7.tuxcare.els2.x86_64.rpm c2b36f1313555d0a8f6f72f98cc4b99d168cfab4d1eb5638e3b41ff89215cfb0 libpng-static-1.5.13-8.el7.tuxcare.els2.i686.rpm ce8c377d807806142f74d98c3c9da14ed3f1b44eaee4b37846d3af12d79cd297 libpng-static-1.5.13-8.el7.tuxcare.els2.x86_64.rpm f8f836f0fc23bd22047a50e24e5b71ec95cd758c18b947cb53a4194f5ee9a81b CLSA-2026:1769162597 TuxCare License Agreement 0 - timezone-test-to-cet: change the timezone to CET to fix the test failure - CVE-2025-13699: fix directory traversal Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- timezone-test-to-cet: change the timezone to CET to fix the test failure - CVE-2025-13699: fix directory traversal

0 tuxcare-oraclelinux7-els mariadb-5.5.68-1.el7.tuxcare.els1.x86_64.rpm bdcbde9c7d5efccd82ff23553e4f1f5869e071f25cabd05f796e2aae4b873d83 mariadb-bench-5.5.68-1.el7.tuxcare.els1.x86_64.rpm 7db383fd19372a0cee05f26fe0219429df5b78ff604b4e4dc7a3338196531665 mariadb-devel-5.5.68-1.el7.tuxcare.els1.i686.rpm 7f7c957c353e0da1f05a2f466a5f20d1180f08f70b5a315455d8c0ceb7ea6032 mariadb-devel-5.5.68-1.el7.tuxcare.els1.x86_64.rpm a3171d66707478f0a408f1ac0cb11bde217ea2dfd35fcf1ba7f6ef243c6cc6b5 mariadb-embedded-5.5.68-1.el7.tuxcare.els1.i686.rpm 2c3ee8e72bd2f354f5633be8d768c3006f8247e24f45053e460d1a2b418f3766 mariadb-embedded-5.5.68-1.el7.tuxcare.els1.x86_64.rpm 18d376d7397493fed2b62b9f24c6318bec848e05b9280230ca00f188c53fb31e mariadb-embedded-devel-5.5.68-1.el7.tuxcare.els1.i686.rpm dea4df7c606f2a9afab3445b316c78800d3fbfd971fbdf1e4e4111cd5bdff660 mariadb-embedded-devel-5.5.68-1.el7.tuxcare.els1.x86_64.rpm f40713fcc412ded6807ac5b9f1b8b8f486801b3388a33fdcae73ddd59c82e574 mariadb-libs-5.5.68-1.el7.tuxcare.els1.i686.rpm 5a6a46ccec69dfde233e820ebfa72bc185b318750291aa98f8bc3aa8d4680141 mariadb-libs-5.5.68-1.el7.tuxcare.els1.x86_64.rpm 78430374a6d1e68ff9651a0153d5bbe14b97c8e6251b53ed8e07f38c5301354a mariadb-server-5.5.68-1.el7.tuxcare.els1.x86_64.rpm 58e952be9fefc2c9384b4fc4534d21420662a878e88ccfe310a7a598d812f7ca mariadb-test-5.5.68-1.el7.tuxcare.els1.x86_64.rpm 7fc88ab4497fe31c965b5e77ff7b5193081bcb17f025f255df62dc185b8046c5 CLSA-2026:1769182340 TuxCare License Agreement 0 - CVE-2025-68973: fix memory corruption in the armor parser that leads to out-of-bounds write for malicious input Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-68973: fix memory corruption in the armor parser that leads to out-of-bounds write for malicious input

0 tuxcare-oraclelinux7-els gnupg2-2.0.22-5.el7_5.tuxcare.els1.x86_64.rpm a9f1b371e09e458020241fe55ef2e32becf6f974e16ca1d770fe28dc827aa943 gnupg2-smime-2.0.22-5.el7_5.tuxcare.els1.x86_64.rpm 478d8992c08cd4a36f4699592066428ecc2335cae52d3945bed1ed62654ed668 CLSA-2026:1769598671 TuxCare License Agreement 0 - CVE-2025-14523: reject duplicate Host headers to prevent request smuggling, cache poisoning, and host-based access control bypass attacks Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-14523: reject duplicate Host headers to prevent request smuggling, cache poisoning, and host-based access control bypass attacks

0 tuxcare-oraclelinux7-els libsoup-2.62.2-2.0.5.el7.tuxcare.els3.i686.rpm b9d3cadfe0bfdebdf3d05d5a2aed7b41044278b63ca88b2dfa8e5ff46f1ffb74 libsoup-2.62.2-2.0.5.el7.tuxcare.els3.x86_64.rpm a6090cc5f40d85adc10dca29b89b1ddbf661deb946f66352510ad33f815f833e libsoup-devel-2.62.2-2.0.5.el7.tuxcare.els3.i686.rpm 00724a8a5d8eb20f1dcb208f4b9f9e26b4815551da73b64231b688542b7c12c2 libsoup-devel-2.62.2-2.0.5.el7.tuxcare.els3.x86_64.rpm 5b3557a5ad61d056fd1ddff5d37acb7ac98d6f37d5127beeb127e821e353c6aa CLSA-2026:1770028389 TuxCare License Agreement 0 - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} - scsi: ses: Fix possible desc_ptr out-of-bounds accesses {CVE-2023-53675} - ipv6: Fix out-of-bounds access in ipv6_find_tlv() {CVE-2023-53705} - libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write {CVE-2023-53282} - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times {CVE-2022-50419} - firewire: net: fix use after free in fwnet_finish_incoming_packet() {CVE-2023-53432} - net: openvswitch: fix nested key length validation in the set() action - wifi: mac80211_hwsim: drop short frames {CVE-2023-53321} - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() {CVE-2022-50422} - fix: crypto: lzo - Fix compression buffer overrun - fix: NFSD: Protect against send buffer overflow in NFSv2 READ - cifs: fix oops during encryption {CVE-2022-50341} - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp {CVE-2023-53297} - iomap: iomap: fix memory corruption when recording errors during writeback {CVE-2022-50406} - mm: zswap: fix missing folio cleanup in writeback race path {CVE-2024-26832} - mm: fix zswap writeback race condition - Bluetooth: prefetch channel before killing sock - Bluetooth: Fix l2cap_disconnect_req deadlock - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} {CVE-2023-53827} - Bluetooth: Fix refcount use-after-free issue - Bluetooth: Check state in l2cap_disconnect_rsp - Bluetooth: L2CAP: Fix build errors in some archs - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression - Bluetooth: use the correct print format for L2CAP debug statements - i40e: fix Jumbo Frame support after iPXE boot - i40e: Report MFS in decimal base instead of hex - i40e: Fix unexpected MFS warning message - i40e: Add a check to see if MFS is set - bitops: Add non-atomic bitops for pointers - bitfield: Add FIELD_MODIFY() helper Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} - scsi: ses: Fix possible desc_ptr out-of-bounds accesses {CVE-2023-53675} - ipv6: Fix out-of-bounds access in ipv6_find_tlv() {CVE-2023-53705} - libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write {CVE-2023-53282} - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times {CVE-2022-50419} - firewire: net: fix use after free in fwnet_finish_incoming_packet() {CVE-2023-53432} - net: openvswitch: fix nested key length validation in the set() action - wifi: mac80211_hwsim: drop short frames {CVE-2023-53321} - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() {CVE-2022-50422} - fix: crypto: lzo - Fix compression buffer overrun - fix: NFSD: Protect against send buffer overflow in NFSv2 READ - cifs: fix oops during encryption {CVE-2022-50341} - SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL - fix smb3-encryption breakage when CONFIG_DEBUG_SG=y - Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp {CVE-2023-53297} - iomap: iomap: fix memory corruption when recording errors during writeback {CVE-2022-50406} - mm: zswap: fix missing folio cleanup in writeback race path {CVE-2024-26832} - mm: fix zswap writeback race condition - Bluetooth: prefetch channel before killing sock - Bluetooth: Fix l2cap_disconnect_req deadlock - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} {CVE-2023-53827} - Bluetooth: Fix refcount use-after-free issue - Bluetooth: Check state in l2cap_disconnect_rsp - Bluetooth: L2CAP: Fix build errors in some archs - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression - Bluetooth: use the correct print format for L2CAP debug statements - i40e: fix Jumbo Frame support after iPXE boot - i40e: Report MFS in decimal base instead of hex - i40e: Fix unexpected MFS warning message - i40e: Add a check to see if MFS is set - bitops: Add non-atomic bitops for pointers - bitfield: Add FIELD_MODIFY() helper

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm 8af4d8065dda8399d541c28b0d69a65d2d363996fc2d9a2f9ffc752deabc4b99 kernel-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm f2067d6e30b83205b252b1e0fdc538658c6ce783679d5ea7ce025c305c1b7e02 kernel-debug-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm 1b60b171c8e92de1d80bb6e2b4437a1d46cbfbf89aa8b81735ec623def91bb37 kernel-debug-devel-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm dd708d643c9ff8d1d797906391af19024b4170fa26b7bf6f0e25bfe3d865547a kernel-devel-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm 97621891c553523797786d4008218364fa4221872471308545e61ed14294af82 kernel-headers-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm 9ad9f4d6823c99ab8d8229e709022c72f0a973046e94db109dc90befccb14a3b kernel-tools-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm 3fe720b499e4f0fdf10a9e5fa7a2a0962bc210395d7972949c7126e5ebcb8cde kernel-tools-libs-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm e35d24e2d656bcc05c9f49c6fef3427eaab9c7e562cb218d494c5e2bfe1773ba kernel-tools-libs-devel-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm a72b2c9457a655ec2e17cb2fb7d34b9f45469766cf9980e7f5ed38bab25424ff perf-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm 202929e289d1741313a3da988827e566b6ada08b13a7e1500fed55f685584abf python-perf-3.10.0-1160.144.1.el7.tuxcare.els1.x86_64.rpm 9caef1c37236b388883ef679086d6bed08e4fcddde08df6373bf092d31a647f8 CLSA-2026:1770114861 TuxCare License Agreement 0 - CVE-2025-68615: Fix buffer overflow issue in snmptrapd daemon to prevent crashes Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-68615: Fix buffer overflow issue in snmptrapd daemon to prevent crashes

0 tuxcare-oraclelinux7-els net-snmp-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm 305a9e3f08eaf3eb746dc4ae8ba2b11b3534a6acdc2045ef2f033e044c84d82a net-snmp-agent-libs-5.7.2-49.0.1.el7_9.4.tuxcare.els1.i686.rpm 2be288d4fd3c0d6a94d53cba7b61c2000e158e450b4cca34d3ec2a93fd8b4bbe net-snmp-agent-libs-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm ff058fe9c98f0e7879452b9282b4672e3f35488d37e56f6282a85e88a777e907 net-snmp-devel-5.7.2-49.0.1.el7_9.4.tuxcare.els1.i686.rpm c72223f13b20a3d7c718b301346938a79134b94ebd80cd692adad6796d73c891 net-snmp-devel-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm f6ca07151d2c4906731810a3da527ea24f4369baa562d4ef72d6e6dfd5c866c7 net-snmp-gui-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm 63beedc727b56003dc1b8c68c39a20b133d8c93f68b8c8ddbcb135e658833dbb net-snmp-libs-5.7.2-49.0.1.el7_9.4.tuxcare.els1.i686.rpm 09f4a71fb9551c00e96cdc1c6a33a4d1b5cb40d89c75ea380ae46843944cb4ea net-snmp-libs-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm dcd587d378b538e82dc614da439c41d2197e9cf70088cce5b51d78a305b14744 net-snmp-perl-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm ae445a25e3963cbd5215ce6d753cd0bc2ab2cdf693b5441425440c60791bcbbe net-snmp-python-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm 462a04277573cf07f78b1e90bf88e37ed8794e29ada8f3ba5fedb9fbe05409b1 net-snmp-sysvinit-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm 33fbd1e15a14555d318479a025b5fcd70d93951522fd429d029201f9f1aa6d49 net-snmp-utils-5.7.2-49.0.1.el7_9.4.tuxcare.els1.x86_64.rpm fae808ddd005f51525427b56662311b9e27be19fc7bb62b473d5ff74492b874c CLSA-2026:1770117675 TuxCare License Agreement 0 - Update to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b03. - CVE-2026-21945: Security component vulnerability allowing unauthenticated attacker with network access to cause hang or crash (DoS). Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Update to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b03. - CVE-2026-21945: Security component vulnerability allowing unauthenticated attacker with network access to cause hang or crash (DoS).

