Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2026-05-06 19:18:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new.30200 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Wed May 6 19:18:04 2026 rev:838 rq:1350603 version:7.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2026-04-30 20:26:26.093087654 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new.30200/dtb-aarch64.changes 2026-05-06 19:19:22.172725020 +0200 @@ -1,0 +2,202 @@ +Thu Apr 30 12:33:22 CEST 2026 - [email protected] + +- Update + patches.kernel.org/7.0.1-001-nfc-llcp-add-missing-return-after-LLCP_CLOSED-c.patch + (bsc#1012628 CVE-2026-31629). +- Update + patches.kernel.org/7.0.1-002-x86-CPU-Fix-FPDSS-on-Zen1.patch + (bsc#1012628 CVE-2026-31628). +- Update + patches.kernel.org/7.0.1-003-can-raw-fix-ro-uniq-use-after-free-in-raw_rcv.patch + (bsc#1012628 CVE-2026-31532 bsc#1262757). +- Update + patches.kernel.org/7.0.1-004-i2c-s3c24xx-check-the-size-of-the-SMBUS-message.patch + (bsc#1012628 CVE-2026-31627). +- Update + patches.kernel.org/7.0.1-005-staging-rtl8723bs-initialize-le_tmp64-in-rtw_BI.patch + (bsc#1012628 CVE-2026-31626). +- Update + patches.kernel.org/7.0.1-006-HID-alps-fix-NULL-pointer-dereference-in-alps_r.patch + (bsc#1012628 CVE-2026-31625 bsc#1263030). +- Update + patches.kernel.org/7.0.1-007-HID-core-clamp-report_size-in-s32ton-to-avoid-u.patch + (bsc#1012628 CVE-2026-31624 bsc#1263657). +- Update + patches.kernel.org/7.0.1-008-net-usb-cdc-phonet-fix-skb-frags-overflow-in-rx.patch + (bsc#1012628 CVE-2026-31623). +- Update + patches.kernel.org/7.0.1-009-NFC-digital-Bounds-check-NFC-A-cascade-depth-in.patch + (bsc#1012628 CVE-2026-31622). +- Update + patches.kernel.org/7.0.1-011-bnge-return-after-auxiliary_device_uninit-in-er.patch + (bsc#1012628 CVE-2026-31621). +- Update + patches.kernel.org/7.0.1-012-ALSA-usx2y-us144mkii-fix-NULL-deref-on-missing-.patch + (bsc#1012628 CVE-2026-31620 bsc#1263029). +- Update + patches.kernel.org/7.0.1-013-ALSA-fireworks-bound-device-supplied-status-bef.patch + (bsc#1012628 CVE-2026-31619). +- Update + patches.kernel.org/7.0.1-014-fbdev-tdfxfb-avoid-divide-by-zero-on-FBIOPUT_VS.patch + (bsc#1012628 CVE-2026-31618). +- Update + patches.kernel.org/7.0.1-015-usb-gadget-f_ncm-validate-minimum-block_len-in-.patch + (bsc#1012628 CVE-2026-31617). +- Update + patches.kernel.org/7.0.1-016-usb-gadget-f_phonet-fix-skb-frags-overflow-in-p.patch + (bsc#1012628 CVE-2026-31616). +- Update + patches.kernel.org/7.0.1-017-usb-gadget-renesas_usb3-validate-endpoint-index.patch + (bsc#1012628 CVE-2026-31615). +- Update + patches.kernel.org/7.0.1-018-smb-client-fix-off-by-8-bounds-check-in-check_w.patch + (bsc#1012628 CVE-2026-31614). +- Update + patches.kernel.org/7.0.1-019-smb-client-fix-OOB-reads-parsing-symlink-error-.patch + (bsc#1012628 CVE-2026-31613). +- Update + patches.kernel.org/7.0.1-020-ksmbd-validate-EaNameLength-in-smb2_get_ea.patch + (bsc#1012628 CVE-2026-31612). +- Update + patches.kernel.org/7.0.1-021-ksmbd-require-3-sub-authorities-before-reading-.patch + (bsc#1012628 CVE-2026-31611). +- Update + patches.kernel.org/7.0.1-022-ksmbd-fix-mechToken-leak-when-SPNEGO-decode-fai.patch + (bsc#1012628 CVE-2026-31610 bsc#1263046). +- Update + patches.kernel.org/7.0.1-023-smb-client-avoid-double-free-in-smbd_free_send_.patch + (bsc#1012628 CVE-2026-31609 bsc#1263663). +- Update + patches.kernel.org/7.0.1-024-smb-server-avoid-double-free-in-smb_direct_free.patch + (bsc#1012628 CVE-2026-31608 bsc#1263664). +- Update + patches.kernel.org/7.0.1-025-usbip-validate-number_of_packets-in-usbip_pack_.patch + (bsc#1012628 CVE-2026-31607 bsc#1263600). +- Update + patches.kernel.org/7.0.1-029-usb-gadget-f_hid-don-t-call-cdev_init-while-cde.patch + (bsc#1012628 CVE-2026-31606 bsc#1263591). +- Update + patches.kernel.org/7.0.1-031-fbdev-udlfb-avoid-divide-by-zero-on-FBIOPUT_VSC.patch + (bsc#1012628 CVE-2026-31605 bsc#1263493). +- Update + patches.kernel.org/7.0.1-034-wifi-rtw88-fix-device-leak-on-probe-failure.patch + (bsc#1012628 CVE-2026-31604 bsc#1263045). +- Update + patches.kernel.org/7.0.1-035-staging-sm750fb-fix-division-by-zero-in-ps_to_h.patch + (bsc#1012628 CVE-2026-31603 bsc#1263491). +- Update + patches.kernel.org/7.0.1-040-ALSA-ctxfi-Limit-PTP-to-a-single-page.patch + (bsc#1012628 CVE-2026-31602 bsc#1263723). +- Update + patches.kernel.org/7.0.1-042-vfio-xe-Reorganize-the-init-to-decouple-migrati.patch + (bsc#1012628 CVE-2026-31601 bsc#1263722). +- Update + patches.kernel.org/7.0.1-043-arm64-mm-Handle-invalid-large-leaf-mappings-cor.patch + (bsc#1012628 CVE-2026-31600 bsc#1263721). +- Update + patches.kernel.org/7.0.1-044-media-vidtv-fix-NULL-pointer-dereference-in-vid.patch + (bsc#1012628 CVE-2026-31599 bsc#1263031). +- Update + patches.kernel.org/7.0.1-045-ocfs2-fix-possible-deadlock-between-unlink-and-.patch + (bsc#1012628 CVE-2026-31598 bsc#1263718). +- Update + patches.kernel.org/7.0.1-046-ocfs2-fix-use-after-free-in-ocfs2_fault-when-VM.patch + (bsc#1012628 CVE-2026-31597 bsc#1263717). +- Update + patches.kernel.org/7.0.1-047-ocfs2-handle-invalid-dinode-in-ocfs2_group_exte.patch + (bsc#1012628 CVE-2026-31596 bsc#1263319). +- Update + patches.kernel.org/7.0.1-048-PCI-endpoint-pci-epf-vntb-Stop-cmd_handler-work.patch + (bsc#1012628 CVE-2026-31595 bsc#1263130). +- Update + patches.kernel.org/7.0.1-049-PCI-endpoint-pci-epf-vntb-Remove-duplicate-reso.patch + (bsc#1012628 CVE-2026-31594 bsc#1263129). +- Update + patches.kernel.org/7.0.1-051-KVM-SEV-Reject-attempts-to-sync-VMSA-of-an-alre.patch + (bsc#1012628 CVE-2026-31593 bsc#1263124). +- Update + patches.kernel.org/7.0.1-052-KVM-SEV-Protect-all-of-sev_mem_enc_register_reg.patch + (bsc#1012628 CVE-2026-31592 bsc#1263123). +- Update + patches.kernel.org/7.0.1-054-KVM-SEV-Lock-all-vCPUs-when-synchronzing-VMSAs-.patch + (bsc#1012628 CVE-2026-31591 bsc#1263122). +- Update + patches.kernel.org/7.0.1-055-KVM-SEV-Drop-WARN-on-large-size-for-KVM_MEMORY_.patch + (bsc#1012628 CVE-2026-31590 bsc#1263152). +- Update + patches.kernel.org/7.0.1-056-mm-call-free_folio-directly-in-folio_unmap_inva.patch + (bsc#1012628 CVE-2026-31589 bsc#1263125). +- Update + patches.kernel.org/7.0.1-061-KVM-x86-Use-scratch-field-in-MMIO-fragment-to-h.patch + (bsc#1012628 CVE-2026-31588 bsc#1263165). +- Update + patches.kernel.org/7.0.1-062-ASoC-qcom-q6apm-move-component-registration-to-.patch + (bsc#1012628 CVE-2026-31587 bsc#1263145). +- Update + patches.kernel.org/7.0.1-063-mm-kasan-fix-double-free-for-kasan-pXds.patch + (bsc#1012628 CVE-2026-31686 bsc#1263597). +- Update + patches.kernel.org/7.0.1-064-mm-blk-cgroup-fix-use-after-free-in-cgwb_releas.patch + (bsc#1012628 CVE-2026-31586 bsc#1263176). +- Update + patches.kernel.org/7.0.1-065-media-vidtv-fix-nfeeds-state-corruption-on-star.patch + (bsc#1012628 CVE-2026-31585 bsc#1263134). +- Update + patches.kernel.org/7.0.1-066-media-mediatek-vcodec-fix-use-after-free-in-enc.patch + (bsc#1012628 CVE-2026-31584 bsc#1263180). +- Update + patches.kernel.org/7.0.1-067-media-em28xx-fix-use-after-free-in-em28xx_v4l2_.patch + (bsc#1012628 CVE-2026-31583 bsc#1263173). +- Update + patches.kernel.org/7.0.1-068-hwmon-powerz-Fix-use-after-free-on-USB-disconne.patch + (bsc#1012628 CVE-2026-31582 bsc#1263588). +- Update + patches.kernel.org/7.0.1-069-ALSA-6fire-fix-use-after-free-on-disconnect.patch + (bsc#1012628 CVE-2026-31581 bsc#1263167). +- Update + patches.kernel.org/7.0.1-070-bcache-fix-cached_dev.sb_bio-use-after-free-and.patch + (bsc#1012628 CVE-2026-31580 bsc#1263169). +- Update + patches.kernel.org/7.0.1-071-wireguard-device-use-exit_rtnl-callback-instead.patch + (bsc#1012628 CVE-2026-31579 bsc#1263074). +- Update + patches.kernel.org/7.0.1-072-media-as102-fix-to-not-free-memory-after-the-de.patch + (bsc#1012628 CVE-2026-31578 bsc#1263075). +- Update + patches.kernel.org/7.0.1-073-nilfs2-fix-NULL-i_assoc_inode-dereference-in-ni.patch + (bsc#1012628 CVE-2026-31577 bsc#1263028). +- Update + patches.kernel.org/7.0.1-075-media-hackrf-fix-to-not-free-memory-after-the-d.patch + (bsc#1012628 CVE-2026-31576 