Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kernel-source-longterm for openSUSE:Factory checked in at 2026-06-23 17:35:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source-longterm (Old) and /work/SRC/openSUSE:Factory/.kernel-source-longterm.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source-longterm" Tue Jun 23 17:35:23 2026 rev:131 rq:1360698 version:6.18.36 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source-longterm/kernel-longterm.changes 2026-06-11 17:25:35.037850055 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source-longterm.new.1956/kernel-longterm.changes 2026-06-23 17:35:27.514969716 +0200 @@ -1,0 +2,624 @@ +Fri Jun 19 16:59:47 CEST 2026 - [email protected] + +- ksmbd: fix use-after-free of a deferred file_lock on SMB2_CLOSE + then SMB2_CANCEL (git-fixes). +- Revert "ALSA: timer: Fix UAF at snd_timer_user_params()" + (git-fixes). +- commit 9f02549 + +------------------------------------------------------------------- +Fri Jun 19 15:33:51 CEST 2026 - [email protected] + +- Update config files for v6.18.36. +- commit 1b24aff + +------------------------------------------------------------------- +Fri Jun 19 14:50:50 CEST 2026 - [email protected] + +- Linux 6.18.36 (bsc#1258210). +- netfilter: require Ethernet MAC header before using eth_hdr() + (bsc#1258210). +- cfi: Include uaccess.h for get_kernel_nofault() (bsc#1258210). +- vsock/virtio: fix skb overhead overflow on 32-bit builds + (bsc#1258210). +- block: fix handling of dead zone write plugs (bsc#1258210). +- arm64: errata: Mitigate TLBI errata on Microsoft Azure Cobalt + 100 CPU (bsc#1258210). +- arm64: errata: Mitigate TLBI errata on NVIDIA Olympus CPU + (bsc#1258210). +- arm64: errata: Mitigate TLBI errata on various Arm CPUs + (bsc#1258210). +- arm64: cputype: Add C1-Premium definitions (bsc#1258210). +- arm64: cputype: Add C1-Ultra definitions (bsc#1258210). +- vsock/virtio: fix skb overhead accounting to preserve full + buf_alloc (bsc#1258210). +- vsock/virtio: fix potential unbounded skb queue (bsc#1258210). +- ipvs: skip ipv6 extension headers for csum checks (bsc#1258210). +- RDMA/umem: Fix truncation for block sizes >= 4G (bsc#1258210). +- RDMA: Move DMA block iterator logic into dedicated files + (bsc#1258210). +- RDMA/umem: fix kernel-doc warnings (bsc#1258210). +- netfilter: nft_fib: fix stale stack leak via the OIFNAME register + (bsc#1258210). +- RDMA: During rereg_mr ensure that REREG_ACCESS is compatible + (bsc#1258210). +- RDMA/umem: Add helpers for umem dmabuf revoke lock (bsc#1258210). +- RDMA/umem: Move umem dmabuf revoke logic into helper function + (bsc#1258210). +- RDMA/umem: Add ib_umem_dmabuf_get_pinned_and_lock helper + (bsc#1258210). +- sched_ext: Don't warn on NULL cgrp_moving_from in + scx_cgroup_move_task() (bsc#1258210). +- wifi: mac80211: tests: mark HT check strict (bsc#1258210). +- wifi: mac80211: skip ieee80211_verify_sta_ht_mcs_support check + in non-strict mode (bsc#1258210). +- driver core: reject devices with unregistered buses + (bsc#1258210). +- fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling + (bsc#1258210). +- drm/amd/display: Use krealloc_array() in dal_vector_reserve() + (bsc#1258210). +- drm/amd/display: Fix out-of-bounds read in + dp_get_eq_aux_rd_interval() (bsc#1258210). +- drm/amd/display: Fix NULL deref and buffer over-read in SDP + debugfs (bsc#1258210). +- drm/amd/display: add missing CSC entries for BT.2020 for DCE + IPs (bsc#1258210). +- drm/amd/display: Clamp VBIOS HDMI retimer register count to + array size (bsc#1258210). +- drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size + (bsc#1258210). +- drm/amd/display: Bound VBIOS record-chain walk loops + (bsc#1258210). +- drm/amd/pm: smu_v14_0_0: use SoftMin for gfxclk in + set_soft_freq_limited_range (bsc#1258210). +- drm/amd/pm: mark metrics.energy_accumulator is invalid for + smu 14.0.2 (bsc#1258210). +- drm/amd/pm: fix smu13 power limit default/cap calculation + (bsc#1258210). +- drm/amdgpu: set noretry=1 as default for GFX 10.1.x + (Navi10/12/14) (bsc#1258210). +- drm/amdgpu: restart the CS if some parts of the VM are still + invalidated (bsc#1258210). +- drm/amdgpu: fix waiting for all submissions for userptrs + (bsc#1258210). +- drm/v3d: Skip CSD when it has zeroed workgroups (bsc#1258210). +- drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups + (bsc#1258210). +- drm/v3d: Fix global performance monitor reference counting + (bsc#1258210). +- drm/v3d: Wait for pending L2T flush before cleaning caches + (bsc#1258210). +- drm/xe: Clear pending_disable before signaling suspend fence + (bsc#1258210). +- drm/xe/display: fix oops in suspend/shutdown without display + (bsc#1258210). +- drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore + on GFX11 (bsc#1258210). +- drm/amdkfd: fix NULL dereference in get_queue_ids() + (bsc#1258210). +- drm/gem: Try to fix change_handle ioctl, attempt 4 (bsc#1258210). +- slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock + (bsc#1258210). +- slimbus: qcom-ngd-ctrl: Balance pm_runtime enablement for NGD + (bsc#1258210). +- slimbus: qcom-ngd-ctrl: Correct PDR and SSR cleanup ownership + (bsc#1258210). +- slimbus: qcom-ngd-ctrl: Initialize controller resources in + controller (bsc#1258210). +- slimbus: qcom-ngd-ctrl: Register callbacks after creating the + ngd (bsc#1258210). +- slimbus: qcom-ngd-ctrl: Fix probe error path ordering + (bsc#1258210). +- slimbus: qcom-ngd-ctrl: Fix up platform_driver registration + (bsc#1258210). +- slimbus: qcom-ngd-ctrl: fix OF node refcount (bsc#1258210). +- thunderbolt: Limit XDomain response copy to actual frame size + (bsc#1258210). +- thunderbolt: Validate XDomain request packet size before type + cast (bsc#1258210). +- thunderbolt: Clamp XDomain response data copy to allocation size + (bsc#1258210). +- thunderbolt: Bound root directory content to block size + (bsc#1258210). +- thunderbolt: Reject zero-length property entries in validator + (bsc#1258210). +- sctp: stream: fully roll back denied add-stream state + (bsc#1258210). +- sctp: diag: reject stale associations in dump_one path + (bsc#1258210). +- rxrpc: Fix the ACK parser to extract the SACK table for parsing + (bsc#1258210). +- rtase: Reset TX subqueue when clearing TX ring (bsc#1258210). +- rtase: Avoid sleeping in get_stats64() (bsc#1258210). +- pmdomain: ti_sci: add wakeup constraint to parent devices of + wakeup source (bsc#1258210). +- pmdomain: imx: fix OF node refcount (bsc#1258210). +- mmc: sdhci: add signal voltage switch in sdhci_resume_host + (bsc#1258210). +- mmc: renesas_sdhi: Add OF entry for RZ/G2H SoC (bsc#1258210). +- mmc: litex_mmc: Set mandatory idle clocks before CMD0 + (bsc#1258210). +- mmc: dw_mmc-rockchip: Add missing private data for very old + controllers (bsc#1258210). +- mmc: core: Fix host controller programming for fixed driver type + (bsc#1258210). +- mm/mincore: handle non-swap entries before !CONFIG_SWAP guard + (bsc#1258210). +- mm/list_lru: drain before clearing xarray entry on reparent + (bsc#1258210). +- mm/hugetlb: restore reservation on error in hugetlb folio copy + paths (bsc#1258210). +- mm/hugetlb: avoid false positive lockdep assertion (bsc#1258210). +- mm/damon/reclaim: handle ctx allocation failure (bsc#1258210). +- mm/damon/lru_sort: handle ctx allocation