linux (5.15.0-144.157) jammy; urgency=medium
* jammy/linux: 5.15.0-144.157 -proposed tracker (LP: #2114581)
* cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
- cifs: fix NULL ptr dereference in refresh_mounts()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- tracing: probes: Fix a possible race in trace_probe_log APIs
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: chemical: sps30: use aligned_s64 for timestamp
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
- nfs: handle failure of nfs_get_lock_context in unlock path
- spi: loopback-test: Do not split 1024-byte hexdumps
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- x86,nospec: Simplify {JMP,CALL}_NOSPEC
- x86/speculation: Simplify and make CALL_NOSPEC consistent
- x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
- x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- [Config] enable ITS mitigation
- x86/alternative: Optimize returns patching
- x86/alternatives: Remove faulty optimization
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/its: Use dynamic thunks for indirect branches
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
interrupted"
- btrfs: fix discard worker infinite loop after disabling discard
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- wifi: mt76: disable napi on driver removal
- dmaengine: ti: k3-udma: Add missing locking
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- block: fix direct io NOWAIT flag not work
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
- selftests/mm: compaction_test: support platform with huge mount of
memory
- netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
- netfilter: nf_tables: wait for rcu grace period on net_device removal
- netfilter: nf_tables: do not defer rule destruction via call_rcu
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
- Linux 5.15.184
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49063
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49168
- btrfs: do not clean up repair bio if submit fails
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-46751
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-22062
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-53203
- usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-35790
- usb: typec: altmodes/displayport: create sysfs nodes as driver's default
device attribute group
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
output (LP: #2107516)
- SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
device"
* Jammy update: v5.15.183 upstream stable release (LP: #2111705)
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- openvswitch: Fix unsafe attribute parsing in output_userspace()
- gre: Fix again IPv6 link-local address generation.
- can: gw: use call_rcu() instead of costly synchronize_rcu()
- rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
- can: gw: fix RCU/BH usage in cgw_create_job()
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: fix learning on VLAN unaware bridges
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- iio: adc: ad7606: fix serial register access
- iio: adis16201: Correct inclinometer channel resolution
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- usb: uhci-platform: Make the clock really optional
- module: ensure that kobject_put() is safe for module type kobjects
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- usb: typec: ucsi: displayport: Fix NULL pointer access
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- types: Complement the aligned types with signed 64-bit one
- iio: adc: dln2: Use aligned_s64 for timestamp
- MIPS: Fix MAX_REG_OFFSET
- drm/panel: simple: Update timings for AUO G101EVN010
- nvme: unblock ctrl state transition for firmware update
- do_umount(): add missing barrier before refcount checks in sync case
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- Linux 5.15.183
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37964
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
* Jammy update: v5.15.182 upstream stable release (LP: #2111618)
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5: E-switch, Fix error handling for enabling roce
- net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- ice: Refactor promiscuous functions
- net: dlink: Correct endianness handling of led_mode
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: add support for external loopback test
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- PCI: imx6: Skip controller_id generation logic for i.MX7D
- net: hns3: fix deadlock issue when externel_lb and reset are executed
together
- ARM: dts: opos6ul: add ksz8081 phy properties
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
- irqchip/gic-v2m: Add const to of_device_id
- irqchip/gic-v2m: Mark a few functions __init
- iommu/arm-smmu-v3: Use the new rb tree helpers
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- dm: fix copying after src array boundaries
- Linux 5.15.182
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2022-21546
- scsi: target: Fix WRITE_SAME No Data Buffer crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37819
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-38541
- of: module: add buffer overflow check in of_modalias()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-26739