bsc#1263073). +- Update + patches.kernel.org/7.0.1-076-mm-userfaultfd-fix-hugetlb-fault-mutex-hash-cal.patch + (bsc#1012628 CVE-2026-31575 bsc#1263067). +- Update + patches.kernel.org/7.0.1-077-clockevents-Add-missing-resets-of-the-next_even.patch + (bsc#1012628 CVE-2026-31574 bsc#1263071). +- Update + patches.kernel.org/7.0.3-001-Buffer-overflow-in-drivers-xen-sys-hypervisor.c.patch + (bsc#1012628 CVE-2026-31786 bsc#1262179). +- Update + patches.kernel.org/7.0.3-002-xen-privcmd-fix-double-free-via-VMA-splitting.patch + (bsc#1012628 CVE-2026-31787 bsc#1262181). + suse-add-cves +- commit 752ba7f + +------------------------------------------------------------------- +Thu Apr 30 12:32:33 CEST 2026 - [email protected] + +- Linux 7.0.3 (bsc#1012628). +- xen/privcmd: fix double free via VMA splitting (bsc#1012628). +- Buffer overflow in drivers/xen/sys-hypervisor.c (bsc#1012628). +- commit 59ed080 + +------------------------------------------------------------------- +Thu Apr 30 09:35:10 CEST 2026 - [email protected] + +- Update config files. Set CONFIG_CRYPTO_BENCHMARK=m on arm (bsc#1247996) + The commit below omitted arm. Set this on arm too. + Fixes: c17c50da0497 ("Update config files (bsc#1247996)") +- commit 086d181 + +------------------------------------------------------------------- dtb-armv6l.changes: same change dtb-armv7l.changes: same change dtb-riscv64.changes: same change kernel-64kb.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-kvmsmall.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.093010036 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.093010036 +0200 @@ -17,7 +17,7 @@ %define srcversion 7.0 -%define patchversion 7.0.2 +%define patchversion 7.0.3 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -25,9 +25,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-aarch64 -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change dtb-riscv64.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.249016461 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.253016625 +0200 @@ -18,8 +18,8 @@ %define srcversion 7.0 -%define patchversion 7.0.2 -%define git_commit 46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +%define patchversion 7.0.3 +%define git_commit c42a7dccc0f3581304983413c6ab8ff601c64c9e %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-64kb -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.341020251 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.341020251 +0200 @@ -17,8 +17,8 @@ %define srcversion 7.0 -%define patchversion 7.0.2 -%define git_commit 46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +%define patchversion 7.0.3 +%define git_commit c42a7dccc0f3581304983413c6ab8ff601c64c9e %define variant %{nil} %define build_html 1 %define build_pdf 0 @@ -28,9 +28,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-docs -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif ++++++ kernel-kvmsmall.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.393022392 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.397022557 +0200 @@ -18,8 +18,8 @@ %define srcversion 7.0 -%define patchversion 7.0.2 -%define git_commit 46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +%define patchversion 7.0.3 +%define git_commit c42a7dccc0f3581304983413c6ab8ff601c64c9e %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-kvmsmall -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.489026346 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.489026346 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 7.0.2 +%define patchversion 7.0.3 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -38,23 +38,23 @@ %endif %endif %endif -%global kernel_package kernel%kernel_flavor-srchash-46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +%global kernel_package kernel%kernel_flavor-srchash-c42a7dccc0f3581304983413c6ab8ff601c64c9e %endif %if 0%{?rhel_version} %global kernel_package kernel %endif Name: kernel-obs-build -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif Summary: package kernel and initrd for OBS VM builds License: GPL-2.0-only Group: SLES -Provides: kernel-obs-build-srchash-46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +Provides: kernel-obs-build-srchash-c42a7dccc0f3581304983413c6ab8ff601c64c9e BuildRequires: coreutils BuildRequires: device-mapper BuildRequires: dracut ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.525027829 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.525027829 +0200 @@ -17,15 +17,15 @@ # needsrootforbuild -%define patchversion 7.0.2 +%define patchversion 7.0.3 %define variant %{nil} %include %_sourcedir/kernel-spec-macros Name: kernel-obs-qa -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif @@ -36,7 +36,7 @@ # kernel-obs-build must be also configured as VMinstall, but is required # here as well to avoid that qa and build package build parallel %if ! 0%{?qemu_user_space_build} -BuildRequires: kernel-obs-build-srchash-46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +BuildRequires: kernel-obs-build-srchash-c42a7dccc0f3581304983413c6ab8ff601c64c9e %endif BuildRequires: modutils ExclusiveArch: aarch64 armv6hl armv7hl ppc64le riscv64 s390x x86_64 ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.565029477 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.565029477 +0200 @@ -18,8 +18,8 @@ %define srcversion 7.0 -%define patchversion 7.0.2 -%define git_commit 46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +%define patchversion 7.0.3 +%define git_commit c42a7dccc0f3581304983413c6ab8ff601c64c9e %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-pae -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.605031124 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.605031124 +0200 @@ -17,8 +17,8 @@ %define srcversion 7.0 -%define patchversion 7.0.2 -%define git_commit 46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +%define patchversion 7.0.3 +%define git_commit c42a7dccc0f3581304983413c6ab8ff601c64c9e %define variant %{nil} %define gcc_package gcc %define gcc_compiler gcc @@ -28,9 +28,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-source -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.641032606 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.645032772 +0200 @@ -16,15 +16,15 @@ # -%define git_commit 46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +%define git_commit c42a7dccc0f3581304983413c6ab8ff601c64c9e %define variant %{nil} %include %_sourcedir/kernel-spec-macros Name: kernel-syms -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.681034254 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.681034254 +0200 @@ -18,8 +18,8 @@ %define srcversion 7.0 -%define patchversion 7.0.2 -%define git_commit 46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +%define patchversion 7.0.3 +%define git_commit c42a7dccc0f3581304983413c6ab8ff601c64c9e %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-vanilla -Version: 7.0.2 +Version: 7.0.3 %if 0%{?is_kotd} -Release: <RELEASE>.g46da294 +Release: <RELEASE>.gc42a7dc %else Release: 0 %endif kernel-zfcpdump.spec: same change ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:29.897043151 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:29.901043315 +0200 @@ -1,6 +1,6 @@ -mtime: 1777350522 -commit: 17ea0990f4f3a1433c5eb791dffd75a95d624c6a432ce8f4647f7290d498d634 -url: https://src.opensuse.org/jirislaby/kernel-source -revision: 17ea0990f4f3a1433c5eb791dffd75a95d624c6a432ce8f4647f7290d498d634 +mtime: 1777701897 +commit: 5460966a0032454f35820e197e384466fe979b14d875ec3b496ba177a50317b5 +url: https://src.opensuse.org/kernelbugs/kernel-source +revision: 5460966a0032454f35820e197e384466fe979b14d875ec3b496ba177a50317b5 trackingbranch: Kernel/stable ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-02 08:04:57.