linux-hwe-6.8 (6.8.0-87.88~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-87.88~22.04.1 -proposed tracker (LP: #2127434)
[ Ubuntu: 6.8.0-87.88 ]
* noble/linux: 6.8.0-87.88 -proposed tracker (LP: #2127436)
* CVE-2025-37838
- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
Driver Due to Race Condition
* VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300
- Documentation/hw-vuln: Add VMSCAPE documentation
- x86/vmscape: Enumerate VMSCAPE bug
- x86/vmscape: Add conditional IBPB mitigation
- x86/vmscape: Enable the mitigation
- x86/bugs: Move cpu_bugs_smt_update() down
- x86/vmscape: Warn when STIBP is disabled with SMT
- x86/vmscape: Add old Intel CPUs to affected list
* VMSCAPE CVE-2025-40300 (LP: #2124105)
- [Config] Enable MITIGATION_VMSCAPE config
* CVE-2025-38352
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and
posix_cpu_timer_del()
* CVE-2025-38118
- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
- Bluetooth: MGMT: Fix sparse errors
-- Stefan Bader <stefan.bader@canonical.com> Tue, 14 Oct 2025 14:24:29 +0200
linux-hwe-6.8 (6.8.0-86.87~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-86.87~22.04.1 -proposed tracker (LP: #2125389)
[ Ubuntu: 6.8.0-86.87 ]
* noble/linux: 6.8.0-86.87 -proposed tracker (LP: #2125391)
- Fix FTBS caused by incorrect pick/backport of
"perf dso: fix dso__is_kallsyms() check"
* noble ubuntu_ftrace_smoke_test:mmiotrace timeout on aws:r5.metal
(LP: #2121673)
- mm: memcg: add NULL check to obj_cgroup_put()
- memcg: drain obj stock on cpu hotplug teardown
* [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z
hardware - perf part (LP: #2103415)
- perf list: Add IBM z17 event descriptions
* memory leaks when configuring a small rate limit in audit (LP: #2122554)
- audit: fix skb leak when audit rate limit is exceeded
* [UBUNTU 24.04] PAI/NNPA support for new IBM z17 (LP: #2121956)
- s390/pai: export number of sysfs attribute files
- s390/pai_crypto: Add support for MSA 10 and 11 pai counters
- s390/pai_ext: Update PAI extension 1 counters
* [UBUNTU 24.04] s390/pci: Don't abort recovery for user-space drivers
(LP: #2121150)
- s390/pci: Allow automatic recovery with minimal driver support
* [UBUNTU 24.04] s390/pci: Fix stale function handles in error handling
(LP: #2121149)
- s390/pci: Fix stale function handles in error handling
- s390/pci: Do not try re-enabling load/store if device is disabled
* [UBUNTU 24.04] vfio/pci: fix 8-byte PCI loads and stores (LP: #2121146)
- vfio/pci: Extract duplicated code into macro
- vfio/pci: Support 8-byte PCI loads and stores
- vfio/pci: Fix typo in macro to declare accessors
* x86 systems with PCIe BAR addresses located outside a certain range see
P2PDMA allocation failures and CUDA initialization errors (LP: #2120209)
- x86/kaslr: Reduce KASLR entropy on most x86 systems
- x86/mm/init: Handle the special case of device private pages in
add_pages(), to not increase max_pfn and trigger
dma_addressing_limited() bounce buffers
* sources list generation using dwarfdump takes up to 0.5hr in build process
(LP: #2104911)
- [Packaging] Don't generate list of source files
* [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
namespaces (LP: #2121257)
- apparmor: shift ouid when mediating hard links in userns
- apparmor: shift uid when mediating af_unix in userns
* UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:452:16
(LP: #2119713)
- EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
* [IdeaPad Slim 5 13ARP10 , 83J2] Microphone on AMD Ryzen 7 7735HS does not
work (LP: #2102749)
- ASoC: amd: yc: update quirk data for new Lenovo model
* Fix compilation failure because of incomplete backport (LP: #2120561)
- SAUCE: netfilter: ctnetlink: Fix -Wuninitialized in
ctnetlink_secctx_size()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
- cpufreq: scpi: compare kHz instead of Hz
- smack: dont compile ipv6 code unless ipv6 is configured
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
- EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald
Rapids
- x86/fpu: Fix guest FPU state buffer allocation size
- x86/fpu: Avoid copying dynamic FP state from init_task in
arch_dup_task_struct()
- x86/platform: Only allow CONFIG_EISA for 32-bit
- [Config] updateconfigs after disabling CONFIG_EISA for amd64
- x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
- lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
- PM: sleep: Adjust check before setting power.must_resume
- RISC-V: KVM: Disable the kernel perf counter during configure
- selinux: Chain up tool resolving errors in install_policy.sh
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
- EDAC/ie31200: Fix the DIMM size mask for several SoCs
- EDAC/ie31200: Fix the error path order of ie31200_init()
- PM: sleep: Fix handling devices with direct_complete set on errors
- lockdep: Don't disable interrupts on RT in
disable_irq_nosync_lockdep.*()
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
- x86/traps: Make exc_double_fault() consistently noreturn
- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
- media: verisilicon: HEVC: Initialize start_bit field
- media: platform: allgro-dvt: unregister v4l2_device on the error path
- platform/x86: dell-ddv: Fix temperature calculation
- ASoC: cs35l41: check the return value from spi_setup()
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
- dt-bindings: vendor-prefixes: add GOcontroll
- ALSA: hda/realtek: Always honor no_shutup_pins
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
compatible
- drm/bridge: ti-sn65dsi86: Fix multiple instances
- drm/dp_mst: Fix drm RAD print
- drm: xlnx: zynqmp: Fix max dma segment size
- PCI: Use downstream bridges for distributing resources
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
- drm/msm/dpu: don't use active in atomic_check()
- drm/msm/dsi: Use existing per-interface slice count in DSC timing
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
- drm/amdkfd: Fix Circular Locking Dependency in
'svm_range_cpu_invalidate_pagetables'
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
payload
- PCI: brcmstb: Use internal register to change link capability
- PCI: brcmstb: Fix potential premature regulator disabling
- PCI/portdrv: Only disable pciehp interrupts early when needed
- drm/amd/display: fix type mismatch in
CalculateDynamicMetadataParameters()
- PCI: Remove stray put_device() in pci_register_host_bridge()
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
- drm/amd/display: avoid NPD when ASIC does not support DMUB
- PCI: histb: Fix an error handling path in histb_pcie_probe()
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
- fbdev: au1100fb: Move a variable assignment behind a null pointer check
- mdacon: rework dependency list
- fbdev: sm501fb: Add some geometry checks.
- clk: amlogic: gxbb: drop incorrect flag on 32k clock
- crypto: hisilicon/sec2 - fix for aead authsize alignment
- crypto: hisilicon/sec2 - fix for sec spec check
- of: property: Increase NR_FWNODE_REFERENCE_ARGS
- remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
- libbpf: Fix hypothetical STT_SECTION extern NULL deref case
- selftests/bpf: Fix string read in strncmp benchmark
- clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
- RDMA/mana_ib: Ensure variable err is initialized
- remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
- bpf: Use preempt_count() directly in bpf_send_signal_common()
- lib: 842: Improve error handling in sw842_compress()
- pinctrl: renesas: rza2: Fix missing of_node_put() call
- pinctrl: renesas: rzg2l: Fix missing of_node_put() call
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
- RDMA/mlx5: Fix calculation of total invalidated pages
- remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
- IB/mad: Check available slots before posting receive WRs
- pinctrl: tegra: Set SFIO mode to Mux Register
- clk: amlogic: g12b: fix cluster A parent data
- clk: amlogic: gxbb: drop non existing 32k clock parent
- selftests/bpf: Select NUMA_NO_NODE to create map
- clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
- clk: amlogic: g12a: fix mmc A peripheral clock
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
- power: supply: max77693: Fix wrong conversion of charge input threshold
value
- crypto: nx - Fix uninitialised hv_nxc on error
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call
- mfd: sm501: Switch to BIT() to mitigate integer overflows
- leds: Fix LED_OFF brightness race
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to
misplaced assignment
- crypto: hisilicon/sec2 - fix for aead auth key length
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
- clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
- perf stat: Fix find_stat for mixed legacy/non-legacy events
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
- soundwire: slave: fix an OF node reference leak in soundwire slave
device
- coresight: catu: Fix number of pages while using 64k pages
- coresight-etm4x: add isb() before reading the TRCSTATR
- perf pmu: Don't double count common sysfs and json events
- ucsi_ccg: Don't show failed to get FW build information error
- iio: accel: mma8452: Ensure error return on failure to matching
oversampling ratio
- iio: accel: msa311: Fix failure to release runtime pm if direct mode
claim fails.
- perf arm-spe: Fix load-store operation checking
- perf bench: Fix perf bench syscall loop count
- usb: xhci: correct debug message page size calculation
- dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
- iio: adc: ad4130: Fix comparison of channel setups
- iio: adc: ad7124: Fix comparison of channel configs
- perf evlist: Add success path to evlist__create_syswide_maps
- perf units: Fix insufficient array space
- kernel/events/uprobes: handle device-exclusive entries correctly in
__replace_page()
- kexec: initialize ELF lowest address to ULONG_MAX
- arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
- NFSv4: Don't trigger uneccessary scans for return-on-close delegations
- fuse: fix dax truncate/punch_hole fault path
- selftests/mm/cow: fix the incorrect error handling
- um: remove copy_from_kernel_nofault_allowed
- um: hostfs: avoid issues on inode number reuse by host
- i3c: master: svc: Fix missing the IBI rules
- perf python: Fixup description of sample.id event member
- perf python: Decrement the refcount of just created event on failure
- perf python: Don't keep a raw_data pointer to consumed ring buffer space
- perf python: Check if there is space to copy all the event
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
- tty: n_tty: use uint for space returned by tty_write_room()
- fs/procfs: fix the comment above proc_pid_wchan()
- perf tools: annotate asm_pure_loop.S
- NFS: Shut down the nfs_client only after all the superblocks
- exfat: fix the infinite loop in exfat_find_last_cluster()
- ksmbd: fix multichannel connection failure
- net/mlx5e: SHAMPO, Make reserved size independent of page size
- ring-buffer: Fix bytes_dropped calculation issue
- objtool: Fix segfault in ignore_unreachable_insn()
- LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
- LoongArch: Rework the arch_kgdb_breakpoint() implementation
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states
are invalid
- octeontx2-af: Fix mbox INTR handler when num VFs > 64
- octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
- objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
- sched/smt: Always inline sched_smt_active()
- context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
- rcu-tasks: Always inline rcu_irq_work_resched()
- wifi: iwlwifi: fw: allocate chained SG tables for dump
- wifi: iwlwifi: mvm: use the right version of the rate API
- nvme-tcp: fix possible UAF in nvme_tcp_poll
- nvme-pci: clean up CMBMSC when registering CMB fails
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
- wifi: brcmfmac: keep power during suspend if board requires it
- affs: generate OFS sequence numbers starting at 1
- affs: don't write overlarge OFS data block size fields
- ALSA: hda/realtek: Fix Asus Z13 2025 audio
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
- perf/core: Fix perf_pmu_register() vs. perf_init_event()
- cifs: fix incorrect validation for num_aces field of smb_acl
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4
tablet
- platform/x86/intel/vsec: Add Diamond Rapids support
- HID: i2c-hid: improve i2c_hid_get_report error message
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using
CS35L41 HDA
- sched/deadline: Use online cpus for validating runtime
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED
state
- locking/semaphore: Use wake_q to wake up processes outside lock critical
section
- x86/hyperv: Fix output argument to hypercall that changes page
visibility
- x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
- nvme-pci: fix stuck reset on concurrent DPC and HP
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
- can: statistics: use atomic access in hot path
- memory: omap-gpmc: drop no compatible check
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
- riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and
make_call_ra
- ntb: intel: Fix using link status DB's
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
- RISC-V: errata: Use medany for relocatable builds
- x86/uaccess: Improve performance by aligning writes to 8 bytes in
copy_user_generic(), on non-FSRM/ERMS CPUs
- ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
- riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
- netfilter: nft_set_hash: GC reaps elements with conncount for dynamic
sets only
- vsock: avoid timeout during connect() if the socket is closing
- tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
- ipv6: Start path selection from the first nexthop
- ipv6: Do not consider link down nexthops in path selection
- drm/amdgpu/gfx11: fix num_mec
- perf/core: Fix child_total_time_enabled accounting bug at task exit
- tracing: Switch trace_events_hist.c code over to use guard()
- tracing/hist: Add poll(POLLIN) support on hist file
- tracing/hist: Support POLLPRI event for poll on histogram
- tracing: Correct the refcount if the hist/hist_debug file fails to open
- LoongArch: Increase ARCH_DMA_MINALIGN up to 16
- LoongArch: BPF: Fix off-by-one error in build_prologue()
- LoongArch: BPF: Don't override subprog's return value
- LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
- x86/hyperv: Fix check of return value from snp_set_vmsa()
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
- platform/x86: ISST: Correct command storage data length
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in
perf_copy_chunk()
- perf/x86/intel: Apply static call for drain_pebs
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
- mmc: omap: Fix memory leak in mmc_omap_new_slot
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
- tracing: Ensure module defining synth event cannot be unloaded while
tracing
- tracing: Fix synth event printk format for str fields
- tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
- ext4: don't over-report free space or inodes in statvfs
- jfs: add index corruption check to DT_GETPAGE()
- exec: fix the racy usage of fs_struct->in_exec
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
- tracing: Do not use PERF enums when perf is not defined
- smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
- sched: Cancel the slice protection of the idle entity
- cpufreq: tegra194: Allow building for Tegra234
- kunit/stackinit: Use fill byte different from Clang i386 pattern
- watchdog/hardlockup/perf: Fix perf_event memory leak
- x86/entry: Add __init to ia32_emulation_override_cmdline()
- regulator: pca9450: Fix enable register for LDO5
- auxdisplay: panel: Fix an API misuse in panel.c
- ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
- drm/ssd130x: fix ssd132x encoding
- drm/ssd130x: ensure ssd132x pitch is correct
- gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
- drm/panel: ilitek-ili9882t: fix GPIO name in error message
- drm/msm/dsi/phy: Program clock inverters in correct register
- PCI: brcmstb: Set generation limit before PCIe link up
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
- powerpc/kexec: fix physical address calculation in clear_utlb_entry()
- drm/mediatek: Fix config_updating flag never false when no mbox channel
- PCI: dwc: ep: Return -ENOMEM for allocation failures
- PCI/sysfs: Demacrofy pci_dev_resource_resize_attr(n) functions
- PCI: Fix BAR resizing when VF BARs are assigned
- dummycon: fix default rows/cols
- crypto: iaa - Test the correct request flag
- crypto: qat - set parity error mask for qat_420xx
- pinctrl: renesas: rzg2l: Suppress binding attributes
- clk: renesas: r8a08g045: Check the source of the CPU PLL settings
- remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
- pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
- s390: Remove ioremap_wt() and pgprot_writethrough()
- clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
- RDMA/mlx5: Fix MR cache initialization error flow
- power: supply: bq27xxx_battery: do not update cached flags prematurely
- pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
- crypto: qat - remove access to parity register for QAT GEN4
- clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
- perf report: Switch data file correctly in TUI
- perf debug: Avoid stack overflow in recursive error message
- NFSv4: Avoid unnecessary scans of filesystems for returning delegations