0 tuxcare-oraclelinux7-els java-1.8.0-openjdk-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm c198a98bdf87a938938948ac609869e93212d5e83c863575965a9d3fa3ac6f34 java-1.8.0-openjdk-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm e134188290f35f6dc074efb03a90f16d5dea5cca21a3748abda843a81c1d8c82 java-1.8.0-openjdk-accessibility-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm 615ea6191155a665ad31bdcdb2a2dee177633f7ec63789defc98dd08e5f8b79a java-1.8.0-openjdk-accessibility-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm 84bf8170caf9f177f2bb27798873b2d31b8b6c147b1abb0dbc410072c35d1819 java-1.8.0-openjdk-accessibility-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm b629665d82f9968d09db16c53072459432a6d1344449ac1b11d6e86b9081d965 java-1.8.0-openjdk-accessibility-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm 3628bc680dcc4136240be29938d23d71da06869d044cdd562f4a111e23f72901 java-1.8.0-openjdk-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm f987dbbe2f327e36a8b80d91ba8fe034cda882fc8a9392d5f5766774ac77487f java-1.8.0-openjdk-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm a837e247ce56491ec7752f706eb7a339642e274a955ddb19c20263bda90a6dc8 java-1.8.0-openjdk-demo-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm ac0cc11135f1bb4cc59c5ef9c79da53cecde0dd5addb60806370b62baabb71c0 java-1.8.0-openjdk-demo-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm c92dd460ad69e03bf423547ee92103bd3e1fc2389118a58c92a416907af494a7 java-1.8.0-openjdk-demo-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm f10ee5f41498c37294536c53206f4d4ff03ac5b85db6b7aa950934946aa21a1b java-1.8.0-openjdk-demo-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm 9fec1f3fef59019e4f59d4c7521459cf710a0a90878a3851311620dfbf1beee5 java-1.8.0-openjdk-devel-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm b05cc64b83852c3330bc9a9129cb506da0233e9d31a047058a14caf193f33b99 java-1.8.0-openjdk-devel-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm 451c47dab3aa01fa1df153dd50efc0eeaba360d68990ec3c37df8224cfe0a940 java-1.8.0-openjdk-devel-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm c3797d69054124bb46e1645e61fdf4fff1e5b22d46bc2395893f978e8b2c8977 java-1.8.0-openjdk-devel-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm d607d252bb0c350d152cd8f54b6c910670ab3ef656593d1138f1dc7294fa55b7 java-1.8.0-openjdk-headless-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm 0d7831a1462176dbacd7b19f019d5bb6a6377e9e8ec7de2341c4c81880bd749d java-1.8.0-openjdk-headless-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm 9a98ae64d7a2aa6c343408b6705fabea22ca4fc9fa2a1ea9c69e55062685bedf java-1.8.0-openjdk-headless-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm 4e1cd6dd7c4b8e05dde78411e2d3ec90a848bdcc0ebdb4bcfe12bc887116a4fa java-1.8.0-openjdk-headless-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm fb373560472bdb956268cef0cfdd236e32a9e6da97606f32811d229d2fa31c98 java-1.8.0-openjdk-javadoc-1.8.0.482.b03-1.el7_9.tuxcare.els1.noarch.rpm 8602345dafb920506c919f49d4a007ff5a8765f7a2b2898e2816a38b9475ac2c java-1.8.0-openjdk-javadoc-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.noarch.rpm d3bad8dacbc0271be342bfe050376a69c6ac33f5e5cc7135103ce5a7adfeb575 java-1.8.0-openjdk-javadoc-zip-1.8.0.482.b03-1.el7_9.tuxcare.els1.noarch.rpm 8c1fe06ed0921e0b527b352a5c2e35093635bd1e80c0e7543a16af3c5b4ebaae java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.noarch.rpm e7cfa770c6a90a5f11e53e56c78b32df3f6e5fe9d3a2ff2a09f8de224927e4af java-1.8.0-openjdk-src-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm 6d9a583f0107bf89ab8ee47f5ac896cbff761572c0bcc68fd69a8a3b6f53d222 java-1.8.0-openjdk-src-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm 7da23eb6b047bb8612aeea2d395ebf9718851cfc3259183bce1467267d56bfdf java-1.8.0-openjdk-src-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.i686.rpm d8640ef8fc4b6a7dd95e0618d70bcb80ff3fa5403c876194d8fd1177a44946b7 java-1.8.0-openjdk-src-debug-1.8.0.482.b03-1.el7_9.tuxcare.els1.x86_64.rpm 7b2f97524d88eaa26f9715a7499945cf57e575d9c9ee2ef609f47489fe42fc3e CLSA-2026:1770214151 TuxCare License Agreement 0 - Update Intel CPU microcode to 20251111: - Addition of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c000410; - Addition of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000650; - Addition of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x3d; - Addition of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x43a; - Addition of cpuid:A06E1/0x97 microcode (in microcode.dat) at revision 0x1000273; - Addition of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x132; - Addition of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x6133; - Addition of cpuid:C0662/0x82 (ARL-HX 8P/S B0) microcode (in microcode.dat) at revision 0x11a; - Addition of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x210002c0; - Removal of cpuid:50656/0xbf (CLX-SP B0) microcode (in microcode.dat) at revision 0x4003605; - Removal of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c000401; - Removal of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000643; - Removal of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x3a; - Removal of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x437; - Removal of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x12f; - Removal of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x4129; - Removal of cpuid:C0662/0x82 (ARL-HX 8P/S B0) microcode (in microcode.dat) at revision 0x119; - Removal of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) at revision 0x21000291; - Removal of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x21000291; - Removal of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x210002b3; - Update of cpuid:806F4/0x10 microcode (in microcode.dat) from revision 0x2c000401 up to 0x2c000410; - Update of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) from revision 0x2b000643 up to 0x2b000650; - Update of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) from revision 0x2c000401 up to 0x2c000410; - Update of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) from revision 0x2b000643 up to 0x2b000650; - Update of cpuid:806F6/0x10 microcode (in microcode.dat) from revision 0x2c000401 up to 0x2c000410; - Update of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) from revision 0x2b000643 up to 0x2b000650; - Update of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) from revision 0x2b000643 up to 0x2b000650; - Update of cpuid:90675/0x07 (ADL-S 6+0 K0) microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:906A4/0x40 (AZB A0) microcode (in microcode.dat) from revision 0xa up to 0xb; - Update of cpuid:906A4/0x80 (ADL-P 2+8 R0) microcode (in microcode.dat) from revision 0x437 up to 0x43a; - Update of cpuid:A06D1/0x20 (GNR-AP/SP H0) microcode (in microcode.dat) from revision 0xa000100 up to 0xa000124; - Update of cpuid:A06D1/0x95 (GNR-AP/SP B0) microcode (in microcode.dat) from revision 0x10003d0 up to 0x10003f0; - Update of cpuid:A06F3/0x01 (SRF-SP C0) microcode (in microcode.dat) from revision 0x3000362 up to 0x3000382; - Update of cpuid:B0674/0x32 microcode (in microcode.dat) from revision 0x12f up to 0x132; - Update of cpuid:B06A3/0xe0 (RPL-U 2+8 Q0) microcode (in microcode.dat) from revision 0x4129 up to 0x6133; - Update of cpuid:B06A8/0xe0 microcode (in microcode.dat) from revision 0x4129 up to 0x6133; - Update of cpuid:B06D1/0x80 (LNL B0) microcode (in microcode.dat) from revision 0x123 up to 0x125; - Update of cpuid:B06E0/0x19 (ADL-N A0) microcode (in microcode.dat) from revision 0x1d up to 0x1e; - Update of cpuid:B06F2/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:B06F5/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:B06F6/0x07 microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:B06F7/0x07 microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:C0652/0x82 (ARL-H A1) microcode (in microcode.dat) from revision 0x119 up to 0x11a; - Update of cpuid:C0664/0x82 microcode (in microcode.dat) from revision 0x119 up to 0x11a; - Update of cpuid:C06A2/0x82 microcode (in microcode.dat) from revision 0x119 up to 0x11a; - Update of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) from revision 0x210002b3 up to 0x210002c0; None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Update Intel CPU microcode to 20251111: - Addition of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c000410; - Addition of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000650; - Addition of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x3d; - Addition of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x43a; - Addition of cpuid:A06E1/0x97 microcode (in microcode.dat) at revision 0x1000273; - Addition of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x132; - Addition of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x6133; - Addition of cpuid:C0662/0x82 (ARL-HX 8P/S B0) microcode (in microcode.dat) at revision 0x11a; - Addition of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x210002c0; - Removal of cpuid:50656/0xbf (CLX-SP B0) microcode (in microcode.dat) at revision 0x4003605; - Removal of cpuid:806F8/0x10 (SPR-HBM B3) microcode (in microcode.dat) at revision 0x2c000401; - Removal of cpuid:806F8/0x87 (SPR-SP E5/S3) microcode (in microcode.dat) at revision 0x2b000643; - Removal of cpuid:90672/0x07 (ADL-HX/S 8+8 C0) microcode (in microcode.dat) at revision 0x3a; - Removal of cpuid:906A3/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in microcode.dat) at revision 0x437; - Removal of cpuid:B0671/0x32 (RPL-S B0) microcode (in microcode.dat) at revision 0x12f; - Removal of cpuid:B06A2/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in microcode.dat) at revision 0x4129; - Removal of cpuid:C0662/0x82 (ARL-HX 8P/S B0) microcode (in microcode.dat) at revision 0x119; - Removal of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) at revision 0x21000291; - Removal of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x21000291; - Removal of cpuid:C06F2/0x87 (EMR-SP A1) microcode (in microcode.dat) at revision 0x210002b3; - Update of cpuid:806F4/0x10 microcode (in microcode.dat) from revision 0x2c000401 up to 0x2c000410; - Update of cpuid:806F4/0x87 (SPR-SP E0/S1) microcode (in microcode.dat) from revision 0x2b000643 up to 0x2b000650; - Update of cpuid:806F5/0x10 (SPR-HBM B1) microcode (in microcode.dat) from revision 0x2c000401 up to 0x2c000410; - Update of cpuid:806F5/0x87 (SPR-SP E2) microcode (in microcode.dat) from revision 0x2b000643 up to 0x2b000650; - Update of cpuid:806F6/0x10 microcode (in microcode.dat) from revision 0x2c000401 up to 0x2c000410; - Update of cpuid:806F6/0x87 (SPR-SP E3) microcode (in microcode.dat) from revision 0x2b000643 up to 0x2b000650; - Update of cpuid:806F7/0x87 (SPR-SP E4/S2) microcode (in microcode.dat) from revision 0x2b000643 up to 0x2b000650; - Update of cpuid:90675/0x07 (ADL-S 6+0 K0) microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:906A4/0x40 (AZB A0) microcode (in microcode.dat) from revision 0xa up to 0xb; - Update of cpuid:906A4/0x80 (ADL-P 2+8 R0) microcode (in microcode.dat) from revision 0x437 up to 0x43a; - Update of cpuid:A06D1/0x20 (GNR-AP/SP H0) microcode (in microcode.dat) from revision 0xa000100 up to 0xa000124; - Update of cpuid:A06D1/0x95 (GNR-AP/SP B0) microcode (in microcode.dat) from revision 0x10003d0 up to 0x10003f0; - Update of cpuid:A06F3/0x01 (SRF-SP C0) microcode (in microcode.dat) from revision 0x3000362 up to 0x3000382; - Update of cpuid:B0674/0x32 microcode (in microcode.dat) from revision 0x12f up to 0x132; - Update of cpuid:B06A3/0xe0 (RPL-U 2+8 Q0) microcode (in microcode.dat) from revision 0x4129 up to 0x6133; - Update of cpuid:B06A8/0xe0 microcode (in microcode.dat) from revision 0x4129 up to 0x6133; - Update of cpuid:B06D1/0x80 (LNL B0) microcode (in microcode.dat) from revision 0x123 up to 0x125; - Update of cpuid:B06E0/0x19 (ADL-N A0) microcode (in microcode.dat) from revision 0x1d up to 0x1e; - Update of cpuid:B06F2/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:B06F5/0x07 (ADL C0) microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:B06F6/0x07 microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:B06F7/0x07 microcode (in microcode.dat) from revision 0x3a up to 0x3d; - Update of cpuid:C0652/0x82 (ARL-H A1) microcode (in microcode.dat) from revision 0x119 up to 0x11a; - Update of cpuid:C0664/0x82 microcode (in microcode.dat) from revision 0x119 up to 0x11a; - Update of cpuid:C06A2/0x82 microcode (in microcode.dat) from revision 0x119 up to 0x11a; - Update of cpuid:C06F1/0x87 (EMR-SP A0) microcode (in microcode.dat) from revision 0x210002b3 up to 0x210002c0;