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/arm64/default new/config/arm64/default --- old/config/arm64/default 2026-04-23 13:47:57.000000000 +0200 +++ new/config/arm64/default 2026-04-30 09:35:10.000000000 +0200 @@ -14325,7 +14325,7 @@ CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_KRB5ENC=m -# CONFIG_CRYPTO_BENCHMARK is not set +CONFIG_CRYPTO_BENCHMARK=m CONFIG_CRYPTO_ENGINE=m # end of Crypto core or helper diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv6hl/default new/config/armv6hl/default --- old/config/armv6hl/default 2026-04-23 13:47:57.000000000 +0200 +++ new/config/armv6hl/default 2026-04-30 09:35:10.000000000 +0200 @@ -9230,7 +9230,7 @@ CONFIG_CRYPTO_CRYPTD=m CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_KRB5ENC=m -# CONFIG_CRYPTO_BENCHMARK is not set +CONFIG_CRYPTO_BENCHMARK=m CONFIG_CRYPTO_ENGINE=m # end of Crypto core or helper diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/default new/config/armv7hl/default --- old/config/armv7hl/default 2026-04-23 13:47:57.000000000 +0200 +++ new/config/armv7hl/default 2026-04-30 09:35:10.000000000 +0200 @@ -13125,7 +13125,7 @@ CONFIG_CRYPTO_CRYPTD=y CONFIG_CRYPTO_AUTHENC=m CONFIG_CRYPTO_KRB5ENC=m -# CONFIG_CRYPTO_BENCHMARK is not set +CONFIG_CRYPTO_BENCHMARK=m CONFIG_CRYPTO_ENGINE=m # end of Crypto core or helper ++++++ patches.kernel.org.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-001-nfc-llcp-add-missing-return-after-LLCP_CLOSED-c.patch new/patches.kernel.org/7.0.1-001-nfc-llcp-add-missing-return-after-LLCP_CLOSED-c.patch --- old/patches.kernel.org/7.0.1-001-nfc-llcp-add-missing-return-after-LLCP_CLOSED-c.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-001-nfc-llcp-add-missing-return-after-LLCP_CLOSED-c.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Junxi Qian <[email protected]> Date: Wed, 8 Apr 2026 16:10:06 +0800 Subject: [PATCH] nfc: llcp: add missing return after LLCP_CLOSED checks -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31629 Patch-mainline: 7.0.1 Git-commit: 2b5dd4632966c39da6ba74dbc8689b309065e82c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-002-x86-CPU-Fix-FPDSS-on-Zen1.patch new/patches.kernel.org/7.0.1-002-x86-CPU-Fix-FPDSS-on-Zen1.patch --- old/patches.kernel.org/7.0.1-002-x86-CPU-Fix-FPDSS-on-Zen1.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-002-x86-CPU-Fix-FPDSS-on-Zen1.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: "Borislav Petkov (AMD)" <[email protected]> Date: Tue, 7 Apr 2026 11:40:03 +0200 Subject: [PATCH] x86/CPU: Fix FPDSS on Zen1 -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31628 Patch-mainline: 7.0.1 Git-commit: e55d98e7756135f32150b9b8f75d580d0d4b2dd3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-003-can-raw-fix-ro-uniq-use-after-free-in-raw_rcv.patch new/patches.kernel.org/7.0.1-003-can-raw-fix-ro-uniq-use-after-free-in-raw_rcv.patch --- old/patches.kernel.org/7.0.1-003-can-raw-fix-ro-uniq-use-after-free-in-raw_rcv.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-003-can-raw-fix-ro-uniq-use-after-free-in-raw_rcv.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Samuel Page <[email protected]> Date: Wed, 8 Apr 2026 15:30:13 +0100 Subject: [PATCH] can: raw: fix ro->uniq use-after-free in raw_rcv() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31532 bsc#1262757 Patch-mainline: 7.0.1 Git-commit: a535a9217ca3f2fccedaafb2fddb4c48f27d36dc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-004-i2c-s3c24xx-check-the-size-of-the-SMBUS-message.patch new/patches.kernel.org/7.0.1-004-i2c-s3c24xx-check-the-size-of-the-SMBUS-message.patch --- old/patches.kernel.org/7.0.1-004-i2c-s3c24xx-check-the-size-of-the-SMBUS-message.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-004-i2c-s3c24xx-check-the-size-of-the-SMBUS-message.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Mon, 23 Feb 2026 18:05:15 +0100 Subject: [PATCH] i2c: s3c24xx: check the size of the SMBUS message before using it -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31627 Patch-mainline: 7.0.1 Git-commit: c0128c7157d639a931353ea344fb44aad6d6e17a diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-005-staging-rtl8723bs-initialize-le_tmp64-in-rtw_BI.patch new/patches.kernel.org/7.0.1-005-staging-rtl8723bs-initialize-le_tmp64-in-rtw_BI.patch --- old/patches.kernel.org/7.0.1-005-staging-rtl8723bs-initialize-le_tmp64-in-rtw_BI.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-005-staging-rtl8723bs-initialize-le_tmp64-in-rtw_BI.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Lin YuChen <[email protected]> Date: Sat, 21 Mar 2026 01:25:02 +0800 Subject: [PATCH] staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31626 Patch-mainline: 7.0.1 Git-commit: 8c964b82a4e97ec7f25e17b803ee196009b38a57 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-006-HID-alps-fix-NULL-pointer-dereference-in-alps_r.patch new/patches.kernel.org/7.0.1-006-HID-alps-fix-NULL-pointer-dereference-in-alps_r.patch --- old/patches.kernel.org/7.0.1-006-HID-alps-fix-NULL-pointer-dereference-in-alps_r.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-006-HID-alps-fix-NULL-pointer-dereference-in-alps_r.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Mon, 6 Apr 2026 16:03:25 +0200 Subject: [PATCH] HID: alps: fix NULL pointer dereference in alps_raw_event() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31625 bsc#1263030 Patch-mainline: 7.0.1 Git-commit: 1badfc4319224820d5d890f8eab6aa52e4e83339 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-007-HID-core-clamp-report_size-in-s32ton-to-avoid-u.patch new/patches.kernel.org/7.0.1-007-HID-core-clamp-report_size-in-s32ton-to-avoid-u.patch --- old/patches.kernel.org/7.0.1-007-HID-core-clamp-report_size-in-s32ton-to-avoid-u.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-007-HID-core-clamp-report_size-in-s32ton-to-avoid-u.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Mon, 6 Apr 2026 16:04:10 +0200 Subject: [PATCH] HID: core: clamp report_size in s32ton() to avoid undefined shift -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31624 bsc#1263657 Patch-mainline: 7.0.1 Git-commit: 69c02ffde6ed4d535fa4e693a9e572729cad3d0d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-008-net-usb-cdc-phonet-fix-skb-frags-overflow-in-rx.patch new/patches.kernel.org/7.0.1-008-net-usb-cdc-phonet-fix-skb-frags-overflow-in-rx.patch --- old/patches.kernel.org/7.0.1-008-net-usb-cdc-phonet-fix-skb-frags-overflow-in-rx.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-008-net-usb-cdc-phonet-fix-skb-frags-overflow-in-rx.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Sat, 11 Apr 2026 13:01:35 +0200 Subject: [PATCH] net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31623 Patch-mainline: 7.0.1 Git-commit: 600dc40554dc5ad1e6f3af51f700228033f43ea7 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-009-NFC-digital-Bounds-check-NFC-A-cascade-depth-in.patch new/patches.kernel.org/7.0.1-009-NFC-digital-Bounds-check-NFC-A-cascade-depth-in.patch --- old/patches.kernel.org/7.0.1-009-NFC-digital-Bounds-check-NFC-A-cascade-depth-in.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-009-NFC-digital-Bounds-check-NFC-A-cascade-depth-in.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Thu, 9 Apr 2026 17:18:14 +0200 Subject: [PATCH] NFC: digital: Bounds check NFC-A cascade depth in SDD response handler -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31622 Patch-mainline: 7.0.1 Git-commit: 46ce8be2ced389bccd84bcc04a12cf2f4d0c22d1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-011-bnge-return-after-auxiliary_device_uninit-in-er.patch new/patches.kernel.org/7.0.1-011-bnge-return-after-auxiliary_device_uninit-in-er.patch --- old/patches.kernel.org/7.0.1-011-bnge-return-after-auxiliary_device_uninit-in-er.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-011-bnge-return-after-auxiliary_device_uninit-in-er.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Sat, 11 Apr 2026 12:45:25 +0200 Subject: [PATCH] bnge: return after auxiliary_device_uninit() in error path -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31621 Patch-mainline: 7.0.1 Git-commit: 8b0c25528cb64f71a73b5c0d49cbbcb68540a4ce diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-012-ALSA-usx2y-us144mkii-fix-NULL-deref-on-missing-.patch new/patches.kernel.org/7.0.1-012-ALSA-usx2y-us144mkii-fix-NULL-deref-on-missing-.patch --- old/patches.kernel.org/7.0.1-012-ALSA-usx2y-us144mkii-fix-NULL-deref-on-missing-.