- NFSv4: Avoid unnecessary scans of filesystems for expired delegations
- NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
- um: Pass the correct Rust target and options with gcc
- perf dso: fix dso__is_kallsyms() check
- staging: vchiq_arm: Register debugfs after cdev
- perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
- LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
- net: phy: broadcom: Correct BCM5221 PHY model detection
- wifi: mac80211: Cleanup sta TXQs on flush
- wifi: mac80211: remove debugfs dir for virtual monitor
- smb: common: change the data type of num_aces to le16
- platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-
TA
- exfat: add a check for invalid data size
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41
HDA
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using
CS35L41 HDA
- wifi: mac80211: fix SA Query processing in MLO
- riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
- riscv/purgatory: 4B align purgatory_start
- nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
- spi: bcm2835: Do not call gpiod_put() on invalid descriptor
- spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
- kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
- tty: serial: fsl_lpuart: Use u32 and u8 for register variables
- tty: serial: fsl_lpuart: use port struct directly to simply code
- tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
- tty: serial: lpuart: only disable CTS instead of overwriting the whole
UARTMODIR register
- wifi: mac80211: Fix sparse warning for monitor_sdata
- LoongArch: Increase MAX_IO_PICS up to 8
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs
- x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
- wifi: mt76: mt7925: remove unused acpi function for clc
- media: omap3isp: Handle ARM dma_iommu_mapping
- Remove unnecessary firmware version check for gc v9_4_2
- exfat: fix potential wrong error return from get_block
- media: subdev: Fix use of sd->enabled_streams in call_s_stream()
- media: subdev: Improve v4l2_subdev_enable/disable_streams_fallback
- media: subdev: Add v4l2_subdev_is_streaming()
- NFSD: nfsd_unlink() clobbers non-zero status returned from
fh_fill_pre_attrs()
- NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
- platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
- Upstream stable to v6.6.87, v6.12.23
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22028
- media: vimc: skip .s_stream() for stopped entities
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22036
- exfat: fix random stack corruption after get_block
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22039
- ksmbd: fix overflow in dacloffset bounds check
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22062
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22065
- idpf: fix adapter NULL pointer dereference on reboot
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22068
- ublk: make sure ubq->canceling is set when queue is frozen
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22070
- fs/9p: fix NULL pointer dereference on mkdir
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-40114
- iio: light: Add check for array bounds in veml6075_read_int_time_ms
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22025
- nfsd: put dl_stid if fail to queue dl_recall
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22027
- media: streamzap: fix race between device disconnection and urb callback
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-39735
- jfs: fix slab-out-of-bounds read in ea_get()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22033
- arm64: Don't call NULL in do_compat_alignment_fixup()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22035
- tracing: Fix use-after-free in print_graph_function_flags during tracer
switching
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22038
- ksmbd: validate zero num_subauth before sub_auth is accessed
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22040
- ksmbd: fix session use-after-free in multichannel connection
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22041
- ksmbd: fix use-after-free in ksmbd_sessions_deregister()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22042
- ksmbd: add bounds check for create lease context
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22044
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22045
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22050
- usbnet:fix NPE during rx_complete
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22053
- net: ibmveth: make veth_pool_store stop hanging
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22054
- arcnet: Add NULL check in com20020pci_probe()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22055
- net: fix geneve_opt length integer overflow
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22056
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22057
- net: decrease cached dst counters in dst_release
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22058
- udp: Fix memory accounting leak.
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22060
- net: mvpp2: Prevent parser TCAM memory corruption
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38637
- net_sched: skbprio: Remove overly strict queue assertions
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22063
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22064
- netfilter: nf_tables: don't unregister hook when table is dormant
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22066
- ASoC: imx-card: Add NULL check in imx_card_probe()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2023-53034
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22071
- spufs: fix a leak in spufs_create_context()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22072
- spufs: fix gang directory lifetimes
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22073
- spufs: fix a leak on spufs_new_file() failure
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38575
- ksmbd: use aead_request_free to match aead_request_alloc
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22075
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-37937
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22079
- ocfs2: validate l_tree_depth to avoid out-of-bounds access
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22080
- fs/ntfs3: Prevent integer overflow in hdr_first_de()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22081
- fs/ntfs3: Fix a couple integer overflows on 32bit systems
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22083
- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22086
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22089
- RDMA/core: Don't expose hw_counters outside of init net namespace
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-39728
- clk: samsung: Fix UBSAN panic in samsung_clk_init()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22090
- x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38152
- remoteproc: core: Clear table_sz when rproc_shutdown
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38240
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22095
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22097
- drm/vkms: Fix use after free and double free on init error
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-23136
- thermal: int340x: Add NULL check for adev
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-23138
- watch_queue: fix pipe accounting mismatch
* Noble update: upstream stable patchset 2025-08-18 (LP: #2120877)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
- atm: Fix NULL pointer dereference
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
- ARM: Remove address checking for MMUless devices
- drm/dp_mst: Factor out function to queue a topology probe work
- drm/dp_mst: Add a helper to queue a topology probe
- drm/amd/display: Don't write DP_MSTM_CTRL after LT
- mm/page_alloc: fix memory accept before watermarks gets initialized
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
- counter: stm32-lptimer-cnt: fix error handling when enabling
- counter: microchip-tcb-capture: Fix undefined counter channel state on
probe
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- tty: serial: fsl_lpuart: disable transmitter before changing RS485
related registers
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
- net: usb: usbnet: restore usb%d name exception for local mac addresses
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
- nfsd: fix legacy client tracking initialization
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- perf tools: Fix up some comments and code to properly use the
event_source bus
- bcachefs: bch2_ioctl_subvolume_destroy() fixes
- Upstream stable to v6.6.86, v6.12.22
* CVE-2025-39682
- tls: fix handling of zero-length records on the rx_list
* CVE-2025-38500
- xfrm: interface: fix use-after-free after changing collect_md xfrm
interface
* TLS socket disconnection causes various issues (LP: #2120516) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-2025-37785
- ext4: fix OOB read when checking dotdot dir
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
-- Stefan Bader <stefan.bader@canonical.com> Mon, 29 Sep 2025 10:00:18 +0200
linux-hwe-6.8 (6.8.0-86.86~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-86.86~22.04.1 -proposed tracker (LP: #2125389)
[ Ubuntu: 6.8.0-86.86 ]
* noble/linux: 6.8.0-86.86 -proposed tracker (LP: #2125391)
* noble ubuntu_ftrace_smoke_test:mmiotrace timeout on aws:r5.metal
(LP: #2121673)
- mm: memcg: add NULL check to obj_cgroup_put()
- memcg: drain obj stock on cpu hotplug teardown
* [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z
hardware - perf part (LP: #2103415)
- perf list: Add IBM z17 event descriptions
* memory leaks when configuring a small rate limit in audit (LP: #2122554)
- audit: fix skb leak when audit rate limit is exceeded
* [UBUNTU 24.04] PAI/NNPA support for new IBM z17 (LP: #2121956)
- s390/pai: export number of sysfs attribute files
- s390/pai_crypto: Add support for MSA 10 and 11 pai counters
- s390/pai_ext: Update PAI extension 1 counters
* [UBUNTU 24.04] s390/pci: Don't abort recovery for user-space drivers
(LP: #2121150)
- s390/pci: Allow automatic recovery with minimal driver support
* [UBUNTU 24.04] s390/pci: Fix stale function handles in error handling
(LP: #2121149)
- s390/pci: Fix stale function handles in error handling
- s390/pci: Do not try re-enabling load/store if device is disabled
* [UBUNTU 24.04] vfio/pci: fix 8-byte PCI loads and stores (LP: #2121146)
- vfio/pci: Extract duplicated code into macro
- vfio/pci: Support 8-byte PCI loads and stores
- vfio/pci: Fix typo in macro to declare accessors
* x86 systems with PCIe BAR addresses located outside a certain range see
P2PDMA allocation failures and CUDA initialization errors (LP: #2120209)
- x86/kaslr: Reduce KASLR entropy on most x86 systems
- x86/mm/init: Handle the special case of device private pages in
add_pages(), to not increase max_pfn and trigger
dma_addressing_limited() bounce buffers
* sources list generation using dwarfdump takes up to 0.5hr in build process
(LP: #2104911)
- [Packaging] Don't generate list of source files
* [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
namespaces (LP: #2121257)
- apparmor: shift ouid when mediating hard links in userns
- apparmor: shift uid when mediating af_unix in userns
* UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:452:16
(LP: #2119713)
- EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
* [IdeaPad Slim 5 13ARP10 , 83J2] Microphone on AMD Ryzen 7 7735HS does not
work (LP: #2102749)
- ASoC: amd: yc: update quirk data for new Lenovo model
* Fix compilation failure because of incomplete backport (LP: #2120561)
- SAUCE: netfilter: ctnetlink: Fix -Wuninitialized in
ctnetlink_secctx_size()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
- cpufreq: scpi: compare kHz instead of Hz
- smack: dont compile ipv6 code unless ipv6 is configured
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
- EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald
Rapids
- x86/fpu: Fix guest FPU state buffer allocation size
- x86/fpu: Avoid copying dynamic FP state from init_task in
arch_dup_task_struct()
- x86/platform: Only allow CONFIG_EISA for 32-bit
- [Config] updateconfigs after disabling CONFIG_EISA for amd64
- x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
- lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
- PM: sleep: Adjust check before setting power.must_resume
- RISC-V: KVM: Disable the kernel perf counter during configure
- selinux: Chain up tool resolving errors in install_policy.sh
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
- EDAC/ie31200: Fix the DIMM size mask for several SoCs
- EDAC/ie31200: Fix the error path order of ie31200_init()
- PM: sleep: Fix handling devices with direct_complete set on errors
- lockdep: Don't disable interrupts on RT in
disable_irq_nosync_lockdep.*()
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
- x86/traps: Make exc_double_fault() consistently noreturn
- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
- media: verisilicon: HEVC: Initialize start_bit field
- media: platform: allgro-dvt: unregister v4l2_device on the error path
- platform/x86: dell-ddv: Fix temperature calculation
- ASoC: cs35l41: check the return value from spi_setup()
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
- dt-bindings: vendor-prefixes: add GOcontroll
- ALSA: hda/realtek: Always honor no_shutup_pins
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
compatible
- drm/bridge: ti-sn65dsi86: Fix multiple instances
- drm/dp_mst: Fix drm RAD print
- drm: xlnx: zynqmp: Fix max dma segment size
- PCI: Use downstream bridges for distributing resources
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
- drm/msm/dpu: don't use active in atomic_check()
- drm/msm/dsi: Use existing per-interface slice count in DSC timing
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
- drm/amdkfd: Fix Circular Locking Dependency in
'svm_range_cpu_invalidate_pagetables'
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
payload
- PCI: brcmstb: Use internal register to change link capability
- PCI: brcmstb: Fix potential premature regulator disabling
- PCI/portdrv: Only disable pciehp interrupts early when needed
- drm/amd/display: fix type mismatch in
CalculateDynamicMetadataParameters()
- PCI: Remove stray put_device() in pci_register_host_bridge()
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
- drm/amd/display: avoid NPD when ASIC does not support DMUB
- PCI: histb: Fix an error handling path in histb_pcie_probe()
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
- fbdev: au1100fb: Move a variable assignment behind a null pointer check
- mdacon: rework dependency list
- fbdev: sm501fb: Add some geometry checks.
- clk: amlogic: gxbb: drop incorrect flag on 32k clock
- crypto: hisilicon/sec2 - fix for aead authsize alignment
- crypto: hisilicon/sec2 - fix for sec spec check
- of: property: Increase NR_FWNODE_REFERENCE_ARGS
- remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
- libbpf: Fix hypothetical STT_SECTION extern NULL deref case
- selftests/bpf: Fix string read in strncmp benchmark
- clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
- RDMA/mana_ib: Ensure variable err is initialized
- remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
- bpf: Use preempt_count() directly in bpf_send_signal_common()
- lib: 842: Improve error handling in sw842_compress()
- pinctrl: renesas: rza2: Fix missing of_node_put() call
- pinctrl: renesas: rzg2l: Fix missing of_node_put() call
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
- RDMA/mlx5: Fix calculation of total invalidated pages
- remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
- IB/mad: Check available slots before posting receive WRs
- pinctrl: tegra: Set SFIO mode to Mux Register
- clk: amlogic: g12b: fix cluster A parent data
- clk: amlogic: gxbb: drop non existing 32k clock parent
- selftests/bpf: Select NUMA_NO_NODE to create map
- clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
- clk: amlogic: g12a: fix mmc A peripheral clock
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
- power: supply: max77693: Fix wrong conversion of charge input threshold
value
- crypto: nx - Fix uninitialised hv_nxc on error
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call
- mfd: sm501: Switch to BIT() to mitigate integer overflows
- leds: Fix LED_OFF brightness race
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to
misplaced assignment
- crypto: hisilicon/sec2 - fix for aead auth key length
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
- clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
- perf stat: Fix find_stat for mixed legacy/non-legacy events
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
- soundwire: slave: fix an OF node reference leak in soundwire slave
device
- coresight: catu: Fix number of pages while using 64k pages
- coresight-etm4x: add isb() before reading the TRCSTATR
- perf pmu: Don't double count common sysfs and json events
- ucsi_ccg: Don't show failed to get FW build information error
- iio: accel: mma8452: Ensure error return on failure to matching
oversampling ratio
- iio: accel: msa311: Fix failure to release runtime pm if direct mode
claim fails.