failure (bsc#1258210). +- mm/cma_debug: fix invalid accesses for inactive CMA areas + (bsc#1258210). +- mm/cma: fix reserved page leak on activation failure + (bsc#1258210). +- io_uring/wait: fix min_timeout behavior (bsc#1258210). +- io_uring/kbuf: don't truncate end buffer for bundles + (bsc#1258210). +- pinctrl: mcp23s08: Read spi-present-mask as u8 not u32 + (bsc#1258210). +- octeontx2-af: fix memory leak in rvu_setup_hw_resources() + (bsc#1258210). +- nvmem: layouts: onie-tlv: fix hang on unknown types + (bsc#1258210). +- nvmem: core: fix use-after-free bugs in error paths + (bsc#1258210). +- net: sfp: initialize i2c_block_size at adapter configure time + (bsc#1258210). +- net: rds: clear i_sends on setup unwind (bsc#1258210). +- net: phonet: free phonet_device after RCU grace period + (bsc#1258210). +- net: mv643xx: fix OF node refcount (bsc#1258210). +- net: bonding: fix NULL pointer dereference in bond_do_ioctl() + (bsc#1258210). +- net: airoha: Add NULL check for of_reserved_mem_lookup() + in airoha_qdma_init_hfwd_queues() (bsc#1258210). +- net/mlx5: Reorder completion before putting command entry in + cmd_work_handler (bsc#1258210). +- firmware: samsung: acpm: Fix mailbox channel leak on probe error + (bsc#1258210). +- misc: fastrpc: Fix NULL pointer dereference in rpmsg callback + (bsc#1258210). +- misc: fastrpc: fix DMA address corruption due to find_vma misuse + (bsc#1258210). +- misc: fastrpc: fix use-after-free race in fastrpc_map_create + (bsc#1258210). +- misc: fastrpc: fix use-after-free of fastrpc_user in workqueue + context (bsc#1258210). +- memcg: use round-robin victim selection in refill_stock + (bsc#1258210). +- locking/rtmutex: Skip remove_waiter() when waiter is not enqueued + (bsc#1258210). +- ipc/shm: serialize orphan cleanup with shm_nattch updates + (bsc#1258210). +- iommu/dma: Do not try to iommu_map a 0 length region in swiotlb + (bsc#1258210). +- Input: atkbd - skip deactivate for HONOR BCC-N's internal + keyboard (bsc#1258210). +- Input: atkbd - add DMI quirk for Lenovo Yoga Air 14 (83QK) + (bsc#1258210). +- i2c: tegra: Fix NOIRQ suspend/resume (bsc#1258210). +- i2c: stm32f7: fix timing computation ignoring i2c-analog-filter + (bsc#1258210). +- i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() + (bsc#1258210). +- i2c: imx: fix clock and pinctrl state inconsistency in runtime + PM (bsc#1258210). +- i2c: imx-lpi2c: fix resource leaks switching to + devm_dma_request_chan() (bsc#1258210). +- futex/requeue: Prevent NULL pointer dereference in + remove_waiter() on self-deadlock (bsc#1258210). +- fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios + (bsc#1258210). +- fuse: reject fuse_notify() pagecache ops on directories + (bsc#1258210). +- fs/qnx6: fix pointer arithmetic in directory iteration + (bsc#1258210). +- pidfd: refuse access to tasks that have started exiting harder + (bsc#1258210). +- inet: frags: fix use-after-free caused by the fqdir_pre_exit() + flush (bsc#1258210). +- IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN + (bsc#1258210). +- fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh() + (bsc#1258210). +- bnxt_en: Fix NULL pointer dereference (bsc#1258210). +- ASoC: fsl_sai: Fix 32 slots TDM broken by integer shift UB in + xMR write (bsc#1258210). +- staging: rtl8723bs: fix buffer over-read in rtw_update_protection + (bsc#1258210). +- timers/migration: Fix livelock in tmigr_handle_remote_up() + (bsc#1258210). +- vsock/vmci: fix sk_ack_backlog leak on failed handshake + (bsc#1258210). +- wifi: nl80211: reject oversized EMA RNR lists (bsc#1258210). +- wifi: iwlwifi: pcie: simplify the resume flow if fast resume + is not used (bsc#1258210). +- xfs: fix rtgroup cleanup in CoW fork repair (bsc#1258210). +- xfs: fix error returns in CoW fork repair (bsc#1258210). +- mptcp: add-addr: always drop other suboptions (bsc#1258210). +- selftests: mptcp: add test for extra_subflows underflow on + userspace PM (bsc#1258210). +- mptcp: sockopt: set sockopt on all subflows (bsc#1258210). +- mptcp: sockopt: check timestamping ret value (bsc#1258210). +- mptcp: pm: fix extra_subflows underflow on userspace PM subflow + creation (bsc#1258210). +- mptcp: allow subflow rcv wnd to shrink (bsc#1258210). +- mptcp: close TOCTOU race while computing rcv_wnd (bsc#1258210). +- mptcp: fix retransmission loop when csum is enabled + (bsc#1258210). +- arm64: mm: call pagetable dtor when freeing hot-removed page + tables (bsc#1258210). +- ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow + (bsc#1258210). +- ARM: 9474/1: io: avoid KASAN instrumentation of raw halfword + I/O (bsc#1258210). +- ARM: socfpga: Fix OF node refcount leak in SMP setup + (bsc#1258210). +- udp: clear skb->dev before running a sockmap verdict + (bsc#1258210). +- zram: fix use-after-free in zram_bvec_write_partial() + (bsc#1258210). +- RDMA/srp: bound SRP_RSP sense copy by the received length + (bsc#1258210). +- RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc + (bsc#1258210). +- RDMA/core: Validate the passed in fops for ib_get_ucaps() + (bsc#1258210). +- mm/huge_memory: update file PUD counter before folio_put() + (bsc#1258210). +- mm/damon/ops-common: call folio_test_lru() after folio_get() + (bsc#1258210). +- mm/huge_memory: update file PMD counter before folio_put() + (bsc#1258210). +- drm/amd/display: Reject gpio_bitshift >= 32 in + bios_parser_get_gpio_pin_info() (bsc#1258210). +- drm/virtio: fix dma_fence refcount leak on error in + virtio_gpu_dma_fence_wait() (bsc#1258210). +- io_uring/net: inherit IORING_CQE_F_BUF_MORE across bundle recv + retries (bsc#1258210). +- ALSA: timer: Fix UAF at snd_timer_user_params() (bsc#1258210). +- ALSA: timer: Forcibly close timer instances at closing + (bsc#1258210). +- USB: serial: kl5kusb105: fix bulk-out buffer overflow + (bsc#1258210). +- USB: serial: option: add usb-id for Dell Wireless DW5826e-m + (bsc#1258210). +- USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() + (bsc#1258210). +- USB: serial: io_ti: fix heap overflow in get_manuf_info() + (bsc#1258210). +- xfrm: iptfs: fix ABBA deadlock in iptfs_destroy_state() + (bsc#1258210). +- xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags() ++++ 327 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source-longterm/kernel-longterm.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source-longterm.new.1956/kernel-longterm.changes kernel-source-longterm.changes: same change kernel-syms-longterm.