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-012-ALSA-usx2y-us144mkii-fix-NULL-deref-on-missing-.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Thu, 9 Apr 2026 16:01:56 +0200 Subject: [PATCH] ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31620 bsc#1263029 Patch-mainline: 7.0.1 Git-commit: 48bd344e1040b9f2eb512be73c13f5db83efc191 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-013-ALSA-fireworks-bound-device-supplied-status-bef.patch new/patches.kernel.org/7.0.1-013-ALSA-fireworks-bound-device-supplied-status-bef.patch --- old/patches.kernel.org/7.0.1-013-ALSA-fireworks-bound-device-supplied-status-bef.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-013-ALSA-fireworks-bound-device-supplied-status-bef.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Thu, 9 Apr 2026 16:05:54 +0200 Subject: [PATCH] ALSA: fireworks: bound device-supplied status before string array lookup -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31619 Patch-mainline: 7.0.1 Git-commit: 07704bbf36f57e4379e4cadf96410dab14621e3b diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-014-fbdev-tdfxfb-avoid-divide-by-zero-on-FBIOPUT_VS.patch new/patches.kernel.org/7.0.1-014-fbdev-tdfxfb-avoid-divide-by-zero-on-FBIOPUT_VS.patch --- old/patches.kernel.org/7.0.1-014-fbdev-tdfxfb-avoid-divide-by-zero-on-FBIOPUT_VS.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-014-fbdev-tdfxfb-avoid-divide-by-zero-on-FBIOPUT_VS.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Thu, 9 Apr 2026 15:23:14 +0200 Subject: [PATCH] fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31618 Patch-mainline: 7.0.1 Git-commit: 8f98b81fe011e1879e6a7b1247e69e06a5e17af2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-015-usb-gadget-f_ncm-validate-minimum-block_len-in-.patch new/patches.kernel.org/7.0.1-015-usb-gadget-f_ncm-validate-minimum-block_len-in-.patch --- old/patches.kernel.org/7.0.1-015-usb-gadget-f_ncm-validate-minimum-block_len-in-.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-015-usb-gadget-f_ncm-validate-minimum-block_len-in-.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 7 Apr 2026 11:02:54 +0200 Subject: [PATCH] usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31617 Patch-mainline: 7.0.1 Git-commit: 8f993d30b95dc9557a8a96ceca11abed674c8acb diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-016-usb-gadget-f_phonet-fix-skb-frags-overflow-in-p.patch new/patches.kernel.org/7.0.1-016-usb-gadget-f_phonet-fix-skb-frags-overflow-in-p.patch --- old/patches.kernel.org/7.0.1-016-usb-gadget-f_phonet-fix-skb-frags-overflow-in-p.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-016-usb-gadget-f_phonet-fix-skb-frags-overflow-in-p.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 7 Apr 2026 10:55:05 +0200 Subject: [PATCH] usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31616 Patch-mainline: 7.0.1 Git-commit: c088d5dd2fffb4de1fb8e7f57751c8b82942180a diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-017-usb-gadget-renesas_usb3-validate-endpoint-index.patch new/patches.kernel.org/7.0.1-017-usb-gadget-renesas_usb3-validate-endpoint-index.patch --- old/patches.kernel.org/7.0.1-017-usb-gadget-renesas_usb3-validate-endpoint-index.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-017-usb-gadget-renesas_usb3-validate-endpoint-index.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Mon, 6 Apr 2026 17:09:48 +0200 Subject: [PATCH] usb: gadget: renesas_usb3: validate endpoint index in standard request handlers -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31615 Patch-mainline: 7.0.1 Git-commit: f880aac8a57ebd92abfa685d45424b2998ac1059 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-018-smb-client-fix-off-by-8-bounds-check-in-check_w.patch new/patches.kernel.org/7.0.1-018-smb-client-fix-off-by-8-bounds-check-in-check_w.patch --- old/patches.kernel.org/7.0.1-018-smb-client-fix-off-by-8-bounds-check-in-check_w.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-018-smb-client-fix-off-by-8-bounds-check-in-check_w.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Mon, 6 Apr 2026 15:49:37 +0200 Subject: [PATCH] smb: client: fix off-by-8 bounds check in check_wsl_eas() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31614 Patch-mainline: 7.0.1 Git-commit: 3d8b9d06bd3ac4c6846f5498800b0f5f8062e53b diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-019-smb-client-fix-OOB-reads-parsing-symlink-error-.patch new/patches.kernel.org/7.0.1-019-smb-client-fix-OOB-reads-parsing-symlink-error-.patch --- old/patches.kernel.org/7.0.1-019-smb-client-fix-OOB-reads-parsing-symlink-error-.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-019-smb-client-fix-OOB-reads-parsing-symlink-error-.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Mon, 6 Apr 2026 15:49:38 +0200 Subject: [PATCH] smb: client: fix OOB reads parsing symlink error response -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31613 Patch-mainline: 7.0.1 Git-commit: 3df690bba28edec865cf7190be10708ad0ddd67e diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-020-ksmbd-validate-EaNameLength-in-smb2_get_ea.patch new/patches.kernel.org/7.0.1-020-ksmbd-validate-EaNameLength-in-smb2_get_ea.patch --- old/patches.kernel.org/7.0.1-020-ksmbd-validate-EaNameLength-in-smb2_get_ea.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-020-ksmbd-validate-EaNameLength-in-smb2_get_ea.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Mon, 6 Apr 2026 15:46:46 +0200 Subject: [PATCH] ksmbd: validate EaNameLength in smb2_get_ea() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31612 Patch-mainline: 7.0.1 Git-commit: 66751841212c2cc196577453c37f7774ff363f02 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-021-ksmbd-require-3-sub-authorities-before-reading-.patch new/patches.kernel.org/7.0.1-021-ksmbd-require-3-sub-authorities-before-reading-.patch --- old/patches.kernel.org/7.0.1-021-ksmbd-require-3-sub-authorities-before-reading-.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-021-ksmbd-require-3-sub-authorities-before-reading-.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Mon, 6 Apr 2026 15:46:47 +0200 Subject: [PATCH] ksmbd: require 3 sub-authorities before reading sub_auth[2] -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31611 Patch-mainline: 7.0.1 Git-commit: 53370cf9090777774e07fd9a8ebce67c6cc333ab diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-022-ksmbd-fix-mechToken-leak-when-SPNEGO-decode-fai.patch new/patches.kernel.org/7.0.1-022-ksmbd-fix-mechToken-leak-when-SPNEGO-decode-fai.patch --- old/patches.kernel.org/7.0.1-022-ksmbd-fix-mechToken-leak-when-SPNEGO-decode-fai.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-022-ksmbd-fix-mechToken-leak-when-SPNEGO-decode-fai.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Mon, 6 Apr 2026 15:46:48 +0200 Subject: [PATCH] ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31610 bsc#1263046 Patch-mainline: 7.0.1 Git-commit: ad0057fb91218914d6c98268718ceb9d59b388e1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-023-smb-client-avoid-double-free-in-smbd_free_send_.patch new/patches.kernel.org/7.0.1-023-smb-client-avoid-double-free-in-smbd_free_send_.patch --- old/patches.kernel.org/7.0.1-023-smb-client-avoid-double-free-in-smbd_free_send_.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-023-smb-client-avoid-double-free-in-smbd_free_send_.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Fri, 10 Apr 2026 12:48:54 +0200 Subject: [PATCH] smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31609 bsc#1263663 Patch-mainline: 7.0.1 Git-commit: 27b7c3e916218b5eb2ee350211140e961bfc49be diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-024-smb-server-avoid-double-free-in-smb_direct_free.patch new/patches.kernel.org/7.0.1-024-smb-server-avoid-double-free-in-smb_direct_free.patch --- old/patches.kernel.org/7.0.1-024-smb-server-avoid-double-free-in-smb_direct_free.