- perf arm-spe: Fix load-store operation checking
- perf bench: Fix perf bench syscall loop count
- usb: xhci: correct debug message page size calculation
- dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
- iio: adc: ad4130: Fix comparison of channel setups
- iio: adc: ad7124: Fix comparison of channel configs
- perf evlist: Add success path to evlist__create_syswide_maps
- perf units: Fix insufficient array space
- kernel/events/uprobes: handle device-exclusive entries correctly in
__replace_page()
- kexec: initialize ELF lowest address to ULONG_MAX
- arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
- NFSv4: Don't trigger uneccessary scans for return-on-close delegations
- fuse: fix dax truncate/punch_hole fault path
- selftests/mm/cow: fix the incorrect error handling
- um: remove copy_from_kernel_nofault_allowed
- um: hostfs: avoid issues on inode number reuse by host
- i3c: master: svc: Fix missing the IBI rules
- perf python: Fixup description of sample.id event member
- perf python: Decrement the refcount of just created event on failure
- perf python: Don't keep a raw_data pointer to consumed ring buffer space
- perf python: Check if there is space to copy all the event
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
- tty: n_tty: use uint for space returned by tty_write_room()
- fs/procfs: fix the comment above proc_pid_wchan()
- perf tools: annotate asm_pure_loop.S
- NFS: Shut down the nfs_client only after all the superblocks
- exfat: fix the infinite loop in exfat_find_last_cluster()
- ksmbd: fix multichannel connection failure
- net/mlx5e: SHAMPO, Make reserved size independent of page size
- ring-buffer: Fix bytes_dropped calculation issue
- objtool: Fix segfault in ignore_unreachable_insn()
- LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
- LoongArch: Rework the arch_kgdb_breakpoint() implementation
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states
are invalid
- octeontx2-af: Fix mbox INTR handler when num VFs > 64
- octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
- objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
- sched/smt: Always inline sched_smt_active()
- context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
- rcu-tasks: Always inline rcu_irq_work_resched()
- wifi: iwlwifi: fw: allocate chained SG tables for dump
- wifi: iwlwifi: mvm: use the right version of the rate API
- nvme-tcp: fix possible UAF in nvme_tcp_poll
- nvme-pci: clean up CMBMSC when registering CMB fails
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
- wifi: brcmfmac: keep power during suspend if board requires it
- affs: generate OFS sequence numbers starting at 1
- affs: don't write overlarge OFS data block size fields
- ALSA: hda/realtek: Fix Asus Z13 2025 audio
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
- perf/core: Fix perf_pmu_register() vs. perf_init_event()
- cifs: fix incorrect validation for num_aces field of smb_acl
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4
tablet
- platform/x86/intel/vsec: Add Diamond Rapids support
- HID: i2c-hid: improve i2c_hid_get_report error message
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using
CS35L41 HDA
- sched/deadline: Use online cpus for validating runtime
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED
state
- locking/semaphore: Use wake_q to wake up processes outside lock critical
section
- x86/hyperv: Fix output argument to hypercall that changes page
visibility
- x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
- nvme-pci: fix stuck reset on concurrent DPC and HP
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
- can: statistics: use atomic access in hot path
- memory: omap-gpmc: drop no compatible check
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
- riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and
make_call_ra
- ntb: intel: Fix using link status DB's
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
- RISC-V: errata: Use medany for relocatable builds
- x86/uaccess: Improve performance by aligning writes to 8 bytes in
copy_user_generic(), on non-FSRM/ERMS CPUs
- ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
- riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
- netfilter: nft_set_hash: GC reaps elements with conncount for dynamic
sets only
- vsock: avoid timeout during connect() if the socket is closing
- tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
- ipv6: Start path selection from the first nexthop
- ipv6: Do not consider link down nexthops in path selection
- drm/amdgpu/gfx11: fix num_mec
- perf/core: Fix child_total_time_enabled accounting bug at task exit
- tracing: Switch trace_events_hist.c code over to use guard()
- tracing/hist: Add poll(POLLIN) support on hist file
- tracing/hist: Support POLLPRI event for poll on histogram
- tracing: Correct the refcount if the hist/hist_debug file fails to open
- LoongArch: Increase ARCH_DMA_MINALIGN up to 16
- LoongArch: BPF: Fix off-by-one error in build_prologue()
- LoongArch: BPF: Don't override subprog's return value
- LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
- x86/hyperv: Fix check of return value from snp_set_vmsa()
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
- platform/x86: ISST: Correct command storage data length
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in
perf_copy_chunk()
- perf/x86/intel: Apply static call for drain_pebs
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
- mmc: omap: Fix memory leak in mmc_omap_new_slot
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
- tracing: Ensure module defining synth event cannot be unloaded while
tracing
- tracing: Fix synth event printk format for str fields
- tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
- ext4: don't over-report free space or inodes in statvfs
- jfs: add index corruption check to DT_GETPAGE()
- exec: fix the racy usage of fs_struct->in_exec
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
- tracing: Do not use PERF enums when perf is not defined
- smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
- sched: Cancel the slice protection of the idle entity
- cpufreq: tegra194: Allow building for Tegra234
- kunit/stackinit: Use fill byte different from Clang i386 pattern
- watchdog/hardlockup/perf: Fix perf_event memory leak
- x86/entry: Add __init to ia32_emulation_override_cmdline()
- regulator: pca9450: Fix enable register for LDO5
- auxdisplay: panel: Fix an API misuse in panel.c
- ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
- drm/ssd130x: fix ssd132x encoding
- drm/ssd130x: ensure ssd132x pitch is correct
- gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
- drm/panel: ilitek-ili9882t: fix GPIO name in error message
- drm/msm/dsi/phy: Program clock inverters in correct register
- PCI: brcmstb: Set generation limit before PCIe link up
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
- powerpc/kexec: fix physical address calculation in clear_utlb_entry()
- drm/mediatek: Fix config_updating flag never false when no mbox channel
- PCI: dwc: ep: Return -ENOMEM for allocation failures
- PCI/sysfs: Demacrofy pci_dev_resource_resize_attr(n) functions
- PCI: Fix BAR resizing when VF BARs are assigned
- dummycon: fix default rows/cols
- crypto: iaa - Test the correct request flag
- crypto: qat - set parity error mask for qat_420xx
- pinctrl: renesas: rzg2l: Suppress binding attributes
- clk: renesas: r8a08g045: Check the source of the CPU PLL settings
- remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
- pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
- s390: Remove ioremap_wt() and pgprot_writethrough()
- clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
- RDMA/mlx5: Fix MR cache initialization error flow
- power: supply: bq27xxx_battery: do not update cached flags prematurely
- pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
- crypto: qat - remove access to parity register for QAT GEN4
- clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
- perf report: Switch data file correctly in TUI
- perf debug: Avoid stack overflow in recursive error message
- NFSv4: Avoid unnecessary scans of filesystems for returning delegations
- NFSv4: Avoid unnecessary scans of filesystems for expired delegations
- NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
- um: Pass the correct Rust target and options with gcc
- perf dso: fix dso__is_kallsyms() check
- staging: vchiq_arm: Register debugfs after cdev
- perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
- LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
- net: phy: broadcom: Correct BCM5221 PHY model detection
- wifi: mac80211: Cleanup sta TXQs on flush
- wifi: mac80211: remove debugfs dir for virtual monitor
- smb: common: change the data type of num_aces to le16
- platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-
TA
- exfat: add a check for invalid data size
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41
HDA
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using
CS35L41 HDA
- wifi: mac80211: fix SA Query processing in MLO
- riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
- riscv/purgatory: 4B align purgatory_start
- nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
- spi: bcm2835: Do not call gpiod_put() on invalid descriptor
- spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
- kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
- tty: serial: fsl_lpuart: Use u32 and u8 for register variables
- tty: serial: fsl_lpuart: use port struct directly to simply code
- tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
- tty: serial: lpuart: only disable CTS instead of overwriting the whole
UARTMODIR register
- wifi: mac80211: Fix sparse warning for monitor_sdata
- LoongArch: Increase MAX_IO_PICS up to 8
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs
- x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
- wifi: mt76: mt7925: remove unused acpi function for clc
- media: omap3isp: Handle ARM dma_iommu_mapping
- Remove unnecessary firmware version check for gc v9_4_2
- exfat: fix potential wrong error return from get_block
- media: subdev: Fix use of sd->enabled_streams in call_s_stream()
- media: subdev: Improve v4l2_subdev_enable/disable_streams_fallback
- media: subdev: Add v4l2_subdev_is_streaming()
- NFSD: nfsd_unlink() clobbers non-zero status returned from
fh_fill_pre_attrs()
- NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
- platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
- Upstream stable to v6.6.87, v6.12.23
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22028
- media: vimc: skip .s_stream() for stopped entities
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22036
- exfat: fix random stack corruption after get_block
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22039
- ksmbd: fix overflow in dacloffset bounds check
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22062
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22065
- idpf: fix adapter NULL pointer dereference on reboot
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22068
- ublk: make sure ubq->canceling is set when queue is frozen
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22070
- fs/9p: fix NULL pointer dereference on mkdir
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-40114
- iio: light: Add check for array bounds in veml6075_read_int_time_ms
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22025
- nfsd: put dl_stid if fail to queue dl_recall
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22027
- media: streamzap: fix race between device disconnection and urb callback
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-39735
- jfs: fix slab-out-of-bounds read in ea_get()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22033
- arm64: Don't call NULL in do_compat_alignment_fixup()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22035
- tracing: Fix use-after-free in print_graph_function_flags during tracer
switching
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22038
- ksmbd: validate zero num_subauth before sub_auth is accessed
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22040
- ksmbd: fix session use-after-free in multichannel connection
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22041
- ksmbd: fix use-after-free in ksmbd_sessions_deregister()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22042
- ksmbd: add bounds check for create lease context
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22044
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22045
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22050
- usbnet:fix NPE during rx_complete
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22053
- net: ibmveth: make veth_pool_store stop hanging
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22054
- arcnet: Add NULL check in com20020pci_probe()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22055
- net: fix geneve_opt length integer overflow
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22056
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22057
- net: decrease cached dst counters in dst_release
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22058
- udp: Fix memory accounting leak.