- net/sched: act_mirred: don't override retval if we already lost the skb
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-21839
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606)
- net: ethtool: Don't call .cleanup_data when prepare_data fails
- ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining
ones
- ata: sata_sx4: Add error handling in pdc20621_i2c_read()
- nvmet-fcloop: swap list_add_tail arguments
- nft_set_pipapo: fix incorrect avx2 match of 5th field octet
- umount: Allow superblock owners to force umount
- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
when running in a virtual machine
- perf: arm_pmu: Don't disable counter in armpmu_add()
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
- xen/mcelog: Add __nonstring annotations for unterminated strings
- HID: pidff: Convert infinite length from Linux API to PID standard
- HID: pidff: Do not send effect envelope if it's empty
- ALSA: hda: intel: Fix Optimus when GPU has no sound
- ASoC: fsl_audmix: register card device depends on 'dais' property
- ALSA: usb-audio: Fix CME quirk for UF series keyboards
- fs/jfs: cast inactags to s64 to prevent potential overflow
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller
- ext4: protect ext4_release_dquot against freezing
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
- tracing: fix return value in __ftrace_event_enable_disable for
TRACE_REG_UNREGISTER
- Bluetooth: hci_uart: fix race during initialization
- drm: allow encoder mode_set even when connectors change for crtc
- drm/amd/display: Update Cursor request mode to the beginning prefetch
always
- drm: panel-orientation-quirks: Add support for AYANEO 2S
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2
- drm/bridge: panel: forbid initializing a panel with unknown connector
type
- drivers: base: devres: Allow to release group on device release
- drm/amdkfd: clamp queue size to minimum
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories
- pwm: rcar: Simplify multiplication/shift logic
- pwm: rcar: Improve register calculation
- pwm: fsl-ftm: Handle clk_get_rate() returning 0
- bpf: Add endian modifiers to fix endian warnings
- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
- ext4: don't treat fhandle lookup of ea_inode as FS corruption
- media: i2c: adv748x: Fix test pattern selection mask
- media: vim2m: print device name after registering device
- media: siano: Fix error handling in smsdvb_module_init()
- xenfs/xensyms: respect hypervisor's "next" indication
- arm64: cputype: Add MIDR_CORTEX_A76AE
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe
list
- spi: cadence-qspi: Fix probe on AM62A LP SK
- media: streamzap: prevent processing IR data on URB failure
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
- media: i2c: ccs: Set the device's runtime PM status correctly in remove
- media: i2c: ccs: Set the device's runtime PM status correctly in probe
- media: i2c: ov7251: Set enable GPIO low in probe
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
- mtd: Add check for devm_kcalloc()
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320
family
- mtd: Replace kcalloc() with devm_kcalloc()
- clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init
wakeup
- wifi: mt76: Add check for devm_kstrdup()
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
- vdpa/mlx5: Fix oversized null mkey longer than 32bit
- i3c: master: svc: Use readsb helper for reading MDB
- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist
offsets
- mptcp: only inc MPJoinAckHMacFailure for HMAC failures
- mtd: rawnand: Add status chack in r852_ready()
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
- sparc/mm: disable preemption in lazy mmu mode
- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
- mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
- crypto: ccp - Fix check for the primary ASP device
- dm-integrity: set ti->error on memory allocation failure
- gpio: zynq: Fix wakeup source leaks on device unbind
- ntb: use 64-bit arithmetic for the MSI doorbell mask
- of/irq: Fix device node refcount leakages in of_irq_count()
- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
- of/irq: Fix device node refcount leakages in of_irq_init()
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
- PCI: Fix reference leak in pci_alloc_child_bus()
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected()
lists
- ACPI: platform-profile: Fix CFI violation when accessing sysfs files
- x86/e820: Fix handling of subpage regions when calculating nosave ranges
in e820__register_nosave_regions()
- Bluetooth: hci_uart: Fix another race during initialization
- scsi: hisi_sas: Start delivery hisi_sas_task_exec() directly
- scsi: hisi_sas: Pass abort structure for internal abort
- scsi: hisi_sas: Factor out task prep and delivery code
- scsi: hisi_sas: Fix setting of hisi_sas_slot.is_internal
- scsi: libsas: Delete lldd_clear_aca callback
- scsi: libsas: Add struct sas_tmf_task
- scsi: hisi_sas: Enable force phy when SATA disk directly connected
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
- scsi: iscsi: Fix missing scsi_host_put() in error path
- md/raid10: fix missing discard IO accounting
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
- RDMA/hns: Fix wrong maximum DMA segment size
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid
address
- Bluetooth: l2cap: Check encryption key size on incoming connection
- Revert "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()"
- igc: move ktime snapshot into PTM retry loop
- igc: handle the IGC_PTP_ENABLED flag correctly
- igc: cleanup PTP module if probe fails
- net: b53: enable BPDU reception for management port
- net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del()
fails
- riscv: Properly export reserved regions in /proc/iomem
- riscv: KGDB: Do not inline arch_kgdb_breakpoint()
- riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
- writeback: fix false warning in inode_to_wb()
- Revert "PCI: Avoid reset when disabled via sysfs"
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
- asus-laptop: Fix an uninitialized variable
- nfs: move nfs_fhandle_hash to common include file
- nfs: add missing selections of CONFIG_CRC32
- btrfs: correctly escape subvol in btrfs_show_options()
- crypto: caam/qi - Fix drv_ctx refcount bug
- loop: properly send KOBJ_CHANGED uevent for disk device
- loop: LOOP_SET_FD: send uevents for partitions
- mm/gup: fix wrongly calculated returned value in
fault_in_safe_writeable()
- riscv: Avoid fortify warning in syscall_get_arguments()
- tracing: Fix filter string testing
- perf/x86/intel: Allow to update user space GPRs from PEBS records
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
- drm/repaper: fix integer overflows in repeat functions
- drm/amdgpu/dma_buf: fix page_link check
- drm/sti: remove duplicate object names
- KVM: arm64: Get rid of host SVE tracking/saving
- KVM: arm64: Always start with clearing SVE flag on load
- KVM: arm64: Discard any SVE state when entering KVM guests
- arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
- arm64/fpsimd: Have KVM explicitly say which FP registers to save
- arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
- KVM: arm64: Remove host FPSIMD saving for non-protected KVM
- KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
- KVM: arm64: Calculate cptr_el2 traps on activating traps
- KVM: arm64: Eagerly switch ZCR_EL{1,2}
- cpufreq: Reference count policy in cpufreq_update_limits()
- kbuild: Add '-fno-builtin-wcslen'
- mptcp: sockopt: fix getting IPV6_V6ONLY
- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq'
error
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
- x86/pvh: Call C code via the kernel virtual mapping
- landlock: Add the errata interface
- nvmet-fc: Remove unused functions
- Revert "smb: client: fix use-after-free bug in
cifs_debug_data_proc_show()"
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
- blk-cgroup: support to track if policy is online
- net: openvswitch: fix race on port output
- openvswitch: fix lockup on tx to unregistering netdev with carrier
- MIPS: dec: Declare which_prom() as static
- MIPS: cevt-ds1287: Add missing ds1287.h include
- MIPS: ds1287: Match ds1287_set_base_clock() function types
- mm: fix apply_to_existing_page_range()
- module: sign with sha512 instead of sha1 by default
- media: streamzap: remove unnecessary ir_raw_event_reset and handle
- media: streamzap: no need for usb pid/vid in device name
- media: streamzap: less chatter
- media: streamzap: remove unused struct members
- auxdisplay: hd44780: Convert to platform remove callback returning void
- auxdisplay: hd44780: Fix an API misuse in hd44780.c
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family
- soc: samsung: exynos-chipid: avoid soc_device_to_device()
- soc: samsung: exynos-chipid: Pass revision reg offsets
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
return value check
- iio: adc: ad7768-1: Fix conversion result sign
- backlight: led_bl: Convert to platform remove callback returning void
- cifs: print TIDs as hex
- cifs: fix integer overflow in match_server()
- gpio: tegra186: Force one interrupt per bank
- gpio: tegra186: fix resource handling in ACPI probe path
- Revert "PCI: Coalesce host bridge contiguous apertures"
- PCI: Coalesce host bridge contiguous apertures
- PCI: Assign PCI domain IDs by ida_alloc()
- ksmbd: Prevent integer overflow in calculation of deadtime
- selftests/mm: generate a temporary mountpoint for cgroup filesystem
- kmsan: disable strscpy() optimization under KMSAN
- string: Add load_unaligned_zeropad() code path to sized_strscpy()
- drm/msm/a6xx: Improve gpu recovery sequence
- drm/msm/a6xx: Handle GMU prepare-slumber hfi failure
- drm/msm/a6xx: Avoid gx gbit halt during rpm suspend
- drm/msm/a6xx: Fix stale rpmh votes from GPU
- dma/contiguous: avoid warning about unused size_bytes
- cpufreq: cppc: Fix invalid return value in .get() callback
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
- virtio_console: fix missing byte order handling for cols and rows
- net: selftests: initialize TCP header and skb payload with zero
- drm/amd/display: Fix gpu reset in multidisplay config
- KVM: SVM: Allocate IR data using atomic allocation
- USB: storage: quirk for ADATA Portable HDD CH94
- mei: me: add panther lake H DID
- serial: sifive: lock port in startup()/shutdown() callbacks
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
- USB: serial: option: add Sierra Wireless EM9291
- USB: serial: simple: add OWON HDS200 series oscilloscope support
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
- USB: VLI disk crashes if LPM is used