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-024-smb-server-avoid-double-free-in-smb_direct_free.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Fri, 10 Apr 2026 12:48:54 +0200 Subject: [PATCH] smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31608 bsc#1263664 Patch-mainline: 7.0.1 Git-commit: 84ff995ae826aa6bbcc6c7b9ea569ff67c021d72 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-025-usbip-validate-number_of_packets-in-usbip_pack_.patch new/patches.kernel.org/7.0.1-025-usbip-validate-number_of_packets-in-usbip_pack_.patch --- old/patches.kernel.org/7.0.1-025-usbip-validate-number_of_packets-in-usbip_pack_.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-025-usbip-validate-number_of_packets-in-usbip_pack_.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Nathan Rebello <[email protected]> Date: Thu, 2 Apr 2026 04:52:59 -0400 Subject: [PATCH] usbip: validate number_of_packets in usbip_pack_ret_submit() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31607 bsc#1263600 Patch-mainline: 7.0.1 Git-commit: 2ab833a16a825373aad2ba7d54b572b277e95b71 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-029-usb-gadget-f_hid-don-t-call-cdev_init-while-cde.patch new/patches.kernel.org/7.0.1-029-usb-gadget-f_hid-don-t-call-cdev_init-while-cde.patch --- old/patches.kernel.org/7.0.1-029-usb-gadget-f_hid-don-t-call-cdev_init-while-cde.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-029-usb-gadget-f_hid-don-t-call-cdev_init-while-cde.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Michael Zimmermann <[email protected]> Date: Fri, 27 Mar 2026 20:22:09 +0100 Subject: [PATCH] usb: gadget: f_hid: don't call cdev_init while cdev in use -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31606 bsc#1263591 Patch-mainline: 7.0.1 Git-commit: 81ebd43cc0d6d106ce7b6ccbf7b5e40ca7f5503d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-031-fbdev-udlfb-avoid-divide-by-zero-on-FBIOPUT_VSC.patch new/patches.kernel.org/7.0.1-031-fbdev-udlfb-avoid-divide-by-zero-on-FBIOPUT_VSC.patch --- old/patches.kernel.org/7.0.1-031-fbdev-udlfb-avoid-divide-by-zero-on-FBIOPUT_VSC.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-031-fbdev-udlfb-avoid-divide-by-zero-on-FBIOPUT_VSC.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Greg Kroah-Hartman <[email protected]> Date: Thu, 9 Apr 2026 15:23:46 +0200 Subject: [PATCH] fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31605 bsc#1263493 Patch-mainline: 7.0.1 Git-commit: a31e4518bec70333a0a98f2946a12b53b45fe5b9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-034-wifi-rtw88-fix-device-leak-on-probe-failure.patch new/patches.kernel.org/7.0.1-034-wifi-rtw88-fix-device-leak-on-probe-failure.patch --- old/patches.kernel.org/7.0.1-034-wifi-rtw88-fix-device-leak-on-probe-failure.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-034-wifi-rtw88-fix-device-leak-on-probe-failure.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Johan Hovold <[email protected]> Date: Fri, 6 Mar 2026 09:51:44 +0100 Subject: [PATCH] wifi: rtw88: fix device leak on probe failure -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31604 bsc#1263045 Patch-mainline: 7.0.1 Git-commit: bbb15e71156cd9f5e1869eee7207a06ea8e96c39 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-035-staging-sm750fb-fix-division-by-zero-in-ps_to_h.patch new/patches.kernel.org/7.0.1-035-staging-sm750fb-fix-division-by-zero-in-ps_to_h.patch --- old/patches.kernel.org/7.0.1-035-staging-sm750fb-fix-division-by-zero-in-ps_to_h.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-035-staging-sm750fb-fix-division-by-zero-in-ps_to_h.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Junrui Luo <[email protected]> Date: Mon, 23 Mar 2026 15:31:56 +0800 Subject: [PATCH] staging: sm750fb: fix division by zero in ps_to_hz() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31603 bsc#1263491 Patch-mainline: 7.0.1 Git-commit: 75a1621e4f91310673c9acbcbb25c2a7ff821cd3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-040-ALSA-ctxfi-Limit-PTP-to-a-single-page.patch new/patches.kernel.org/7.0.1-040-ALSA-ctxfi-Limit-PTP-to-a-single-page.patch --- old/patches.kernel.org/7.0.1-040-ALSA-ctxfi-Limit-PTP-to-a-single-page.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-040-ALSA-ctxfi-Limit-PTP-to-a-single-page.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Harin Lee <[email protected]> Date: Mon, 6 Apr 2026 16:48:57 +0900 Subject: [PATCH] ALSA: ctxfi: Limit PTP to a single page -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31602 bsc#1263723 Patch-mainline: 7.0.1 Git-commit: e9418da50d9e5c496c22fe392e4ad74c038a94eb diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-042-vfio-xe-Reorganize-the-init-to-decouple-migrati.patch new/patches.kernel.org/7.0.1-042-vfio-xe-Reorganize-the-init-to-decouple-migrati.patch --- old/patches.kernel.org/7.0.1-042-vfio-xe-Reorganize-the-init-to-decouple-migrati.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-042-vfio-xe-Reorganize-the-init-to-decouple-migrati.patch 2026-04-30 12:33:22.000000000 +0200 @@ -4,7 +4,7 @@ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31601 bsc#1263722 Patch-mainline: 7.0.1 Git-commit: 1b81ed612e12ea9df8c5cb6f0ddd4419fd0b8ac8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-043-arm64-mm-Handle-invalid-large-leaf-mappings-cor.patch new/patches.kernel.org/7.0.1-043-arm64-mm-Handle-invalid-large-leaf-mappings-cor.patch --- old/patches.kernel.org/7.0.1-043-arm64-mm-Handle-invalid-large-leaf-mappings-cor.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-043-arm64-mm-Handle-invalid-large-leaf-mappings-cor.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Ryan Roberts <[email protected]> Date: Mon, 30 Mar 2026 17:17:03 +0100 Subject: [PATCH] arm64: mm: Handle invalid large leaf mappings correctly -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31600 bsc#1263721 Patch-mainline: 7.0.1 Git-commit: 15bfba1ad77fad8e45a37aae54b3c813b33fe27c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-044-media-vidtv-fix-NULL-pointer-dereference-in-vid.patch new/patches.kernel.org/7.0.1-044-media-vidtv-fix-NULL-pointer-dereference-in-vid.patch --- old/patches.kernel.org/7.0.1-044-media-vidtv-fix-NULL-pointer-dereference-in-vid.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-044-media-vidtv-fix-NULL-pointer-dereference-in-vid.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 3 Mar 2026 11:27:54 +0000 Subject: [PATCH] media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31599 bsc#1263031 Patch-mainline: 7.0.1 Git-commit: f8e1fc918a9fe67103bcda01d20d745f264d00a7 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-045-ocfs2-fix-possible-deadlock-between-unlink-and-.patch new/patches.kernel.org/7.0.1-045-ocfs2-fix-possible-deadlock-between-unlink-and-.patch --- old/patches.kernel.org/7.0.1-045-ocfs2-fix-possible-deadlock-between-unlink-and-.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-045-ocfs2-fix-possible-deadlock-between-unlink-and-.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Fri, 6 Mar 2026 11:22:11 +0800 Subject: [PATCH] ocfs2: fix possible deadlock between unlink and dio_end_io_write -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31598 bsc#1263718 Patch-mainline: 7.0.1 Git-commit: b02da26a992db0c0e2559acbda0fc48d4a2fd337 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-046-ocfs2-fix-use-after-free-in-ocfs2_fault-when-VM.patch new/patches.kernel.org/7.0.1-046-ocfs2-fix-use-after-free-in-ocfs2_fault-when-VM.patch --- old/patches.kernel.org/7.0.1-046-ocfs2-fix-use-after-free-in-ocfs2_fault-when-VM.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-046-ocfs2-fix-use-after-free-in-ocfs2_fault-when-VM.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Fri, 10 Apr 2026 01:38:16 -0700 Subject: [PATCH] ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31597 bsc#1263717 Patch-mainline: 7.0.1 Git-commit: 7de554cabf160e331e4442e2a9ad874ca9875921 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-047-ocfs2-handle-invalid-dinode-in-ocfs2_group_exte.patch new/patches.kernel.org/7.0.1-047-ocfs2-handle-invalid-dinode-in-ocfs2_group_exte.patch --- old/patches.kernel.org/7.0.1-047-ocfs2-handle-invalid-dinode-in-ocfs2_group_exte.