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22060
- net: mvpp2: Prevent parser TCAM memory corruption
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38637
- net_sched: skbprio: Remove overly strict queue assertions
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22063
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22064
- netfilter: nf_tables: don't unregister hook when table is dormant
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22066
- ASoC: imx-card: Add NULL check in imx_card_probe()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2023-53034
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22071
- spufs: fix a leak in spufs_create_context()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22072
- spufs: fix gang directory lifetimes
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22073
- spufs: fix a leak on spufs_new_file() failure
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38575
- ksmbd: use aead_request_free to match aead_request_alloc
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22075
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-37937
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22079
- ocfs2: validate l_tree_depth to avoid out-of-bounds access
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22080
- fs/ntfs3: Prevent integer overflow in hdr_first_de()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22081
- fs/ntfs3: Fix a couple integer overflows on 32bit systems
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22083
- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22086
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22089
- RDMA/core: Don't expose hw_counters outside of init net namespace
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-39728
- clk: samsung: Fix UBSAN panic in samsung_clk_init()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22090
- x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38152
- remoteproc: core: Clear table_sz when rproc_shutdown
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38240
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22095
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22097
- drm/vkms: Fix use after free and double free on init error
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-23136
- thermal: int340x: Add NULL check for adev
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-23138
- watch_queue: fix pipe accounting mismatch
* Noble update: upstream stable patchset 2025-08-18 (LP: #2120877)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
- atm: Fix NULL pointer dereference
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
- ARM: Remove address checking for MMUless devices
- drm/dp_mst: Factor out function to queue a topology probe work
- drm/dp_mst: Add a helper to queue a topology probe
- drm/amd/display: Don't write DP_MSTM_CTRL after LT
- mm/page_alloc: fix memory accept before watermarks gets initialized
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
- counter: stm32-lptimer-cnt: fix error handling when enabling
- counter: microchip-tcb-capture: Fix undefined counter channel state on
probe
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- tty: serial: fsl_lpuart: disable transmitter before changing RS485
related registers
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
- net: usb: usbnet: restore usb%d name exception for local mac addresses
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
- nfsd: fix legacy client tracking initialization
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- perf tools: Fix up some comments and code to properly use the
event_source bus
- bcachefs: bch2_ioctl_subvolume_destroy() fixes
- Upstream stable to v6.6.86, v6.12.22
* CVE-2025-39682
- tls: fix handling of zero-length records on the rx_list
* CVE-2025-38500
- xfrm: interface: fix use-after-free after changing collect_md xfrm
interface
* TLS socket disconnection causes various issues (LP: #2120516) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-2025-37785
- ext4: fix OOB read when checking dotdot dir
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
-- Stefan Bader <stefan.bader@canonical.com> Fri, 26 Sep 2025 10:46:07 +0200
linux-hwe-6.8 (6.8.0-85.85~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-85.85~22.04.1 -proposed tracker (LP: #2125107)
[ Ubuntu: 6.8.0-85.85 ]
* noble/linux: 6.8.0-85.85 -proposed tracker (LP: #2125109)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* CVE-2025-38500
- xfrm: interface: fix use-after-free after changing collect_md xfrm
interface
* TLS socket disconnection causes various issues (LP: #2120516) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-2025-37785
- ext4: fix OOB read when checking dotdot dir
-- Stefan Bader <stefan.bader@canonical.com> Fri, 19 Sep 2025 16:46:01 +0200
linux-hwe-6.8 (6.8.0-84.84~22.04.1) jammy; urgency=medium
[ Ubuntu: 6.8.0-84.84 ]
* Linux refcount imbalance in af_unix subsystem (LP: #2121515)
- SAUCE: af_unix: Fix GC compatibility with upstream OOB refcount changes
-- Stefan Bader <stefan.bader@canonical.com> Tue, 09 Sep 2025 14:53:24 +0200
linux-hwe-6.8 (6.8.0-81.81~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-81.81~22.04.1 -proposed tracker (LP: #2120037)
* Packaging resync (LP: #1786013)
- [Packaging] debian.hwe-6.8/dkms-versions -- update from kernel-versions
(main/2025.08.11)
[ Ubuntu: 6.8.0-81.81 ]
* noble/linux: 6.8.0-81.81 -proposed tracker (LP: #2121671)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.08.11)
* nvme no longer detected on boot after upgrade to 6.8.0-60 (LP: #2111521)
- SAUCE: PCI: Disable RRS polling for Intel SSDPE2KX020T8 nvme
* No IP Address assigned after hot-plugging Ethernet cable on HP Platform
(LP: #2115393)
- Revert "e1000e: change k1 configuration on MTP and later platforms"
* minimal kernel lacks modules for blk disk in arm64 openstack environments
where config_drive is required (LP: #2118499)
- [Config] Enable SYM53C8XX_2 on arm64
* rcu: Eliminate deadlocks involving do_exit() and RCU tasks (LP: #2117123)
- rcu-tasks: Initialize callback lists at rcu_init() time
- rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() deadlocks
- rcu-tasks: Eliminate deadlocks involving do_exit() and RCU tasks
- rcu-tasks: Maintain real-time response in rcu_tasks_postscan()
* BPF header file in wrong location (LP: #2118965)
- [Packaging] Install bpf header to correct location
* i915: support ARL-H gpu (LP: #2117716)
- drm/i915: Add additional ARL PCI IDs
- drm/i915/mtl: Add fake PCH for Meteor Lake
- drm/i915/mtl: Wake GT before sending H2G message
- drm/i915/xelpg: Add workaround 14019877138
- drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+
- drm/i915/display: correct dual pps handling for MTL_PCH+
* Ubuntu 24.04.2: NULL pointer dereference with Ceph and selinux
(LP: #2115447)
- SAUCE: fs/ceph, selinux: fix NULL pointer dereference on CephFS write
with SELinux in permissive mode
* Noble update: upstream stable patchset 2025-08-04 (LP: #2119458)
- clockevents/drivers/i8253: Fix stop sequence for timer 0
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full
- hrtimer: Use and report correct timerslack values for realtime tasks
- mm: add nommu variant of vm_insert_pages()
- io_uring: get rid of remap_pfn_range() for mapping rings/sqes
- io_uring: don't attempt to mmap larger than what the user asks for
- io_uring: fix corner case forgetting to vunmap
- io_uring: use vmap() for ring mapping
- io_uring: unify io_pin_pages()
- io_uring/kbuf: vmap pinned buffer ring
- io_uring/kbuf: use vm_insert_pages() for mmap'ed pbuf ring
- io_uring: use unpin_user_pages() where appropriate
- io_uring: fix error pbuf checking
- rust: Disallow BTF generation with Rust + LTO
- rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and
`Option<KBox<T>>`
- lib/buildid: Handle memfd_secret() files in build_id_parse()
- mm: split critical region in remap_file_pages() and invoke LSMs in
between
- stmmac: loongson: Pass correct arg to PCI function
- rust: lockdep: Remove support for dynamically allocated LockClassKeys
- netfilter: nf_tables: allow clone callbacks to sleep
- drm/amd/display: should support dmub hw lock on Replay
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
- KVM: arm64: Calculate cptr_el2 traps on activating traps
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
- KVM: arm64: Remove host FPSIMD saving for non-protected KVM
- KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
- KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
- KVM: arm64: Refactor exit handlers
- KVM: arm64: Eagerly switch ZCR_EL{1,2}
- Revert "sched/core: Reduce cost of sched_move_task when config
autogroup"
- wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version
8
- netfilter: nft_counter: Use u64_stats_t for statistic.
- firmware: imx-scu: fix OF node leak in .probe()
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply
- arm64: dts: rockchip: remove supports-cqe from rk3588 jaguar
- xfrm: fix tunnel mode TX datapath in packet offload mode
- xfrm_output: Force software GSO only in tunnel mode
- soc: imx8m: Remove global soc_uid
- soc: imx8m: Use devm_* to simplify probe failure handling
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path
- ARM: dts: bcm2711: Fix xHCI power-domain
- ARM: dts: bcm2711: PL011 UARTs are actually r1p5
- arm64: dts: rockchip: Remove undocumented sdmmc property from lubancat-1
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate()
- ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP
- ARM: dts: bcm2711: Don't mark timer regs unconfigured
- dma-mapping: fix missing clear bdr in check_ram_in_range_map()
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
- RDMA/hns: Fix soft lockup during bt pages loop
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
- RDMA/hns: Fix a missing rollback in error path of
hns_roce_create_qp_common()
- RDMA/hns: Fix missing xa_destroy()
- RDMA/hns: Fix wrong value of max_sge_rd
- Bluetooth: Fix error code in chan_alloc_skb_cb()
- Bluetooth: hci_event: Fix connection regression between LE and non-LE
adapters
- accel/qaic: Fix possible data corruption in BOs > 2G
- ARM: davinci: da850: fix selecting ARCH_DAVINCI_DA8XX
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
- devlink: fix xa_alloc_cyclic() error handling
- dpll: fix xa_alloc_cyclic() error handling
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU
- net: atm: fix use after free in lec_send()
- net: lwtunnel: fix recursion loops
- net: ipv6: ioam6: fix lwtunnel_output() loop
- libfs: Fix duplicate directory entry in offset_dir_lookup
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
- i2c: omap: fix IRQ storms
- net: mana: Support holes in device list reply msg
- can: rcar_canfd: Fix page entries in the AFL list
- can: ucan: fix out of bound read in strscpy() source
- can: flexcan: only change CAN state when link up in system PM
- can: flexcan: disable transceiver during system PM
- drm/xe: Fix exporting xe buffers multiple times
- drm/v3d: Don't run jobs that have errors flagged in its fence
- riscv: dts: starfive: Fix a typo in StarFive JH7110 pin function
definitions
- regulator: dummy: force synchronous probing
- regulator: check that dummy regulator has been probed before using it
- accel/qaic: Fix integer overflow in qaic_validate_req()
- arm64: dts: freescale: imx8mp-verdin-dahlia: add Microphone Jack to
sound card
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to
sound card
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
- mmc: atmel-mci: Add missing clk_disable_unprepare()
- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT
- mm/migrate: fix shmem xarray update during migration
- proc: fix UAF in proc_get_inode()
- ARM: dts: imx6qdl-apalis: Fix poweroff on Apalis iMX6
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment
- efi/libstub: Avoid physical address 0x0 when doing random allocation
- xsk: fix an integer overflow in xp_create_and_assign_umem()
- batman-adv: Ignore own maximum aggregation size during RX
- soc: qcom: pdr: Fix the potential deadlock
- pmdomain: amlogic: fix T7 ISP secpower
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
- drm/sched: Fix fence reference count leak
- drm/amd/display: Fix message for support_edp0_on_dp1
- drm/amd/pm: add unique_id for gfx12
- drm/amdgpu: Remove JPEG from vega and carrizo video caps
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
- ksmbd: fix incorrect validation for num_aces field of smb_acl
- KVM: arm64: Mark some header functions as inline
- arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S
- mptcp: Fix data stream corruption in the address announcement
- net: lwtunnel: disable BHs when required
- Upstream stable to v6.6.84, v6.6.85, v6.12.21
* Noble update: upstream stable patchset 2025-07-28 (LP: #2118927)
- drm/i915/xe2lpd: Move D2D enable/disable
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL
- ibmvnic: Perform tx CSO during send scrq direct
- ibmvnic: Inspect header requirements before using scrq direct
- drm/amdgpu: Check extended configuration space register when system uses
large bar
- drm/amdgpu: disable BAR resize on Dell G5 SE
- net: enetc: Remove setting of RX software timestamp
- net: enetc: Replace ifdef with IS_ENABLED
- net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
- NFS: O_DIRECT writes must check and adjust the file length
- riscv: cacheinfo: remove the useless input parameter (node) of
ci_leaf_init()
- riscv: cacheinfo: initialize cacheinfo's level and type from ACPI PPTT
- riscv: Prevent a bad reference count on CPU nodes
- riscv: cacheinfo: Use of_property_present() for non-boolean properties
- mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear()
- arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
- ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr
- x86/boot: Sanitize boot params before parsing command line
- fbdev: hyperv_fb: iounmap() the correct memory when removing a device
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
- pinctrl: nuvoton: npcm8xx: Add NULL check in npcm8xx_gpio_fw
- netfilter: nft_ct: Use __refcount_inc() for per-CPU
nft_ct_pcpu_template.
- ice: fix memory leak in aRFS after reset
- netfilter: nf_conncount: garbage collection is not skipped when jiffies
wrap around
- netfilter: nf_tables: make destruction work queue pernet
- sched: address a potential NULL pointer dereference in the GRED
scheduler.
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms
- wifi: mac80211: don't queue sdata::work for a non-running sdata
- wifi: cfg80211: cancel wiphy_work before freeing wiphy
- Bluetooth: hci_event: Fix enabling passive scanning
- net/mlx5: Fill out devlink dev info only for PFs
- net: dsa: mv88e6xxx: Verify after ATU Load ops
- net: mctp i3c: Copy headers if cloned
- net: mctp i2c: Copy headers if cloned
- netpoll: hold rcu read lock in __netpoll_send_skb()
- drm/hyperv: Fix address space leak when Hyper-V DRM device is removed
- fbdev: hyperv_fb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs
- fbdev: hyperv_fb: Simplify hvfb_putmem
- fbdev: hyperv_fb: Allow graceful removal of framebuffer
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
- net/mlx5: handle errors in mlx5_chains_create_table()
- eth: bnxt: fix truesize for mb-xdp-pass case
- eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
- net: switchdev: Convert blocking notification chain to a raw one
- net: mctp: unshare packets when reassembling
- bonding: fix incorrect MAC address setting to receive NS messages
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
insert_tree()
- ipvs: prevent integer overflow in do_ip_vs_get_ctl()
- netfilter: nft_exthdr: fix offset with ipv4_find_option()
- net: openvswitch: remove misbehaving actions length check
- net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch
- net/mlx5: Bridge, fix the crash caused by LAG state check
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed
devices
- nvme-fc: go straight to connecting state when initializing
- nvme-fc: do not ignore connectivity loss during connecting
- hrtimers: Mark is_migration_base() with __always_inline