0 tuxcare-oraclelinux7-els microcode_ctl-2.1-73.23.0.20251111.el7_9.tuxcare.els1.x86_64.rpm 6a5b63525aff976d6c8b971e026a67991ced3ec1b279dcafd0fa5c39c6e26236 CLSA-2026:1770140694 TuxCare License Agreement 0 - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx {CVE-2025-40022} - arm64: pensando: Must boot Ortano kernel with spin-table - net/sched: adjust device watchdog timer to detect stopped queue at right time - net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change - infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. - infiniband/xsigo: xsvnic_main: Remove unused functions - infiniband/xsigo: xve_cm: Fix mixed code warning - infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' - infiniband/xsigo: xve_ib: Fix misleading indentation - infiniband/xsigo: xve_ib: Fix mixed code warning - infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' - infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' - infiniband/xsigo: xve_main: Fix mixed code warning - infiniband/xsigo: xve_main: Fix misleading indentation - inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' - infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' - rds: Fix jiffies type in struct rds_conn_path - kernel: sysctl: Remove unused variable 'zero' - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg {CVE-2025-39964} - RDMA/cm: Base cm_id destruction timeout on CMA values - x86/its: Build fails with CONFIG_MITIGATION_ITS=n - LTS tag: v5.4.302 - Input: pegasus-notetaker - fix potential out-of-bounds access {CVE-2025-68217} - Input: remove third argument of usb_maxpacket() - usb: deprecate the third argument of usb_maxpacket() - fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271} - pmdomain: imx: Fix reference count leak in imx_gpc_remove - pmdomain: arm: scmi: Fix genpd leak on provider registration failure {CVE-2025-68204} - net: netpoll: fix incorrect refcount handling causing incorrect cleanup {CVE-2025-68245} - net: qede: Initialize qede_ll_ops with designated initializer - net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error {CVE-2025-68220} - ALSA: usb-audio: fix uac2 clock source at terminal parser - mm/page_alloc: fix hash table order logging in alloc_large_system_hash() - kconfig/nconf: Initialize the default locale at startup - kconfig/mconf: Initialize the default locale at startup - vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248} - s390/ctcm: Fix double-kfree {CVE-2025-40253} - net: openvswitch: remove never-working support for setting nsh fields {CVE-2025-40254} - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - MIPS: Malta: Fix !EVA SOC-it PCI MMIO - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() {CVE-2025-68229} - scsi: sg: Do not sleep in atomic context {CVE-2025-40259} - Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263} - be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264} - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() {CVE-2025-68734} - EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection - EDAC/altera: Handle OCRAM ECC enable after warm reset - spi: Try to get ACPI GPIO IRQ earlier - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe {CVE-2025-68241} - strparser: Fix signed/unsigned mismatch bug - gcov: add support for GCC 15 - mm/ksm: fix flag-dropping behavior in ksm_madvise {CVE-2025-40040} - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd {CVE-2025-40275} - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277} - ASoC: cs4271: Fix regulator leak on probe failure - regulator: fixed: fix GPIO descriptor leak on register failure - regulator: fixed: use dev_err_probe for register - Bluetooth: L2CAP: export l2cap_chan_hold for modules - net_sched: limit try_bulk_dequeue_skb() batches - net_sched: remove need_resched() from qdisc_run() - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix maxrate wraparound in threshold between units - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak {CVE-2025-40278} - wifi: mac80211: skip rate verification for not captured PSDUs - net: mdio: fix resource leak in mdiobus_register_device() - tipc: Fix use-after-free in tipc_mon_reinit_self(). {CVE-2025-40280} - tipc: simplify the finalize work queue - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto {CVE-2025-40281} - sctp: get netns from asoc and ep base - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path {CVE-2025-40282} - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF {CVE-2025-40283} - net: fec: correct rx_bytes statistic for the case SHIFT16 is set - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - NFS4: Fix state renewals missing after boot - compiler_types: Move unused static inline functions warning to W=2 - extcon: adc-jack: Cleanup wakeup source only if it was enabled - tracing: Fix memory leaks in create_field_var() - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup {CVE-2025-68192} - sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331} - sctp: Hold RCU read lock while iterating over address list - net: dsa: b53: stop reading ARL entries if search is done - net: dsa: b53: fix enabling ip multicast - net: dsa: b53: fix resetting speed and pause on forced link - net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - net: dsa/b53: change b53_force_port_config() pause argument - net: vlan: sync VLAN features with lower device - ceph: add checking of wait_for_completion_killable() return value - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304} - ACPI: property: Return present device nodes only on fwnode interface - 9p: sysfs_init: don't hardcode error to ENOMEM - 9p: fix /sys/fs/9p/caches overwriting itself - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - ACPICA: Update dsmethod.c to get rid of unused variable warning - orangefs: fix xattr related buffer overflow... {CVE-2025-40306} - page_pool: Clamp pool size to max 16K pages - Bluetooth: bcsp: receive data only if registered {CVE-2025-40308} - Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309} - net: macb: avoid dealing with endianness in macb_set_hwaddr() - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing {CVE-2025-68185} - NFSv4.1: fix mount hang after CREATE_SESSION failure - NFSv4: handle ERR_GRACE on delegation recalls - remoteproc: qcom: q6v5: Avoid handling handover twice - sparc/module: Add R_SPARC_UA64 relocation handling - net: intel: fm10k: Fix parameter idx set but not used - jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168} - jfs: Verify inode mode when loading from disk {CVE-2025-40312} - ipv6: np->rxpmtu race annotation - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - allow finish_no_open(file, ERR_PTR(-E...)) - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency - net/cls_cgroup: Fix task_get_classid() during qdisc run - selftests: Replace sleep with slowwait - selftests: Disable dad for ipv6 in fcnal-test.sh - media: redrat3: use int type to store negative error codes - net: sh_eth: Disable WoL if system can not suspend - phy: cadence: cdns-dphy: Enable lower resolutions in dphy - usb: gadget: f_hid: Fix zero length packet transfer - net: call cond_resched() less often in __release_sock() - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - dmaengine: dw-edma: Set status for callback_result - dmaengine: mv_xor: match alloc_wc and free_wc - dmaengine: sh: setup_xref error handling - scsi: pm8001: Use int instead of u32 to store error codes - mips: lantiq: xway: sysctrl: rename stp clock - mips: lantiq: danube: add missing device_type in pci node - mips: lantiq: danube: add missing properties to cpu node - media: fix uninitialized symbol warnings - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - extcon: adc-jack: Fix wakeup source leaks on device unbind - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - net: When removing nexthops, don't call synchronize_net if it is not necessary - char: misc: Does not request module for miscdevice with dynamic minor - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - media: imon: make send_packet() more robust {CVE-2025-68194} - net: ipv6: fix field-spanning memcpy warning in AH output {CVE-2025-40363} - bridge: Redirect to backup port when port is administratively down - powerpc/eeh: Use result of error_detected() in uevent - x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - media: pci: ivtv: Don't create fake v4l2_fh - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - selftests/net: Ensure assert() triggers in psock_tpacket.c - selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 - PCI: Disable MSI on RDC PCI to PCIe bridges - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - mfd: madera: Work around false-positive -Wininitialized warning - mfd: stmpe-i2c: Add missing MODULE_LICENSE - mfd: stmpe: Remove IRQ domain upon removal - tools/power x86_energy_perf_policy: Prefer driver HWP limits - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 - uprobe: Do not emulate/sstep original instruction when ip is changed - clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tee: allow a driver to allocate a tee_device without a pool - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - arc: Fix __fls() const-foldability via __builtin_clzl() - cpufreq/longhaul: handle NULL policy in longhaul_exit {CVE-2025-68177} - selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 - ACPI: video: force native for Lenovo 82K8 - memstick: Add timeout to prevent indefinite waiting - mmc: host: renesas_sdhi: Fix the actual clock - bpf: Don't use %pK through printk - spi: loopback-test: Don't use %pK through printk - soc: qcom: smem: Fix endian-unaware access of num_entries - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. {CVE-2025-40315} - serial: 8250_dw: handle reset control deassert error - serial: 8250_dw: Use devm_add_action_or_reset() - serial: 8250_dw: Use devm_clk_get_optional() to get the input clock - can: gs_usb: increase max interface to U8_MAX - devcoredump: Fix circular locking dependency with devcd->mutex. - net: ravb: Enforce descriptor type ordering - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode {CVE-2025-40321} - net: phy: dp83867: Disable EEE support as not implemented - regmap: slimbus: fix bus_context pointer in regmap init calls {CVE-2025-40317} - drm/etnaviv: fix flush sequence logic - usbnet: Prevents free active kevent {CVE-2025-68312} - wifi: ath10k: Fix memory leak on unsupported WMI command - ASoC: qdsp6: q6asm: do not sleep while atomic - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() {CVE-2025-40211} - fbdev: atyfb: Check if pll_ops->init_pll failed - net: usb: asix_devices: Check return value of usbnet_get_endpoints - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - x86/bugs: Fix reporting of LFENCE retpoline - net/sched: sch_qfq: Fix null-deref in agg_dequeue {CVE-2025-40083} - RDMA/cm: Rate limit destroy CM ID timeout error message - soc/pensando: giglio: hack dts to make things right - soc/pensando: Add AMD Pensando Giglio SoC support - soc/pensando: psci support - soc/pensando: Giglio SoC eMMC interrupt driver - Reapply "cpuidle: menu: Avoid discarding useful information" - fbcon: fix integer overflow in font allocation - uek-rpm: Introduce check function for uek-rpm/tools/kabi - rds: Add smp_rmb before reading c_destroy_in_prog - uio_hv_generic: Set event for all channels on the device - ata: libata-scsi: Fix system suspend for a security locked drive - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 - scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx {CVE-2025-40022} - arm64: pensando: Must boot Ortano kernel with spin-table - net/sched: adjust device watchdog timer to detect stopped queue at right time - net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change - infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. - infiniband/xsigo: xsvnic_main: Remove unused functions - infiniband/xsigo: xve_cm: Fix mixed code warning - infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' - infiniband/xsigo: xve_ib: Fix misleading indentation - infiniband/xsigo: xve_ib: Fix mixed code warning - infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' - infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' - infiniband/xsigo: xve_main: Fix mixed code warning - infiniband/xsigo: xve_main: Fix misleading indentation - inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' - infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' - rds: Fix jiffies type in struct rds_conn_path - kernel: sysctl: Remove unused variable 'zero' - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg {CVE-2025-39964} - RDMA/cm: Base cm_id destruction timeout on CMA values - x86/its: Build fails with CONFIG_MITIGATION_ITS=n - LTS tag: v5.4.302 - Input: pegasus-notetaker - fix potential out-of-bounds access {CVE-2025-68217} - Input: remove third argument of usb_maxpacket() - usb: deprecate the third argument of usb_maxpacket() - fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271} - pmdomain: imx: Fix reference count leak in imx_gpc_remove - pmdomain: arm: scmi: Fix genpd leak on provider registration failure {CVE-2025-68204} - net: netpoll: fix incorrect refcount handling causing incorrect cleanup {CVE-2025-68245} - net: qede: Initialize qede_ll_ops with designated initializer - net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error {CVE-2025-68220} - ALSA: usb-audio: fix uac2 clock source at terminal parser - mm/page_alloc: fix hash table order logging in alloc_large_system_hash() - kconfig/nconf: Initialize the default locale at startup - kconfig/mconf: Initialize the default locale at startup - vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248} - s390/ctcm: Fix double-kfree {CVE-2025-40253} - net: openvswitch: remove never-working support for setting nsh fields {CVE-2025-40254} - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - MIPS: Malta: Fix !EVA SOC-it PCI MMIO - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() {CVE-2025-68229} - scsi: sg: Do not sleep in atomic context {CVE-2025-40259} - Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263} - be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264} - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() {CVE-2025-68734} - EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection - EDAC/altera: Handle OCRAM ECC enable after warm reset - spi: Try to get ACPI GPIO IRQ earlier - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe {CVE-2025-68241} - strparser: Fix signed/unsigned mismatch bug - gcov: add support for GCC 15 - mm/ksm: fix flag-dropping behavior in ksm_madvise {CVE-2025-40040} - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd {CVE-2025-40275} - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277} - ASoC: cs4271: Fix regulator leak on probe failure - regulator: fixed: fix GPIO descriptor leak on register failure - regulator: fixed: use dev_err_probe for register - Bluetooth: L2CAP: export l2cap_chan_hold for modules - net_sched: limit try_bulk_dequeue_skb() batches - net_sched: remove need_resched() from qdisc_run() - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix maxrate wraparound in threshold between units - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak {CVE-2025-40278} - wifi: mac80211: skip rate verification for not captured PSDUs - net: mdio: fix resource leak in mdiobus_register_device() - tipc: Fix use-after-free in tipc_mon_reinit_self(). {CVE-2025-40280} - tipc: simplify the finalize work queue - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto {CVE-2025-40281} - sctp: get netns from asoc and ep base - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path {CVE-2025-40282} - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF {CVE-2025-40283} - net: fec: correct rx_bytes statistic for the case SHIFT16 is set - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - NFS4: Fix state renewals missing after boot - compiler_types: Move unused static inline functions warning to W=2 - extcon: adc-jack: Cleanup wakeup source only if it was enabled - tracing: Fix memory leaks in create_field_var() - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup {CVE-2025-68192} - sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331} - sctp: Hold RCU read lock while iterating over address list - net: dsa: b53: stop reading ARL entries if search is done - net: dsa: b53: fix enabling ip multicast - net: dsa: b53: fix resetting speed and pause on forced link - net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - net: dsa/b53: change b53_force_port_config() pause argument - net: vlan: sync VLAN features with lower device - ceph: add checking of wait_for_completion_killable() return value - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304} - ACPI: property: Return present device nodes only on fwnode interface - 9p: sysfs_init: don't hardcode error to ENOMEM - 9p: fix /sys/fs/9p/caches overwriting itself - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - ACPICA: Update dsmethod.c to get rid of unused variable warning - orangefs: fix xattr related buffer overflow... {CVE-2025-40306} - page_pool: Clamp pool size to max 16K pages - Bluetooth: bcsp: receive data only if registered {CVE-2025-40308} - Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309} - net: macb: avoid dealing with endianness in macb_set_hwaddr() - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing {CVE-2025-68185} - NFSv4.1: fix mount hang after CREATE_SESSION failure - NFSv4: handle ERR_GRACE on delegation recalls - remoteproc: qcom: q6v5: Avoid handling handover twice - sparc/module: Add R_SPARC_UA64 relocation handling - net: intel: fm10k: Fix parameter idx set but not used - jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168} - jfs: Verify inode mode when loading from disk {CVE-2025-40312} - ipv6: np->rxpmtu race annotation - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - allow finish_no_open(file, ERR_PTR(-E...)) - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency - net/cls_cgroup: Fix task_get_classid() during qdisc run - selftests: Replace sleep with slowwait - selftests: Disable dad for ipv6 in fcnal-test.sh - media: redrat3: use int type to store negative error codes - net: sh_eth: Disable WoL if system can not suspend - phy: cadence: cdns-dphy: Enable lower resolutions in dphy - usb: gadget: f_hid: Fix zero length packet transfer - net: call cond_resched() less often in __release_sock() - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - dmaengine: dw-edma: Set status for callback_result - dmaengine: mv_xor: match alloc_wc and free_wc - dmaengine: sh: setup_xref error handling - scsi: pm8001: Use int instead of u32 to store error codes - mips: lantiq: xway: sysctrl: rename stp clock - mips: lantiq: danube: add missing device_type in pci node - mips: lantiq: danube: add missing properties to cpu node - media: fix uninitialized symbol warnings - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - extcon: adc-jack: Fix wakeup source leaks on device unbind - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - net: When removing nexthops, don't call synchronize_net if it is not necessary - char: misc: Does not request module for miscdevice with dynamic minor - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - media: imon: make send_packet() more robust {CVE-2025-68194} - net: ipv6: fix field-spanning memcpy warning in AH output {CVE-2025-40363} - bridge: Redirect to backup port when port is administratively down - powerpc/eeh: Use result of error_detected() in uevent - x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - media: pci: ivtv: Don't create fake v4l2_fh - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - selftests/net: Ensure assert() triggers in psock_tpacket.c - selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 - PCI: Disable MSI on RDC PCI to PCIe bridges - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - mfd: madera: Work around false-positive -Wininitialized warning - mfd: stmpe-i2c: Add missing MODULE_LICENSE - mfd: stmpe: Remove IRQ domain upon removal - tools/power x86_energy_perf_policy: Prefer driver HWP limits - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 - uprobe: Do not emulate/sstep original instruction when ip is changed - clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tee: allow a driver to allocate a tee_device without a pool - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - arc: Fix __fls() const-foldability via __builtin_clzl() - cpufreq/longhaul: handle NULL policy in longhaul_exit {CVE-2025-68177} - selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 - ACPI: video: force native for Lenovo 82K8 - memstick: Add timeout to prevent indefinite waiting - mmc: host: renesas_sdhi: Fix the actual clock - bpf: Don't use %pK through printk - spi: loopback-test: Don't use %pK through printk - soc: qcom: smem: Fix endian-unaware access of num_entries - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. {CVE-2025-40315} - serial: 8250_dw: handle reset control deassert error - serial: 8250_dw: Use devm_add_action_or_reset() - serial: 8250_dw: Use devm_clk_get_optional() to get the input clock - can: gs_usb: increase max interface to U8_MAX - devcoredump: Fix circular locking dependency with devcd->mutex. - net: ravb: Enforce descriptor type ordering - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode {CVE-2025-40321} - net: phy: dp83867: Disable EEE support as not implemented - regmap: slimbus: fix bus_context pointer in regmap init calls {CVE-2025-40317} - drm/etnaviv: fix flush sequence logic - usbnet: Prevents free active kevent {CVE-2025-68312} - wifi: ath10k: Fix memory leak on unsupported WMI command - ASoC: qdsp6: q6asm: do not sleep while atomic - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() {CVE-2025-40211} - fbdev: atyfb: Check if pll_ops->init_pll failed - net: usb: asix_devices: Check return value of usbnet_get_endpoints - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - x86/bugs: Fix reporting of LFENCE retpoline - net/sched: sch_qfq: Fix null-deref in agg_dequeue {CVE-2025-40083} - RDMA/cm: Rate limit destroy CM ID timeout error message - soc/pensando: giglio: hack dts to make things right - soc/pensando: Add AMD Pensando Giglio SoC support - soc/pensando: psci support - soc/pensando: Giglio SoC eMMC interrupt driver - Reapply "cpuidle: menu: Avoid discarding useful information" - fbcon: fix integer overflow in font allocation - uek-rpm: Introduce check function for uek-rpm/tools/kabi - rds: Add smp_rmb before reading c_destroy_in_prog - uio_hv_generic: Set event for all channels on the device - ata: libata-scsi: Fix system suspend for a security locked drive - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 - scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt

0 tuxcare-oraclelinux7-els bpftool-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm ff0dcc40f2d7d66004ec5f19f1d3470f6ac883b9bae4176ac50e60a4b585a0fc kernel-uek-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm 55275c6a51b167357d47c41090cc69aa25bf0f5a288905da68b1cd3709a4f1fe kernel-uek-container-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm bcfbe1d9a8673ac3b8cc499eafdf760270d77b95a8fefa3e55af99d010dd5476 kernel-uek-container-debug-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm 754dee089e061a88165acbf6b8b574231a8899d0034a42d815b6c700e7e038fa kernel-uek-debug-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm 86ae1e3b540f1370f6057cfb4c968423d44c404cc0d010d39c70b55c0832bd06 kernel-uek-debug-devel-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm c40393b5efef769f47d0e7c340a96873691d8f2c55fb2714c27866441772eb24 kernel-uek-devel-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm 671396d72c97432cf519a59b4b8448ed72d95ea94a475f3f77ba1d17de55000d kernel-uek-headers-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm 1ffd464dba0d6c06f06c0afde35b704e3b573e4cc6505fc57433c71b13fa3410 kernel-uek-tools-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm 8e939f2d0b0fa8c3aff09952636717ccd0e7ee5036da6907c0ed6ca3e4f24b0c perf-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm 1cc08b5e1769062fd197b0a643ca97e469164db7288f36798edce650faf01ceb python-perf-5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64.rpm 8e9b687c6d02de62406ec8268cf0a1525f69fea91d103c2a8c0362b0133bc4f1 CLSA-2026:1770391959 TuxCare License Agreement 0 - CVE-2025-13601: Fix heap-based buffer overflow by correcting buffer size calculation in g_escape_uri_string() function Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-13601: Fix heap-based buffer overflow by correcting buffer size calculation in g_escape_uri_string() function

0 tuxcare-oraclelinux7-els glib2-2.56.1-9.el7_9.tuxcare.els4.i686.rpm bb38f5edfbfd5d0a12f7e8ff84974a55cf9f614ba72356ea7f127214794e40d0 glib2-2.56.1-9.el7_9.tuxcare.els4.x86_64.rpm ea4aac56292cef4dacb9d2d68958aa9f35f562773e3eff13941ebc554185cf8f glib2-devel-2.56.1-9.el7_9.tuxcare.els4.i686.rpm 1e6edb55570cfdb261d1920b2836ba86930ceb65b7a484c8ff3eb8038c2fb54d glib2-devel-2.56.1-9.el7_9.tuxcare.els4.x86_64.rpm d74c0c4fbc4f25202237801b5196ab3f1a07dad5e1573e7c80a9b1a8934d7ece glib2-doc-2.56.1-9.el7_9.tuxcare.els4.noarch.rpm 93c832562f211697f0f69f9e31ed9b34c92f79893e24786d12a85deeb1d6943b glib2-fam-2.56.1-9.el7_9.tuxcare.els4.x86_64.rpm 2696dd7756edc1e0b4450e115a6766c2a44cbfbbcc78f1f9a38d6a3f5ce6679f glib2-static-2.56.1-9.el7_9.tuxcare.els4.i686.rpm d6f40305a9449e13d09abe91678572f6c8701db355b427ef6b38efce9b95bf53 glib2-static-2.56.1-9.el7_9.tuxcare.els4.x86_64.rpm 9882cffb31f39e449de43a254354db7413a66f232eb15be1272415276d0987f4 glib2-tests-2.56.1-9.el7_9.tuxcare.els4.x86_64.rpm e44bf9cac9814a7c9c22397ace66f72933c486b7251589696700bb4c5ed14c1e CLSA-2026:1770734305 TuxCare License Agreement 0 - CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers Low Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers

0 tuxcare-oraclelinux7-els expat-2.1.0-15.0.1.el7_9.tuxcare.els2.i686.rpm 18df289ef987b24565a0de914cd3fd62333af21d56509ff0ed01b063fbca4b71 expat-2.1.0-15.0.1.el7_9.tuxcare.els2.x86_64.rpm 53c571743094a52a0f605425f92dff176443a59e7e92e6fb49de720983f7af69 expat-devel-2.1.0-15.0.1.el7_9.tuxcare.els2.i686.rpm 8f8a94001f8a9e4400654ab8a3c74a8eb0321384b24ba8e74b3238ab62ed9310 expat-devel-2.1.0-15.0.1.el7_9.tuxcare.els2.x86_64.rpm 296f4be84084c4b4928f10a19804d1fb28c8c705b5371681d40a1780aaf48717 expat-static-2.1.0-15.0.1.el7_9.tuxcare.els2.i686.rpm 7b0705b3901ecdd86ec704ae3d708214a9eb825109b211368f85fdc9f812242f expat-static-2.1.0-15.0.1.el7_9.tuxcare.els2.x86_64.rpm 6429cd0a0c7e5f77fc05183a22c0148dfc6a57f5a1272d3c9bcb942fdaa5eba1 CLSA-2026:1770802828 TuxCare License Agreement 0 - CVE-2026-23876: fix heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-23876: fix heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage)

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els3.i686.rpm 90bdd0aea641cd270958b06e785e1391e26b65c0b266a9e0e7d5e9a909035839 ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els3.x86_64.rpm bf9ceb2cde1efa2d304ce31fe5a6c923572f3ef2ed723eed95a23dd9d7e77c05 ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els3.i686.rpm 853506479ccb5b78673917d40ce87d2a1b31eec9c30593cc646de2c9f413ccc2 ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els3.x86_64.rpm d73786c09b641685bb309cf24057ce530944843c4b74c83b54581b08cae06fa0 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els3.i686.rpm 0b781be36c729d8f06eefd8dc08813da5386e4d5d4e7525660658f62745e736d ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els3.x86_64.rpm 80f21837bec372126058242b6eeeb287ee142f63529553bdfdad750f14065a1b ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els3.i686.rpm 6cdda0eaeba5cc89f792553f34a8392e8c462bdfdb23fbd8f5d298d06cfc3465 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els3.x86_64.rpm e28bcea17734f40e9e49a3929b325a0a8e26b2e3c981ad5d7d5b7eb0eb6ad691 ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els3.x86_64.rpm 79dd1926fc83fc76f4b4dda9d890918900ce0ffadf45a98f0c33740ea33c85fa ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els3.x86_64.rpm 65f4e5d8bb6712771d815dcfe072d3f33433eaa233b001166091646702739e53 CLSA-2026:1770820398 TuxCare License Agreement 0 - CVE-2025-69421: fix NULL dereference in PKCS12_item_decrypt_d2i_ex() Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-69421: fix NULL dereference in PKCS12_item_decrypt_d2i_ex()