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-047-ocfs2-handle-invalid-dinode-in-ocfs2_group_exte.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: ZhengYuan Huang <[email protected]> Date: Wed, 1 Apr 2026 17:23:03 +0800 Subject: [PATCH] ocfs2: handle invalid dinode in ocfs2_group_extend -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31596 bsc#1263319 Patch-mainline: 7.0.1 Git-commit: 4a1c0ddc6e7bcf2e9db0eeaab9340dcfe97f448f diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-048-PCI-endpoint-pci-epf-vntb-Stop-cmd_handler-work.patch new/patches.kernel.org/7.0.1-048-PCI-endpoint-pci-epf-vntb-Stop-cmd_handler-work.patch --- old/patches.kernel.org/7.0.1-048-PCI-endpoint-pci-epf-vntb-Stop-cmd_handler-work.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-048-PCI-endpoint-pci-epf-vntb-Stop-cmd_handler-work.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Thu, 26 Feb 2026 17:41:40 +0900 Subject: [PATCH] PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31595 bsc#1263130 Patch-mainline: 7.0.1 Git-commit: d799984233a50abd2667a7d17a9a710a3f10ebe2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-049-PCI-endpoint-pci-epf-vntb-Remove-duplicate-reso.patch new/patches.kernel.org/7.0.1-049-PCI-endpoint-pci-epf-vntb-Remove-duplicate-reso.patch --- old/patches.kernel.org/7.0.1-049-PCI-endpoint-pci-epf-vntb-Remove-duplicate-reso.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-049-PCI-endpoint-pci-epf-vntb-Remove-duplicate-reso.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Thu, 26 Feb 2026 17:41:38 +0900 Subject: [PATCH] PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31594 bsc#1263129 Patch-mainline: 7.0.1 Git-commit: 0da63230d3ec1ec5fcc443a2314233e95bfece54 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-051-KVM-SEV-Reject-attempts-to-sync-VMSA-of-an-alre.patch new/patches.kernel.org/7.0.1-051-KVM-SEV-Reject-attempts-to-sync-VMSA-of-an-alre.patch --- old/patches.kernel.org/7.0.1-051-KVM-SEV-Reject-attempts-to-sync-VMSA-of-an-alre.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-051-KVM-SEV-Reject-attempts-to-sync-VMSA-of-an-alre.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 10 Mar 2026 16:48:10 -0700 Subject: [PATCH] KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31593 bsc#1263124 Patch-mainline: 7.0.1 Git-commit: 9b9f7962e3e879d12da2bf47e02a24ec51690e3d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-052-KVM-SEV-Protect-all-of-sev_mem_enc_register_reg.patch new/patches.kernel.org/7.0.1-052-KVM-SEV-Protect-all-of-sev_mem_enc_register_reg.patch --- old/patches.kernel.org/7.0.1-052-KVM-SEV-Protect-all-of-sev_mem_enc_register_reg.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-052-KVM-SEV-Protect-all-of-sev_mem_enc_register_reg.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 10 Mar 2026 16:48:11 -0700 Subject: [PATCH] KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31592 bsc#1263123 Patch-mainline: 7.0.1 Git-commit: b6408b6cec5df76a165575777800ef2aba12b109 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-054-KVM-SEV-Lock-all-vCPUs-when-synchronzing-VMSAs-.patch new/patches.kernel.org/7.0.1-054-KVM-SEV-Lock-all-vCPUs-when-synchronzing-VMSAs-.patch --- old/patches.kernel.org/7.0.1-054-KVM-SEV-Lock-all-vCPUs-when-synchronzing-VMSAs-.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-054-KVM-SEV-Lock-all-vCPUs-when-synchronzing-VMSAs-.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 10 Mar 2026 16:48:13 -0700 Subject: [PATCH] KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31591 bsc#1263122 Patch-mainline: 7.0.1 Git-commit: cb923ee6a80f4e604e6242a4702b59251e61a380 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-055-KVM-SEV-Drop-WARN-on-large-size-for-KVM_MEMORY_.patch new/patches.kernel.org/7.0.1-055-KVM-SEV-Drop-WARN-on-large-size-for-KVM_MEMORY_.patch --- old/patches.kernel.org/7.0.1-055-KVM-SEV-Drop-WARN-on-large-size-for-KVM_MEMORY_.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-055-KVM-SEV-Drop-WARN-on-large-size-for-KVM_MEMORY_.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Thu, 12 Mar 2026 17:32:58 -0700 Subject: [PATCH] KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31590 bsc#1263152 Patch-mainline: 7.0.1 Git-commit: 8acffeef5ef720c35e513e322ab08e32683f32f2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-056-mm-call-free_folio-directly-in-folio_unmap_inva.patch new/patches.kernel.org/7.0.1-056-mm-call-free_folio-directly-in-folio_unmap_inva.patch --- old/patches.kernel.org/7.0.1-056-mm-call-free_folio-directly-in-folio_unmap_inva.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-056-mm-call-free_folio-directly-in-folio_unmap_inva.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: "Matthew Wilcox (Oracle)" <[email protected]> Date: Mon, 13 Apr 2026 19:43:11 +0100 Subject: [PATCH] mm: call ->free_folio() directly in folio_unmap_invalidate() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31589 bsc#1263125 Patch-mainline: 7.0.1 Git-commit: 615d9bb2ccad42f9e21d837431e401db2e471195 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-061-KVM-x86-Use-scratch-field-in-MMIO-fragment-to-h.patch new/patches.kernel.org/7.0.1-061-KVM-x86-Use-scratch-field-in-MMIO-fragment-to-h.patch --- old/patches.kernel.org/7.0.1-061-KVM-x86-Use-scratch-field-in-MMIO-fragment-to-h.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-061-KVM-x86-Use-scratch-field-in-MMIO-fragment-to-h.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 24 Feb 2026 17:20:36 -0800 Subject: [PATCH] KVM: x86: Use scratch field in MMIO fragment to hold small write values -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31588 bsc#1263165 Patch-mainline: 7.0.1 Git-commit: 0b16e69d17d8c35c5c9d5918bf596c75a44655d3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-062-ASoC-qcom-q6apm-move-component-registration-to-.patch new/patches.kernel.org/7.0.1-062-ASoC-qcom-q6apm-move-component-registration-to-.patch --- old/patches.kernel.org/7.0.1-062-ASoC-qcom-q6apm-move-component-registration-to-.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-062-ASoC-qcom-q6apm-move-component-registration-to-.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Thu, 2 Apr 2026 08:11:06 +0000 Subject: [PATCH] ASoC: qcom: q6apm: move component registration to unmanaged version -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31587 bsc#1263145 Patch-mainline: 7.0.1 Git-commit: 6ec1235fc941dac6c011b30ee01d9220ff87e0cd diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-063-mm-kasan-fix-double-free-for-kasan-pXds.patch new/patches.kernel.org/7.0.1-063-mm-kasan-fix-double-free-for-kasan-pXds.patch --- old/patches.kernel.org/7.0.1-063-mm-kasan-fix-double-free-for-kasan-pXds.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-063-mm-kasan-fix-double-free-for-kasan-pXds.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: "Ritesh Harjani (IBM)" <[email protected]> Date: Tue, 24 Feb 2026 18:53:16 +0530 Subject: [PATCH] mm/kasan: fix double free for kasan pXds -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31686 bsc#1263597 Patch-mainline: 7.0.1 Git-commit: 51d8c78be0c27ddb91bc2c0263941d8b30a47d3b diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-064-mm-blk-cgroup-fix-use-after-free-in-cgwb_releas.patch new/patches.kernel.org/7.0.1-064-mm-blk-cgroup-fix-use-after-free-in-cgwb_releas.patch --- old/patches.kernel.org/7.0.1-064-mm-blk-cgroup-fix-use-after-free-in-cgwb_releas.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-064-mm-blk-cgroup-fix-use-after-free-in-cgwb_releas.