- powercap: call put_device() on an error path in
powercap_register_control_type()
- futex: Pass in task to futex_queue()
- sched/debug: Provide slice length for fair tasks
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show()
- scsi: core: Use GFP_NOIO to avoid circular locking dependency
- scsi: ufs: core: Fix error return with query response
- scsi: qla1280: Fix kernel oops when debug level > 2
- ACPI: resource: IRQ override for Eluktronics MECH-17
- smb: client: fix noisy when tree connecting to DFS interlink targets
- alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
- vboxsf: fix building with GCC 15
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
- HID: intel-ish-hid: Send clock sync message immediately after reset
- HID: ignore non-functional sensor in HP 5MP Camera
- HID: hid-steam: Fix issues with disabling both gamepad mode and lizard
mode
- usb: phy: generic: Use proper helper for property detection
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard
- objtool: Ignore dangling jump table entries
- sched: Clarify wake_up_q()'s write to task->wake_q.next
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles
- platform/x86: int3472: Use str_high_low()
- platform/x86: int3472: Use GPIO_LOOKUP() macro
- platform/x86: int3472: Use correct type for "polarity", call it
gpio_flags
- platform/x86: int3472: Call "reset" GPIO "enable" for INT347E
- s390/cio: Fix CHPID "configure" attribute caching
- thermal/cpufreq_cooling: Remove structure member documentation
- LoongArch: KVM: Set host with kernel mode when switch to VM mode
- arm64: amu: Delay allocating cpumask for AMU FIE support
- Xen/swiotlb: mark xen_swiotlb_fixup() __init
- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
- selftests/bpf: Fix invalid flag of recv()
- ASoC: Intel: sof_sdw: Add lookup of quirk using PCI subsystem ID
- ASoC: simple-card-utils.c: add missing dlc->of_node
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50
- ASoC: rsnd: indicate unsupported clock rate
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
- ASoC: rsnd: adjust convert rate limitation
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
- ASoC: SOF: amd: Add post_fw_run_delay ACP quirk
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
- io-wq: backoff when retrying worker creation
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done
- apple-nvme: Release power domains when probe fails
- cifs: Treat unhandled directory name surrogate reparse points as mount
directory nodes
- sctp: Fix undefined behavior in left shift operation
- nvme: only allow entering LIVE from CONNECTING state
- phy: ti: gmii-sel: Simplify with dev_err_probe()
- phy: ti: gmii-sel: Do not use syscon helper to build regmap
- ASoC: tas2770: Fix volume scale
- ASoC: tas2764: Fix power control mask
- ASoC: tas2764: Set the SDOUT polarity correctly
- fuse: don't truncate cached, mutated symlink
- drm/vkms: Round fixp2int conversion in lerp_u16
- perf/x86/intel: Use better start period for frequency mode
- x86/irq: Define trace events conditionally
- mptcp: safety check before fallback
- drm/nouveau: Do not override forced connector status
- net: Handle napi_schedule() calls from non-interrupt
- block: fix 'kmem_cache of name 'bio-108' already exists'
- cifs: Validate content of WSL reparse point buffers
- cifs: Throw -EOPNOTSUPP error on unsupported reparse point type from
parse_reparse_point()
- Input: ads7846 - fix gpiod allocation
- Input: iqs7222 - preserve system status register
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE
controllers
- Input: xpad - add multiple supported devices
- Input: xpad - add support for ZOTAC Gaming Zone
- Input: xpad - add support for TECNO Pocket Go
- Input: xpad - rename QH controller to Legion Go S
- Input: i8042 - swap old quirk combination with new quirk for NHxxRZQ
- Input: i8042 - add required quirks for missing old boardnames
- Input: i8042 - swap old quirk combination with new quirk for several
devices
- Input: i8042 - swap old quirk combination with new quirk for more
devices
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
- USB: serial: option: add Telit Cinterion FE990B compositions
- USB: serial: option: fix Telit Cinterion FE990A name
- USB: serial: option: match on interface class for Telit FN990B
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
- drm/i915/cdclk: Do cdclk post plane programming later
- drm/atomic: Filter out redundant DPMS calls
- drm/dp_mst: Fix locking when skipping CSN before topology probing
- drm/amd/amdkfd: Evict all queues even HWS remove queue failed
- drm/amd/display: Disable unneeded hpd interrupts during dm_init
- drm/amd/display: Restore correct backlight brightness after a GPU reset
- drm/amd/display: Assign normalized_pix_clk when color depth = 14
- drm/amd/display: Fix slab-use-after-free on hdcp_work
- ksmbd: fix use-after-free in ksmbd_free_work_struct
- ksmbd: prevent connection release during oplock break notification
- clk: samsung: update PLL locktime for PLL142XX used on FSD platform
- clk: samsung: gs101: fix synchronous external abort in
samsung_clk_save()
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature
- arm64: mm: Populate vmemmap at the page level if not section aligned
- Fix mmu notifiers for range-based invalidates
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c
- smb: client: fix regression with guest option
- net: phy: nxp-c45-tja11xx: add TJA112X PHY configuration errata
- net: phy: nxp-c45-tja11xx: add TJA112XB SGMII PCS restart errata
- ASoC: ops: Consistently treat platform_max as control value
- rust: error: add missing newline to pr_warn! calls
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
- ASoC: cs42l43: Fix maximum ADC Volume
- rust: init: add missing newline to pr_info! calls
- ASoC: rt722-sdca: add missing readable registers
- drm/xe: cancel pending job timer before freeing scheduler
- drm/xe: Release guc ids before cancelling work
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
- scripts: generate_rust_analyzer: add missing macros deps
- scripts: generate_rust_analyzer: add missing include_dirs
- scripts: generate_rust_analyzer: add uapi crate
- cifs: Fix integer overflow while processing acregmax mount option
- cifs: Fix integer overflow while processing acdirmax mount option
- cifs: Fix integer overflow while processing actimeo mount option
- cifs: Fix integer overflow while processing closetimeo mount option
- x86/vmware: Parse MP tables for SEV-SNP enabled guests under VMware
hypervisors
- i2c: ali1535: Fix an error handling path in ali1535_probe()
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
- i2c: sis630: Fix an error handling path in sis630_probe()
- mm/hugetlb: wait for hugetlb folios to be freed
- smb3: add support for IAKerb
- smb: client: Fix match_session bug preventing session reuse
- Bluetooth: L2CAP: Fix corrupted list in hci_chan_del
- nvme-fc: rely on state transitions to handle connectivity loss
- HID: apple: disable Fn key handling on the Omoton KB066
- Input: xpad - fix two controller table values
- cifs: Ensure that all non-client-specific reparse points are processed
by the server
- wifi: cfg80211: init wiphy_work before allocating rfkill fails
- ksmbd: fix r_count dec/increment mismatch
- nvme: unblock ctrl state transition for firmware update
- Upstream stable to v6.6.83, v6.12.20
* Noble update: upstream stable patchset 2025-07-22 (LP: #2117533)
- x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
- gpio: vf610: use generic device_get_match_data()
- gpio: vf610: add locking to gpio direction functions
- cifs: Remove symlink member from cifs_open_info_data union
- smb311: failure to open files of length 1040 when mounting with SMB3.1.1
POSIX extensions
- btrfs: fix data overwriting bug during buffered write when block size <
page size
- x86/microcode/AMD: Add some forgotten models to the SHA check
- rust: workqueue: remove unneeded ``#[allow(clippy::new_ret_no_self)]`
- rust: init: remove unneeded `#[allow(clippy::disallowed_names)]`
- rust: introduce `.clippy.toml`
- rust: replace `clippy::dbg_macro` with `disallowed_macros`
- rust: provide proper code documentation titles
- rust: enable Clippy's `check-private-items`
- Documentation: rust: add coding guidelines on lints
- Documentation: rust: discuss `#[expect(...)]` in the guidelines
- rust: error: make conversion functions public
- rust: error: optimize error type to use nonzero
- rust: error: check for config `test` in `Error::name`
- rust: fix size_t in bindgen prototypes of C builtins
- rust: map `__kernel_size_t` and friends also to usize/isize
- tracing: tprobe-events: Fix a memory leak when tprobe with $retval
- LoongArch: Convert unreachable() to BUG()
- LoongArch: Use polling play_dead() when resuming from hibernation
- LoongArch: Set max_pfn with the PFN of the last page
- LoongArch: KVM: Add interrupt checking for AVEC
- LoongArch: KVM: Reload guest CSR registers after sleep
- LoongArch: KVM: Fix GPA size issue about VM
- HID: appleir: Fix potential NULL dereference at raw event handle
- ksmbd: fix type confusion via race condition when using
ipc_msg_send_request
- ksmbd: fix out-of-bounds in parse_sec_desc()
- ksmbd: fix use-after-free in smb2_lock
- ksmbd: fix bug on trap in smb2_lock
- gpio: rcar: Use raw_spinlock to protect register access
- ALSA: seq: Avoid module auto-load handling at event delivery
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
- ALSA: hda/realtek: update ALC222 depop optimize
- btrfs: fix a leaked chunk map issue in read_one_chunk()
- hwmon: (peci/dimmtemp) Do not provide fake thresholds data
- drm/amd/display: Fix null check for pipe_ctx->plane_state in
resource_build_scaling_params
- drm/imagination: avoid deadlock on fence release
- drm/imagination: Hold drm_gem_gpuva lock for unmap
- drm/imagination: only init job done fences once
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
- Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
- wifi: cfg80211: regulatory: improve invalid hints checking
- wifi: nl80211: reject cooked mode if it is set along with other flags
- rapidio: add check for rio_add_net() in rio_scan_alloc_net()
- rapidio: fix an API misues when rio_add_net() fails
- dma: kmsan: export kmsan_handle_dma() for modules
- s390/traps: Fix test_monitor_call() inline assembly
- NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback
- userfaultfd: do not block on locking a large folio with raised refcount
- block: fix conversion of GPT partition name to 7-bit
- mm/page_alloc: fix uninitialized variable
- mm: don't skip arch_sync_kernel_mappings() in error paths
- wifi: iwlwifi: mvm: don't try to talk to a dead firmware
- wifi: iwlwifi: limit printed string from FW file
- HID: google: fix unused variable warning under !CONFIG_ACPI
- HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
- bluetooth: btusb: Initialize .owner field of force_poll_sync_fops
- nvme-tcp: add basic support for the C2HTermReq PDU
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
- net: gso: fix ownership in __udp_gso_segment
- caif_virtio: fix wrong pointer check in cfv_probe()
- perf/core: Fix pmus_lock vs. pmus_srcu ordering
- hwmon: (pmbus) Initialise page count in pmbus_identify()
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
- hwmon: (ad7314) Validate leading zero bits and return error
- tracing: probe-events: Remove unused MAX_ARG_BUF_LEN macro
- drm/imagination: Fix timestamps in firmware traces
- ALSA: usx2y: validate nrpacks module parameter on probe
- llc: do not use skb_get() before dev_queue_xmit()
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
- drm/sched: Fix preprocessor guard
- be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
- net: hns3: make sure ptp clock is unregister and freed if
hclge_ptp_get_cycle returns an error
- net: ipa: Fix v4.7 resource group names
- net: ipa: Fix QSB data for v4.7
- net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7
- ppp: Fix KMSAN uninit-value warning with bpf
- vlan: enforce underlying device type
- x86/sgx: Fix size overflows in sgx_encl_create()
- exfat: fix soft lockup in exfat_clear_bitmap
- exfat: short-circuit zero-byte writes in exfat_file_write_iter
- net-timestamp: support TCP GSO case for a few missing flags
- ublk: set_params: properly check if parameters can be applied
- sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection()
- net: dsa: mt7530: Fix traffic flooding for MMIO devices
- mctp i3c: handle NULL header address
- net: ipv6: fix dst ref loop in ila lwtunnel
- net: ipv6: fix missing dst ref drop in ila lwtunnel
- gpio: rcar: Fix missing of_node_put() call
- usb: renesas_usbhs: Call clk_put()
- usb: renesas_usbhs: Use devm_usb_get_phy()
- usb: hub: lack of clearing xHC resources
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card
Reader
- usb: typec: ucsi: Fix NULL pointer access
- usb: renesas_usbhs: Flush the notify_hotplug_work
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails
- usb: atm: cxacru: fix a flaw in existing endpoint checks
- usb: dwc3: Set SUSPENDENABLE soon after phy init
- usb: dwc3: gadget: Prevent irq storm when TH re-executes
- usb: typec: ucsi: increase timeout for PPM reset operations
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
- usb: gadget: Fix setting self-powered state on suspend
- usb: gadget: Check bmAttributes only if configuration is valid
- kbuild: userprogs: use correct lld when linking through clang
- xhci: pci: Fix indentation in the PCI device ID definitions
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow
- KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value
- KVM: SVM: Suppress DEBUGCTL.BTF on AMD
- KVM: x86: Snapshot the host's DEBUGCTL in common x86
- KVM: SVM: Manually context switch DEBUGCTL if LBR virtualization is
disabled
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
- KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by
KVM
- cdx: Fix possible UAF error in driver_override_show()
- mei: me: add panther lake P DID
- mei: vsc: Use "wakeuphostint" when getting the host wakeup GPIO
- intel_th: pci: Add Arrow Lake support
- intel_th: pci: Add Panther Lake-H support
- intel_th: pci: Add Panther Lake-P/U support
- slimbus: messaging: Free transaction ID in delayed interrupt scenario
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid
deadlock
- eeprom: digsy_mtc: Make GPIO lookup table match the device
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
- iio: filter: admv8818: Force initialization of SDO
- iio: dac: ad3552r: clear reset status flag
- iio: adc: ad7192: fix channel select
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
- kbuild: hdrcheck: fix cross build with clang
- nvme-tcp: Fix a C2HTermReq error message
- docs: rust: remove spurious item in `expect` list
- Upstream stable to v6.6.82, v6.12.19
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878)
- IB/mlx5: Set and get correct qp_num for a DCT QP
- RDMA/mana_ib: Allocate PAGE aligned doorbell index
- scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out()
- SUNRPC: convert RPC_TASK_* constants to enum
- SUNRPC: Prevent looping due to rpc_signal_task() races
- SUNRPC: Handle -ETIMEDOUT return from tlshd
- RDMA/mlx5: Fix AH static rate parsing
- scsi: core: Clear driver private data when retrying request
- RDMA/mlx5: Fix bind QP error cleanup flow
- sunrpc: suppress warnings for unused procfs functions
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
- rxrpc: rxperf: Fix missing decoding of terminal magic cookie
- afs: Fix the server_list to unuse a displaced server rather than putting
it
- net: loopback: Avoid sending IP packets without an Ethernet header
- net: set the minimum for net_hotdata.netdev_budget_usecs
- net/ipv4: add tracepoint for icmp_send
- ipv4: icmp: Pass full DS field to ip_route_input()
- ipv4: icmp: Unmask upper DSCP bits in icmp_route_lookup()
- ipvlan: Unmask upper DSCP bits in ipvlan_process_v4_outbound()
- ipv4: Convert icmp_route_lookup() to dscp_t.
- ipv4: Convert ip_route_input() to dscp_t.
- ipvlan: Prepare ipvlan_process_v4_outbound() to future .flowi4_tos
conversion.