0 tuxcare-oraclelinux7-els openssl-1.0.2k-26.el7_9.tuxcare.els7.x86_64.rpm db14c60843ae5f22cc4793cda13229e6d9ae837eed17cbba13e4eba0e42efd74 openssl-devel-1.0.2k-26.el7_9.tuxcare.els7.i686.rpm 8b0ae90be23030cbafeeeb1a814a5f127e4ce7af6bb0a3d72d9f1a7705a350bb openssl-devel-1.0.2k-26.el7_9.tuxcare.els7.x86_64.rpm 01120d090276b284b44aaccb3b74ca335b524a67e9b00f90ef6aeb1c6d3acc5c openssl-libs-1.0.2k-26.el7_9.tuxcare.els7.i686.rpm 2a19437593293744e8b07e25e6b24579905dd72f242923b845216abb5de2e87a openssl-libs-1.0.2k-26.el7_9.tuxcare.els7.x86_64.rpm 047e983a8d0a0551ed95558f638b690740fb3658a12675123ed428d39897105c openssl-perl-1.0.2k-26.el7_9.tuxcare.els7.x86_64.rpm b494752dad2a39e1fc5a899e5c71659f901b04c659e4a5bc43bb3e5a8e223a8c openssl-static-1.0.2k-26.el7_9.tuxcare.els7.i686.rpm 663d3525253d88008432519e1db2ca1b6e19906b331c8758cb1b099c510a4637 openssl-static-1.0.2k-26.el7_9.tuxcare.els7.x86_64.rpm 27d7ddcf60327bfdc646f7e0dd3319d67d6901d5257614e2e2d01a94d49ed1f8 CLSA-2026:1771009339 TuxCare License Agreement 0 - update to CKBI 2.82 from NSS 3.120 - updated certificates: - # Certificate "ePKI Root Certification Authority" - # Certificate "GlobalSign Root CA" - # Certificate "Entrust.net Premium 2048 Secure Server CA" - # Certificate "Comodo AAA Services root" - # Certificate "XRamp Global CA Root" - # Certificate "Go Daddy Class 2 CA" - # Certificate "Starfield Class 2 CA" - removed certificates: - # Certificate "Baltimore CyberTrust Root" - added certificates: - # Certificate "TrustAsia SMIME ECC Root CA" - # Certificate "TrustAsia SMIME RSA Root CA" - # Certificate "TrustAsia TLS ECC Root CA" - # Certificate "TrustAsia TLS RSA Root CA" - # Certificate "SwissSign RSA SMIME Root CA 2022 - 1" - # Certificate "SwissSign RSA TLS Root CA 2022 - 1" - # Certificate "OISTE Client Root ECC G1" - # Certificate "OISTE Client Root RSA G1" - # Certificate "OISTE Server Root ECC G1" - # Certificate " OISTE Server Root RSA G1" None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- update to CKBI 2.82 from NSS 3.120 - updated certificates: - # Certificate "ePKI Root Certification Authority" - # Certificate "GlobalSign Root CA" - # Certificate "Entrust.net Premium 2048 Secure Server CA" - # Certificate "Comodo AAA Services root" - # Certificate "XRamp Global CA Root" - # Certificate "Go Daddy Class 2 CA" - # Certificate "Starfield Class 2 CA" - removed certificates: - # Certificate "Baltimore CyberTrust Root" - added certificates: - # Certificate "TrustAsia SMIME ECC Root CA" - # Certificate "TrustAsia SMIME RSA Root CA" - # Certificate "TrustAsia TLS ECC Root CA" - # Certificate "TrustAsia TLS RSA Root CA" - # Certificate "SwissSign RSA SMIME Root CA 2022 - 1" - # Certificate "SwissSign RSA TLS Root CA 2022 - 1" - # Certificate "OISTE Client Root ECC G1" - # Certificate "OISTE Client Root RSA G1" - # Certificate "OISTE Server Root ECC G1" - # Certificate " OISTE Server Root RSA G1"

0 tuxcare-oraclelinux7-els nss-3.90.0-2.el7_9.tuxcare.els4.i686.rpm 84766daf898aeafde827f0b8e1eab148e2c74984000adc37423f0b01d9645da0 nss-3.90.0-2.el7_9.tuxcare.els4.x86_64.rpm b3702f77acec4cf534dfb20c49d2cab6a3e2082e4497c83b2db48022ab333f9a nss-devel-3.90.0-2.el7_9.tuxcare.els4.i686.rpm 5e693e3c3544a17026b9fc6bbda1bf5ccc53f8ea347fd62714da7bf29cec39cf nss-devel-3.90.0-2.el7_9.tuxcare.els4.x86_64.rpm a2155e4b579708b0a685b7851f2d9439870982df48bbdbada82c1bd5374a6b4e nss-pkcs11-devel-3.90.0-2.el7_9.tuxcare.els4.i686.rpm 81462e16361e80f255d5de4d3538750ea85a80b24a32179fff0135f7f1859c53 nss-pkcs11-devel-3.90.0-2.el7_9.tuxcare.els4.x86_64.rpm d70594b3aa82646e2c4aedca51d7b6bae1b4b3552bb955020c878099fecf6c55 nss-sysinit-3.90.0-2.el7_9.tuxcare.els4.x86_64.rpm b12b1817c7c51e03d1296f60dd4931515862e361722e7181a64774d6d8d2b886 nss-tools-3.90.0-2.el7_9.tuxcare.els4.x86_64.rpm f1c845bd90ff56b1aef7d05ba43fbcb042bc0536f68fc1c479aa39d24af1e06f CLSA-2026:1771240476 TuxCare License Agreement 0 - vsock: Do not allow binding to VMADDR_PORT_ANY {CVE-2025-38618} - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} - scsi: bfa: Double-free fix {CVE-2025-38699} - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685} - fbdev: fix potential buffer overflow in do_register_framebuffer() {CVE-2025-38702} - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() {CVE-2023-53521} - usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} - bna: ensure the copied buf is NUL terminated {CVE-2024-36934} - i40e: fix idx validation in config queues msg {CVE-2025-39971} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- vsock: Do not allow binding to VMADDR_PORT_ANY {CVE-2025-38618} - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} - scsi: bfa: Double-free fix {CVE-2025-38699} - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685} - fbdev: fix potential buffer overflow in do_register_framebuffer() {CVE-2025-38702} - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() {CVE-2023-53521} - usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} - bna: ensure the copied buf is NUL terminated {CVE-2024-36934} - i40e: fix idx validation in config queues msg {CVE-2025-39971}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm be0c19fca0ce694cd92d101e994f11d034bbf15dd2ed1233d5b7a00542ebcc16 kernel-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm 3cf269578dfdf852d723b8184e484b9f51dd86c1e37d17601f186b948af4e6af kernel-debug-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm cad144318189f0b416ddc60d49ee9589e88a0a0bea05189abc0339bc3dd9cfe9 kernel-debug-devel-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm 9a1a060b348117fb728c276d23592b146c0d02c998600c5eef2e3cccbe78bef3 kernel-devel-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm 073221870095305fe59b0412ad08c466818c9712499db4b06c478a7bca0fd253 kernel-headers-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm 50fd76312b78ef602859f9306885de35b4ae136309d43e7843f77fb13a4e2a65 kernel-tools-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm 6ee567f9b947be13e5e8b62006c170799295d2217ac1f46296a97b4a44f5a802 kernel-tools-libs-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm 3fe06b2b415773d16d8c8e971146cf364ed8a55be2f8bea577759cae86d20f28 kernel-tools-libs-devel-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm 64fcf8176f7721870bf8cfefeb0b69827d83bad4f4f194954ae6420ae1f31a5e perf-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm 6bc006b09a33af73bcdc5a762c9d7e001e3efa84c1bda80bb83a6700f8023a5d python-perf-3.10.0-1160.144.1.el7.tuxcare.els2.x86_64.rpm e6fccc0fc3a1330e0ecb1388f5104ef08199958f6e002ee5e7edca3b5badbf22 CLSA-2026:1771331675 TuxCare License Agreement 0 - CVE-2025-61662: fix use-after-free in gettext/gettext due to unregistered gettext command on module unload Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-61662: fix use-after-free in gettext/gettext due to unregistered gettext command on module unload

0 tuxcare-oraclelinux7-els grub2-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm a870d48a0d1f1985fa806c3e82795d3663422d209fdfd89155011d57d8cb40bc grub2-common-2.02-0.87.0.27.el7_9.14.tuxcare.els2.noarch.rpm c60c32fbfd9f4f22485f2f0c84c8a0b49b3193411780c94bbc1049ef5aa8d844 grub2-efi-ia32-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm 3994a3cb788e82e9c5bd50db13849f1c8275dec68848dc3005e48a4aeedd0040 grub2-efi-ia32-cdboot-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm 1a932e93e5433134eb4238e827105a75768491fbbeb548662ad0bc27f2c1edea grub2-efi-ia32-modules-2.02-0.87.0.27.el7_9.14.tuxcare.els2.noarch.rpm b7f4ae3df3c5292808141820049399a26bf11275067674c29908bcd5fdbf0cb9 grub2-efi-x64-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm a1dbc95f76984399ef27e45ac08d6726d3d0e63180a6be3d2a9160fddb07af4b grub2-efi-x64-cdboot-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm 1aa1d583b1566f2b4fc5197b03da930b65f7f678874d356a695fff991cb8285d grub2-efi-x64-modules-2.02-0.87.0.27.el7_9.14.tuxcare.els2.noarch.rpm 0d1c36e129c2dd66a39e52d32dae3410f57622308e38ae8fb333ce8a7d2e6756 grub2-pc-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm be25fbd151da27f26b6d08378f3370d149417d292d70913c4e8f8e77b10f4d47 grub2-pc-modules-2.02-0.87.0.27.el7_9.14.tuxcare.els2.noarch.rpm c396afd4e9fe254319e43c8a0cc709790a71ccb73213fb2d885de5022517b17b grub2-tools-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm 0f472c2e9887549808a5a54531b1e2c8df4c1beab172ee59fcb97111c04f993a grub2-tools-extra-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm eb0859f38d9e0cb484f44f3d4165383901cdd19a6c9debaa6439fc7542a6a14f grub2-tools-minimal-2.02-0.87.0.27.el7_9.14.tuxcare.els2.x86_64.rpm 818b85916791627965dcce70aa53ca2a40fe6fd6f9b363f484ca3142f12e36ff CLSA-2026:1771425162 TuxCare License Agreement 0 - CVE-2025-68618: fix DOS when processing a specially crafted malicious SVG file - CVE-2025-69204: fix DOS due to buffer overflow during image processing of a specially crafted SVG image Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-68618: fix DOS when processing a specially crafted malicious SVG file - CVE-2025-69204: fix DOS due to buffer overflow during image processing of a specially crafted SVG image

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els4.i686.rpm 0fdf174ffc5e7d044d6292c553d5932140c72ce5fe94033337990595e41b97aa ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els4.x86_64.rpm e58d7e7d50dea34ef591122281b7203ef6f36587449387a51015d7727dad2399 ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els4.i686.rpm 43a890e72b70d6adc96065f5884fbe062ca6d5bace27440844c6fd428c8c3c6e ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els4.x86_64.rpm cd26f7c4ded54365024f5e8e7fd3bb4332b8e3544b08451903e062e85010ddd1 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els4.i686.rpm 74ccb28dbff162f1093824fce073e9ae16faba85fdf265e53f24357a2cca7310 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els4.x86_64.rpm fc916681a3cb4739a419f6071405e9fd43b8980617582d14356602bab715744c ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els4.i686.rpm e100a0f20877298e88650dc15ac4c11c1f3cc52b0b96d7176fcf6341498eef54 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els4.x86_64.rpm eb63340f6589974482d4216e75d1d199daa17466dee65d068d0cc09bb5254821 ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els4.x86_64.rpm 29cc099e448e3d4945cff76a179660960ed4e0220f79cfefdbdb3c2418f3b7f1 ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els4.x86_64.rpm f6297a8556e80dfcae1a8fe7cb6c4ac230388316c1c104627ce2805483036b23 CLSA-2026:1771518763 TuxCare License Agreement 0 - CVE-2026-1761: fix stack-based buffer overflow in multipart HTTP response parsing caused by incorrect length calculation in soup_filter_input_stream_read_until() - CVE-2026-0719: fix stack-based buffer overflow in NTLM authentication caused by integer overflow in md4sum() with excessively long passwords Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-1761: fix stack-based buffer overflow in multipart HTTP response parsing caused by incorrect length calculation in soup_filter_input_stream_read_until() - CVE-2026-0719: fix stack-based buffer overflow in NTLM authentication caused by integer overflow in md4sum() with excessively long passwords

0 tuxcare-oraclelinux7-els libsoup-2.62.2-2.0.5.el7.tuxcare.els4.i686.rpm cfcdd8603a498192bb586a3fe158bed09de10886f8b486214bd99fc831677818 libsoup-2.62.2-2.0.5.el7.tuxcare.els4.x86_64.rpm 12883e1da91fc34e46fc3a88bf38573f1dba37406b8640ef860578d9faf30537 libsoup-devel-2.62.2-2.0.5.el7.tuxcare.els4.i686.rpm 77ab7b02ec4aa3cd896180de63e7dd8843717df0007c4fae7ab7e2e30b1d6c19 libsoup-devel-2.62.2-2.0.5.el7.tuxcare.els4.x86_64.rpm 52107a844580b126cd3c6dc058b598d9d795c2dd5ae7c53c0795a0d8636a5866 CLSA-2026:1771854372 TuxCare License Agreement 0 - CVE-2025-14087: fix integer overflow in GVariant parser leading to heap corruption via buffer underflow when processing malicious input strings Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-14087: fix integer overflow in GVariant parser leading to heap corruption via buffer underflow when processing malicious input strings

0 tuxcare-oraclelinux7-els glib2-2.56.1-9.el7_9.tuxcare.els5.i686.rpm e683e2287fd3e1da1e9ad91c282ec4361a26290d1f718e630be4da101f0a2ceb glib2-2.56.1-9.el7_9.tuxcare.els5.x86_64.rpm c85b35ff32a9e694cbd0a4e7bc23e3dc8eb2dfc15905eb13e464f64e90555da2 glib2-devel-2.56.1-9.el7_9.tuxcare.els5.i686.rpm 388865b495b85db9f0ea44b6a078e3eb3b687a417abeec6c87ba5e9079c23fde glib2-devel-2.56.1-9.el7_9.tuxcare.els5.x86_64.rpm b61f73558f1ab635e7cb8b6c1ac81731645596af277acc21780a08e887cda7c6 glib2-doc-2.56.1-9.el7_9.tuxcare.els5.noarch.rpm 15951ef6cef9eeef8ae2ef17ea9813a233d9bba995c7d65adc31d421c0b7938a glib2-fam-2.56.1-9.el7_9.tuxcare.els5.x86_64.rpm e543d0820584ef5b744d83fcd8dc030cbc1c64b6d5b30273d18b4a10ce065b80 glib2-static-2.56.1-9.el7_9.tuxcare.els5.i686.rpm 5c2db2c4358231bb9dda4c4bb75966dc1660b1725893a2c768f7cc5deb752ec7 glib2-static-2.56.1-9.el7_9.tuxcare.els5.x86_64.rpm cd8efeb46df6db0119627276107cf6badd167e1cc6ea954a2f9b09602f3db0a7 glib2-tests-2.56.1-9.el7_9.tuxcare.els5.x86_64.rpm eb0bf4164402cbe6f13f4d1927b1ddb97abf970b772efb3863abf99513331362 CLSA-2026:1771855453 TuxCare License Agreement 0 - CVE-2024-53899: Quote template strings in activation scripts Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-53899: Quote template strings in activation scripts

0 tuxcare-oraclelinux7-els python-virtualenv-15.1.0-7.el7_9.tuxcare.els1.noarch.rpm 31a6150fd1809eed94a79d57c0ad00f245fd643f92979dc55fea71ff3763de35 CLSA-2026:1772033549 TuxCare License Agreement 0 - CVE-2026-25646: fix a heap buffer overflow in png_set_quantize() Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-25646: fix a heap buffer overflow in png_set_quantize()

0 tuxcare-oraclelinux7-els libpng-1.5.13-8.el7.tuxcare.els3.i686.rpm a0c7885d11eae316f1874be30c5abb6aaec6395c9a7b7e16d09e8d4c5c6ca876 libpng-1.5.13-8.el7.tuxcare.els3.x86_64.rpm fd0b750aece744aa1c8cb2adb25107352b3e1a7bd6046f93093105ca7f2331d8 libpng-devel-1.5.13-8.el7.tuxcare.els3.i686.rpm a8969bf7273ab926c88701e3e6090add1305cb7476047ddf6cf26fd67e33d353 libpng-devel-1.5.13-8.el7.tuxcare.els3.x86_64.rpm c238032f15f5ef0dff37bec130ded6ddbd993894c2636939dc464a29a8752fa7 libpng-static-1.5.13-8.el7.tuxcare.els3.i686.rpm afc4f9de14a5110b949bc86ac2ea32b5dd5967379c07578883a50b8429de6acf libpng-static-1.5.13-8.el7.tuxcare.els3.x86_64.rpm 24b54195f44ceeda1949626ce4638debdd265718bdb22b1cd67531db11102aae CLSA-2026:1772037700 TuxCare License Agreement 0 - CVE-2015-20107: fix shell command injection vulnerability in the mailcap module Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2015-20107: fix shell command injection vulnerability in the mailcap module

0 tuxcare-oraclelinux7-els python-2.7.5-94.0.1.el7_9.tuxcare.els3.x86_64.rpm 71655caa2fd0e40e625ef680b584e50e33afe0151c24f9e5e3049d38d32be925 python-debug-2.7.5-94.0.1.el7_9.tuxcare.els3.x86_64.rpm dbd6da8b6190f39344b6ccce9a656e522f85964650d2c21687502cc2433f76ef python-devel-2.7.5-94.0.1.el7_9.tuxcare.els3.x86_64.rpm e8d93146fa19d599ed657834da7f2f2ab5d9c76d2371f4d6789b3eb4544e4c74 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els3.i686.rpm 897d9e3b6c42f9ae4c596a874de6260726ae19a4f34a0b3de21231b95e7e24c7 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els3.x86_64.rpm a31f732d5132666127e5d229161532666eddaaac28cfc622ccdcf52ef6f51cdd python-test-2.7.5-94.0.1.el7_9.tuxcare.els3.x86_64.rpm 2538d195796a4176938e1cc72456e95fec107a893c1a854ac6cf54ec66c06504 python-tools-2.7.5-94.0.1.el7_9.tuxcare.els3.x86_64.rpm 0e9579431d851e1b166249ce5dcf10d8b32e43c3643a2d5592cb1ddd849f89d6 tkinter-2.7.5-94.0.1.el7_9.tuxcare.els3.x86_64.rpm ee1e502732ab6b8d3c20adca62dd7cce4b219669675082c5262e6718d67ebba3 CLSA-2026:1772101256 TuxCare License Agreement 0 - CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly. Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2024-42516: fix HTTP response splitting by reordering header validation to occur after full response header assembly.