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-longterm.spec ++++++ --- /var/tmp/diff_new_pack.6uYvt0/_old 2026-06-23 17:35:36.731290859 +0200 +++ /var/tmp/diff_new_pack.6uYvt0/_new 2026-06-23 17:35:36.731290859 +0200 @@ -18,8 +18,8 @@ %define srcversion 6.18 -%define patchversion 6.18.35 -%define git_commit b68d89fcaab0ef13a033c79334d818b3c93ec28b +%define patchversion 6.18.36 +%define git_commit f573e534b534c47ff97ca7f1f5a4e1bfbc0a75ab %define variant -longterm%{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-longterm -Version: 6.18.35 +Version: 6.18.36 %if 0%{?is_kotd} -Release: <RELEASE>.gb68d89f +Release: <RELEASE>.gf573e53 %else Release: 0 %endif ++++++ kernel-source-longterm.spec ++++++ --- /var/tmp/diff_new_pack.6uYvt0/_old 2026-06-23 17:35:36.779292531 +0200 +++ /var/tmp/diff_new_pack.6uYvt0/_new 2026-06-23 17:35:36.779292531 +0200 @@ -17,8 +17,8 @@ %define srcversion 6.18 -%define patchversion 6.18.35 -%define git_commit b68d89fcaab0ef13a033c79334d818b3c93ec28b +%define patchversion 6.18.36 +%define git_commit f573e534b534c47ff97ca7f1f5a4e1bfbc0a75ab %define variant -longterm%{nil} %define gcc_package gcc %define gcc_compiler gcc @@ -28,9 +28,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-source-longterm -Version: 6.18.35 +Version: 6.18.36 %if 0%{?is_kotd} -Release: <RELEASE>.gb68d89f +Release: <RELEASE>.gf573e53 %else Release: 0 %endif ++++++ kernel-syms-longterm.spec ++++++ --- /var/tmp/diff_new_pack.6uYvt0/_old 2026-06-23 17:35:36.827294203 +0200 +++ /var/tmp/diff_new_pack.6uYvt0/_new 2026-06-23 17:35:36.831294343 +0200 @@ -16,15 +16,15 @@ # -%define git_commit b68d89fcaab0ef13a033c79334d818b3c93ec28b +%define git_commit f573e534b534c47ff97ca7f1f5a4e1bfbc0a75ab %define variant -longterm%{nil} %include %_sourcedir/kernel-spec-macros Name: kernel-syms-longterm -Version: 6.18.35 +Version: 6.18.36 %if 0%{?is_kotd} -Release: <RELEASE>.gb68d89f +Release: <RELEASE>.gf573e53 %else Release: 0 %endif ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.6uYvt0/_old 2026-06-23 17:35:37.003300337 +0200 +++ /var/tmp/diff_new_pack.6uYvt0/_new 2026-06-23 17:35:37.007300476 +0200 @@ -1,6 +1,6 @@ -mtime: 1781073407 -commit: df9ce4f95be17bbde7f0696dbfe10f198c96407edcc114702808d1f8301e2641 +mtime: 1781935523 +commit: fea9e8854badc5f2cec654b473e0fca8e7d4dc2d2071a37571f983f7d68b6dcc url: https://src.opensuse.org/kernelbugs/kernel-source-longterm -revision: df9ce4f95be17bbde7f0696dbfe10f198c96407edcc114702808d1f8301e2641 +revision: fea9e8854badc5f2cec654b473e0fca8e7d4dc2d2071a37571f983f7d68b6dcc trackingbranch: Kernel/slowroll ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-20 08:05:23.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/arm64/default new/config/arm64/default --- old/config/arm64/default 2026-04-27 22:22:15.000000000 +0200 +++ new/config/arm64/default 2026-06-19 15:33:51.000000000 +0200 @@ -474,6 +474,7 @@ CONFIG_ARM64_ERRATUM_3117295=y CONFIG_ARM64_ERRATUM_3194386=y CONFIG_ARM64_ERRATUM_4193714=y +CONFIG_ARM64_ERRATUM_4118414=y CONFIG_CAVIUM_ERRATUM_22375=y CONFIG_CAVIUM_ERRATUM_23144=y CONFIG_CAVIUM_ERRATUM_23154=y ++++++ patches.kernel.org.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/kernel-source-longterm/patches.kernel.org.tar.bz2 /work/SRC/openSUSE:Factory/.kernel-source-longterm.new.1956/patches.kernel.org.tar.bz2 differ: char 11, line 1 ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/apparmor-don-t-audit-files-pointing-to-aa_null.dentr.patch new/patches.suse/apparmor-don-t-audit-files-pointing-to-aa_null.dentr.patch --- old/patches.suse/apparmor-don-t-audit-files-pointing-to-aa_null.dentr.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/apparmor-don-t-audit-files-pointing-to-aa_null.dentr.patch 2026-06-17 03:39:38.000000000 +0200 @@ -0,0 +1,40 @@ +From add2b70038bea194bcdef8a680f9153ee7f93ac0 Mon Sep 17 00:00:00 2001 +From: Georgia Garcia <[email protected]> +Date: Thu, 28 May 2026 16:04:12 -0300 +Subject: [PATCH] apparmor: don't audit files pointing to aa_null.dentry +References: bsc#1259668 +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git +Git-commit: add2b70038bea194bcdef8a680f9153ee7f93ac0 + +In + commit 4a134723f9f1 ("apparmor: move check for aa_null file to cover all cases") +there was a change to not audit files pointing to +aa_null.dentry because they provide no value, but setting the error +variable instead of returning -EACCES was still causing them to be +audited. + +Fixes: 4a134723f9f1 ("apparmor: move check for aa_null file to cover all cases") +Acked-by: David Disseldorp <[email protected]> +Signed-off-by: Georgia Garcia <[email protected]> +Signed-off-by: John Johansen <[email protected]> +--- + security/apparmor/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/security/apparmor/file.c b/security/apparmor/file.c +index 694e157149e85..fc5abd5473c85 100644 +--- a/security/apparmor/file.c ++++ b/security/apparmor/file.c +@@ -157,7 +157,7 @@ static int path_name(const char *op, const struct cred *subj_cred, + + /* don't reaudit files closed during inheritance */ + if (unlikely(path->dentry == aa_null.dentry)) +- error = -EACCES; ++ return -EACCES; + else + error = aa_path_name(path, flags, buffer, name, &info, + labels_profile(label)->disconnected); +-- +2.51.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/apparmor-fix-uninitialised-pointer-passed-to-audit_l.patch new/patches.suse/apparmor-fix-uninitialised-pointer-passed-to-audit_l.patch --- old/patches.suse/apparmor-fix-uninitialised-pointer-passed-to-audit_l.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/apparmor-fix-uninitialised-pointer-passed-to-audit_l.patch 2026-06-17 03:39:38.000000000 +0200 @@ -0,0 +1,98 @@ +From bcd1b34c21748531a3febaf7440632b89d8deab7 Mon Sep 17 00:00:00 2001 +From: Maciek Borzecki <[email protected]> +Date: Fri, 8 May 2026 10:30:16 +0200 +Subject: [PATCH] apparmor: fix uninitialised pointer passed to + audit_log_untrustedstring() +References: bsc#1259668 +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git +Git-commit: bcd1b34c21748531a3febaf7440632b89d8deab7 + +Commit 4a134723f9f1 ("apparmor: move check for aa_null file to cover all cases") +intrdouced a small bug, where path_name() may pass a potentially uninitialized +*name to aa_audit_file() if the path->dentry had been replaced with +aa_null.dentry earlier on. This can lead to page fault like one observed on +7.0.2 openSUSE Tumbleweed kernel: + +[51692.242756] [ T24690] BUG: unable to handle page fault for address: 0000000f00000003 +[51692.242762] [ T24690] #PF: supervisor read access in kernel mode +[51692.242763] [ T24690] #PF: error_code(0x0000) - not-present page +[51692.242765] [ T24690] PGD 0 P4D 0 +[51692.242768] [ T24690] Oops: Oops: 0000 [#1] SMP NOPTI +[51692.242772] [ T24690] CPU: 3 UID: 1020 PID: 24690 Comm: snap-confine Tainted: G O 7.0.2-1-default #1 PREEMPT(full) openSUSE Tumbleweed ab90b4c9940707f9cafa19bdad80b2cec52dbe51 +[51692.242775] [ T24690] Tainted: [O]=OOT_MODULE +[51692.242777] [ T24690] Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP05, BIOS 03.18 01/08/2026 +[51692.242778] [ T24690] RIP: 0010:strlen+0x4/0x30 +[51692.242783] [ T24690] Code: f7 75 ec 31 c0 e9 17 9f 00 ff 48 89 f8 e9 0f 9f 00 ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 18 48 89 f8 0f 1f 40 00 48 83 c0 01 80 38 00 75 f7 48 +[51692.242785] [ T24690] RSP: 0018:ffffd015eb1e3608 EFLAGS: 00010282 +[51692.242787] [ T24690] RAX: 0000000000000000 RBX: ffff89796198a360 RCX: 0000000000000000 +[51692.242788] [ T24690] RDX: 00000000000000d1 RSI: 0000000f00000003 RDI: 0000000f00000003 +[51692.242790] [ T24690] RBP: ffffffffb7ede090 R08: 00000000000005f5 R09: 0000000000000000 +[51692.242791] [ T24690] R10: 0000000000000000 R11: 0000000000000000 R12: ffffd015eb1e3700 +[51692.242792] [ T24690] R13: ffff8977a22bc380 R14: ffffffffb7ec5190 R15: ffff8977a0c8aa80 +[51692.242794] [ T24690] FS: 0000000000000000(0000) GS:ffff897f640d8000(0000) knlGS:0000000000000000 +[51692.242796] [ T24690] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[51692.242797] [ T24690] CR2: 0000000f00000003 CR3: 00000006ad15f000 CR4: 0000000000f50ef0 +[51692.242799] [ T24690] PKRU: 55555554 +[51692.242800] [ T24690] Call Trace: +[51692.242802] [ T24690] <TASK> +[51692.242804] [ T24690] audit_log_untrustedstring+0x1d/0x40 +[51692.242811] [ T24690] common_lsm_audit+0x71/0x1d0 +[51692.242816] [ T24690] aa_audit+0x5a/0x170 +[51692.242819] [ T24690] aa_audit_file+0x18a/0x1b0 +[51692.242825] [ T24690] path_name+0xd2/0x100 +[51692.242829] [ T24690] profile_path_perm.part.0+0x58/0xb0 +[51692.242832] [ T24690] aa_path_perm+0xef/0x150 +[51692.242837] [ T24690] apparmor_file_open+0x153/0x2e0 +[51692.242840] [ T24690] security_file_open+0x46/0xd0 +[51692.242844] [ T24690] do_dentry_open+0xe9/0x4d0 +[51692.242848] [ T24690] vfs_open+0x30/0x100 + +While here, initialise variables which are passed down to path_name(). + +Fixes: 4a134723f9f1 ("apparmor: move check for aa_null file to cover all cases") +Signed-off-by: Maciek Borzecki <[email protected]> +Signed-off-by: John Johansen <[email protected]> +Acked-by: David Disseldorp <[email protected]> +--- + security/apparmor/file.