- net: cadence: macb: Synchronize stats calculations
- ASoC: es8328: fix route from DAC to output
- ipvs: Always clear ipvs_property flag in skb_scrub_packet()
- firmware: cs_dsp: Remove async regmap writes
- ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15
- ice: add E830 HW VF mailbox message limit support
- tcp: Defer ts_recent changes until req is owned
- net: Clear old fragment checksum value in napi_reuse_skb
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
- net/mlx5: IRQ, Fix null string in debug print
- net: ipv6: fix dst ref loop on input in seg6 lwt
- net: ipv6: fix dst ref loop on input in rpl lwt
- net: ti: icss-iep: Remove spinlock-based synchronization
- net: ti: icss-iep: Reject perout generation request
- io_uring/net: save msg_control for compat
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
- phy: rockchip: naneng-combphy: compatible reset with old DT
- RISCV: KVM: Introduce mp_state_lock to avoid lock inversion
- riscv: KVM: Fix hart suspend status check
- riscv: KVM: Fix SBI IPI error generation
- riscv: KVM: Fix SBI TIME error generation
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
- ALSA: hda/realtek: Fix microphone regression on ASUS N705UD
- perf/x86: Fix low freqency setting issue
- perf/core: Fix low freq setting via IOC_PERIOD
- drm/amd/display: Disable PSR-SU on eDP panels
- drm/amd/display: Fix HPD after gpu reset
- i2c: ls2x: Fix frequency division register access
- net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
- net: enetc: keep track of correct Tx BD count in
enetc_map_tx_tso_buffs()
- net: enetc: update UDP checksum when updating originTimestamp field
- net: enetc: correct the xdp_tx statistics
- net: enetc: fix the off-by-one issue in enetc_map_tx_tso_buffs()
- phy: tegra: xusb: reset VBUS & ID OVERRIDE
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in
refclk
- mptcp: reset when MPTCP opts are dropped after join
- vmlinux.lds: Ensure that const vars with relocations are mapped R/O
- rcuref: Plug slowpath race in rcuref_put()
- rseq/selftests: Fix riscv rseq_offset_deref_addv inline asm
- riscv/futex: sign extend compare value in atomic cmpxchg
- riscv: signal: fix signal frame size
- rtla/timerlat_hist: Set OSNOISE_WORKLOAD for kernel threads
- rtla/timerlat_top: Set OSNOISE_WORKLOAD for kernel threads
- amdgpu/pm/legacy: fix suspend/resume issues
- gve: set xdp redirect target only when it is available
- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID
- x86/microcode/AMD: Pay attention to the stepping dynamically
- x86/microcode/AMD: Split load_microcode_amd()
- x86/microcode/intel: Remove unnecessary cache writeback and invalidation
- x86/microcode/AMD: Flush patch buffer mapping after application
- x86/microcode/AMD: Return bool from find_blobs_in_containers()
- x86/microcode/AMD: Make __verify_patch_size() return bool
- x86/microcode/AMD: Have __apply_microcode_amd() return bool
- x86/microcode/AMD: Merge early_apply_microcode() into its single
callsite
- x86/microcode/AMD: Get rid of the _load_microcode_amd() forward
declaration
- x86/microcode/AMD: Add get_patch_level()
- x86/microcode/AMD: Load only SHA256-checksummed patches
- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive
- RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error
- RDMA/hns: Fix mbox timing out by adding retry mechanism
- RDMA/bnxt_re: Allocate dev_attr information dynamically
- RDMA/bnxt_re: Fix the statistics for Gen P7 VF
- landlock: Fix non-TCP sockets restriction
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration
- scsi: ufs: core: Set default runtime/system PM levels before
ufshcd_hba_init()
- afs: Give an afs_server object a ref on the afs_cell object it points to
- ASoC: cs35l56: Prevent races when soft-resetting using SPI control
- thermal: gov_power_allocator: Fix incorrect calculation in
divvy_up_power()
- unreachable: Unify
- objtool: Remove annotate_{,un}reachable()
- objtool: Fix C jump table annotations for Clang
- riscv: KVM: Fix hart suspend_type use
- KVM: arm64: Ensure a VMID is allocated before programming VTTBR_EL2
- drm/xe/regs: remove a duplicate definition for RING_CTL_SIZE(size)
- drm/xe/userptr: restore invalidation list on error
- drm/amdkfd: Preserve cp_hqd_pq_control on update_mqd
- drm/amd/display: Add option to configure mapping policy for edp0 on dp1
- drm/amd/display: add a quirk to enable eDP0 on DP1
- intel_idle: Handle older CPUs, which stop the TSC in deeper C states,
correctly
- selftests/landlock: Test that MPTCP actions are not restricted
- selftests/landlock: Test TCP accesses with protocol=IPPROTO_TCP
- riscv: signal: fix signal_minsigstksz
- x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section()
signature
- x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd()
declarations
- Upstream stable to v6.6.81, v6.12.18
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21872
- efi: Don't map the entire mokvar table to determine its size
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21880
- drm/xe/userptr: fix EFAULT handling
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21890
- idpf: fix checksums set in idpf_rx_rsc()
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21885
- RDMA/bnxt_re: Fix the page details for the srq created by kernel
consumers
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21888
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21892
- RDMA/mlx5: Fix the recovery flow of the UMR QP
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21873
- scsi: ufs: core: bsg: Fix crash when arpmb command fails
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2024-58090
- sched/core: Prevent rescheduling when interrupts are disabled
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21875
- mptcp: always handle address removal under msk socket lock
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21877
- usbnet: gl620a: fix endpoint checking in genelink_bind()
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21878
- i2c: npcm: disable interrupt enable bit before devm_request_irq
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21889
- perf/core: Add RCU read lock protection to perf_iterate_ctx()
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21898
- ftrace: Avoid potential division by zero in function_stat_show()
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21899
- tracing: Fix bad hist from corrupting named_triggers list
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21881
- uprobes: Reject the shared zeropage in uprobe_write_opcode()
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21895
- perf/core: Order the PMU list to fix warning about unordered
pmu_ctx_list
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21883
- ice: Fix deinitializing VF in error path
* Noble update: upstream stable patchset 2025-07-14 (LP: #2116878) //
CVE-2025-21891
- ipvlan: ensure network headers are in skb linear part
* CVE-2024-57996 // CVE-2025-37752
- net_sched: sch_sfq: move the limit validation
* CVE-2025-38350
- net/sched: Always pass notifications when child class becomes empty
* CVE-2025-21887
- ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
-- Stefan Bader <stefan.bader@canonical.com> Mon, 01 Sep 2025 13:54:27 +0200
linux-hwe-6.8 (6.8.0-79.79~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-79.79~22.04.1 -proposed tracker (LP: #2119917)
[ Ubuntu: 6.8.0-79.79 ]
* noble/linux: 6.8.0-79.79 -proposed tracker (LP: #2120415)
* CVE-2024-57996 // CVE-2025-37752
- net_sched: sch_sfq: move the limit validation
* CVE-2025-38350
- net/sched: Always pass notifications when child class becomes empty
* CVE-2025-21887
- ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
-- Stefan Bader <stefan.bader@canonical.com> Fri, 15 Aug 2025 17:24:46 +0200
linux-hwe-6.8 (6.8.0-78.78~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-78.78~22.04.1 -proposed tracker (LP: #2120403)
[ Ubuntu: 6.8.0-78.78 ]
* noble/linux: 6.8.0-78.78 -proposed tracker (LP: #2120405)
* Incorrect backport for CVE-2025-21861 causes kernel hangs
(LP: #2120330) // CVE-2025-21861
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
* Incorrect backport for CVE-2025-21861 causes kernel hangs (LP: #2120330)
- SAUCE: Revert "mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()"
- mm: migrate_device: use more folio in migrate_device_finalize()
-- Stefan Bader <stefan.bader@canonical.com> Wed, 13 Aug 2025 15:00:41 +0200
linux-hwe-6.8 (6.8.0-72.72~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-72.72~22.04.1 -proposed tracker (LP: #2117689)
[ Ubuntu: 6.8.0-72.72 ]
* noble/linux: 6.8.0-72.72 -proposed tracker (LP: #2117691)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* NVMe namespace ID mismatch on repeated map/unmap (LP: #2115209)
- nvme: requeue namespace scan on missed AENs
- nvme: re-read ANA log page after ns scan completes
- nvme: fixup scan failure for non-ANA multipath controllers
* integrated I219-LM network adapter appears to be running too fast, causing
synchronization issues when using the I219-LM PTP feature (LP: #2116072)
- e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
* intel_rapl: support ARL-H hardware (LP: #2115652)
- powercap: intel_rapl_msr: Add PL4 support for ArrowLake-H
* Ubuntu 24.04+ arm64: screen resolution fixed to 1024x768 with last kernel
update (LP: #2115068)
- [Config] Replace FB_HYPERV with DRM_HYPERV
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212)
- arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
- xfs: assert a valid limit in xfs_rtfind_forw
- xfs: validate inumber in xfs_iget
- xfs: fix a sloppy memory handling bug in xfs_iroot_realloc
- xfs: fix a typo
- xfs: skip background cowblock trims on inodes open for write
- xfs: don't free cowblocks from under dirty pagecache on unshare
- xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname
- xfs: return bool from xfs_attr3_leaf_add
- xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split
- xfs: distinguish extra split from real ENOSPC from
xfs_attr_node_try_addname
- xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate
- xfs: don't ifdef around the exact minlen allocations
- xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc
- xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc
- xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate()
- xfs: Remove empty declartion in header file
- xfs: pass the exact range to initialize to xfs_initialize_perag
- xfs: update the file system geometry after recoverying superblock
buffers
- xfs: error out when a superblock buffer update reduces the agcount
- xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag
- xfs: update the pag for the last AG at recovery time
- xfs: Reduce unnecessary searches when searching for the best extents
- xfs: streamline xfs_filestream_pick_ag
- xfs: Check for delayed allocations before setting extsize
- md/md-bitmap: replace md_bitmap_status() with a new helper
md_bitmap_get_stats()
- md/md-cluster: fix spares warnings for __le64
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats
- mm: update mark_victim tracepoints fields
- cpufreq: dt-platdev: add missing MODULE_DESCRIPTION() macro
- cpufreq: fix using cpufreq-dt as module
- Bluetooth: qca: Support downloading board id specific NVM for WCN7850
- Bluetooth: qca: Update firmware-name to support board specific nvm
- Bluetooth: qca: Fix poor RF performance for WCN6855
- Input: serio - define serio_pause_rx guard to pause and resume serio
ports
- ASoC: renesas: rz-ssi: Add a check for negative sample_space
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB]
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
- ALSA: seq: Drop UMP events when no UMP-conversion is set
- ibmvnic: Return error code on TX scrq flush fail
- ibmvnic: Introduce send sub-crq direct
- ibmvnic: Add stat for tx direct vs tx batched
- vsock/bpf: Warn on socket without transport
- tcp: adjust rcvq_space after updating scaling ratio
- geneve: Suppress list corruption splat in geneve_destroy_tunnels().
- flow_dissector: Fix handling of mixed port and port-range keys
- flow_dissector: Fix port range key handling in BPF conversion
- net: Add non-RCU dev_getbyhwaddr() helper
- arp: switch to dev_getbyhwaddr() in arp_req_set_public()
- net: axienet: Set mac_managed_pm
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic
- strparser: Add read_sock callback
- bpf: Fix wrong copied_seq calculation
- bpf: Disable non stream socket for strparser
- power: supply: da9150-fg: fix potential overflow
- nouveau/svm: fix missing folio unlock + put after
make_device_exclusive_range()
- drm/msm: Avoid rounding up to one jiffy
- nvme/ioctl: add missing space in err message
- bpf: skip non exist keys in generic_map_lookup_batch
- drm/nouveau/pmu: Fix gp10b firmware guard
- drm/msm/dpu: Disable dither in phys encoder cleanup
- drm/i915: Make sure all planes in use by the joiner have their crtc
included
- drm/i915/dp: Fix error handling during 128b/132b link training
- soc: loongson: loongson2_guts: Add check for devm_kstrdup()
- lib/iov_iter: fix import_iovec_ubuf iovec management
- ASoC: fsl_micfil: Enable default case in micfil_set_quality()
- ALSA: hda: Add error check for snd_ctl_rename_id() in
snd_hda_create_dig_out_ctls()
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
- acct: block access to kernel internal filesystems
- mm,madvise,hugetlb: check for 0-length range after end address
adjustment
- mtd: rawnand: cadence: fix error code in cadence_nand_init()
- mtd: rawnand: cadence: use dma_map_resource for sdma address
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
- EDAC/qcom: Correct interrupt enable register configuration
- ftrace: Correct preemption accounting for function tracing.
- ftrace: Do not add duplicate entries in subops manager ops
- arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1
plus lts
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
- KVM: x86: Get vcpu->arch.apic_base directly and drop kvm_get_apic_base()
- KVM: x86: Inline kvm_get_apic_mode() in lapic.h
- KVM: Introduce vcpu->wants_to_run
- KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID
- drm/amd/display: Refactoring if and endif statements to enable DC_LOGGER
- arm64: dts: mt8183: add dpi node to mt8183
- arm64: dts: mt8183: Add port node to dpi node
- arm64: dts: mediatek: mt8183-kukui: Disable DPI display interface
- arm64: dts: mediatek: mt8183: Disable DPI display output by default
- arm64: dts: mediatek: mt8183-pumpkin: add HDMI support
- arm64: dts: mediatek: mt8183: Disable DSI display output by default
- accel/ivpu: Limit FW version string length
- accel/ivpu: Add coredump support
- accel/ivpu: Add FW state dump on TDR
- accel/ivpu: Fix error handling in recovery/reset
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private
- ASoC: SOF: topology: Parse DAI type token for dspless mode
- ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device
- vsock/virtio: fix variables initialization during resuming
- drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450
- drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields
- drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side
- drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver
- drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk
source
- nvme: tcp: Fix compilation warning with W=1
- nvme-tcp: fix connect failure on receiving partial ICResp PDU
- drm: panel: jd9365da-h3: fix reset signal polarity
- io_uring/rw: forbid multishot async reads
- arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588
- arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM
- arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck
- s390/boot: Fix ESSA detection
- xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n
- smb: client: fix chmod(2) regression with ATTR_READONLY
- tracing: Fix using ret variable in tracing_set_tracer()
- selftests/mm: build with -O2
- Upstream stable to v6.6.80, v6.12.17
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21861
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21868
- net: allow small head cache usage with large MAX_SKB_FRAGS values
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21869
- powerpc/code-patching: Disable KASAN report during patching via
temporary mm
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21870
- ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21844
- smb: client: Add check for next_buffer in receive_encrypted_standard()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21846
- acct: perform last write from workqueue
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21847
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21848
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21862
- drop_monitor: fix incorrect initialization order
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21871
- tee: optee: Fix supplicant wait loop
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21863
- io_uring: prevent opcode speculation
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2024-58088
- bpf: Fix deadlock when freeing cgroup storage
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21853
- bpf: avoid holding freeze_mutex during mmap operation
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21867
- bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21864
- tcp: drop secpath at the same time as we currently drop dst
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21854
- sockmap, vsock: For connectible sockets allow only connected
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21855
- ibmvnic: Don't reference skb after sending to VIOS
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21856
- s390/ism: add release function for struct device
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21857
- net/sched: cls_api: fix error handling causing NULL dereference
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21858
- geneve: Fix use-after-free in geneve_find_dev().
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21866
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area
as VM_ALLOC
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21859
- USB: gadget: f_midi: f_midi_complete to call queue_work
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21746
- Input: synaptics - fix crash when enabling pass-through port
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2024-57977
- memcg: fix soft lockup in the OOM process
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21712
- md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
* CVE-2024-58093
- PCI/ASPM: Fix link state exit during switch upstream function removal
* [SRU]Request E825-C driver into latest LTS of Ubuntu OS 24.04
(LP: #2114785)
- ice: add support for 3k signing DDP sections for E825C
- ice: Add helper function ice_is_generic_mac
- ice: introduce new E825C devices family
* [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
- s390: Add z17 elf platform
* [UBUNTU 24.04] Kernel: Add CPUMF extended counter set for z17
(LP: #2114258)
- s390/cpumf: Update CPU Measurement facility extended counter set support
* Noble update: upstream stable patchset 2025-06-29 (LP: #2115616)
- nfsd: clear acl_access/acl_default after releasing them
- NFSD: fix hang in nfsd4_shutdown_callback
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware
- HID: multitouch: Add NULL check in mt_input_configured
- HID: hid-thrustmaster: fix stack-out-of-bounds read in
usb_check_int_endpoints()
- spi: sn-f-ospi: Fix division by zero
- ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
- vrf: use RCU protection in l3mdev_l3_out()
- vxlan: check vxlan_vnigroup_init() return value
- LoongArch: Fix idle VS timer enqueue
- LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
- team: better TEAM_OPTION_TYPE_STRING validation
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
- cgroup: Remove steal time from usage_usec
- drm/i915/selftests: avoid using uninitialized context
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
- gpio: bcm-kona: Add missing newline to dev_err format string
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
- xen/swiotlb: relax alignment requirements
- x86/xen: allow larger contiguous memory regions in PV guests
- block: cleanup and fix batch completion adding conditions
- gpiolib: Fix crash on error in gpiochip_get_ngpios()
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel
- RDMA/efa: Reset device on probe failure
- fbdev: omap: use threaded IRQ for LCD DMA
- soc/tegra: fuse: Update Tegra234 nvmem keepout list
- media: cxd2841er: fix 64-bit division on gcc-9
- media: i2c: ds90ub913: Add error handling to ub913_hw_init()
- media: i2c: ds90ub953: Add error handling for i2c reads/writes
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co.