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Breno Leitao <[email protected]> Date: Mon, 13 Apr 2026 03:09:19 -0700 Subject: [PATCH] mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31586 bsc#1263176 Patch-mainline: 7.0.1 Git-commit: 8f5857be99f1ed1fa80991c72449541f634626ee diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-065-media-vidtv-fix-nfeeds-state-corruption-on-star.patch new/patches.kernel.org/7.0.1-065-media-vidtv-fix-nfeeds-state-corruption-on-star.patch --- old/patches.kernel.org/7.0.1-065-media-vidtv-fix-nfeeds-state-corruption-on-star.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-065-media-vidtv-fix-nfeeds-state-corruption-on-star.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Sun, 1 Mar 2026 21:07:35 +0000 Subject: [PATCH] media: vidtv: fix nfeeds state corruption on start_streaming failure -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31585 bsc#1263134 Patch-mainline: 7.0.1 Git-commit: a0e5a598fe9a4612b852406b51153b881592aede diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-066-media-mediatek-vcodec-fix-use-after-free-in-enc.patch new/patches.kernel.org/7.0.1-066-media-mediatek-vcodec-fix-use-after-free-in-enc.patch --- old/patches.kernel.org/7.0.1-066-media-mediatek-vcodec-fix-use-after-free-in-enc.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-066-media-mediatek-vcodec-fix-use-after-free-in-enc.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Wed, 4 Mar 2026 09:35:06 +0000 Subject: [PATCH] media: mediatek: vcodec: fix use-after-free in encoder release path -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31584 bsc#1263180 Patch-mainline: 7.0.1 Git-commit: 76e35091ffc722ba39b303e48bc5d08abb59dd56 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-067-media-em28xx-fix-use-after-free-in-em28xx_v4l2_.patch new/patches.kernel.org/7.0.1-067-media-em28xx-fix-use-after-free-in-em28xx_v4l2_.patch --- old/patches.kernel.org/7.0.1-067-media-em28xx-fix-use-after-free-in-em28xx_v4l2_.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-067-media-em28xx-fix-use-after-free-in-em28xx_v4l2_.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Abhishek Kumar <[email protected]> Date: Tue, 10 Mar 2026 22:14:37 +0530 Subject: [PATCH] media: em28xx: fix use-after-free in em28xx_v4l2_open() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31583 bsc#1263173 Patch-mainline: 7.0.1 Git-commit: a66485a934c7187ae8e36517d40615fa2e961cff diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-068-hwmon-powerz-Fix-use-after-free-on-USB-disconne.patch new/patches.kernel.org/7.0.1-068-hwmon-powerz-Fix-use-after-free-on-USB-disconne.patch --- old/patches.kernel.org/7.0.1-068-hwmon-powerz-Fix-use-after-free-on-USB-disconne.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-068-hwmon-powerz-Fix-use-after-free-on-USB-disconne.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Sanman Pradhan <[email protected]> Date: Fri, 10 Apr 2026 00:25:35 +0000 Subject: [PATCH] hwmon: (powerz) Fix use-after-free on USB disconnect -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31582 bsc#1263588 Patch-mainline: 7.0.1 Git-commit: 08e57f5e1a9067d5fbf33993aa7f51d60b3d13a4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-069-ALSA-6fire-fix-use-after-free-on-disconnect.patch new/patches.kernel.org/7.0.1-069-ALSA-6fire-fix-use-after-free-on-disconnect.patch --- old/patches.kernel.org/7.0.1-069-ALSA-6fire-fix-use-after-free-on-disconnect.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-069-ALSA-6fire-fix-use-after-free-on-disconnect.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Berk Cem Goksel <[email protected]> Date: Fri, 10 Apr 2026 08:13:41 +0300 Subject: [PATCH] ALSA: 6fire: fix use-after-free on disconnect -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31581 bsc#1263167 Patch-mainline: 7.0.1 Git-commit: b9c826916fdce6419b94eb0cd8810fdac18c2386 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-070-bcache-fix-cached_dev.sb_bio-use-after-free-and.patch new/patches.kernel.org/7.0.1-070-bcache-fix-cached_dev.sb_bio-use-after-free-and.patch --- old/patches.kernel.org/7.0.1-070-bcache-fix-cached_dev.sb_bio-use-after-free-and.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-070-bcache-fix-cached_dev.sb_bio-use-after-free-and.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Mingzhe Zou <[email protected]> Date: Sun, 22 Mar 2026 21:41:02 +0800 Subject: [PATCH] bcache: fix cached_dev.sb_bio use-after-free and crash -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31580 bsc#1263169 Patch-mainline: 7.0.1 Git-commit: fec114a98b8735ee89c75216c45a78e28be0f128 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-071-wireguard-device-use-exit_rtnl-callback-instead.patch new/patches.kernel.org/7.0.1-071-wireguard-device-use-exit_rtnl-callback-instead.patch --- old/patches.kernel.org/7.0.1-071-wireguard-device-use-exit_rtnl-callback-instead.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-071-wireguard-device-use-exit_rtnl-callback-instead.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 14 Apr 2026 17:39:44 +0200 Subject: [PATCH] wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31579 bsc#1263074 Patch-mainline: 7.0.1 Git-commit: 60a25ef8dacb3566b1a8c4de00572a498e2a3bf9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-072-media-as102-fix-to-not-free-memory-after-the-de.patch new/patches.kernel.org/7.0.1-072-media-as102-fix-to-not-free-memory-after-the-de.patch --- old/patches.kernel.org/7.0.1-072-media-as102-fix-to-not-free-memory-after-the-de.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-072-media-as102-fix-to-not-free-memory-after-the-de.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Sun, 11 Jan 2026 00:17:53 +0900 Subject: [PATCH] media: as102: fix to not free memory after the device is registered in as102_usb_probe() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31578 bsc#1263075 Patch-mainline: 7.0.1 Git-commit: 8bd29dbe03fc5b0f039ab2395ff37b64236d2f0c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-073-nilfs2-fix-NULL-i_assoc_inode-dereference-in-ni.patch new/patches.kernel.org/7.0.1-073-nilfs2-fix-NULL-i_assoc_inode-dereference-in-ni.patch --- old/patches.kernel.org/7.0.1-073-nilfs2-fix-NULL-i_assoc_inode-dereference-in-ni.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-073-nilfs2-fix-NULL-i_assoc_inode-dereference-in-ni.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Tue, 31 Mar 2026 09:47:21 +0900 Subject: [PATCH] nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31577 bsc#1263028 Patch-mainline: 7.0.1 Git-commit: 4a4e0328edd9e9755843787d28f16dd4165f8b48 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-075-media-hackrf-fix-to-not-free-memory-after-the-d.patch new/patches.kernel.org/7.0.1-075-media-hackrf-fix-to-not-free-memory-after-the-d.patch --- old/patches.kernel.org/7.0.1-075-media-hackrf-fix-to-not-free-memory-after-the-d.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-075-media-hackrf-fix-to-not-free-memory-after-the-d.patch 2026-04-30 12:33:22.000000000 +0200 @@ -2,7 +2,7 @@ Date: Sat, 10 Jan 2026 23:58:29 +0900 Subject: [PATCH] media: hackrf: fix to not free memory after the device is registered in hackrf_probe() -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31576 bsc#1263073 Patch-mainline: 7.0.1 Git-commit: 3b7da2b4d0fe014eff181ed37e3bf832eb8ed258 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-076-mm-userfaultfd-fix-hugetlb-fault-mutex-hash-cal.patch new/patches.kernel.org/7.0.1-076-mm-userfaultfd-fix-hugetlb-fault-mutex-hash-cal.patch --- old/patches.kernel.org/7.0.1-076-mm-userfaultfd-fix-hugetlb-fault-mutex-hash-cal.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-076-mm-userfaultfd-fix-hugetlb-fault-mutex-hash-cal.