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/security/apparmor/file.c b/security/apparmor/file.c +index fc5abd5473c85..c9d55fe1086f9 100644 +--- a/security/apparmor/file.c ++++ b/security/apparmor/file.c +@@ -158,9 +158,9 @@ static int path_name(const char *op, const struct cred *subj_cred, + /* don't reaudit files closed during inheritance */ + if (unlikely(path->dentry == aa_null.dentry)) + return -EACCES; +- else +- error = aa_path_name(path, flags, buffer, name, &info, +- labels_profile(label)->disconnected); ++ ++ error = aa_path_name(path, flags, buffer, name, &info, ++ labels_profile(label)->disconnected); + if (error) { + fn_for_each_confined(label, profile, + aa_audit_file(subj_cred, +@@ -250,7 +250,7 @@ static int profile_path_perm(const char *op, const struct cred *subj_cred, + struct path_cond *cond, int flags, + struct aa_perms *perms) + { +- const char *name; ++ const char *name = NULL; + int error; + + if (profile_unconfined(profile)) +@@ -328,7 +328,7 @@ static int profile_path_link(const struct cred *subj_cred, + struct path_cond *cond) + { + struct aa_ruleset *rules = profile->label.rules[0]; +- const char *lname, *tname = NULL; ++ const char *lname = NULL, *tname = NULL; + struct aa_perms lperms = {}, perms; + const char *info = NULL; + u32 request = AA_MAY_LINK; +-- +2.51.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/apparmor-fix-use-after-free-in-rawdata-dedup-loop.patch new/patches.suse/apparmor-fix-use-after-free-in-rawdata-dedup-loop.patch --- old/patches.suse/apparmor-fix-use-after-free-in-rawdata-dedup-loop.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/apparmor-fix-use-after-free-in-rawdata-dedup-loop.patch 2026-06-17 03:39:38.000000000 +0200 @@ -0,0 +1,114 @@ +From 6f060496d03e4dc560a40f73770bd08335cb7a27 Mon Sep 17 00:00:00 2001 +From: Ruslan Valiyev <[email protected]> +Date: Tue, 26 May 2026 00:04:46 +0200 +Subject: [PATCH] apparmor: fix use-after-free in rawdata dedup loop +References: bko#221513 +Patch-mainline: Queued in subsystem maintainer repository +Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git +Git-commit: 6f060496d03e4dc560a40f73770bd08335cb7a27 + +aa_replace_profiles() walks ns->rawdata_list to dedup the incoming +policy blob against entries already attached to existing profiles. +Per the kernel-doc on struct aa_loaddata, list membership does not +hold a reference: profiles hold pcount, and when the last pcount +drops, do_ploaddata_rmfs() is queued on a workqueue that takes +ns->lock and removes the entry. Between dropping the last pcount +and the workqueue running, an entry remains on the list with +pcount == 0. + +aa_get_profile_loaddata() is an unconditional kref_get() on +pcount, so when the dedup loop hits such an entry, refcount +hardening reports + + refcount_t: addition on 0; use-after-free. + +inside aa_replace_profiles(), and the poisoned counter then +trips "saturated" and "underflow" warnings on the subsequent +uses of the same loaddata. + +Before commit a0b7091c4de4 ("apparmor: fix race on rawdata +dereference") the dedup path used a get_unless_zero-style helper +on a single counter, so the existing "if (tmp)" guard was +meaningful. The split-refcount refactor introduced +aa_get_profile_loaddata(), which has plain kref_get() semantics, +and the guard quietly became a no-op. + +Introduce aa_get_profile_loaddata_not0(), matching the existing +_not0 convention used by aa_get_profile_not0(), and use it for +the rawdata_list dedup lookup so dying entries are skipped. + +Reproduced on x86_64 with v7.1-rc5 in QEMU+KVM running Ubuntu +24.04 + stress-ng 0.17.06: + + stress-ng --apparmor 1 --klog-check --timeout 60s + +Without this patch the three refcount_t warnings fire within a +few seconds. With it the same 60 s run is clean. Coverage is a +smoke-test only; a longer soak with CONFIG_KASAN, CONFIG_KCSAN +and CONFIG_PROVE_LOCKING would be welcome from anyone with the +cycles. + +Fixes: a0b7091c4de4 ("apparmor: fix race on rawdata dereference") +Reported-by: Colin Ian King <[email protected]> +Closes: https://bugzilla.kernel.org/show_bug.cgi?id=221513 +Cc: [email protected] +Signed-off-by: Ruslan Valiyev <[email protected]> +Signed-off-by: John Johansen <[email protected]> +Acked-by: David Disseldorp <[email protected]> +--- + security/apparmor/include/policy_unpack.h | 19 +++++++++++++++++++ + security/apparmor/policy.c | 8 ++++++-- + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/security/apparmor/include/policy_unpack.h b/security/apparmor/include/policy_unpack.h +index e5a95dc4da1f7..b9de0fdf9ee52 100644 +--- a/security/apparmor/include/policy_unpack.h ++++ b/security/apparmor/include/policy_unpack.h +@@ -163,6 +163,25 @@ aa_get_profile_loaddata(struct aa_loaddata *data) + return data; + } + ++/** ++ * aa_get_profile_loaddata_not0 - get a profile reference count if not zero ++ * @data: reference to get a count on ++ * ++ * Like aa_get_profile_loaddata(), but safe to call on an entry that may ++ * be on a list (e.g. ns->rawdata_list) where the last pcount has already ++ * dropped and the deferred cleanup has not yet run. ++ * ++ * Returns: pointer to reference, or %NULL if @data is NULL or its ++ * profile refcount has already reached zero. ++ */ ++static inline struct aa_loaddata * ++aa_get_profile_loaddata_not0(struct aa_loaddata *data) ++{ ++ if (data && kref_get_unless_zero(&data->pcount)) ++ return data; ++ return NULL; ++} ++ + void __aa_loaddata_update(struct aa_loaddata *data, long revision); + bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r); + void aa_loaddata_kref(struct kref *kref); +diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c +index 847b0ff450c51..b59e827747dad 100644 +--- a/security/apparmor/policy.c ++++ b/security/apparmor/policy.c +@@ -1230,8 +1230,12 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label, + if (aa_rawdata_eq(rawdata_ent, udata)) { + struct aa_loaddata *tmp; + +- tmp = aa_get_profile_loaddata(rawdata_ent); +- /* check we didn't fail the race */ ++ /* ++ * Entries remain on rawdata_list with ++ * pcount == 0 until do_ploaddata_rmfs() ++ * runs; only take a live profile ref. ++ */ ++ tmp = aa_get_profile_loaddata_not0(rawdata_ent); + if (tmp) { + aa_put_profile_loaddata(udata); + udata = tmp; +-- +2.51.0 + ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.6uYvt0/_old 