292a camera
- media: uvcvideo: Add Kurokesu C1 PRO camera
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
- PCI: switchtec: Add Microchip PCI100X device IDs
- scsi: ufs: bsg: Set bsg_queue to NULL after removal
- rtla/timerlat_hist: Abort event processing on second signal
- rtla/timerlat_top: Abort event processing on second signal
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci
- NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
- Grab mm lock before grabbing pt lock
- selftests: gpio: gpio-sim: Fix missing chip disablements
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V
- x86/mm/tlb: Only trim the mm_cpumask once a second
- orangefs: fix a oob in orangefs_debug_write
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
- batman-adv: fix panic during interface removal
- batman-adv: Ignore neighbor throughput metrics in error case
- batman-adv: Drop unmanaged ELP metric worker
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-
kernel
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU
- perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI
bind retries
- usb: dwc3: Fix timeout issue during controller enter/exit from halt
state
- usb: roles: set switch registered flag early on
- usb: gadget: udc: renesas_usb3: Fix compiler warning
- usb: dwc2: gadget: remove of_node reference upon udc_stop
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
- usb: core: fix pipe creation for get_bMaxPacketSize0
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
- USB: hub: Ignore non-compliant devices with too many configs or
interfaces
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
- usb: cdc-acm: Check control transfer buffer size before access
- usb: cdc-acm: Fix handling of oversized fragments
- USB: serial: option: add MeiG Smart SLM828
- USB: serial: option: add Telit Cinterion FN990B compositions
- USB: serial: option: fix Telit Cinterion FN990A name
- USB: serial: option: drop MeiG Smart defines
- can: ctucanfd: handle skb allocation failure
- can: c_can: fix unbalanced runtime PM disable in error path
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
length zero
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial
- alpha: make stack 16-byte aligned (most cases)
- wifi: ath12k: fix handling of 6 GHz rules
- kbuild: userprogs: fix bitsize and target detection on clang
- efi: Avoid cold plugged memory for placing the kernel
- cgroup: fix race between fork and cgroup.kill
- serial: port: Assign ->iotype correctly when ->iobase is set
- serial: port: Always update ->iotype in __uart_read_properties()
- serial: 8250: Fix fifo underflow on flush
- alpha: align stack for page fault and user unaligned trap handlers
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14
- gpio: stmpe: Check return value of stmpe_reg_read in
stmpe_gpio_irq_sync_unlock
- partitions: mac: fix handling of bogus partition table
- regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator
- regmap-irq: Add missing kfree()
- arm64: Handle .ARM.attributes section in linker scripts
- mmc: mtk-sd: Fix register settings for hs400(es) mode
- igc: Set buffer type for empty frames in igc_init_empty_frame
- mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
- btrfs: fix hole expansion when writing at an offset beyond EOF
- clocksource: Use pr_info() for "Checking clocksource synchronization"
message
- clocksource: Use migrate_disable() to avoid calling get_random_u32() in
atomic context
- ipv4: add RCU protection to ip4_dst_hoplimit()
- net: add dev_net_rcu() helper
- ipv4: use RCU protection in ipv4_default_advmss()
- ipv4: use RCU protection in rt_is_expired()
- ipv4: use RCU protection in inet_select_addr()
- net: ipv4: Cache pmtu for all packet paths if multipath enabled
- ipv4: use RCU protection in __ip_rt_update_pmtu()
- ipv4: icmp: convert to dev_net_rcu()
- flow_dissector: use RCU protection to fetch dev_net()
- ipv6: use RCU protection in ip6_default_advmss()
- ipv6: icmp: convert to dev_net_rcu()
- HID: hid-steam: Add Deck IMU support
- HID: hid-steam: Make sure rumble work is canceled on removal
- HID: hid-steam: Move hidraw input (un)registering to work
- ndisc: use RCU protection in ndisc_alloc_skb()
- neighbour: delete redundant judgment statements
- neighbour: use RCU protection in __neigh_notify()
- arp: use RCU protection in arp_xmit()
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
- ndisc: extend RCU protection in ndisc_send_skb()
- ipv6: mcast: extend RCU protection in igmp6_send()
- ipv6: mcast: add RCU protection to mld_newpack()
- drm/tidss: Fix issue in irq handling causing irq-flood issue
- drm/tidss: Clear the interrupt status for interrupts being disabled
- drm/rcar-du: dsi: Fix PHY lock bit check
- drm/v3d: Stop active perfmon if it is being destroyed
- netdevsim: print human readable IP address
- selftests: rtnetlink: update netdevsim ipsec output format
- md/md-bitmap: factor behind write counters out from
bitmap_{start/end}write()
- md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
- md/md-bitmap: move bitmap_{start, end}write to md upper layer
- mm: gup: fix infinite loop within __get_longterm_locked
- alpha: replace hardcoded stack offsets with autogenerated ones
- HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context
- io_uring/kbuf: reallocate buf lists on upgrade
- x86/i8253: Disable PIT timer 0 when not in use
- pinctrl: cy8c95x0: Rename PWMSEL to SELPWM
- pinctrl: pinconf-generic: print hex value
- pinctrl: pinconf-generic: Print unsigned value if a format is registered
- idpf: fix handling rsc packet with a single segment
- idpf: call set_real_num_queues in idpf_open
- igc: Fix HW RX timestamp when passed by ZC XDP
- LoongArch: KVM: Fix typo issue about GCFG feature detection
- workqueue: Put the pwq after detaching the rescuer from the pool
- perf/x86/intel: Clean up PEBS-via-PT on hybrid
- drm/xe/client: bo->client does not need bos_lock
- io_uring/waitid: don't abuse io_tw_state
- drm: Fix DSC BPP increment decoding
- i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming
- i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus
- [Config] updateconfigs for MIPI_I3C_HCI_PCI
- serial: 8250_pci: Resolve WCH vendor ID ambiguity
- serial: 8250_pci: Share WCH IDs with parport_serial driver
- fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode()
- kbuild: suppress stdout from merge_config for silent builds
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop
- perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF
- USB: gadget: core: create sysfs link between udc and gadget
- usb: gadget: core: flush gadget workqueue after device removal
- include: net: add static inline dst_dev_overhead() to dst.h
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
- scsi: ufs: core: Introduce ufshcd_has_pending_tasks()
- scsi: ufs: core: Prepare to introduce a new clock_gating lock
- scsi: ufs: core: Introduce a new clock_gating lock
- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not
allowed
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
- drm/tidss: Fix race condition while handling interrupt registers
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
- wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
- scsi: ufs: core: Ensure clk_gating.lock is used only after
initialization
- serial: 8250_dma: terminate correct DMA in tx_dma_flush()
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
- HID: hid-steam: Fix use-after-free when detaching device
- block: change blk_mq_add_to_batch() third argument type to bool
- nvme: move error logging from nvme_end_req() to __nvme_end_req()
- Upstream stable to v6.6.79, v6.12.16
* Noble update: upstream stable patchset 2025-06-17 (LP: #2114849)
- ice: Add check for devm_kzalloc()
- io_uring/rw: commit provided buffer state on async
- mptcp: pm: only set fullmesh for subflow endp
- selftests: mptcp: join: fix AF_INET6 variable
- xfs: don't lose solo dquot update transactions
- Upstream stable to v6.6.78, v6.12.15
* [Regression Updates] "PCI: Explicitly put devices into D0 when
initializing" breaks pci-pass-through in QEMU/KVM (LP: #2117494)
- PCI/PM: Set up runtime PM even for devices without PCI PM
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
* CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
-- Stefan Bader <stefan.bader@canonical.com> Fri, 25 Jul 2025 09:52:09 +0200
linux-hwe-6.8 (6.8.0-70.70~22.04.1) jammy; urgency=medium
* jammy/linux-hwe-6.8: 6.8.0-70.70~22.04.1 -proposed tracker (LP: #2116643)
* Packaging resync (LP: #1786013)
- [Packaging] debian.hwe-6.8/dkms-versions -- update from kernel-versions
(main/2025.07.14)
[ Ubuntu: 6.8.0-70.70 ]
* noble/linux: 6.8.0-70.70 -proposed tracker (LP: #2116645)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* NVMe namespace ID mismatch on repeated map/unmap (LP: #2115209)
- nvme: requeue namespace scan on missed AENs
- nvme: re-read ANA log page after ns scan completes
- nvme: fixup scan failure for non-ANA multipath controllers
* integrated I219-LM network adapter appears to be running too fast, causing
synchronization issues when using the I219-LM PTP feature (LP: #2116072)
- e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
* intel_rapl: support ARL-H hardware (LP: #2115652)
- powercap: intel_rapl_msr: Add PL4 support for ArrowLake-H
* Ubuntu 24.04+ arm64: screen resolution fixed to 1024x768 with last kernel
update (LP: #2115068)
- [Config] Replace FB_HYPERV with DRM_HYPERV
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212)
- arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
- xfs: assert a valid limit in xfs_rtfind_forw
- xfs: validate inumber in xfs_iget
- xfs: fix a sloppy memory handling bug in xfs_iroot_realloc
- xfs: fix a typo
- xfs: skip background cowblock trims on inodes open for write
- xfs: don't free cowblocks from under dirty pagecache on unshare
- xfs: merge xfs_attr_leaf_try_add into xfs_attr_leaf_addname
- xfs: return bool from xfs_attr3_leaf_add
- xfs: distinguish extra split from real ENOSPC from xfs_attr3_leaf_split
- xfs: distinguish extra split from real ENOSPC from
xfs_attr_node_try_addname
- xfs: fold xfs_bmap_alloc_userdata into xfs_bmapi_allocate
- xfs: don't ifdef around the exact minlen allocations
- xfs: call xfs_bmap_exact_minlen_extent_alloc from xfs_bmap_btalloc
- xfs: support lowmode allocations in xfs_bmap_exact_minlen_extent_alloc
- xfs: Use try_cmpxchg() in xlog_cil_insert_pcp_aggregate()
- xfs: Remove empty declartion in header file
- xfs: pass the exact range to initialize to xfs_initialize_perag
- xfs: update the file system geometry after recoverying superblock
buffers
- xfs: error out when a superblock buffer update reduces the agcount
- xfs: don't use __GFP_RETRY_MAYFAIL in xfs_initialize_perag
- xfs: update the pag for the last AG at recovery time
- xfs: Reduce unnecessary searches when searching for the best extents
- xfs: streamline xfs_filestream_pick_ag
- xfs: Check for delayed allocations before setting extsize
- md/md-bitmap: replace md_bitmap_status() with a new helper
md_bitmap_get_stats()
- md/md-cluster: fix spares warnings for __le64
- md/md-bitmap: add 'sync_size' into struct md_bitmap_stats
- mm: update mark_victim tracepoints fields
- cpufreq: dt-platdev: add missing MODULE_DESCRIPTION() macro
- cpufreq: fix using cpufreq-dt as module
- Bluetooth: qca: Support downloading board id specific NVM for WCN7850
- Bluetooth: qca: Update firmware-name to support board specific nvm
- Bluetooth: qca: Fix poor RF performance for WCN6855
- Input: serio - define serio_pause_rx guard to pause and resume serio
ports
- ASoC: renesas: rz-ssi: Add a check for negative sample_space
- ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB]
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
- ALSA: seq: Drop UMP events when no UMP-conversion is set
- ibmvnic: Return error code on TX scrq flush fail
- ibmvnic: Introduce send sub-crq direct
- ibmvnic: Add stat for tx direct vs tx batched
- vsock/bpf: Warn on socket without transport
- tcp: adjust rcvq_space after updating scaling ratio
- geneve: Suppress list corruption splat in geneve_destroy_tunnels().
- flow_dissector: Fix handling of mixed port and port-range keys
- flow_dissector: Fix port range key handling in BPF conversion
- net: Add non-RCU dev_getbyhwaddr() helper
- arp: switch to dev_getbyhwaddr() in arp_req_set_public()
- net: axienet: Set mac_managed_pm
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic
- strparser: Add read_sock callback
- bpf: Fix wrong copied_seq calculation
- bpf: Disable non stream socket for strparser
- power: supply: da9150-fg: fix potential overflow
- nouveau/svm: fix missing folio unlock + put after
make_device_exclusive_range()
- drm/msm: Avoid rounding up to one jiffy
- nvme/ioctl: add missing space in err message
- bpf: skip non exist keys in generic_map_lookup_batch
- drm/nouveau/pmu: Fix gp10b firmware guard
- drm/msm/dpu: Disable dither in phys encoder cleanup
- drm/i915: Make sure all planes in use by the joiner have their crtc
included
- drm/i915/dp: Fix error handling during 128b/132b link training
- soc: loongson: loongson2_guts: Add check for devm_kstrdup()
- lib/iov_iter: fix import_iovec_ubuf iovec management
- ASoC: fsl_micfil: Enable default case in micfil_set_quality()
- ALSA: hda: Add error check for snd_ctl_rename_id() in
snd_hda_create_dig_out_ctls()
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
- ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close
- acct: block access to kernel internal filesystems
- mm,madvise,hugetlb: check for 0-length range after end address
adjustment
- mtd: rawnand: cadence: fix error code in cadence_nand_init()
- mtd: rawnand: cadence: use dma_map_resource for sdma address
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
- EDAC/qcom: Correct interrupt enable register configuration
- ftrace: Correct preemption accounting for function tracing.