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Jianhui Zhou <[email protected]> Date: Tue, 10 Mar 2026 19:05:26 +0800 Subject: [PATCH] mm/userfaultfd: fix hugetlb fault mutex hash calculation -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31575 bsc#1263067 Patch-mainline: 7.0.1 Git-commit: 0217c7fb4de4a40cee667eb21901f3204effe5ac diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.1-077-clockevents-Add-missing-resets-of-the-next_even.patch new/patches.kernel.org/7.0.1-077-clockevents-Add-missing-resets-of-the-next_even.patch --- old/patches.kernel.org/7.0.1-077-clockevents-Add-missing-resets-of-the-next_even.patch 2026-04-28 06:27:33.000000000 +0200 +++ new/patches.kernel.org/7.0.1-077-clockevents-Add-missing-resets-of-the-next_even.patch 2026-04-30 12:33:22.000000000 +0200 @@ -1,7 +1,7 @@ From: Thomas Gleixner <[email protected]> Date: Tue, 21 Apr 2026 08:26:19 +0200 Subject: [PATCH] clockevents: Add missing resets of the next_event_forced flag -References: bsc#1012628 +References: bsc#1012628 CVE-2026-31574 bsc#1263071 Patch-mainline: 7.0.1 Git-commit: 4096fd0e8eaea13ebe5206700b33f49635ae18e5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.3-001-Buffer-overflow-in-drivers-xen-sys-hypervisor.c.patch new/patches.kernel.org/7.0.3-001-Buffer-overflow-in-drivers-xen-sys-hypervisor.c.patch --- old/patches.kernel.org/7.0.3-001-Buffer-overflow-in-drivers-xen-sys-hypervisor.c.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/7.0.3-001-Buffer-overflow-in-drivers-xen-sys-hypervisor.c.patch 2026-04-30 12:33:22.000000000 +0200 @@ -0,0 +1,69 @@ +From: Juergen Gross <[email protected]> +Date: Fri, 27 Mar 2026 14:13:38 +0100 +Subject: [PATCH] Buffer overflow in drivers/xen/sys-hypervisor.c +References: bsc#1012628 CVE-2026-31786 bsc#1262179 +Patch-mainline: 7.0.3 +Git-commit: 27fdbab4221b375de54bf91919798d88520c6e28 + +commit 27fdbab4221b375de54bf91919798d88520c6e28 upstream. + +The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is +neither NUL terminated nor a string. + +The first causes a buffer overflow as sprintf in buildid_show will +read and copy till it finds a NUL. + +00000000 f4 91 51 f4 dd 38 9e 9d 65 47 52 eb 10 71 db 50 |..Q..8..eGR..q.P| +00000010 b9 a8 01 42 6f 2e 32 |...Bo.2| +00000017 + +So use a memcpy instead of sprintf to have the correct value: + +00000000 f4 91 51 f4 dd 00 9e 9d 65 47 52 eb 10 71 db 50 |..Q.....eGR..q.P| +00000010 b9 a8 01 42 |...B| +00000014 + +(the above have a hack to embed a zero inside and check it's +returned correctly). + +This is XSA-485 / CVE-2026-31786 + +Fixes: 84b7625728ea ("xen: add sysfs node for hypervisor build id") +Signed-off-by: Frediano Ziglio <[email protected]> +Reviewed-by: Juergen Gross <[email protected]> +Signed-off-by: Juergen Gross <[email protected]> +Signed-off-by: Greg Kroah-Hartman <[email protected]> +Signed-off-by: Jiri Slaby <[email protected]> +--- + drivers/xen/sys-hypervisor.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/xen/sys-hypervisor.c b/drivers/xen/sys-hypervisor.c +index b1bb01ba82f8..91923242a5ae 100644 +--- a/drivers/xen/sys-hypervisor.c ++++ b/drivers/xen/sys-hypervisor.c +@@ -366,6 +366,8 @@ static ssize_t buildid_show(struct hyp_sysfs_attr *attr, char *buffer) + ret = sprintf(buffer, "<denied>"); + return ret; + } ++ if (ret > PAGE_SIZE) ++ return -ENOSPC; + + buildid = kmalloc(sizeof(*buildid) + ret, GFP_KERNEL); + if (!buildid) +@@ -373,8 +375,10 @@ static ssize_t buildid_show(struct hyp_sysfs_attr *attr, char *buffer) + + buildid->len = ret; + ret = HYPERVISOR_xen_version(XENVER_build_id, buildid); +- if (ret > 0) +- ret = sprintf(buffer, "%s", buildid->buf); ++ if (ret > 0) { ++ /* Build id is binary, not a string. */ ++ memcpy(buffer, buildid->buf, ret); ++ } + kfree(buildid); + + return ret; +-- +2.53.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.3-002-xen-privcmd-fix-double-free-via-VMA-splitting.patch new/patches.kernel.org/7.0.3-002-xen-privcmd-fix-double-free-via-VMA-splitting.patch --- old/patches.kernel.org/7.0.3-002-xen-privcmd-fix-double-free-via-VMA-splitting.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/7.0.3-002-xen-privcmd-fix-double-free-via-VMA-splitting.patch 2026-04-30 12:33:22.000000000 +0200 @@ -0,0 +1,68 @@ +From: Juergen Gross <[email protected]> +Date: Fri, 10 Apr 2026 09:20:04 +0200 +Subject: [PATCH] xen/privcmd: fix double free via VMA splitting +References: bsc#1012628 CVE-2026-31787 bsc#1262181 +Patch-mainline: 7.0.3 +Git-commit: 24daca4fc07f3ff8cd0e3f629cd982187f48436a + +commit 24daca4fc07f3ff8cd0e3f629cd982187f48436a upstream. + +privcmd_vm_ops defines .close (privcmd_close), but neither .may_split +nor .open. When userspace does a partial munmap() on a privcmd mapping, +the kernel splits the VMA via __split_vma(). Since may_split is NULL, +the split is allowed. vm_area_dup() copies vm_private_data (a pages +array allocated in alloc_empty_pages()) into the new VMA without any +fixup, because there is no .open callback. + +Both VMAs now point to the same pages array. When the unmapped portion +is closed, privcmd_close() calls: + - xen_unmap_domain_gfn_range() + - xen_free_unpopulated_pages() + - kvfree(pages) + +The surviving VMA still holds the dangling pointer. When it is later +destroyed, the same sequence runs again, which leads to a double free. + +Fix this issue by adding a .may_split callback denying the VMA split. + +This is XSA-487 / CVE-2026-31787 + +Fixes: d71f513985c2 ("xen: privcmd: support autotranslated physmap guests.") +Reported-by: Atharva Vartak <[email protected]> +Suggested-by: Atharva Vartak <[email protected]> +Signed-off-by: Juergen Gross <[email protected]> +Reviewed-by: Jan Beulich <[email protected]> +Signed-off-by: Greg Kroah-Hartman <[email protected]> +Signed-off-by: Jiri Slaby <[email protected]> +--- + drivers/xen/privcmd.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c +index 15ba592236e8..725a49a0eee7 100644 +--- a/drivers/xen/privcmd.c ++++ b/drivers/xen/privcmd.c +@@ -1620,6 +1620,12 @@ static void privcmd_close(struct vm_area_struct *vma) + kvfree(pages); + } + ++static int privcmd_may_split(struct vm_area_struct *area, unsigned long addr) ++{ ++ /* Forbid splitting, avoids double free via privcmd_close(). */ ++ return -EINVAL; ++} ++ + static vm_fault_t privcmd_fault(struct vm_fault *vmf) + { + printk(KERN_DEBUG "privcmd_fault: vma=%p %lx-%lx, pgoff=%lx, uv=%p\n", +@@ -1631,6 +1637,7 @@ static vm_fault_t privcmd_fault(struct vm_fault *vmf) + + static const struct vm_operations_struct privcmd_vm_ops = { + .close = privcmd_close, ++ .may_split = privcmd_may_split, + .fault = privcmd_fault + }; + +-- +2.53.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kernel.org/7.0.3-003-Linux-7.0.3.patch new/patches.kernel.org/7.0.3-003-Linux-7.0.3.patch --- old/patches.kernel.org/7.0.3-003-Linux-7.0.3.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kernel.org/7.0.3-003-Linux-7.0.3.patch 2026-04-30 12:33:22.000000000 +0200 @@ -0,0 +1,29 @@ +From: Greg Kroah-Hartman <[email protected]> +Date: Thu, 30 Apr 2026 11:13:05 +0200 +Subject: [PATCH] Linux 7.0.3 +References: bsc#1012628 +Patch-mainline: 7.0.3 +Git-commit: 03e81f004d7e665e7c0e203c2f240abefbb79056 + +Signed-off-by: Greg Kroah-Hartman <[email protected]> +Signed-off-by: Jiri Slaby <[email protected]> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index b17ca865bcee..61f8019efd5a 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 7 + PATCHLEVEL = 0 +-SUBLEVEL = 2 ++SUBLEVEL = 3 + EXTRAVERSION = + NAME = Baby Opossum Posse + +-- +2.53.0 + ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:30.949086479 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:30.961086974 +0200 @@ -148,6 +148,9 @@ patches.kernel.org/7.0.2-041-rxrpc-Fix-missing-validation-of-ticket-length-i.patch patches.kernel.org/7.0.2-042-mshv_vtl-Fix-vmemmap_shift-exceeding-MAX_FOLIO_.patch patches.kernel.org/7.0.2-043-Linux-7.0.2.patch + patches.kernel.org/7.0.3-001-Buffer-overflow-in-drivers-xen-sys-hypervisor.c.patch + patches.kernel.org/7.0.3-002-xen-privcmd-fix-double-free-via-VMA-splitting.patch + patches.kernel.org/7.0.3-003-Linux-7.0.3.patch ######################################################## # Build fixes that apply to the vanilla kernel too. ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.chB9sx/_old 2026-05-06 19:19:30.989088127 +0200 +++ /var/tmp/diff_new_pack.chB9sx/_new 2026-05-06 19:19:30.993088292 +0200 @@ -1,4 +1,4 @@ -2026-04-28 04:27:33 +0000 -GIT Revision: 46da294d31ce2e9f8e11bc21aacdcdf09ba001bd +2026-05-01 23:56:38 +0000 +GIT Revision: c42a7dccc0f3581304983413c6ab8ff601c64c9e GIT Branch: stable