0 tuxcare-oraclelinux7-els httpd-2.4.6-99.0.5.el7_9.1.tuxcare.els8.x86_64.rpm 3444341039d2908b89adc5b42f8b0c8e43dea5e2188dfe38cfee132163a17073 httpd-devel-2.4.6-99.0.5.el7_9.1.tuxcare.els8.x86_64.rpm 51e888cc02e8e3c9e6ab87dcb663fc88d217c0f060edbe494979024d35fbc535 httpd-manual-2.4.6-99.0.5.el7_9.1.tuxcare.els8.noarch.rpm 6ca562f7109d22b08e74c337be1eea08edda381448be1064c818868db4383f7e httpd-tools-2.4.6-99.0.5.el7_9.1.tuxcare.els8.x86_64.rpm 39a630bff229ccd8281105bae5b89b7fdb8d740f8551f0f44679725ca08ee022 mod_ldap-2.4.6-99.0.5.el7_9.1.tuxcare.els8.x86_64.rpm 7020cb755cac1366358703e01deabf93e8d89e82f52363c7b3cf0ff4411ddbf9 mod_proxy_html-2.4.6-99.0.5.el7_9.1.tuxcare.els8.x86_64.rpm dc4fe7024b2a5d6a685dc5cdd71f8ee40746673f8133f0069fe1866363b2feda mod_session-2.4.6-99.0.5.el7_9.1.tuxcare.els8.x86_64.rpm 2d7167d7cfd8cb2bc03d65f83976812a64b655b86bcea611e08d32a7d742f2d3 mod_ssl-2.4.6-99.0.5.el7_9.1.tuxcare.els8.x86_64.rpm 38953ca73cbc6a0e3bef2ed6fd18c853dfb03098c5da02704a4e3c4aaec0e31a CLSA-2026:1772120702 TuxCare License Agreement 0 - Addition AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F81(ver:0x0B008121), cpuid:0x00B20F40(ver:0x0B204037), cpuid:0x00B40F40(ver:0x0B404035), cpuid:0x00B40F41(ver:0x0B404108), cpuid:0x00B60F00(ver:0x0B600037), cpuid:0x00B60F80(ver:0x0B608038), cpuid:0x00B70F00(ver:0x0B700037); - Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F11(ver:0x0A0011D5), cpuid:0x00A00F12(ver:0x0A001238), cpuid:0x00A10F11(ver:0x0A101148), cpuid:0x00A10F12(ver:0x0A101248), cpuid:0x00AA0F02(ver:0x0AA00215); - Update AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F21(ver:0x0B002161), cpuid:0x00B10F10(ver:0x0B101058); Low Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Addition AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F81(ver:0x0B008121), cpuid:0x00B20F40(ver:0x0B204037), cpuid:0x00B40F40(ver:0x0B404035), cpuid:0x00B40F41(ver:0x0B404108), cpuid:0x00B60F00(ver:0x0B600037), cpuid:0x00B60F80(ver:0x0B608038), cpuid:0x00B70F00(ver:0x0B700037); - Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F11(ver:0x0A0011D5), cpuid:0x00A00F12(ver:0x0A001238), cpuid:0x00A10F11(ver:0x0A101148), cpuid:0x00A10F12(ver:0x0A101248), cpuid:0x00AA0F02(ver:0x0AA00215); - Update AMD CPU microcode for processor family 0x1a: cpuid:0x00B00F21(ver:0x0B002161), cpuid:0x00B10F10(ver:0x0B101058);

0 tuxcare-oraclelinux7-els iwl100-firmware-39.31.5.1-999.41.el7.tuxcare.els3.noarch.rpm 1d909cbe59c4b5e2d9e71e037aeeae7168585192163f70c1b21b585d4bfe51ce iwl1000-firmware-39.31.5.1-999.41.el7.tuxcare.els3.noarch.rpm 389deac4d54aabdbbf7f99b36e5d15d8c45dcf420ca549cfdc9a451f15be5ef8 iwl105-firmware-18.168.6.1-999.41.el7.tuxcare.els3.noarch.rpm 84a7e9a38f5b57d17af9ebc17b932358a1df78ae055c87b48c294db60e24ffff iwl135-firmware-18.168.6.1-999.41.el7.tuxcare.els3.noarch.rpm c0dc2d4ce8bd68ecc1e7573b5af37023994b20c50fc2c16229c0a04b3e2e56e7 iwl2000-firmware-18.168.6.1-999.41.el7.tuxcare.els3.noarch.rpm fde9f7a0c26da4096ae15e40cc52f0f45836251b18a0eabb11a867bbd424a3de iwl2030-firmware-18.168.6.1-999.41.el7.tuxcare.els3.noarch.rpm 46b8b38f8be22d48eeca0b6624de103eed30c8a6532379ee8ba20c75d4336ba5 iwl3160-firmware-22.0.7.0-999.41.el7.tuxcare.els3.noarch.rpm d8c18adf8ecfd027a242ee91f7aa26dfd8a89f8782bfd6af5e91cb0db89a8377 iwl3945-firmware-15.32.2.9-999.41.el7.tuxcare.els3.noarch.rpm a3f3837c5560a90703c666f938d1ab62283bbe69a95c63f73de90b93492e4b37 iwl4965-firmware-228.61.2.24-999.41.el7.tuxcare.els3.noarch.rpm f3ec032e1470117f825cb4c1dbc14c9558738d18e30e8e3f2c225177f6dc1213 iwl5000-firmware-8.83.5.1_1-999.41.el7.tuxcare.els3.noarch.rpm a92a7acdbe153ced9f10ce7d151bab4bc8280d02c374fae73acc0a4caae204f9 iwl5150-firmware-8.24.2.2-999.41.el7.tuxcare.els3.noarch.rpm a62d33ce12e56e5106344519cd0e04a849c9913f025d46f6d81861a47d9a4fe0 iwl6000-firmware-9.221.4.1-999.41.el7.tuxcare.els3.noarch.rpm 2e30b2eb2aa700d72443d2078f8827943adf8723274ae7b02ad68a98ef59ed44 iwl6000g2a-firmware-17.168.5.3-999.41.el7.tuxcare.els3.noarch.rpm c011e82fe70b9125f17bcc9ba85b915ac761f61fa2a23fb7cb495cccbb707b29 iwl6000g2b-firmware-17.168.5.2-999.41.el7.tuxcare.els3.noarch.rpm 3004ec79acb9f9baf31d37f57064b156e7f417df4dd01fc5fc5be54475975a5a iwl6050-firmware-41.28.5.1-999.41.el7.tuxcare.els3.noarch.rpm cf2fcfe00425b2dda79c2b293341b16c5b33618b2caa30fee4770a258f8e0f13 iwl7260-firmware-22.0.7.0-999.41.el7.tuxcare.els3.noarch.rpm f6d06a29efb30bc07fb42676c8508e2a2d1190591ed48a94bb12b5ed9eda06ae iwlax2xx-firmware-20250611-999.41.el7.tuxcare.els3.noarch.rpm 573c2cf798787d307b09305c6fb412a2cb6213d60750bbbe7c968e0f7d00bb09 linux-firmware-20250611-999.41.git356f06bf.el7.tuxcare.els3.noarch.rpm e54b1d8c83df242cbe3a37f2c10ef2e527bc1d5d16a585f1148d130f6a6f75ad linux-nano-firmware-20250611-999.41.git356f06bf.el7.tuxcare.els3.noarch.rpm 6b3ab83ef2a75f2d1da7c4ce1a31e30212667c00f7f9d63a70ca96e4192ff298 CLSA-2026:1772213586 TuxCare License Agreement 0 - CVE-2016-9843: avoid pre-decrement of pointer in big-endian CRC calculation Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2016-9843: avoid pre-decrement of pointer in big-endian CRC calculation

0 tuxcare-oraclelinux7-els minizip-1.2.7-21.0.1.el7_9.tuxcare.els2.i686.rpm a779f2e85bb82c97972a47234d6442059e8afcb1b35f3f16b1dce463ef94b66d minizip-1.2.7-21.0.1.el7_9.tuxcare.els2.x86_64.rpm f010c83ccc20e38ff3a709bd5f5a618e387122738367e2be83bc652c4b33b40d minizip-devel-1.2.7-21.0.1.el7_9.tuxcare.els2.i686.rpm 3da31ffff299887f3420040183dcc5b1809bbd0cbbabb826df4748c15f5d8f6c minizip-devel-1.2.7-21.0.1.el7_9.tuxcare.els2.x86_64.rpm 481ea06b80f25790bf05819ea779371b9658003c3409b092c115e8bb353594fe zlib-1.2.7-21.0.1.el7_9.tuxcare.els2.i686.rpm d2cea6fa081e4d3ba3e2b12c2872fcbba4a6daf135caa198f4e7668c31e5b3e3 zlib-1.2.7-21.0.1.el7_9.tuxcare.els2.x86_64.rpm 228811b2e002b14c24c78e57013bba3ae1e4a92657e956eca5b75c0e006d149f zlib-devel-1.2.7-21.0.1.el7_9.tuxcare.els2.i686.rpm c5da53739c5d5fc43f7534c311c504b997c6e01292fc5d82839a3d5c466ea417 zlib-devel-1.2.7-21.0.1.el7_9.tuxcare.els2.x86_64.rpm c52550047635424dc0210ce9f60d12986728f03c957fea106b047678126cb95f zlib-static-1.2.7-21.0.1.el7_9.tuxcare.els2.i686.rpm f1045e600ddd177b8e0090d46752359ef197dd34f96e95c569b7a9092dd40042 zlib-static-1.2.7-21.0.1.el7_9.tuxcare.els2.x86_64.rpm 016ece1a28c431d3327e16d124ca37f731c310f2775a4214b0955e455a967022 CLSA-2026:1772452374 TuxCare License Agreement 0 - CVE-2026-25798: fix NULL pointer dereference in ClonePixelCacheRepository - CVE-2026-24481: fix heap information disclosure in PSD handler - CVE-2026-25799: fix division-by-zero in YUV sampling factor validation - CVE-2026-26284: fix out-of-bounds read in PCD Huffman decoder - CVE-2026-25897: fix integer overflow in Sun decoder on 32-bit systems - CVE-2026-26066: fix infinite loop in IPTCTEXT profile writing - CVE-2026-26283: fix infinite loop in JPEG encoder extent binary search - CVE-2026-25795: fix NULL pointer dereference in ReadSFWImage - CVE-2026-25796: fix memory leak in ReadSTEGANOImage Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-25798: fix NULL pointer dereference in ClonePixelCacheRepository - CVE-2026-24481: fix heap information disclosure in PSD handler - CVE-2026-25799: fix division-by-zero in YUV sampling factor validation - CVE-2026-26284: fix out-of-bounds read in PCD Huffman decoder - CVE-2026-25897: fix integer overflow in Sun decoder on 32-bit systems - CVE-2026-26066: fix infinite loop in IPTCTEXT profile writing - CVE-2026-26283: fix infinite loop in JPEG encoder extent binary search - CVE-2026-25795: fix NULL pointer dereference in ReadSFWImage - CVE-2026-25796: fix memory leak in ReadSTEGANOImage

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els5.i686.rpm ff5cae727ff64c5c501af8862e7407b32dd6c4cb3bc1b476795bb79910a253b1 ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els5.x86_64.rpm c070885bc450e65578c7aa8cba52ace68c08bd0bbea506f13471bc108ef99d99 ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els5.i686.rpm febbb945956866bb08d9f599244ace29874ca318c3ff1955ad53899db447aa0b ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els5.x86_64.rpm c4ecbd38b39654fe2f8b600dc34768371bc37e806e3fea304cd6ff6d28109be7 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els5.i686.rpm 9778a940dc890d7cd3aa9419494198a8264a35f19f9bae2ef44d2e2b711701de ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els5.x86_64.rpm bea302c0cd7bac4ca8b634022cd98618c81d66f23939f5d24a1095ea86359dd3 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els5.i686.rpm 929629b82dd7033e3ac5cbcaebc604595f7b46ba18c18caba7bf82173041c9f3 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els5.x86_64.rpm 0be0a62e6f554c36cb3f6a2b9287155ec0069b1740f00b490bd06ea7d20d1600 ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els5.x86_64.rpm 9c6223a8b0e90cb2da5d9649e2239bf9cb950180063dd4e7d4a24089cc3760b1 ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els5.x86_64.rpm c5899d46b029a4262cbd0ea97259ac6f2df5959ba8bb33b23ca84b320ccc20ab CLSA-2026:1772575082 TuxCare License Agreement 0 - CVE-2025-61144: fix stack-based buffer overflow occurs in tiffcrop Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-61144: fix stack-based buffer overflow occurs in tiffcrop

0 tuxcare-oraclelinux7-els libtiff-4.0.3-35.el7.tuxcare.els7.i686.rpm 33fd3cfbfce59ea16cc5b4ed54b2967b7f8e35121e0f84a97cd2bd8494344d94 libtiff-4.0.3-35.el7.tuxcare.els7.x86_64.rpm 31f10b3e6315f2354248b12ce8a7d130b2c47f140edbfe1fc7f245b2dd325ccd libtiff-devel-4.0.3-35.el7.tuxcare.els7.i686.rpm cca7f5b7a0f21ac55187538556fcb4a584d92fd6e8f4d3cb71340c236ea483fd libtiff-devel-4.0.3-35.el7.tuxcare.els7.x86_64.rpm 3343dcba1fc952fdf30dd05d5ee8563381a1d7fda85362d977f87df876165da6 libtiff-static-4.0.3-35.el7.tuxcare.els7.i686.rpm 848ea41c7aec44b034a768131d7fd72a0ee94dd2684178defc60741ead4534d6 libtiff-static-4.0.3-35.el7.tuxcare.els7.x86_64.rpm ff93b392eb14a46d26358023448c513e16b15401fc9dc022b23603797772a356 libtiff-tools-4.0.3-35.el7.tuxcare.els7.x86_64.rpm e6ba23e06a379090209028d1739977025413ad460e8bab477eab004f1f8c87c4 CLSA-2026:1772644488 TuxCare License Agreement 0 - update to CKBI 2.82 from NSS 3.121 - updated certificates: - # Certificate "GlobalSign Root CA" - # Certificate "Entrust.net Premium 2048 Secure Server CA" - # Certificate "Comodo AAA Services root" - # Certificate "XRamp Global CA Root" - # Certificate "Go Daddy Class 2 CA" - # Certificate "Starfield Class 2 CA" - removed certificates: - # Certificate "Baltimore CyberTrust Root" - # Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia" - # Certificate "Certipost E-Trust TOP Root CA" - # Certificate "Swisscom Root CA 1" - # Certificate "A-Trust-nQual-03" - # Certificate "KISA RootCA 1" - added certificates: - # Certificate "TrustAsia SMIME ECC Root CA" - # Certificate "TrustAsia SMIME RSA Root CA" - # Certificate "TrustAsia TLS ECC Root CA" - # Certificate "TrustAsia TLS RSA Root CA" - # Certificate "SwissSign RSA SMIME Root CA 2022 - 1" - # Certificate "SwissSign RSA TLS Root CA 2022 - 1" - # Certificate "OISTE Client Root ECC G1" - # Certificate "OISTE Client Root RSA G1" - # Certificate "OISTE Server Root ECC G1" - # Certificate " OISTE Server Root RSA G1" None Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- update to CKBI 2.82 from NSS 3.121 - updated certificates: - # Certificate "GlobalSign Root CA" - # Certificate "Entrust.net Premium 2048 Secure Server CA" - # Certificate "Comodo AAA Services root" - # Certificate "XRamp Global CA Root" - # Certificate "Go Daddy Class 2 CA" - # Certificate "Starfield Class 2 CA" - removed certificates: - # Certificate "Baltimore CyberTrust Root" - # Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia" - # Certificate "Certipost E-Trust TOP Root CA" - # Certificate "Swisscom Root CA 1" - # Certificate "A-Trust-nQual-03" - # Certificate "KISA RootCA 1" - added certificates: - # Certificate "TrustAsia SMIME ECC Root CA" - # Certificate "TrustAsia SMIME RSA Root CA" - # Certificate "TrustAsia TLS ECC Root CA" - # Certificate "TrustAsia TLS RSA Root CA" - # Certificate "SwissSign RSA SMIME Root CA 2022 - 1" - # Certificate "SwissSign RSA TLS Root CA 2022 - 1" - # Certificate "OISTE Client Root ECC G1" - # Certificate "OISTE Client Root RSA G1" - # Certificate "OISTE Server Root ECC G1" - # Certificate " OISTE Server Root RSA G1"