- ftrace: Do not add duplicate entries in subops manager ops
- arm64: dts: rockchip: change eth phy mode to rgmii-id for orangepi r1
plus lts
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
- KVM: x86: Get vcpu->arch.apic_base directly and drop kvm_get_apic_base()
- KVM: x86: Inline kvm_get_apic_mode() in lapic.h
- KVM: Introduce vcpu->wants_to_run
- KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID
- drm/amd/display: Refactoring if and endif statements to enable DC_LOGGER
- arm64: dts: mt8183: add dpi node to mt8183
- arm64: dts: mt8183: Add port node to dpi node
- arm64: dts: mediatek: mt8183-kukui: Disable DPI display interface
- arm64: dts: mediatek: mt8183: Disable DPI display output by default
- arm64: dts: mediatek: mt8183-pumpkin: add HDMI support
- arm64: dts: mediatek: mt8183: Disable DSI display output by default
- accel/ivpu: Limit FW version string length
- accel/ivpu: Add coredump support
- accel/ivpu: Add FW state dump on TDR
- accel/ivpu: Fix error handling in recovery/reset
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private
- ASoC: SOF: topology: Parse DAI type token for dspless mode
- ASoC: imx-audmix: remove cpu_mclk which is from cpu dai device
- vsock/virtio: fix variables initialization during resuming
- drm/msm/dpu: skip watchdog timer programming through TOP on >= SM8450
- drm/msm/dpu: Don't leak bits_per_component into random DSC_ENC fields
- drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG0 updated from driver side
- drm/msm/dsi/phy: Protect PHY_CMN_CLK_CFG1 against clock driver
- drm/msm/dsi/phy: Do not overwite PHY_CMN_CLK_CFG1 when choosing bitclk
source
- nvme: tcp: Fix compilation warning with W=1
- nvme-tcp: fix connect failure on receiving partial ICResp PDU
- drm: panel: jd9365da-h3: fix reset signal polarity
- io_uring/rw: forbid multishot async reads
- arm64: dts: rockchip: Fix broken tsadc pinctrl names for rk3588
- arm64: dts: rockchip: Move uart5 pin configuration to px30 ringneck SoM
- arm64: dts: rockchip: Disable DMA for uart5 on px30-ringneck
- s390/boot: Fix ESSA detection
- xfs: fix online repair probing when CONFIG_XFS_ONLINE_REPAIR=n
- smb: client: fix chmod(2) regression with ATTR_READONLY
- tracing: Fix using ret variable in tracing_set_tracer()
- selftests/mm: build with -O2
- Upstream stable to v6.6.80, v6.12.17
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21861
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21868
- net: allow small head cache usage with large MAX_SKB_FRAGS values
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21869
- powerpc/code-patching: Disable KASAN report during patching via
temporary mm
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21870
- ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21844
- smb: client: Add check for next_buffer in receive_encrypted_standard()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21846
- acct: perform last write from workqueue
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21847
- ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21848
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21862
- drop_monitor: fix incorrect initialization order
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21871
- tee: optee: Fix supplicant wait loop
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21863
- io_uring: prevent opcode speculation
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2024-58088
- bpf: Fix deadlock when freeing cgroup storage
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21853
- bpf: avoid holding freeze_mutex during mmap operation
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21867
- bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21864
- tcp: drop secpath at the same time as we currently drop dst
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21854
- sockmap, vsock: For connectible sockets allow only connected
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21855
- ibmvnic: Don't reference skb after sending to VIOS
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21856
- s390/ism: add release function for struct device
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21857
- net/sched: cls_api: fix error handling causing NULL dereference
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21858
- geneve: Fix use-after-free in geneve_find_dev().
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21866
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area
as VM_ALLOC
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21859
- USB: gadget: f_midi: f_midi_complete to call queue_work
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21746
- Input: synaptics - fix crash when enabling pass-through port
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2024-57977
- memcg: fix soft lockup in the OOM process
* Noble update: upstream stable patchset 2025-07-09 (LP: #2116212) //
CVE-2025-21712
- md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
* CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
* CVE-2024-58093
- PCI/ASPM: Fix link state exit during switch upstream function removal
* [SRU]Request E825-C driver into latest LTS of Ubuntu OS 24.04
(LP: #2114785)
- ice: add support for 3k signing DDP sections for E825C
- ice: Add helper function ice_is_generic_mac
- ice: introduce new E825C devices family
* [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
- s390: Add z17 elf platform
* [UBUNTU 24.04] Kernel: Add CPUMF extended counter set for z17
(LP: #2114258)
- s390/cpumf: Update CPU Measurement facility extended counter set support
* Noble update: upstream stable patchset 2025-06-29 (LP: #2115616)
- nfsd: clear acl_access/acl_default after releasing them
- NFSD: fix hang in nfsd4_shutdown_callback
- pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware
- HID: multitouch: Add NULL check in mt_input_configured
- HID: hid-thrustmaster: fix stack-out-of-bounds read in
usb_check_int_endpoints()
- spi: sn-f-ospi: Fix division by zero
- ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
- vrf: use RCU protection in l3mdev_l3_out()
- vxlan: check vxlan_vnigroup_init() return value
- LoongArch: Fix idle VS timer enqueue
- LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
- team: better TEAM_OPTION_TYPE_STRING validation
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
- cgroup: Remove steal time from usage_usec
- drm/i915/selftests: avoid using uninitialized context
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
- gpio: bcm-kona: Add missing newline to dev_err format string
- drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode()
- xen/swiotlb: relax alignment requirements
- x86/xen: allow larger contiguous memory regions in PV guests
- block: cleanup and fix batch completion adding conditions
- gpiolib: Fix crash on error in gpiochip_get_ngpios()
- tools: fix annoying "mkdir -p ..." logs when building tools in parallel
- RDMA/efa: Reset device on probe failure
- fbdev: omap: use threaded IRQ for LCD DMA
- soc/tegra: fuse: Update Tegra234 nvmem keepout list
- media: cxd2841er: fix 64-bit division on gcc-9
- media: i2c: ds90ub913: Add error handling to ub913_hw_init()
- media: i2c: ds90ub953: Add error handling for i2c reads/writes
- media: uvcvideo: Implement dual stream quirk to fix loss of usb packets
- media: uvcvideo: Add new quirk definition for the Sonix Technology Co.
292a camera
- media: uvcvideo: Add Kurokesu C1 PRO camera
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
- PCI: switchtec: Add Microchip PCI100X device IDs
- scsi: ufs: bsg: Set bsg_queue to NULL after removal
- rtla/timerlat_hist: Abort event processing on second signal
- rtla/timerlat_top: Abort event processing on second signal
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci
- NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
- Grab mm lock before grabbing pt lock
- selftests: gpio: gpio-sim: Fix missing chip disablements
- ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V
- x86/mm/tlb: Only trim the mm_cpumask once a second
- orangefs: fix a oob in orangefs_debug_write
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
- batman-adv: fix panic during interface removal
- batman-adv: Ignore neighbor throughput metrics in error case
- batman-adv: Drop unmanaged ELP metric worker
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-
kernel
- KVM: nSVM: Enter guest mode before initializing nested NPT MMU
- perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
- usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI
bind retries
- usb: dwc3: Fix timeout issue during controller enter/exit from halt
state
- usb: roles: set switch registered flag early on
- usb: gadget: udc: renesas_usb3: Fix compiler warning
- usb: dwc2: gadget: remove of_node reference upon udc_stop
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
- usb: core: fix pipe creation for get_bMaxPacketSize0
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
- USB: hub: Ignore non-compliant devices with too many configs or
interfaces
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
- usb: cdc-acm: Check control transfer buffer size before access
- usb: cdc-acm: Fix handling of oversized fragments
- USB: serial: option: add MeiG Smart SLM828
- USB: serial: option: add Telit Cinterion FN990B compositions
- USB: serial: option: fix Telit Cinterion FN990A name
- USB: serial: option: drop MeiG Smart defines
- can: ctucanfd: handle skb allocation failure
- can: c_can: fix unbalanced runtime PM disable in error path
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
length zero
- can: etas_es58x: fix potential NULL pointer dereference on udev->serial
- alpha: make stack 16-byte aligned (most cases)
- wifi: ath12k: fix handling of 6 GHz rules
- kbuild: userprogs: fix bitsize and target detection on clang
- efi: Avoid cold plugged memory for placing the kernel
- cgroup: fix race between fork and cgroup.kill
- serial: port: Assign ->iotype correctly when ->iobase is set
- serial: port: Always update ->iotype in __uart_read_properties()
- serial: 8250: Fix fifo underflow on flush
- alpha: align stack for page fault and user unaligned trap handlers
- gpiolib: acpi: Add a quirk for Acer Nitro ANV14
- gpio: stmpe: Check return value of stmpe_reg_read in
stmpe_gpio_irq_sync_unlock
- partitions: mac: fix handling of bogus partition table
- regulator: qcom_smd: Add l2, l5 sub-node to mp5496 regulator
- regmap-irq: Add missing kfree()
- arm64: Handle .ARM.attributes section in linker scripts
- mmc: mtk-sd: Fix register settings for hs400(es) mode
- igc: Set buffer type for empty frames in igc_init_empty_frame
- mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
- btrfs: fix hole expansion when writing at an offset beyond EOF
- clocksource: Use pr_info() for "Checking clocksource synchronization"
message
- clocksource: Use migrate_disable() to avoid calling get_random_u32() in
atomic context
- ipv4: add RCU protection to ip4_dst_hoplimit()
- net: add dev_net_rcu() helper
- ipv4: use RCU protection in ipv4_default_advmss()
- ipv4: use RCU protection in rt_is_expired()
- ipv4: use RCU protection in inet_select_addr()
- net: ipv4: Cache pmtu for all packet paths if multipath enabled
- ipv4: use RCU protection in __ip_rt_update_pmtu()
- ipv4: icmp: convert to dev_net_rcu()
- flow_dissector: use RCU protection to fetch dev_net()
- ipv6: use RCU protection in ip6_default_advmss()
- ipv6: icmp: convert to dev_net_rcu()
- HID: hid-steam: Add Deck IMU support
- HID: hid-steam: Make sure rumble work is canceled on removal
- HID: hid-steam: Move hidraw input (un)registering to work
- ndisc: use RCU protection in ndisc_alloc_skb()
- neighbour: delete redundant judgment statements
- neighbour: use RCU protection in __neigh_notify()
- arp: use RCU protection in arp_xmit()
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
- ndisc: extend RCU protection in ndisc_send_skb()
- ipv6: mcast: extend RCU protection in igmp6_send()
- ipv6: mcast: add RCU protection to mld_newpack()
- drm/tidss: Fix issue in irq handling causing irq-flood issue
- drm/tidss: Clear the interrupt status for interrupts being disabled
- drm/rcar-du: dsi: Fix PHY lock bit check
- drm/v3d: Stop active perfmon if it is being destroyed
- netdevsim: print human readable IP address
- selftests: rtnetlink: update netdevsim ipsec output format
- md/md-bitmap: factor behind write counters out from
bitmap_{start/end}write()
- md/md-bitmap: remove the last parameter for bimtap_ops->endwrite()
- md/md-bitmap: move bitmap_{start, end}write to md upper layer
- mm: gup: fix infinite loop within __get_longterm_locked
- alpha: replace hardcoded stack offsets with autogenerated ones
- HID: hid-steam: Don't use cancel_delayed_work_sync in IRQ context
- io_uring/kbuf: reallocate buf lists on upgrade
- x86/i8253: Disable PIT timer 0 when not in use
- pinctrl: cy8c95x0: Rename PWMSEL to SELPWM
- pinctrl: pinconf-generic: print hex value
- pinctrl: pinconf-generic: Print unsigned value if a format is registered
- idpf: fix handling rsc packet with a single segment
- idpf: call set_real_num_queues in idpf_open
- igc: Fix HW RX timestamp when passed by ZC XDP
- LoongArch: KVM: Fix typo issue about GCFG feature detection
- workqueue: Put the pwq after detaching the rescuer from the pool
- perf/x86/intel: Clean up PEBS-via-PT on hybrid
- drm/xe/client: bo->client does not need bos_lock
- io_uring/waitid: don't abuse io_tw_state
- drm: Fix DSC BPP increment decoding
- i3c: mipi-i3c-hci: Add Intel specific quirk to ring resuming
- i3c: mipi-i3c-hci: Add support for MIPI I3C HCI on PCI bus
- [Config] updateconfigs for MIPI_I3C_HCI_PCI
- serial: 8250_pci: Resolve WCH vendor ID ambiguity
- serial: 8250_pci: Share WCH IDs with parport_serial driver
- fs/ntfs3: Unify inode corruption marking with _ntfs_bad_inode()
- kbuild: suppress stdout from merge_config for silent builds
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop
- perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF
- USB: gadget: core: create sysfs link between udc and gadget
- usb: gadget: core: flush gadget workqueue after device removal
- include: net: add static inline dst_dev_overhead() to dst.h
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
- scsi: ufs: core: Introduce ufshcd_has_pending_tasks()
- scsi: ufs: core: Prepare to introduce a new clock_gating lock
- scsi: ufs: core: Introduce a new clock_gating lock
- scsi: ufs: Fix toggling of clk_gating.state when clock gating is not
allowed
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
- drm/tidss: Fix race condition while handling interrupt registers
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
- wifi: rtw89: pci: disable PCIE wake bit when PCIE deinit
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
- scsi: ufs: core: Ensure clk_gating.lock is used only after
initialization
- serial: 8250_dma: terminate correct DMA in tx_dma_flush()
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
- HID: hid-steam: Fix use-after-free when detaching device
- block: change blk_mq_add_to_batch() third argument type to bool
- nvme: move error logging from nvme_end_req() to __nvme_end_req()
- Upstream stable to v6.6.79, v6.12.16
* Noble update: upstream stable patchset 2025-06-17 (LP: #2114849)
- ice: Add check for devm_kzalloc()
- io_uring/rw: commit provided buffer state on async
- mptcp: pm: only set fullmesh for subflow endp
- selftests: mptcp: join: fix AF_INET6 variable
- xfs: don't lose solo dquot update transactions
- Upstream stable to v6.6.78, v6.12.15
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
-- Stefan Bader <stefan.bader@canonical.com> Thu, 17 Jul 2025 14:48:53 +0200
# For older changelog entries, run 'apt-get changelog linux-hwe-6.8-tools-6.8.0-87'
Generated by dwww version 1.14 on Fri Dec 5 01:12:29 CET 2025.