2026-06-23 17:35:37.891331280 +0200 +++ /var/tmp/diff_new_pack.6uYvt0/_new 2026-06-23 17:35:37.899331559 +0200 @@ -8022,7 +8022,337 @@ patches.kernel.org/6.18.35-315-KVM-arm64-vgic-its-Drop-the-translation-cache.patch patches.kernel.org/6.18.35-316-KVM-arm64-Reassign-nested_mmus-array-behind-m.patch patches.kernel.org/6.18.35-317-Linux-6.18.35.patch - patches.kernel.org/drm-gem-Try-to-fix-change_handle-ioctl-attempt-4.patch + patches.kernel.org/6.18.36-001-bpf-Free-reuseport-cBPF-prog-after-RCU-grace-.patch + patches.kernel.org/6.18.36-002-ARM-group-is_permission_fault-with-is_transla.patch + patches.kernel.org/6.18.36-003-ARM-allow-__do_kernel_fault-to-report-executi.patch + patches.kernel.org/6.18.36-004-ARM-fix-hash_name-fault.patch + patches.kernel.org/6.18.36-005-ARM-fix-branch-predictor-hardening.patch + patches.kernel.org/6.18.36-006-KVM-arm64-Take-the-SRCU-lock-for-page-table-w.patch + patches.kernel.org/6.18.36-007-i2c-dev-prevent-integer-overflow-in-I2C_TIMEO.patch + patches.kernel.org/6.18.36-008-ipv6-mcast-Fix-use-after-free-when-processing.patch + patches.kernel.org/6.18.36-009-net-smc-fix-sleep-inside-lock-in-__smc_setsoc.patch + patches.kernel.org/6.18.36-010-tee-optee-prevent-use-after-free-when-the-cli.patch + patches.kernel.org/6.18.36-011-soc-qcom-ice-Allow-explicit-votes-on-iface-cl.patch + patches.kernel.org/6.18.36-012-arm64-dts-qcom-x1-dell-thena-remove-i2c20-bat.patch + patches.kernel.org/6.18.36-013-ARM-dts-microchip-sam9x7-fix-GMAC-clock-confi.patch + patches.kernel.org/6.18.36-014-soc-qcom-ice-Return-ENODEV-if-the-ICE-platfor.patch + patches.kernel.org/6.18.36-015-tee-fix-tee_ioctl_object_invoke_arg-padding.patch + patches.kernel.org/6.18.36-016-tee-qcomtee-add-missing-va_end-in-early-retur.patch + patches.kernel.org/6.18.36-017-erofs-tidy-up-synchronous-decompression.patch + patches.kernel.org/6.18.36-018-erofs-fix-use-after-free-on-sbi-sync_decompre.patch + patches.kernel.org/6.18.36-019-wifi-iwlwifi-mvm-don-t-support-the-reset-hand.patch + patches.kernel.org/6.18.36-020-ksmbd-fix-NULL-deref-of-opinfo-conn-in-oplock.patch + patches.kernel.org/6.18.36-021-netfilter-xt_NFQUEUE-prefer-raw_smp_processor.patch + patches.kernel.org/6.18.36-022-ipvs-clear-the-svc-scheduler-ptr-early-on-edi.patch + patches.kernel.org/6.18.36-023-netfilter-synproxy-add-mutex-to-guard-hook-re.patch + patches.kernel.org/6.18.36-024-netfilter-conntrack_irc-fix-possible-out-of-b.patch + patches.kernel.org/6.18.36-025-netfilter-nft_ct-bail-out-on-template-ct-in-g.patch + patches.kernel.org/6.18.36-026-netfilter-bridge-make-ebt_snat-ARP-rewrite-wr.patch + patches.kernel.org/6.18.36-027-dm-cache-policy-smq-check-allocation-under-in.patch + patches.kernel.org/6.18.36-028-net-sched-act_api-use-RCU-with-deferred-freei.patch + patches.kernel.org/6.18.36-029-6lowpan-fix-off-by-one-in-multicast-context-a.patch + patches.kernel.org/6.18.36-030-l2tp-pppol2tp-hold-reference-to-session-in-pp.patch + patches.kernel.org/6.18.36-031-devlink-Release-nested-relation-on-devlink-fr.patch + patches.kernel.org/6.18.36-032-drm-imx-Fix-three-kernel-doc-warnings-in-dcss.patch + patches.kernel.org/6.18.36-033-wifi-mac80211-limit-injected-antenna-index-in.patch + patches.kernel.org/6.18.36-034-pcnet32-stop-holding-device-spin-lock-during-.patch + patches.kernel.org/6.18.36-035-net-Annotate-sk-sk_write_space-for-UDP-SOCKMA.patch + patches.kernel.org/6.18.36-036-hsr-Remove-WARN_ONCE-in-hsr_addr_is_self.patch + patches.kernel.org/6.18.36-037-net-garp-fix-unsigned-integer-underflow-in-ga.patch + patches.kernel.org/6.18.36-038-net-lan743x-permit-VLAN-tagged-packets-up-to-.patch + patches.kernel.org/6.18.36-039-net-fec-fix-pinctrl-default-state-restore-ord.patch + patches.kernel.org/6.18.36-040-ipv6-anycast-insert-aca-into-global-hash-unde.patch + patches.kernel.org/6.18.36-041-wifi-fix-leak-if-split-6-GHz-scanning-fails.patch + patches.kernel.org/6.18.36-042-Bluetooth-RFCOMM-hold-listener-socket-in-rfco.patch + patches.kernel.org/6.18.36-043-Bluetooth-MGMT-validate-advertising-TLV-befor.patch + patches.kernel.org/6.18.36-044-Bluetooth-RFCOMM-validate-skb-length-in-MCC-h.patch + patches.kernel.org/6.18.36-045-Bluetooth-bnep-fix-incorrect-length-parsing-i.patch + patches.kernel.org/6.18.36-046-Bluetooth-bnep-reject-short-frames-before-par.patch + patches.kernel.org/6.18.36-047-Bluetooth-fix-memory-leak-in-error-path-of-hc.patch + patches.kernel.org/6.18.36-048-Bluetooth-ISO-Fix-not-releasing-hdev-referenc.patch + patches.kernel.org/6.18.36-049-Bluetooth-ISO-Fix-data-race-on-iso_pi-fields-.patch + patches.kernel.org/6.18.36-050-Bluetooth-SCO-Fix-data-race-on-sco_pi-fields-.patch + patches.kernel.org/6.18.36-051-Bluetooth-MGMT-Fix-backward-compatibility-wit.patch + patches.kernel.org/6.18.36-052-xsk-cache-csum_start-csum_offset-to-fix-TOCTO.patch + patches.kernel.org/6.18.36-053-octeontx2-pf-Fix-NDC-sync-operation-errors.patch + patches.kernel.org/6.18.36-054-octeontx2-af-Fix-initialization-of-mcam-s-ent.patch + patches.kernel.org/6.18.36-055-af_unix-Fix-inq_len-update-problem-in-partial.patch + patches.kernel.org/6.18.36-056-ipv4-restrict-IPOPT_SSRR-and-IPOPT_LSRR-optio.patch + patches.kernel.org/6.18.36-057-ptp-vclock-Switch-from-RCU-to-SRCU.patch + patches.kernel.org/6.18.36-058-net-airoha-Fix-use-after-free-in-metadata-dst.patch + patches.kernel.org/6.18.36-059-net-ethernet-mtk_eth_soc-Fix-use-after-free-i.patch + patches.kernel.org/6.18.36-060-net-sched-fix-pedit-partial-COW-leading-to-pa.patch + patches.kernel.org/6.18.36-061-sctp-validate-cached-peer-INIT-chunk-length-i.patch + patches.kernel.org/6.18.36-062-octeontx2-af-npc-Fix-CPT-channel-mask-in-npc_.patch + patches.kernel.org/6.18.36-063-vxlan-vnifilter-send-notification-on-VNI-add.patch + patches.kernel.org/6.18.36-064-vxlan-vnifilter-fix-spurious-notification-on-.patch + patches.kernel.org/6.18.36-065-ieee802154-6lowpan-only-accept-IPv6-packets-i.patch + patches.kernel.org/6.18.36-066-net-802-mrp-fix-vector-attribute-parsing-in-m.patch + patches.kernel.org/6.18.36-067-sctp-purge-outqueue-on-stale-COOKIE-ECHO-hand.patch + patches.kernel.org/6.18.36-068-Drivers-hv-VMBus-protocol-version-6.0.patch + patches.kernel.org/6.18.36-069-Drivers-hv-vmbus-Provide-option-to-skip-VMBus.patch + patches.kernel.org/6.18.36-070-drm-hyperv-During-panic-do-VMBus-unload-after.patch + patches.kernel.org/6.18.36-071-selftests-harness-fix-pidfd-leak-in-__wait_fo.patch + patches.kernel.org/6.18.36-072-signal-clear-JOBCTL_PENDING_MASK-for-caller-i.patch + patches.kernel.org/6.18.36-073-hyperv-Clean-up-and-fix-the-guest-ID-comment-.patch + patches.kernel.org/6.18.36-074-time-Fix-off-by-one-in-settimeofday-usec-vali.patch + patches.kernel.org/6.18.36-075-ALSA-PCM-Fix-wait-queue-list-corruption-in-sn.patch + patches.kernel.org/6.18.36-076-ALSA-seq-dummy-fix-UMP-event-stack-overread.patch + patches.kernel.org/6.18.36-077-spi-cadence-quadspi-fix-unclocked-access-on-u.patch + patches.kernel.org/6.18.36-078-cpufreq-amd-pstate-drop-stale-epp_cached-kdoc.patch + patches.kernel.org/6.18.36-079-tools-rv-Ensure-monitor-name-and-desc-are-NUL.patch + patches.kernel.org/6.18.36-080-tools-rv-Fix-substring-match-bug-in-monitor-n.patch + patches.kernel.org/6.18.36-081-tools-rv-Fix-substring-match-when-listing-con.patch + patches.kernel.org/6.18.36-082-tools-rv-Fix-cleanup-after-failed-trace-setup.patch + patches.kernel.org/6.18.36-083-verification-rvgen-Fix-options-shared-among-c.patch + patches.kernel.org/6.18.36-084-verification-rvgen-Fix-ltl2k-writing-True-as-.patch + patches.kernel.org/6.18.36-085-tap-free-page-on-error-paths-in-tap_get_user_.patch + patches.kernel.org/6.18.36-086-xfrm-iptfs-fix-use-after-free-on-first_skb-in.patch + patches.kernel.org/6.18.36-087-dma-mapping-direct-fix-missing-mapping-for-TH.patch + patches.kernel.org/6.18.36-088-dma-debug-fix-physical-address-retrieval-in-d.patch + patches.kernel.org/6.18.36-089-xfrm-policy-fix-use-after-free-on-inexact-bin.patch + patches.kernel.org/6.18.36-090-ice-fix-missing-priority-callbacks-for-U.FL-D.patch + patches.kernel.org/6.18.36-091-idpf-fix-mailbox-capability-for-set-device-cl.patch + patches.kernel.org/6.18.36-092-net-ena-PHC-Add-missing-barrier.patch + patches.kernel.org/6.18.36-093-bnge-fix-context-mem-iteration.patch + patches.kernel.org/6.18.36-094-netlabel-validate-unlabeled-address-and-mask-.patch + patches.kernel.org/6.18.36-095-gpio-mvebu-fix-NULL-pointer-dereference-in-su.patch + patches.kernel.org/6.18.36-096-ASoC-wm_adsp-Fix-NULL-dereference-when-removi.patch + patches.kernel.org/6.18.36-097-tcp-restrict-SO_ATTACH_FILTER-to-priv-users.patch + patches.kernel.org/6.18.36-098-net-add-pskb_may_pull-to-skb_gro_receive_list.patch + patches.kernel.org/6.18.36-099-net-mlx4-avoid-GCC-10-__bad_copy_from-false-p.patch + patches.kernel.org/6.18.36-100-net-ibm-emac-Fix-use-after-free-during-device.patch + patches.kernel.org/6.18.36-101-netdev-fix-double-free-in-netdev_nl_bind_rx_d.patch + patches.kernel.org/6.18.36-102-net-phy-clean-the-sfp-upstream-if-phy-probing.patch + patches.kernel.org/6.18.36-103-net-qrtr-fix-refcount-saturation-and-potentia.patch + patches.kernel.org/6.18.36-104-net-mlx5-Fix-slab-out-of-bounds-in-mlx5_query.patch + patches.kernel.org/6.18.36-105-net-mlx5e-xsk-Fix-DMA-and-xdp_frame-leak-on-X.patch + patches.kernel.org/6.18.36-106-net-mlx5-Use-effective-affinity-mask-for-IRQ-.patch + patches.kernel.org/6.18.36-107-ipv6-sit-reload-inner-IPv6-header-after-GSO-o.patch + patches.kernel.org/6.18.36-108-net-openvswitch-fix-possible-kfree_skb-of-ERR.patch + patches.kernel.org/6.18.36-109-r8152-handle-the-return-value-of-usb_reset_de.patch + patches.kernel.org/6.18.36-110-gpio-zynq-fix-runtime-PM-leak-on-remove.patch + patches.kernel.org/6.18.36-111-gpio-rockchip-fix-generic-IRQ-chip-leak-on-re.patch + patches.kernel.org/6.18.36-112-net-mctp-usb-fix-race-between-urb-completion-.patch + patches.kernel.org/6.18.36-113-net-mctp-usb-don-t-fail-mctp_usb_rx_queue-on-.patch + patches.kernel.org/6.18.36-114-ASoC-SOF-amd-fix-for-ipc-flags-check.patch + patches.kernel.org/6.18.36-115-sctp-fix-uninit-value-in-__sctp_rcv_asconf_lo.patch + patches.kernel.org/6.18.36-116-ip6_vti-set-netns_immutable-on-the-fallback-d.patch + patches.kernel.org/6.18.36-117-sctp-validate-embedded-INIT-chunk-and-address.patch + patches.kernel.org/6.18.36-118-net-guard-timestamp-cmsgs-to-real-error-queue.patch + patches.kernel.org/6.18.36-119-net-rds-fix-NULL-deref-in-rds_ib_send_cqe_han.patch + patches.kernel.org/6.18.36-120-tun-zero-the-whole-vnet-header-in-tun_put_use.patch + patches.kernel.org/6.18.36-121-ip6_vti-fix-incorrect-tunnel-matching-in-vti6.patch + patches.kernel.org/6.18.36-122-rds-mark-snapshot-pages-dirty-in-rds_info_get.patch + patches.kernel.org/6.18.36-123-spi-rzv2h-rspi-Fix-SPDR-read-access-width-for.patch + patches.kernel.org/6.18.36-124-netfilter-revalidate-bridge-ports.patch + patches.kernel.org/6.18.36-125-netfilter-nf_conntrack-destroy-stale-expectfn.patch + patches.kernel.org/6.18.36-126-netfilter-x_tables-avoid-leaking-percpu-count.patch + patches.kernel.org/6.18.36-127-netfilter-nf_log-validate-MAC-header-was-set-.patch + patches.kernel.org/6.18.36-128-netfilter-nft_exthdr-fix-register-tracking-fo.patch + patches.kernel.org/6.18.36-129-net-mvpp2-sync-RX-data-at-the-hardware-packet.patch + patches.kernel.org/6.18.36-130-net-mvpp2-limit-XDP-frame-size-to-the-RX-buff.patch + patches.kernel.org/6.18.36-131-net-mvpp2-refill-RX-buffers-before-XDP-or-skb.patch + patches.kernel.org/6.18.36-132-net-mvpp2-build-skb-from-XDP-adjusted-data-on.patch + patches.kernel.org/6.18.36-133-net-txgbe-optimize-the-flow-to-setup-PHY-for-.patch + patches.kernel.org/6.18.36-134-net-txgbe-support-CR-modules-for-AML-devices.patch + patches.kernel.org/6.18.36-135-net-txgbe-rename-the-SFP-related.patch + patches.kernel.org/6.18.36-136-net-txgbe-initialize-module-info-buffer.patch + patches.kernel.org/6.18.36-137-ipv6-Fix-a-potential-NPD-in-cleanup_prefix_ro.patch + patches.kernel.org/6.18.36-138-KVM-VMX-Update-SVI-during-runtime-APICv-activ.patch + patches.kernel.org/6.18.36-139-clk-qcom-x1e80100-dispcc-Stop-disp_cc_mdss_md.patch + patches.kernel.org/6.18.36-140-clk-samsung-gs101-Fix-missing-USI7_USI-DIV-cl.patch + patches.kernel.org/6.18.36-141-clk-qcom-dispcc-sc8280xp-Don-t-park-mdp_clk_s.patch + patches.kernel.org/6.18.36-142-drm-i915-edp-Check-supported-link-rates-DPCD-.patch + patches.kernel.org/6.18.36-143-drm-virtio-Fix-driver-removal-with-disabled-K.patch + patches.kernel.org/6.18.36-144-drm-vc4-fix-krealloc-memory-leak.patch + patches.kernel.org/6.18.36-145-drm-xe-fix-refcount-leak-in-xe_range_fence_in.patch + patches.kernel.org/6.18.36-146-accel-amdxdna-Fix-mm_struct-reference-leak-in.patch + patches.kernel.org/6.18.36-147-netfilter-nft_tunnel-fix-use-after-free-on-ob.patch + patches.kernel.org/6.18.36-148-netfilter-nft_meta_bridge-fix-stale-stack-lea.patch + patches.kernel.org/6.18.36-149-tee-shm-fix-shm-leak-in-register_shm_helper.patch + patches.kernel.org/6.18.36-150-Bluetooth-hci_sync-reject-oversized-Broadcast.patch + patches.kernel.org/6.18.36-151-Bluetooth-L2CAP-reject-BR-EDR-signaling-packe.patch + patches.kernel.org/6.18.36-152-soc-qcom-ice-Fix-race-between-qcom_ice_probe-.patch + patches.kernel.org/6.18.36-153-mm-memory-failure-fix-hugetlb_lock-AA-deadloc.patch + patches.kernel.org/6.18.36-154-accel-ivpu-Add-bounds-checks-for-firmware-log.patch + patches.kernel.org/6.18.36-155-accel-ivpu-Add-buffer-overflow-check-in-MS-ge.patch + patches.kernel.org/6.18.36-156-accel-ivpu-Fix-signed-integer-truncation-in-I.patch + patches.kernel.org/6.18.36-157-tracing-Fix-CFI-violation-in-probestub-being-.patch + patches.kernel.org/6.18.36-158-tracing-probes-Point-the-error-offset-correct.patch + patches.kernel.org/6.18.36-159-rust-x86-support-Rust-1.98.0-target-spec.patch + patches.kernel.org/6.18.36-160-ARM-Do-not-select-HAVE_RUST-when-KASAN-is-ena.patch + patches.kernel.org/6.18.36-161-rust-arm64-set-uwtable-llvm-module-flag-for-C.patch + patches.kernel.org/6.18.36-162-rust-kasan-kbuild-fix-rustc-option-when-cross.patch + patches.kernel.org/6.18.36-163-mmc-litex_mmc-Use-DIV_ROUND_UP-for-more-accur.patch + patches.kernel.org/6.18.36-164-mshv-add-a-missing-padding-field.patch + patches.kernel.org/6.18.36-165-KVM-Don-t-WARN-if-memory-is-dirtied-without-a.patch + patches.kernel.org/6.18.36-166-KVM-SEV-Decouple-the-need-to-sync-the-GHCB-SA.patch + patches.kernel.org/6.18.36-167-KVM-arm64-Restore-POR_EL0-access-to-host-EL0.patch + patches.kernel.org/6.18.36-168-drm-i915-gem-Fix-phys-BO-pread-pwrite-with-of.patch + patches.kernel.org/6.18.36-169-hv_netvsc-use-kmap_local_page-in-netvsc_copy_.patch + patches.kernel.org/6.18.36-170-ksmbd-fix-use-after-free-of-a-deferred-file_l.patch + patches.kernel.org/6.18.36-171-xfrm-espintcp-do-not-reuse-an-in-progress-par.patch + patches.kernel.org/6.18.36-172-xfrm-iptfs-preserve-shared-frag-marker-in-ipt.patch + patches.kernel.org/6.18.36-173-xfrm-iptfs-fix-ABBA-deadlock-in-iptfs_destroy.patch + patches.kernel.org/6.18.36-174-USB-serial-io_ti-fix-heap-overflow-in-get_man.patch + patches.kernel.org/6.18.36-175-USB-serial-io_ti-fix-heap-overflow-in-build_i.patch + patches.kernel.org/6.18.36-176-USB-serial-option-add-usb-id-for-Dell-Wireles.patch + patches.kernel.org/6.18.36-177-USB-serial-kl5kusb105-fix-bulk-out-buffer-ove.patch + patches.kernel.org/6.18.36-178-ALSA-timer-Forcibly-close-timer-instances-at-.patch + patches.kernel.org/6.18.36-179-ALSA-timer-Fix-UAF-at-snd_timer_user_params.patch + patches.kernel.org/6.18.36-180-io_uring-net-inherit-IORING_CQE_F_BUF_MORE-ac.patch + patches.kernel.org/6.18.36-181-drm-virtio-fix-dma_fence-refcount-leak-on-err.patch + patches.kernel.org/6.18.36-182-drm-amd-display-Reject-gpio_bitshift-32-in-bi.patch + patches.kernel.org/6.18.36-183-mm-huge_memory-update-file-PMD-counter-before.patch + patches.kernel.org/6.18.36-184-mm-damon-ops-common-call-folio_test_lru-after.patch + patches.kernel.org/6.18.36-185-mm-huge_memory-update-file-PUD-counter-before.patch + patches.kernel.org/6.18.36-186-RDMA-core-Validate-the-passed-in-fops-for-ib_.patch + patches.kernel.org/6.18.36-187-RDMA-core-Validate-cpu_id-against-nr_cpu_ids-.patch + patches.kernel.org/6.18.36-188-RDMA-srp-bound-SRP_RSP-sense-copy-by-the-rece.patch + patches.kernel.org/6.18.36-189-zram-fix-use-after-free-in-zram_bvec_write_pa.patch + patches.kernel.org/6.18.36-190-udp-clear-skb-dev-before-running-a-sockmap-ve.patch + patches.kernel.org/6.18.36-191-ARM-socfpga-Fix-OF-node-refcount-leak-in-SMP-.patch + patches.kernel.org/6.18.36-192-ARM-9474-1-io-avoid-KASAN-instrumentation-of-.patch + patches.kernel.org/6.18.36-193-ARM-9475-1-entry-use-byte-load-for-KASAN-VMAP.patch + patches.kernel.org/6.18.36-194-arm64-mm-call-pagetable-dtor-when-freeing-hot.patch + patches.kernel.org/6.18.36-195-mptcp-fix-retransmission-loop-when-csum-is-en.patch + patches.kernel.org/6.18.36-196-mptcp-close-TOCTOU-race-while-computing-rcv_w.patch + patches.kernel.org/6.18.36-197-mptcp-allow-subflow-rcv-wnd-to-shrink.patch + patches.kernel.org/6.18.36-198-mptcp-pm-fix-extra_subflows-underflow-on-user.patch + patches.kernel.org/6.18.36-199-mptcp-sockopt-check-timestamping-ret-value.patch + patches.kernel.org/6.18.36-200-mptcp-sockopt-set-sockopt-on-all-subflows.patch + patches.kernel.org/6.18.36-201-selftests-mptcp-add-test-for-extra_subflows-u.patch + patches.kernel.org/6.18.36-202-mptcp-add-addr-always-drop-other-suboptions.patch + patches.kernel.org/6.18.36-203-xfs-fix-error-returns-in-CoW-fork-repair.patch + patches.kernel.org/6.18.36-204-xfs-fix-rtgroup-cleanup-in-CoW-fork-repair.patch + patches.kernel.org/6.18.36-205-wifi-iwlwifi-pcie-simplify-the-resume-flow-if.patch + patches.kernel.org/6.18.36-206-wifi-nl80211-reject-oversized-EMA-RNR-lists.patch + patches.kernel.org/6.18.36-207-vsock-vmci-fix-sk_ack_backlog-leak-on-failed-.patch + patches.kernel.org/6.18.36-208-timers-migration-Fix-livelock-in-tmigr_handle.patch + patches.kernel.org/6.18.36-209-staging-rtl8723bs-fix-buffer-over-read-in-rtw.patch + patches.kernel.org/6.18.36-210-ASoC-fsl_sai-Fix-32-slots-TDM-broken-by-integ.patch + patches.kernel.org/6.18.36-211-bnxt_en-Fix-NULL-pointer-dereference.patch + patches.kernel.org/6.18.36-212-fhandle-fix-UAF-due-to-unlocked-mnt_ns-read-i.patch + patches.kernel.org/6.18.36-213-IB-isert-Reject-login-PDUs-shorter-than-ISER_.patch + patches.kernel.org/6.18.36-214-inet-frags-fix-use-after-free-caused-by-the-f.patch + patches.kernel.org/6.18.36-215-pidfd-refuse-access-to-tasks-that-have-starte.patch + patches.kernel.org/6.18.36-216-fs-qnx6-fix-pointer-arithmetic-in-directory-i.patch + patches.kernel.org/6.18.36-217-fuse-reject-fuse_notify-pagecache-ops-on-dire.patch + patches.kernel.org/6.18.36-218-fuse-limit-FUSE_NOTIFY_RETRIEVE-to-uptodate-f.patch + patches.kernel.org/6.18.36-219-futex-requeue-Prevent-NULL-pointer-dereferenc.patch + patches.kernel.org/6.18.36-220-i2c-imx-lpi2c-fix-resource-leaks-switching-to.patch + patches.kernel.org/6.18.36-221-i2c-imx-fix-clock-and-pinctrl-state-inconsist.patch + patches.kernel.org/6.18.36-222-i2c-qcom-cci-Fix-NULL-pointer-dereference-in-.patch + patches.kernel.org/6.18.36-223-i2c-stm32f7-fix-timing-computation-ignoring-i.patch + patches.kernel.org/6.18.36-224-i2c-tegra-Fix-NOIRQ-suspend-resume.patch + patches.kernel.org/6.18.36-225-Input-atkbd-add-DMI-quirk-for-Lenovo-Yoga-Air.patch + patches.kernel.org/6.18.36-226-Input-atkbd-skip-deactivate-for-HONOR-BCC-N-s.patch + patches.kernel.org/6.18.36-227-iommu-dma-Do-not-try-to-iommu_map-a-0-length-.patch + patches.kernel.org/6.18.36-228-ipc-shm-serialize-orphan-cleanup-with-shm_nat.patch + patches.kernel.org/6.18.36-229-locking-rtmutex-Skip-remove_waiter-when-waite.patch + patches.kernel.org/6.18.36-230-memcg-use-round-robin-victim-selection-in-ref.patch + patches.kernel.org/6.18.36-231-misc-fastrpc-fix-use-after-free-of-fastrpc_us.patch + patches.kernel.org/6.18.36-232-misc-fastrpc-fix-use-after-free-race-in-fastr.patch + patches.kernel.org/6.18.36-233-misc-fastrpc-fix-DMA-address-corruption-due-t.patch + patches.kernel.org/6.18.36-234-misc-fastrpc-Fix-NULL-pointer-dereference-in-.patch + patches.kernel.org/6.18.36-235-firmware-samsung-acpm-Fix-mailbox-channel-lea.patch + patches.kernel.org/6.18.36-236-net-mlx5-Reorder-completion-before-putting-co.patch + patches.kernel.org/6.18.36-237-net-airoha-Add-NULL-check-for-of_reserved_mem.patch + patches.kernel.org/6.18.36-238-net-bonding-fix-NULL-pointer-dereference-in-b.patch + patches.kernel.org/6.18.36-239-net-mv643xx-fix-OF-node-refcount.patch + patches.kernel.org/6.18.36-240-net-phonet-free-phonet_device-after-RCU-grace.patch + patches.kernel.org/6.18.36-241-net-rds-clear-i_sends-on-setup-unwind.patch + patches.kernel.org/6.18.36-242-net-sfp-initialize-i2c_block_size-at-adapter-.patch + patches.kernel.org/6.18.36-243-nvmem-core-fix-use-after-free-bugs-in-error-p.patch + patches.kernel.org/6.18.36-244-nvmem-layouts-onie-tlv-fix-hang-on-unknown-ty.patch + patches.kernel.org/6.18.36-245-octeontx2-af-fix-memory-leak-in-rvu_setup_hw_.patch + patches.kernel.org/6.18.36-246-pinctrl-mcp23s08-Read-spi-present-mask-as-u8-.patch + patches.kernel.org/6.18.36-247-io_uring-kbuf-don-t-truncate-end-buffer-for-b.patch + patches.kernel.org/6.18.36-248-io_uring-wait-fix-min_timeout-behavior.patch + patches.kernel.org/6.18.36-249-mm-cma-fix-reserved-page-leak-on-activation-f.patch + patches.kernel.org/6.18.36-250-mm-cma_debug-fix-invalid-accesses-for-inactiv.patch + patches.kernel.org/6.18.36-251-mm-damon-lru_sort-handle-ctx-allocation-failu.patch + patches.kernel.org/6.18.36-252-mm-damon-reclaim-handle-ctx-allocation-failur.patch + patches.kernel.org/6.18.36-253-mm-hugetlb-avoid-false-positive-lockdep-asser.patch + patches.kernel.org/6.18.36-254-mm-hugetlb-restore-reservation-on-error-in-hu.patch + patches.kernel.org/6.18.36-255-mm-list_lru-drain-before-clearing-xarray-entr.patch + patches.kernel.org/6.18.36-256-mm-mincore-handle-non-swap-entries-before-CON.patch + patches.kernel.org/6.18.36-257-mmc-core-Fix-host-controller-programming-for-.patch + patches.kernel.org/6.18.36-258-mmc-dw_mmc-rockchip-Add-missing-private-data-.patch + patches.kernel.org/6.18.36-259-mmc-litex_mmc-Set-mandatory-idle-clocks-befor.patch + patches.kernel.org/6.18.36-260-mmc-renesas_sdhi-Add-OF-entry-for-RZ-G2H-SoC.patch + patches.kernel.org/6.18.36-261-mmc-sdhci-add-signal-voltage-switch-in-sdhci_.patch + patches.kernel.org/6.18.36-262-pmdomain-imx-fix-OF-node-refcount.patch + patches.kernel.org/6.18.36-263-pmdomain-ti_sci-add-wakeup-constraint-to-pare.patch + patches.kernel.org/6.18.36-264-rtase-Avoid-sleeping-in-get_stats64.patch + patches.kernel.org/6.18.36-265-rtase-Reset-TX-subqueue-when-clearing-TX-ring.patch + patches.kernel.org/6.18.36-266-rxrpc-Fix-the-ACK-parser-to-extract-the-SACK-.patch + patches.kernel.org/6.18.36-267-sctp-diag-reject-stale-associations-in-dump_o.patch + patches.kernel.org/6.18.36-268-sctp-stream-fully-roll-back-denied-add-stream.patch + patches.kernel.org/6.18.36-269-thunderbolt-Reject-zero-length-property-entri.patch + patches.kernel.org/6.18.36-270-thunderbolt-Bound-root-directory-content-to-b.patch + patches.kernel.org/6.18.36-271-thunderbolt-Clamp-XDomain-response-data-copy-.patch + patches.kernel.org/6.18.36-272-thunderbolt-Validate-XDomain-request-packet-s.patch + patches.kernel.org/6.18.36-273-thunderbolt-Limit-XDomain-response-copy-to-ac.patch + patches.kernel.org/6.18.36-274-slimbus-qcom-ngd-ctrl-fix-OF-node-refcount.patch + patches.kernel.org/6.18.36-275-slimbus-qcom-ngd-ctrl-Fix-up-platform_driver-.patch + patches.kernel.org/6.18.36-276-slimbus-qcom-ngd-ctrl-Fix-probe-error-path-or.patch + patches.kernel.org/6.18.36-277-slimbus-qcom-ngd-ctrl-Register-callbacks-afte.patch + patches.kernel.org/6.18.36-278-slimbus-qcom-ngd-ctrl-Initialize-controller-r.patch + patches.kernel.org/6.18.36-279-slimbus-qcom-ngd-ctrl-Correct-PDR-and-SSR-cle.patch + patches.kernel.org/6.18.36-280-slimbus-qcom-ngd-ctrl-Balance-pm_runtime-enab.patch + patches.kernel.org/6.18.36-281-slimbus-qcom-ngd-ctrl-Avoid-ABBA-on-tx_lock-c.patch + patches.kernel.org/6.18.36-282-drm-gem-Try-to-fix-change_handle-ioctl-attemp.patch + patches.kernel.org/6.18.36-283-drm-amdkfd-fix-NULL-dereference-in-get_queue_.patch + patches.kernel.org/6.18.36-284-drm-amdkfd-Fix-buffer-overflow-in-SDMA-queue-.patch + patches.kernel.org/6.18.36-285-drm-xe-display-fix-oops-in-suspend-shutdown-w.patch + patches.kernel.org/6.18.36-286-drm-xe-Clear-pending_disable-before-signaling.patch + patches.kernel.org/6.18.36-287-drm-v3d-Wait-for-pending-L2T-flush-before-cle.patch + patches.kernel.org/6.18.36-288-drm-v3d-Fix-global-performance-monitor-refere.patch + patches.kernel.org/6.18.36-289-drm-v3d-Fix-vaddr-leak-when-indirect-CSD-has-.patch + patches.kernel.org/6.18.36-290-drm-v3d-Skip-CSD-when-it-has-zeroed-workgroup.patch + patches.kernel.org/6.18.36-291-drm-amdgpu-fix-waiting-for-all-submissions-fo.patch + patches.kernel.org/6.18.36-292-drm-amdgpu-restart-the-CS-if-some-parts-of-th.patch + patches.kernel.org/6.18.36-293-drm-amdgpu-set-noretry-1-as-default-for-GFX-1.patch + patches.kernel.org/6.18.36-294-drm-amd-pm-fix-smu13-power-limit-default-cap-.patch + patches.kernel.org/6.18.36-295-drm-amd-pm-mark-metrics.energy_accumulator-is.patch + patches.kernel.org/6.18.36-296-drm-amd-pm-smu_v14_0_0-use-SoftMin-for-gfxclk.patch + patches.kernel.org/6.18.36-297-drm-amd-display-Bound-VBIOS-record-chain-walk.patch + patches.kernel.org/6.18.36-298-drm-amd-display-Clamp-HDMI-HDCP2-rx_id_list-r.patch + patches.kernel.org/6.18.36-299-drm-amd-display-Clamp-VBIOS-HDMI-retimer-regi.patch + patches.kernel.org/6.18.36-300-drm-amd-display-add-missing-CSC-entries-for-B.patch + patches.kernel.org/6.18.36-301-drm-amd-display-Fix-NULL-deref-and-buffer-ove.patch + patches.kernel.org/6.18.36-302-drm-amd-display-Fix-out-of-bounds-read-in-dp_.patch + patches.kernel.org/6.18.36-303-drm-amd-display-Use-krealloc_array-in-dal_vec.patch + patches.kernel.org/6.18.36-304-fs-fcntl-fix-SOFTIRQ-unsafe-lock-order-in-fas.patch + patches.kernel.org/6.18.36-305-driver-core-reject-devices-with-unregistered-.patch + patches.kernel.org/6.18.36-306-wifi-mac80211-skip-ieee80211_verify_sta_ht_mc.patch + patches.kernel.org/6.18.36-307-wifi-mac80211-tests-mark-HT-check-strict.patch + patches.kernel.org/6.18.36-308-sched_ext-Don-t-warn-on-NULL-cgrp_moving_from.patch + patches.kernel.org/6.18.36-309-RDMA-umem-Add-ib_umem_dmabuf_get_pinned_and_l.patch + patches.kernel.org/6.18.36-310-RDMA-umem-Move-umem-dmabuf-revoke-logic-into-.patch + patches.kernel.org/6.18.36-311-RDMA-umem-Add-helpers-for-umem-dmabuf-revoke-.patch + patches.kernel.org/6.18.36-312-RDMA-During-rereg_mr-ensure-that-REREG_ACCESS.patch + patches.kernel.org/6.18.36-313-netfilter-nft_fib-fix-stale-stack-leak-via-th.patch + patches.kernel.org/6.18.36-314-RDMA-umem-fix-kernel-doc-warnings.patch + patches.kernel.org/6.18.36-315-RDMA-Move-DMA-block-iterator-logic-into-dedic.patch + patches.kernel.org/6.18.36-316-RDMA-umem-Fix-truncation-for-block-sizes-4G.patch + patches.kernel.org/6.18.36-317-ipvs-skip-ipv6-extension-headers-for-csum-che.patch + patches.kernel.org/6.18.36-318-vsock-virtio-fix-potential-unbounded-skb-queu.patch + patches.kernel.org/6.18.36-319-vsock-virtio-fix-skb-overhead-accounting-to-p.patch + patches.kernel.org/6.18.36-320-arm64-cputype-Add-C1-Ultra-definitions.patch + patches.kernel.org/6.18.36-321-arm64-cputype-Add-C1-Premium-definitions.patch + patches.kernel.org/6.18.36-322-arm64-errata-Mitigate-TLBI-errata-on-various-.patch + patches.kernel.org/6.18.36-323-arm64-errata-Mitigate-TLBI-errata-on-NVIDIA-O.patch + patches.kernel.org/6.18.36-324-arm64-errata-Mitigate-TLBI-errata-on-Microsof.patch + patches.kernel.org/6.18.36-325-block-fix-handling-of-dead-zone-write-plugs.patch + patches.kernel.org/6.18.36-326-vsock-virtio-fix-skb-overhead-overflow-on-32-.patch + patches.kernel.org/6.18.36-327-cfi-Include-uaccess.h-for-get_kernel_nofault.patch + patches.kernel.org/6.18.36-328-netfilter-require-Ethernet-MAC-header-before-.patch + patches.kernel.org/6.18.36-329-Linux-6.18.36.patch + patches.kernel.org/Revert-ALSA-timer-Fix-UAF-at-snd_timer_user_params.patch + patches.kernel.org/ksmbd-fix-use-after-free-of-a-deferred-file_lock-on-SMB2_C.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -8053,6 +8383,11 @@ ######################################################## patches.suse/drm-i915-xe-fbdev-add-intel_fbdev_fb_pitch_align.patch patches.suse/ASoC-Intel-sof_sdw-shift-SSP-BT-mask-bits.patch + + # jj/linux-apparmor apparmor-next + patches.suse/apparmor-don-t-audit-files-pointing-to-aa_null.dentr.patch + patches.suse/apparmor-fix-uninitialised-pointer-passed-to-audit_l.patch + patches.suse/apparmor-fix-use-after-free-in-rawdata-dedup-loop.patch ######################################################## # end of sorted patches ######################################################## ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.6uYvt0/_old 2026-06-23 17:35:37.923332395 +0200 +++ /var/tmp/diff_new_pack.6uYvt0/_new 2026-06-23 17:35:37.927332535 +0200 @@ -1,4 +1,4 @@ -2026-06-09 12:49:46 +0000 -GIT Revision: b68d89fcaab0ef13a033c79334d818b3c93ec28b +2026-06-19 23:56:49 +0000 +GIT Revision: f573e534b534c47ff97ca7f1f5a4e1bfbc0a75ab GIT Branch: slowroll