0 tuxcare-oraclelinux7-els ca-certificates-2026.2.82_v8.0.303-71.0.1.el7_9.tuxcare.els1.noarch.rpm 63c980bba2778f3a8baeda0d319b29d0a3ed1729897bbe16ee22e0e74bcd2642 CLSA-2026:1772646053 TuxCare License Agreement 0 - CVE-2025-12084: Prevent quadratic-time behavior when building excessively nested XML elements Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-12084: Prevent quadratic-time behavior when building excessively nested XML elements

0 tuxcare-oraclelinux7-els python3-3.6.8-21.0.5.el7_9.tuxcare.els3.i686.rpm 39c476fc087adae6e0320005a45e0a25b70f6b84c98ee6c6dd8b7989f0c0a650 python3-3.6.8-21.0.5.el7_9.tuxcare.els3.x86_64.rpm b26eda98f91e982b84666a2b507daf6cfb3792132cfc00386b16ff89f9140d12 python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els3.i686.rpm afe3c2770ae0da890f0ac852795d738811de70bcdfac41f2fb3885f9dd0aad98 python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els3.x86_64.rpm bb26fa9a47f664d71d02443c6dec45c695703078e80d02f4fa5ee7ca60732bbc python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els3.i686.rpm 0722ada08d272e257799e1d3332b37b134eaf405b0d2c4beaea48a796fa1a410 python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els3.x86_64.rpm 639de8cef661396f5de3161125ebc8c9814d2dd205c79a0c1270840e01d808ff python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els3.i686.rpm 258c947c9291ad88ce9b303b9f92c32b3ff37a25b00752cbcb6a3155a2047fcc python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els3.x86_64.rpm 73fee7c360fd1e1a4baaa50203b49c14e1204649ffb2da4419c7b971527e2495 python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els3.i686.rpm 85ca0dc743322b08e223b6de5dab87bfd071c7d9a32856e070ccbaef4c4a81e2 python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els3.x86_64.rpm 33a25d7e2af01bbd841d60893ea501b8cce8a95db89e674e9d2ea1a5efd7f7ae python3-test-3.6.8-21.0.5.el7_9.tuxcare.els3.i686.rpm ba1b3d217f9a7eacbaf42522302b4c060a29b669331184c66b3f0f6cd8cb321b python3-test-3.6.8-21.0.5.el7_9.tuxcare.els3.x86_64.rpm f498cb94668a27017b0d213e8244d723baf8d223b5d166fafce568fa5fc0f3c9 python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els3.i686.rpm f2b53764ee14822f1de9dfe1dfdff0986456e8dc5002f5b6e2da924c7a61f52e python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els3.x86_64.rpm 25d8e345dc244d9817c44832d7c8ea046713de42e6f9db446de9b222b8014b3f CLSA-2026:1772703948 TuxCare License Agreement 0 - CVE-2026-26269: fix stack-based buffer overflow in NetBeans integration that could lead to a crash or arbitrary code execution via a malicious server. Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-26269: fix stack-based buffer overflow in NetBeans integration that could lead to a crash or arbitrary code execution via a malicious server.

0 tuxcare-oraclelinux7-els vim-X11-7.4.629-8.0.1.el7_9.tuxcare.els2.x86_64.rpm e190784e997833e1f40427e941ea7abdc8771cefab76ebaca91a9da2452baec1 vim-common-7.4.629-8.0.1.el7_9.tuxcare.els2.x86_64.rpm 94e91c326ebb1cb8aee7c7af0d3d4fe3232f1f8c6bc8ebcdf5db7216febf5171 vim-enhanced-7.4.629-8.0.1.el7_9.tuxcare.els2.x86_64.rpm ff360620f964644c79652bc26d73aa9dfd5d1ffb666d005e899955732e64bebf vim-filesystem-7.4.629-8.0.1.el7_9.tuxcare.els2.x86_64.rpm 5125739c6aa1efe69b2101a25beeed02a4b59d897d546c8ad385f7be363a277b vim-minimal-7.4.629-8.0.1.el7_9.tuxcare.els2.x86_64.rpm 975f9f14c9cf011a274ca462f26c817680059985d72148c0a0ee756c7ebbbe09 CLSA-2026:1773047152 TuxCare License Agreement 0 - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911} - media: rc: fix races with imon_disconnect() {CVE-2025-39993} - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102} - partitions: mac: fix handling of bogus partition table {CVE-2025-21772} - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277} - Bluetooth: fix use-after-free in device_for_each_child() {CVE-2024-53237} - net/atm: remove the atmdev_ops {get, set}sockopt methods {CVE-2022-50410} - i40e: add validation for ring_len param {CVE-2025-39973} - vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248} - sctp: avoid NULL dereference when chunk data buffer is missing {CVE-2025-40240} - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() {CVE-2024-58014} - isofs: Prevent the use of too small fid {CVE-2025-37780} - net: ppp: Add bound checking for skb data on ppp_sync_txmung {CVE-2025-37749} - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() {CVE-2025-39860} - i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853} - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() {CVE-2025-38249} - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911} - media: rc: fix races with imon_disconnect() {CVE-2025-39993} - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102} - partitions: mac: fix handling of bogus partition table {CVE-2025-21772} - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277} - Bluetooth: fix use-after-free in device_for_each_child() {CVE-2024-53237} - net/atm: remove the atmdev_ops {get, set}sockopt methods {CVE-2022-50410} - i40e: add validation for ring_len param {CVE-2025-39973} - vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248} - sctp: avoid NULL dereference when chunk data buffer is missing {CVE-2025-40240} - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() {CVE-2024-58014} - isofs: Prevent the use of too small fid {CVE-2025-37780} - net: ppp: Add bound checking for skb data on ppp_sync_txmung {CVE-2025-37749} - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() {CVE-2025-39860} - i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853} - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() {CVE-2025-38249} - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 21eb3ca4532d2ca9efffc446b78b7da6ccf48bfd54555c589783ce3c3f50a1a6 kernel-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 7e7c13790dd68372d183ceac6d082ae25e566b0104a0c225d6cfec26d705d132 kernel-debug-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 5d2ff12cb43373a3688f511db502cd85a6f449e0858901254a4727416a56271f kernel-debug-devel-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm ee8f354466f565c5db780fb4f1beb169668ffe818af3dd02e749d689f8f27778 kernel-devel-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 2421e350f2a9ea0cb2e6f58a0ee14b34abba9a693d790cf367bdcd9c208b26f5 kernel-headers-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 48d0d4007fa5e99a615b82f45f6cd72ed9e4a127839f75964ac8a3a5349ed670 kernel-tools-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm a45209da913582af7ff8b6114b3b888c370fc70acca088796738bd34717ed8f5 kernel-tools-libs-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 27d699d53fb87096a667d2f754d62d0360bcf39cd9dca8ed9e19956b250f8769 kernel-tools-libs-devel-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 945977567d87db8f495846a8ec136bfcb5e454f2d2842fd21ad07edcfa169194 perf-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 247ab9e5014e23a45436ff0ad4466a91dc572b9420f0748e99f4389a6841cbf0 python-perf-3.10.0-1160.144.1.el7.tuxcare.els3.x86_64.rpm 9729412201f52886d2a98a950728fd122a38c05f37c25cad8f3959c172c425af CLSA-2026:1773479178 TuxCare License Agreement 0 - CVE-2025-12084: fix quadratic algorithm when building nested XML elements with appendChild Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-12084: fix quadratic algorithm when building nested XML elements with appendChild

0 tuxcare-oraclelinux7-els python-2.7.5-94.0.1.el7_9.tuxcare.els4.x86_64.rpm df5aa9681d0c97fb9dac4a11d63823c9ad7630022eca55523bb7153be4352db7 python-debug-2.7.5-94.0.1.el7_9.tuxcare.els4.x86_64.rpm 0a12905ad28810eef8558566d2df7172b929dea3b57f0bf36b8a95dd04afc749 python-devel-2.7.5-94.0.1.el7_9.tuxcare.els4.x86_64.rpm 735e46c3ab2c0ed65877925576a0dcbb4fb8709e5c0116a77270e06804592b79 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els4.i686.rpm 0ab6dd68cfbb796b4627acda74111a3c220c8169b7ca98d65289d2650b62a932 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els4.x86_64.rpm 4406a561ca64b4635e70bc8db987be86cfabd2ae2487c5cc161ebe177e0d8b14 python-test-2.7.5-94.0.1.el7_9.tuxcare.els4.x86_64.rpm 3aaebaba303dcf9f93156a3c4d28b7a8a07c82129ea88f6cb3e59a78632b757a python-tools-2.7.5-94.0.1.el7_9.tuxcare.els4.x86_64.rpm 414e737d8f554f4c55ec36df17b5089844d53ac9e59f1b04271eb7e1bda549ad tkinter-2.7.5-94.0.1.el7_9.tuxcare.els4.x86_64.rpm ebc0d0bcf8de204065177f71d4910f0f31b00d80f550596ebe44b6bdffe2765d CLSA-2026:1773924425 TuxCare License Agreement 0 - Fix CVE-2026-25210: integer overflow in doContent tag buffer reallocation Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- Fix CVE-2026-25210: integer overflow in doContent tag buffer reallocation

0 tuxcare-oraclelinux7-els expat-2.1.0-15.0.1.el7_9.tuxcare.els3.i686.rpm d89a226da8c74a92c5a94d4ab55628e26876cf68b7511497196a95f072a50174 expat-2.1.0-15.0.1.el7_9.tuxcare.els3.x86_64.rpm 46c43333ae0690011ac6b64dd0c8dcb54104d389a46a588abddf96e9a2e93bc3 expat-devel-2.1.0-15.0.1.el7_9.tuxcare.els3.i686.rpm 97f534159bef773a1b41326f583f5f4d37b45551b5550ea02601db38ec694cdd expat-devel-2.1.0-15.0.1.el7_9.tuxcare.els3.x86_64.rpm fc775b91793429baa18f91cb013706b45cd48fbd0c4de15288f09ff746b38903 expat-static-2.1.0-15.0.1.el7_9.tuxcare.els3.i686.rpm c3f327f95fcdaa55360de8fca666733e26c2a262c36f5faaa353e0d3f7f0beaa expat-static-2.1.0-15.0.1.el7_9.tuxcare.els3.x86_64.rpm 84d050d73c0b1326a2c69cfd32d218ad23bca4b5b0e7a98e8c6d91cfa67a53d1 CLSA-2026:1773923672 TuxCare License Agreement 0 - CVE-2026-25797: fix PostScript/HTML code injection via unsanitized filenames - CVE-2026-25982: fix heap out-of-bounds read in DICOM colormap decoder - CVE-2026-25968: fix stack buffer overflow in MSL opacity attribute processing - CVE-2026-25986: fix heap buffer overflow write in YUV 4:2:2 decoder - CVE-2026-25987: fix heap buffer over-read in MAP image decoder - CVE-2026-25970: fix signed integer overflow in SIXEL decoder - CVE-2026-23952: fix NULL pointer dereference in MSL comment/label handlers - CVE-2026-30883: fix heap buffer overflow in PNG profile writer - CVE-2026-25988: fix MSL stack index not updated causing memory leak - CVE-2026-27798: fix heap buffer over-read in WaveletDenoiseImage - CVE-2026-25965: fix path traversal bypassing security policy Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-25797: fix PostScript/HTML code injection via unsanitized filenames - CVE-2026-25982: fix heap out-of-bounds read in DICOM colormap decoder - CVE-2026-25968: fix stack buffer overflow in MSL opacity attribute processing - CVE-2026-25986: fix heap buffer overflow write in YUV 4:2:2 decoder - CVE-2026-25987: fix heap buffer over-read in MAP image decoder - CVE-2026-25970: fix signed integer overflow in SIXEL decoder - CVE-2026-23952: fix NULL pointer dereference in MSL comment/label handlers - CVE-2026-30883: fix heap buffer overflow in PNG profile writer - CVE-2026-25988: fix MSL stack index not updated causing memory leak - CVE-2026-27798: fix heap buffer over-read in WaveletDenoiseImage - CVE-2026-25965: fix path traversal bypassing security policy

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686.rpm 545c78051e371c8dd0ff99a4d016a0ed94a5bb121cc868a75ec8cea7cc1cc0cb ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64.rpm b3ce09d35578e8dd36eefe8876a8bb1bc2e49e06c5180fec1141077cb8977e4a ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686.rpm dfc975366e92d06a9ff12af42e1edba92925509c33aa9da8bc00fadae6f0026e ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64.rpm ec53dffc4d3ea320de955644480b62779e43e7168498e2e4404dbfe4e9d2cbcb ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686.rpm c32e4c21846f34167ef5426bce2cc12b351a90c9c34a2ad7e849bd1e35a0e6e3 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64.rpm 3b055993374112c13bd88e8cad9f4cf418d14fb017d798c44e83a17c7c2ed29f ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els6.i686.rpm 33a76df2ac70afae65ecc4fd82de89aebc7b564ce365096fb2c9765f63f3a7b8 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64.rpm 054f4ad1c5eced14f0baf3daac1d786503d1943ad423b589f95eefb3365b253d ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64.rpm 77cafb55f2566f6aa92ea4f76f8c37aa11e84a0596017f22004f3bd525a5f187 ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els6.x86_64.rpm 1e4e21d55b8491dd142011fae64d76ad3370e303fefb2108911af4cb096c641a CLSA-2026:1774262094 TuxCare License Agreement 0 - CVE-2026-25983: fix use-after-free in MSL decoder repage/roll handlers Critical Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-25983: fix use-after-free in MSL decoder repage/roll handlers

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els8.i686.rpm e700e0497759ca8827c81e326fed30b796bf8ee7aa895a61060e921f024b0ec7 ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els8.x86_64.rpm 3dfae0005a102dbee1088eaaf45d35d1cf731c2e304dad568095c8edde25787a ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els8.i686.rpm 8fee5d1fef1956a1ab9a8c92efc3dd7d0a09dd90e089860e4e51500090012689 ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els8.x86_64.rpm 5cba7b6928a342918b0856ae2f137e8cc775383dc94fbe20eb92698b8aaa7158 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els8.i686.rpm e23c85767c6d23901b18ced10c2288da298523286c50961f85e556da0fa18998 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els8.x86_64.rpm 78c76c3e109bbe532223db977fb0d3f02a0c0d868a2084ff3185a88226b4bad4 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els8.i686.rpm 58a182774bf940e0cd7e084daadeac579c8b8c7265d57ddce4eed60bdf08471e ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els8.x86_64.rpm 91fe4c7f8e69cb53998e022fb01d346d945700095e6792df8616c69e83534cc2 ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els8.x86_64.rpm 88493d4e3c6dd8f8bf3307925413a1bb1e131aaa6bc6710e072b68cfd06e021d ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els8.x86_64.rpm 4a52bb1b4659cbab30a83a07aa36ecad510d722a486dd8f0b61381819519b2cb CLSA-2026:1774273758 TuxCare License Agreement 0 - CVE-2025-5222: Fix stack buffer overflow in addTag handling that allowed subtag struct overflow leading to memory corruption and local arbitrary code execution Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-5222: Fix stack buffer overflow in addTag handling that allowed subtag struct overflow leading to memory corruption and local arbitrary code execution

0 tuxcare-oraclelinux7-els icu-50.2-4.el7_7.tuxcare.els1.x86_64.rpm d359c0a1a6a1615fd403c536446d17781fe2d2c0cf8d3f2d9bb59d0bef1e0290 libicu-50.2-4.el7_7.tuxcare.els1.i686.rpm 710b9f69501963c4bc57eae059f2a355ab01dd9b47903e286ec4a43db53fc667 libicu-50.2-4.el7_7.tuxcare.els1.x86_64.rpm 1ab82294673c4f1203a8a92c068d7f701038d3dfd513901be325ef59924a3f2e libicu-devel-50.2-4.el7_7.tuxcare.els1.i686.rpm da2221da5a103abbd158a6caf4a99d80557d03df246c1b19acbfad081cb0996b libicu-devel-50.2-4.el7_7.tuxcare.els1.x86_64.rpm aba74575cf78ea8b338cfd3f12a0c9a2d4bbdd303b2dd0991e017ace70ffe297 libicu-doc-50.2-4.el7_7.tuxcare.els1.noarch.rpm bb66e2013e733e4cfcf5b64661f7d36dd726fde0a41198683ae707b07f345105 CLSA-2026:1774344754 TuxCare License Agreement 0 - CVE-2026-28417: fix OS command injection in netrw plugin via crafted scp:// URIs by adding strict RFC1123 hostname validation and using shellescape() for hostname and port values. - CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery by adding bounds checks on pe_page_count, pe_bnum, pe_old_lnum and pe_line_count before descending into the block tree. Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-28417: fix OS command injection in netrw plugin via crafted scp:// URIs by adding strict RFC1123 hostname validation and using shellescape() for hostname and port values. - CVE-2026-28421: fix heap-buffer-overflow and SEGV in swap file recovery by adding bounds checks on pe_page_count, pe_bnum, pe_old_lnum and pe_line_count before descending into the block tree.

0 tuxcare-oraclelinux7-els vim-X11-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm a6a17df9e92d2d5b937aefde98f9f1a75be659bd0bdeb990fdba8863cab5220b vim-common-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm dc869f9f3ab31957c1c55ed76dbb26aad749189738ef23741cd61ac029487b4d vim-enhanced-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm 5493113daff8f05a92851842ac38c382d39ed40c15e788e217740ead32dce96a vim-filesystem-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm dcceb6cd9a5c02833b2a6556d0a03e30e635f65d495e7407b3f1289c17398522 vim-minimal-7.4.629-8.0.1.el7_9.tuxcare.els3.x86_64.rpm 2b67e3b555e1c36662eed3097853d0ad0236b26b97ea11b0a8af477f3fda3fa8 CLSA-2026:1774520206 TuxCare License Agreement 0 - CVE-2025-15367: reject control characters in POP3 commands to prevent command injection Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-15367: reject control characters in POP3 commands to prevent command injection

0 tuxcare-oraclelinux7-els python3-3.6.8-21.0.5.el7_9.tuxcare.els4.i686.rpm dd9e5acb60140e7a4b0a4bcd7ca4702db6551ad0b86b31c3c36fe6cc11920aef python3-3.6.8-21.0.5.el7_9.tuxcare.els4.x86_64.rpm 5bb37241192b442a8e5478ccde0b7a623f8fac5e718042084e49129fbabaaea8 python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els4.i686.rpm 48ac36245abcf13819fde11ef9b2b39e1bab29afb6de8cb0b2b98ee1ca966987 python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els4.x86_64.rpm e64aafa9ced6f3fb9b0e6ca2d8f60d90309658eb2ab909f1ced6c87bc2161605 python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els4.i686.rpm a18a5d0a438809bae61c64935df4625c3a29faf8a324e4b13a60c0c5dcd3cdd3 python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els4.x86_64.rpm 322a161a70990ef4168046f536eb113e0711f19e5a4ad94ec43b8abab0913e28 python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els4.i686.rpm a72c6daa9edad13e6e4e5e7d40a17aab76707ac3256a60ed2acc7300de707dd3 python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els4.x86_64.rpm 05fe222311bb7b43ddc0cab59a0efce499e6933760baafca5a538bcdf162d11a python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els4.i686.rpm 96b8a550e480edc614b69c6ffa807876c15c7a25b6794f0dac3409e84c267ff9 python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els4.x86_64.rpm 5ca947d8ecba6f3d223e1fa377cead76794e3d4b9d4340f7f27e918ccb4f2d87 python3-test-3.6.8-21.0.5.el7_9.tuxcare.els4.i686.rpm 3364f8f28d16d40e4b6f228f41dbbd51f1360307effbaeedfb24b0b87a9ab93b python3-test-3.6.8-21.0.5.el7_9.tuxcare.els4.x86_64.rpm b353df77ca2b653b23756635063c82cc601cde5e741f46b7220bf84608737329 python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els4.i686.rpm 583d3129f60ad8be0425a37bf90d81e78cff18f2e6dbefec98a7a8d59c243e08 python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els4.x86_64.rpm 41cbd2e61d130a43f2f9e446fdc85443e76a9bc7ff1fb34ead8865de393f24ad CLSA-2026:1774528369 TuxCare License Agreement 0 - CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to missing character encoding - CVE-2019-6111: fix scp client vulnerability that allowed a malicious server to overwrite arbitrary files in the client's target directory, including subdirectories, when performing transfers Moderate Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to missing character encoding - CVE-2019-6111: fix scp client vulnerability that allowed a malicious server to overwrite arbitrary files in the client's target directory, including subdirectories, when performing transfers

0 tuxcare-oraclelinux7-els openssh-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm 9156c18bf6a9bb4cdf9cf33e7489e9eb81c5139609bacdf95c99535f5e9ca6ac openssh-askpass-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm ab62de57ad70c130d920f051855b8256b37b58656715d140f0e37578c5231c2b openssh-cavs-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm 878c9f2bdf1bed0c0083025c7c50dfe941479d0c3e96d5d15a774233f5e945ea openssh-clients-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm aa1b32cbbe89f6b321de3de4aa56d41fd5943ccb67fd71b97ddf0fb6a3b0b3ff openssh-keycat-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm 5da7996343380122956897472579ad5b313c37dd50b7da3c933cef5fe07341b2 openssh-ldap-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm f66b1de5b657c70f81f27f021e4d7e0eb17678bbf75db38404bc59171f2664cb openssh-server-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm e2028f48cc22f0650db9c8ec76e9c1b2e7ca343eaa79867773cdfe3db89c5c57 openssh-server-sysvinit-7.4p1-23.0.3.el7_9.tuxcare.els3.x86_64.rpm 187c8479082fb8446948536cce2624285369d4efdcdb59418dd77c2485b87fd7 pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els3.i686.rpm ce55561ed42fe9c529f05adaade0ab9642ffac6a4fc8f07ad36c0ad04fc852a8 pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9.tuxcare.els3.x86_64.rpm c46a1243de82cdcd32e63f3ddcb0c66807765655afdd10241e67ada6424cfdf8 CLSA-2026:1774614065 TuxCare License Agreement 0 - CVE-2025-15366: reject control characters in IMAP commands Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-15366: reject control characters in IMAP commands

0 tuxcare-oraclelinux7-els python3-3.6.8-21.0.5.el7_9.tuxcare.els5.i686.rpm a812b99d6f60c2c749a1859b55f76636bbca3c4d06e3c1750aa7773a5b87873e python3-3.6.8-21.0.5.el7_9.tuxcare.els5.x86_64.rpm 734c181fcde44e621f2a19dfd499bedb42f0be8ab1068e9bafb4f193048644e5 python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els5.i686.rpm ae4e9d50500630231e44ef192e523bc13db63cbf3c8aff6ce8c6fe37d051c424 python3-debug-3.6.8-21.0.5.el7_9.tuxcare.els5.x86_64.rpm 52d8a4edec3ee8e2284a468e2bb41363abf397bd8aea400d13ab735c1bfc18ec python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els5.i686.rpm a1a61c58c41182e31f276bef6b39796b5dc0212dd8a8724406aa4e8c82727bed python3-devel-3.6.8-21.0.5.el7_9.tuxcare.els5.x86_64.rpm 5be752f3eac0fa7e268d9963c12853398729fe142b607e54f043026f8fcd7500 python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els5.i686.rpm 111c96b51b4f18709115651dcf0fd3ab00f712492a2c575cf9a9ffb841e9ac65 python3-idle-3.6.8-21.0.5.el7_9.tuxcare.els5.x86_64.rpm 1489767e63c72b194dd71850c252b187b6e95f68ad1ad3faefdbd9109773fc7e python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els5.i686.rpm cc596a50819d346a034d70536b4a0254b6ea17e2799002fc78cb46bbbf5318d0 python3-libs-3.6.8-21.0.5.el7_9.tuxcare.els5.x86_64.rpm c75607990ad24c2f497f9c3657b7154e326d9d37a8dc3c321cd92e8b2a0fe912 python3-test-3.6.8-21.0.5.el7_9.tuxcare.els5.i686.rpm 4787f455a92da66e4d870ba71123f5e141887949c5cf0797aeedb5457eb16982 python3-test-3.6.8-21.0.5.el7_9.tuxcare.els5.x86_64.rpm 0a3bd26038b21b207d69dcf575c1e6e072abc34f7f9cff25ec683a0734ac6cd6 python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els5.i686.rpm 723a296f16958fc5b0f231189839ebbde43c5f6831c4222eeffa08171c9da1fb python3-tkinter-3.6.8-21.0.5.el7_9.tuxcare.els5.x86_64.rpm 0e1068bf6fb4687ccbb37756a5093133ad47193635462d72dc962da01ccea840 CLSA-2026:1774874340 TuxCare License Agreement 0 - CVE-2026-33526: fix heap use-after-free due to double rfc1738_escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling Low Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-33526: fix heap use-after-free due to double rfc1738_escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling

0 tuxcare-oraclelinux7-els squid-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm 33f8d7dce8a873a91abec9c536b7e681b830745d80c35a516626e066c84615b8 squid-migration-script-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm 0027b5f3c2aa91bc0534f6045d68c6a71094a71bcbab0e4ecb7627ad2c3b1755 squid-sysvinit-3.5.20-17.0.5.el7_9.99.tuxcare.els4.x86_64.rpm 7252a2609f27b25cde87fb305e929aede1bf1bfc80490367c1adc4e694aea46c CLSA-2026:1775058454 TuxCare License Agreement 0 - CVE-2025-15366: reject control characters in IMAP commands to prevent command injection Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-15366: reject control characters in IMAP commands to prevent command injection

0 tuxcare-oraclelinux7-els python-2.7.5-94.0.1.el7_9.tuxcare.els5.x86_64.rpm 72ec9e1563375ff0052354fd5c8907c7215205f8ad0ef246407b4732114bb87f python-debug-2.7.5-94.0.1.el7_9.tuxcare.els5.x86_64.rpm 2525d1c14df96cda03bd5c23d6ad9d00d7efdc09193f83968f2ab5a6581d0dc4 python-devel-2.7.5-94.0.1.el7_9.tuxcare.els5.x86_64.rpm 2331eae2f0ba63d481817246a69928eba9ef0c643f454a9f2913d1e012dfad68 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els5.i686.rpm ec118c0cb48e60c85946ed03c7f758bc424c55913b653c2388b2f81d3f431212 python-libs-2.7.5-94.0.1.el7_9.tuxcare.els5.x86_64.rpm 5fa8183156501f5f25bf3f7b140d1016f3c417a8a4d0ffec47dfda8913789053 python-test-2.7.5-94.0.1.el7_9.tuxcare.els5.x86_64.rpm f6995965d8b2c44166cc2e5674e606c402123dab6183261eada36ab0c57f5ae4 python-tools-2.7.5-94.0.1.el7_9.tuxcare.els5.x86_64.rpm aef5e4c2a2ee4b2f3f879da2c36895c016e1b7a5cc15507d293a1cfbeef1eeac tkinter-2.7.5-94.0.1.el7_9.tuxcare.els5.x86_64.rpm 5591b0d64c77a9fb3519c646fcfae9ac316de6c6cce21c6cbc247b846c41ba69 CLSA-2026:1775121601 TuxCare License Agreement 0 - CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDoubleToLong - CVE-2026-25985: fix memory allocation without limits in SVG decoder - CVE-2026-24485: fix infinite loop in PCD decoder - CVE-2025-66628: fix integer overflow in TIM decoder on 32-bit systems - CVE-2026-28693: fix integer overflow in DIB/BMP coder Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDoubleToLong - CVE-2026-25985: fix memory allocation without limits in SVG decoder - CVE-2026-24485: fix infinite loop in PCD decoder - CVE-2025-66628: fix integer overflow in TIM decoder on 32-bit systems - CVE-2026-28693: fix integer overflow in DIB/BMP coder

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els9.i686.rpm c24998329c24fe98b63d226b269e1402ea81b2b316be65541e01492d838aa655 ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els9.x86_64.rpm ac0844ee6c7822b6ae5b7cded611a557a2577bf2bbabfd8dfff118646fc99163 ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els9.i686.rpm 99c87de5b17140e8bf4d378b2e7c93cbb4bb1c8c0d4d4f25a92d2405d3a6db4f ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els9.x86_64.rpm 295f023dfb21a6e527ac1aeee72094365be166841aefdc519cd43fd35a15cdbc ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els9.i686.rpm f2a1fc40fa622fdccfbfd034f70736d9c7bdc8311cf6dea190704cc11376f15d ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els9.x86_64.rpm af9bec4a599da738d59e47d5afb8f3e50fdcf9946096e57e4d1ad9ff66fad521 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els9.i686.rpm 43d97961e869fcaa95748759cc074f4c23973eaa2828ac7bd87fd62d804e8ff9 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els9.x86_64.rpm ac968aef35e4eadf8530b15c69cb34c9130fb7d0ca9cd1978635ee9d357c54e9 ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els9.x86_64.rpm 5bbf26612744916232e347da23805435498c60f643426f45c04b3676916677b1 ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els9.x86_64.rpm 6a4a74fcb891af4cd6c2222289f9be7dde3926d48ddfec658af6654a592bc6d7 CLSA-2026:1775223681 TuxCare License Agreement 0 - CVE-2025-15367: reject control characters in POP3 commands to prevent command injection via newlines Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-15367: reject control characters in POP3 commands to prevent command injection via newlines

0 tuxcare-oraclelinux7-els python-2.7.5-94.0.1.el7_9.tuxcare.els6.x86_64.rpm 33da52aa4ae2e6fbc00b8f93575c2aa38cb98ca2eda15066529379ac9a13d691 python-debug-2.7.5-94.0.1.el7_9.tuxcare.els6.x86_64.rpm d95280d29d2b83732eafaf86c6ccb97757eb81daf26256d0bb37ef5c17e3cc67 python-devel-2.7.5-94.0.1.el7_9.tuxcare.els6.x86_64.rpm dcce4fab656296873d1361e2f2814514b673f4e40a3913716c34a5520448593d python-libs-2.7.5-94.0.1.el7_9.tuxcare.els6.i686.rpm 1fd47203c035c7b5af99e583c8192c13138a57b1c68294f1b1d98f0ef06a83fb python-libs-2.7.5-94.0.1.el7_9.tuxcare.els6.x86_64.rpm a3c4ccc0950a3441574047a77aa91bd312f3c4615ab3d71b0647ac4eb801e44b python-test-2.7.5-94.0.1.el7_9.tuxcare.els6.x86_64.rpm e3d0b38e264555a9ce947a044d2aa89e84fb7ec34a0d2fa59bf5ef3380e8c2fc python-tools-2.7.5-94.0.1.el7_9.tuxcare.els6.x86_64.rpm 4c6b86bb3e12ffdfa044ea8f239f971c9e2508906caa9e6c3138419e1359cbae tkinter-2.7.5-94.0.1.el7_9.tuxcare.els6.x86_64.rpm 253fe595ba2f1fa0a94a97f797a45283d3c77b973efba5f9a1f332ff28356af6 CLSA-2026:1775655363 TuxCare License Agreement 0 - ovl: Filter invalid inodes with missing lookup function {CVE-2024-56570} - ALSA: aloop: Fix racy access at PCM trigger {CVE-2026-23191} - media: imon: reorganize serialization {CVE-2025-39993} - usb: xhci: Fix inverted ring_xrun_event check in handle_tx_event() {CVE-2025-37882} - Revert "VFS: Impose ordering on accesses of d_inode and d_flags" - Revert "VFS: Combine inode checks with d_is_negative() and d_is_positive() in pathwalk" - Revert "namei: d_is_negative() should be checked before ->d_seq validation" - Revert "namei: results of d_is_negative() should be checked after dentry revalidation" - Revert "namei: ->d_inode of a pinned dentry is stable only for positives" - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() {CVE-2026-23193} - net/sched: cls_u32: use skb_header_pointer_careful() {CVE-2026-23204} - net: add skb_header_pointer_careful() helper {CVE-2026-23204} - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() {CVE-2026-23089} - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} - net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074} Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- ovl: Filter invalid inodes with missing lookup function {CVE-2024-56570} - ALSA: aloop: Fix racy access at PCM trigger {CVE-2026-23191} - media: imon: reorganize serialization {CVE-2025-39993} - usb: xhci: Fix inverted ring_xrun_event check in handle_tx_event() {CVE-2025-37882} - Revert "VFS: Impose ordering on accesses of d_inode and d_flags" - Revert "VFS: Combine inode checks with d_is_negative() and d_is_positive() in pathwalk" - Revert "namei: d_is_negative() should be checked before ->d_seq validation" - Revert "namei: results of d_is_negative() should be checked after dentry revalidation" - Revert "namei: ->d_inode of a pinned dentry is stable only for positives" - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() {CVE-2026-23193} - net/sched: cls_u32: use skb_header_pointer_careful() {CVE-2026-23204} - net: add skb_header_pointer_careful() helper {CVE-2026-23204} - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() {CVE-2026-23089} - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} - net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074}

0 tuxcare-oraclelinux7-els bpftool-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm 5f54dcad9f11aec063ebc27b9e2eb1107cacdd7781ac86bdcf06d5553864578a kernel-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm cc47220de48184710c324d74c91cb267d636eaf1fb832c787ba089ed2a7b9d59 kernel-debug-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm 650f9e24b5bb07870b5228bdf2fc533a6e467038f9bcd79cc251d0261ba0a340 kernel-debug-devel-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm b3bd5c5dda70a3fa4d86ba0420730f174964b5f2c1fc5775c4e23ed835e7f524 kernel-devel-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm f09d611f8ef29396fabf0f60bf6250f60db90f2339ef3bf02f674c1d1e0314c2 kernel-headers-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm 05300d49e14b862e6cf56cfa08e63a9e84d9deb30e052d7f3103def9ecb78ad2 kernel-tools-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm a0ef7471f38eb99f570d4c5836f800b995257ddb829e253978007848246ff106 kernel-tools-libs-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm f6de0b31ccaecc6e3be71c6aa667ae313dee04b5a717cf4c35fa507b310b8d84 kernel-tools-libs-devel-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm 33e879a91f0cbf681e6454e2b49a141ed66af49652b091a5ceff9274b80b6d00 perf-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm 4fa41e9564ec7d3b593dd45a967d232c9f1326f494729f0c880228261ea21a06 python-perf-3.10.0-1160.144.1.el7.tuxcare.els4.x86_64.rpm 2b1ff0b872d641b1a6bed36cfccc99d4f2c5e6c57b5967e607b052d62debc9b6 CLSA-2026:1775655705 TuxCare License Agreement 0 - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() {CVE-2026-23089} - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} - KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory {CVE-2024-50115} - KVM: x86: Reset IRTE to host control if *new* route isn't postable {CVE-2025-37885} - NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945} - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} - Revert "IB/core: Implement clear counters" - Revert "IB/mlx5: Implement clear counters" - Revert "ib/core: add SET_DEVICE_OP call for clear_hw_stats()" - Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - Revert "xfrm: destroy xfrm_state synchronously on net exit path" - bpf, sockmap: Fix race between element replace and close() {CVE-2024-56664} - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak {CVE-2026-23061} - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec {CVE-2026-23060} - crypto: lzo - Fix compression buffer overrun {CVE-2025-38068} - drm/amd/pm: fix the Out-of-bounds read warning {CVE-2024-46731} - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number {CVE-2024-46724} - drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer {CVE-2024-49991} - ext4/jbd2: skip sb flush when EIO happened - ext4: save the error code which triggered an - fou: remove warn in gue_gro_receive on unsupported protocol {CVE-2024-44940} - fs: proc: inode: delay put_pid() by RCU - fs: writeback: fix use-after-free in __mark_inode_dirty() {CVE-2025-39866} - genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask - io_uring: fix filename leak in __io_openat_prep() {CVE-2025-68814} - jbd2: store more accurate errno in superblock - libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} - libceph: make free_choose_arg_map() resilient to partial allocation {CVE-2026-22991} - macvlan: Add nodst option to macvlan type source - macvlan: Use 'hash' iterators to simplify code - macvlan: fix error recovery in macvlan_common_newlink() {CVE-2026-23209} - macvlan: fix possible UAF in macvlan_forward_source() {CVE-2026-23001} - macvlan: observe an RCU grace period in macvlan_common_newlink() error path {CVE-2026-23273} - media: xc2028: avoid use-after-free in load_firmware_cb() {CVE-2024-43900} - mm: call the security_mmap_file() LSM hook in remap_file_pages() {CVE-2024-47745} - net/sched: sch_qfq: do not free existing class in qfq_change_class() {CVE-2026-22999} - net: sock: fix hardened usercopy panic in sock_recv_errqueue {CVE-2026-22977} - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure {CVE-2025-71154} - rds: Add state field to RDS trace logs. - rds: Drop rds conn in connect worker if not in down state. - scsi: mpi3mr: Sanitise num_phys {CVE-2024-42159} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() {CVE-2026-23193} - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux {CVE-2024-50073} - usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint {CVE-2025-22083} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929} - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added {CVE-2025-40256} - xfrm: delete x->tunnel as we delete x {CVE-2025-40215} - xfrm: flush all states in xfrm_state_fini Important Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() {CVE-2026-23089} - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} - KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory {CVE-2024-50115} - KVM: x86: Reset IRTE to host control if *new* route isn't postable {CVE-2025-37885} - NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945} - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} - Revert "IB/core: Implement clear counters" - Revert "IB/mlx5: Implement clear counters" - Revert "ib/core: add SET_DEVICE_OP call for clear_hw_stats()" - Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - Revert "xfrm: destroy xfrm_state synchronously on net exit path" - bpf, sockmap: Fix race between element replace and close() {CVE-2024-56664} - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak {CVE-2026-23061} - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec {CVE-2026-23060} - crypto: lzo - Fix compression buffer overrun {CVE-2025-38068} - drm/amd/pm: fix the Out-of-bounds read warning {CVE-2024-46731} - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number {CVE-2024-46724} - drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer {CVE-2024-49991} - ext4/jbd2: skip sb flush when EIO happened - ext4: save the error code which triggered an - fou: remove warn in gue_gro_receive on unsupported protocol {CVE-2024-44940} - fs: proc: inode: delay put_pid() by RCU - fs: writeback: fix use-after-free in __mark_inode_dirty() {CVE-2025-39866} - genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask - io_uring: fix filename leak in __io_openat_prep() {CVE-2025-68814} - jbd2: store more accurate errno in superblock - libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} - libceph: make free_choose_arg_map() resilient to partial allocation {CVE-2026-22991} - macvlan: Add nodst option to macvlan type source - macvlan: Use 'hash' iterators to simplify code - macvlan: fix error recovery in macvlan_common_newlink() {CVE-2026-23209} - macvlan: fix possible UAF in macvlan_forward_source() {CVE-2026-23001} - macvlan: observe an RCU grace period in macvlan_common_newlink() error path {CVE-2026-23273} - media: xc2028: avoid use-after-free in load_firmware_cb() {CVE-2024-43900} - mm: call the security_mmap_file() LSM hook in remap_file_pages() {CVE-2024-47745} - net/sched: sch_qfq: do not free existing class in qfq_change_class() {CVE-2026-22999} - net: sock: fix hardened usercopy panic in sock_recv_errqueue {CVE-2026-22977} - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure {CVE-2025-71154} - rds: Add state field to RDS trace logs. - rds: Drop rds conn in connect worker if not in down state. - scsi: mpi3mr: Sanitise num_phys {CVE-2024-42159} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() {CVE-2026-23193} - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux {CVE-2024-50073} - usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint {CVE-2025-22083} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929} - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added {CVE-2025-40256} - xfrm: delete x->tunnel as we delete x {CVE-2025-40215} - xfrm: flush all states in xfrm_state_fini

0 tuxcare-oraclelinux7-els bpftool-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm d596395611e161b71e6fcc7a4bd54246de478ddf8d4c48c9917647daeec68254 kernel-uek-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm 3862abe51b363c727cd28900e118d683c5baf110fc84bdf5f647bd8142231aba kernel-uek-container-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm 8971cd0d69cd6b7d12cb6305039c47b42569e48afb2942fc0ae3eb0881c9ec98 kernel-uek-container-debug-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm 5dc9864204959f1aa15300ab7cf9989fd6eab3300a5df749d4e03fa73117f249 kernel-uek-debug-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm e61c62b95e6e5cd15096cd73ef02d64fe05a92049f68cb0424aff2fa364958e9 kernel-uek-debug-devel-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm 2256698123bb9b6144cf07dcf5f24a8e408f38cc4e182477befedb665b4076d3 kernel-uek-devel-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm ddf6a4e626df63d073348b1d09bc7f4786edc72d39088435c4a1d1992f7af506 kernel-uek-headers-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm 350ab1aaa3988cf78c509c3d386853ca172ed6c606723dd4505598a9284ad1a3 kernel-uek-tools-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm 8236a214d703061ce9c9685c64d6293a40a3c1c2d54d447f51e884cbc85e2e33 perf-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm a9e1bd8da906bd3f3ae8b52765177e2b6b5b2eb06a8f36846370badfaa67d781 python-perf-5.4.17-2136.354.4.el7uek.tuxcare.els1.x86_64.rpm 07fab17310af2922d085115d97f5fd5194ca75eeab5a599a19eab8a25112f207 CLSA-2026:1776156000 TuxCare License Agreement 0 - CVE-2025-5244: fix NULL deref in elf_gc_sweep with empty groups - CVE-2025-5245: fix SEGV in debug_type_samep - CVE-2026-3441 CVE-2026-3442: fix out-of-bounds read in XCOFF relocation processing ('Important', []) Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2025-5244: fix NULL deref in elf_gc_sweep with empty groups - CVE-2025-5245: fix SEGV in debug_type_samep - CVE-2026-3441 CVE-2026-3442: fix out-of-bounds read in XCOFF relocation processing

0 tuxcare-oraclelinux7-els binutils-2.27-44.base.0.3.el7_9.1.tuxcare.els3.x86_64.rpm fd24730f8166c5d0c02dcdf67ef1e24144f8f8f5eb018f3cc898083c64cf4f6a binutils-devel-2.27-44.base.0.3.el7_9.1.tuxcare.els3.i686.rpm 0562af13c7aa11344da23f7150332890fb071ea51b8491b83426512a5264f9aa binutils-devel-2.27-44.base.0.3.el7_9.1.tuxcare.els3.x86_64.rpm 8b24ba05d8d6921b1de40e2434641a33b78b22bdf3ecd11feec4724d550fb6e8 CLSA-2026:1776342757 TuxCare License Agreement 0 - CVE-2023-45539: reject '#' as part of the URI to prevent ACL bypass via path_end rules ('Important', ['ELSCVE-86960']) Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2023-45539: reject '#' as part of the URI to prevent ACL bypass via path_end rules

0 tuxcare-oraclelinux7-els haproxy-1.5.18-9.el7_9.1.tuxcare.els1.x86_64.rpm 154da557791419bd3f37c59d5b82e688e7d33d841e527fa3e4141a832fc6fafe CLSA-2026:1776351395 TuxCare License Agreement 0 - CVE-2022-3970: fix integer overflow in TIFFReadRGBATileExt on strips/tiles > 2 GB - CVE-2022-0891: fix heap buffer overflow in extractImageSection in tiffcrop ('Important', ['ELSCVE-90056', 'ELSCVE-89907']) Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2022-3970: fix integer overflow in TIFFReadRGBATileExt on strips/tiles > 2 GB - CVE-2022-0891: fix heap buffer overflow in extractImageSection in tiffcrop

0 tuxcare-oraclelinux7-els libtiff-4.0.3-35.el7.tuxcare.els8.i686.rpm 379655080bf01cfb90c6dfb530e384ca40972b8fce577af450bbd52713c1b1a4 libtiff-4.0.3-35.el7.tuxcare.els8.x86_64.rpm acb614170c0118317cbc8281b19c0f0ac7229d1996b613cd9749e1dc3c753272 libtiff-devel-4.0.3-35.el7.tuxcare.els8.i686.rpm c331869dac0a4a8cf5891c63d83dd82d5a8c647dc4ef9a3716284eacd57846e6 libtiff-devel-4.0.3-35.el7.tuxcare.els8.x86_64.rpm ac26af2d0aaa974862b3ff6a89276b59624c8bdaa24c2dd3812f7ade6b69566f libtiff-static-4.0.3-35.el7.tuxcare.els8.i686.rpm 54448e34584ddca656adf26d705f26d027ef62e19adbb37dde8404cef1d41cd6 libtiff-static-4.0.3-35.el7.tuxcare.els8.x86_64.rpm 8e5df9706e061e18deedc3060854dff0f7a1257b2543999f1cade303a4abf1f7 libtiff-tools-4.0.3-35.el7.tuxcare.els8.x86_64.rpm 61e439f3107789be6a3b301dd0c94ba6934e9ee81a840b4b8626761f881603de CLSA-2026:1776414968 TuxCare License Agreement 0 - CVE-2026-32636: fix out-of-bounds write in NewXMLTree/ConvertUTF16ToUTF8 ('Important', ['ELSCVE-88727']) Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2026-32636: fix out-of-bounds write in NewXMLTree/ConvertUTF16ToUTF8

0 tuxcare-oraclelinux7-els ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els11.i686.rpm 80592448345f0e32fec49185558f1fdab7219a0632547cc5eae730ce1146ee91 ImageMagick-6.9.10.68-7.0.3.el7_9.tuxcare.els11.x86_64.rpm ed1e873fb7f0ba900a5997ca72be0cb2369e3118c9d6b7d3ed36fe8454ad351e ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els11.i686.rpm 975ab4aeea700c01ae08123fa798c77285f1fbc27543ca4e295c679434c719ec ImageMagick-c++-6.9.10.68-7.0.3.el7_9.tuxcare.els11.x86_64.rpm aa256779b6792d9a09cc891b44a8e12598761cce549f6ad9831344692d9b65c9 ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els11.i686.rpm 24f12501856e123e12cf52c86b08626993599d235ffca42dff855a1c1bdb7aee ImageMagick-c++-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els11.x86_64.rpm a492f89194dc3b3ae394066636220cb1b41254fd8314888f00160aadfc69f400 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els11.i686.rpm 62eb00bbcdb2e251b4bc57965d805d64bb86f1acd456e263c82d055133ce9c94 ImageMagick-devel-6.9.10.68-7.0.3.el7_9.tuxcare.els11.x86_64.rpm 34611fa8fca3a5959533c4b7f25181745eeafd49f6bd57949276fbf84aab35ad ImageMagick-doc-6.9.10.68-7.0.3.el7_9.tuxcare.els11.x86_64.rpm 1c623799694ad33e841e6546294bdd5ec1e86fb30236b997c495df72190e9806 ImageMagick-perl-6.9.10.68-7.0.3.el7_9.tuxcare.els11.x86_64.rpm 697801d116a49101f1d96aa51cf0d69b3ede0330e6af56b601faf0fe7a709b5b CLSA-2026:1776432133 TuxCare License Agreement 0 - CVE-2022-4904: fix stack overflow in ares_set_sortlist due to missing input validation ('Important', ['ELSCVE-84407']) Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2022-4904: fix stack overflow in ares_set_sortlist due to missing input validation

0 tuxcare-oraclelinux7-els c-ares-1.10.0-3.el7_9.1.tuxcare.els2.i686.rpm 2fad4ec5be3dc2be91cfe825eea96dde348a82090c6f302ea995942334eb4e97 c-ares-1.10.0-3.el7_9.1.tuxcare.els2.x86_64.rpm ef92f19c43678149b0bcf9a5b77e4468ba0b250afa8c6ce85be95128b0614389 c-ares-devel-1.10.0-3.el7_9.1.tuxcare.els2.i686.rpm 3c400e06e05aa1a1bbecb0201d9422f6b48913bee9d3f00db8978afdbb3da603 c-ares-devel-1.10.0-3.el7_9.1.tuxcare.els2.x86_64.rpm 981d4395cc4e9fcbbaa15eb4ae5f4d944c1b63d3e8b4de6d981d36e3b360e9be CLSA-2026:1776441540 TuxCare License Agreement 0 - CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor - CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of large tokens in small buffer refills; fix buffer growth calculation - CVE-2013-0340: add billion laughs (entity expansion bomb) attack protection with amplification limit (100x max, 8 MiB activation threshold); includes fix for isolated external parser bypass (CVE-2024-28757) - CVE-2024-28757: add billion laughs (entity expansion bomb) attack protection with amplification limit (100x max, 8 MiB activation threshold); includes fix for isolated external parser bypass (CVE-2024-28757) ('Important', []) Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the CLN.

- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor - CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of large tokens in small buffer refills; fix buffer growth calculation - CVE-2013-0340: add billion laughs (entity expansion bomb) attack protection with amplification limit (100x max, 8 MiB activation threshold); includes fix for isolated external parser bypass (CVE-2024-28757) - CVE-2024-28757: add billion laughs (entity expansion bomb) attack protection with amplification limit (100x max, 8 MiB activation threshold); includes fix for isolated external parser bypass (CVE-2024-28757)

0 tuxcare-oraclelinux7-els expat-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm c43ed523add96e598f68afc23cf07928344705e3019f404db99074ff3b96b81e expat-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm 20910b073769b8bf299e7ffaef86c35fb23ba44623ef88efaabf7851fe14da16 expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm 64e45de3dba0f5d3ed6b877d4df35e47da1add50cb7da8e07f997c337154859a expat-devel-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm 9fad19ade4ea380f40fedba35b1f9b62db45e1804d4eae866dbf320e54145254 expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.i686.rpm 0a80b5d65f8f562f75c2654a666179494b26aea0b4a39ef76505c7c7aadabe30 expat-static-2.1.0-15.0.7.el7_9.tuxcare.els1.x86_64.rpm 4558eec215fe889bf870c704742a2e631ab8d4da2d75e376a5d35ca95dcadfbc