- USB: wdm: handle IO errors in wdm_wwan_port_start
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
- USB: wdm: add annotation
- MIPS: cm: Detect CM quirks from device tree
- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
- parisc: PDT: Fix missing prototype warning
- s390/tty: Fix a potential memory leak bug
- usb: host: max3421-hcd: Add missing spi_device_id table
- fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
- dmaengine: dmatest: Fix dmatest waiting less when interrupted
- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
wcd934x_slim_irq_handler()
- ntb: reduce stack usage in idt_scan_mws
- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
- KVM: s390: Don't use %pK through tracepoints
- selftests: ublk: fix test_stripe_04
- xen: Change xen-acpi-processor dom0 dependency
- nvme: requeue namespace scan on missed AENs
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
- nvme: re-read ANA log page after ns scan completes
- objtool: Stop UNRET validation on UD2
- selftests/mincore: Allow read-ahead pages to reach the end of the file
- x86/bugs: Use SBPB in write_ibpb() if applicable
- x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
- x86/bugs: Don't fill RSB on context switch with eIBRS
- nvmet-fc: take tgtport reference only once
- nvmet-fc: put ref when assoc->del_work is already scheduled
- ext4: make block validity check resistent to sb bh corruption
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
- scsi: pm80xx: Set phy_attached to zero when device is gone
- loop: aio inherit the ioprio of original request
- ubsan: Fix panic from test_ubsan_out_of_bounds
- md/raid1: Add check for missing source disk in process_checks()
- jfs: define xtree root and page independently
- comedi: jr3_pci: Fix synchronous deletion of timer
- crypto: atmel-sha204a - Set hwrng quality to lowest possible
- net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
- net: dsa: mv88e6xxx: enable PVT for 6321 switch
- net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
- xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
- MIPS: cm: Fix warning if MIPS_CM is disabled
- nvme: fixup scan failure for non-ANA multipath controllers
- PCI: Fix use-after-free in pci_bus_release_domain_nr()
- PCI: Fix dropping valid root bus resources with .end = zero
- PCI: Release resource invalidated by coalescing
- Linux 5.15.181
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49989
- drm/amd/display: fix double free issue during amdgpu module unload
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37803
- udmabuf: fix a buf size overflow issue during udmabuf creation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37983
- qibfs: fix _another_ leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37881
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37805
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37883
- s390/sclp: Add check for get_zeroed_page()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37808
- crypto: null - Use spin lock instead of mutex
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37985
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37810
- usb: dwc3: gadget: check that event count does not exceed event buffer
length
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37811
- usb: chipidea: ci_hdrc_imx: fix usbmisc handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37812
- usb: cdns3: Fix deadlock when using NCM gadget
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37885
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37817
- mcb: fix a double free bug in chameleon_parse_gdd()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37823
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37824
- tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37989
- net: phy: leds: fix memory leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37829
- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37830
- cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37836
- PCI: Fix reference leak in pci_register_host_bridge()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37844
- cifs: avoid NULL pointer dereference in dbg call
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23144
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23148
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-22027
- media: streamzap: fix race between device disconnection and urb callback
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50125
- Bluetooth: SCO: Fix UAF on sco_sock_timeout
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-49535
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35943
- pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-26686
- fs/proc: do_task_stat: use sig->stats_lock to gather the
threads/children stats
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-48893
- drm/i915/gt: Cleanup partial engine discovery failures
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50280
- dm cache: fix flushing uninitialized delayed_work on cache_ctr error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-54458
- scsi: ufs: bsg: Set bsg_queue to NULL after removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-42322
- ipvs: properly dereference pe in ip_vs_add_service
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49960
- ext4: fix timer use-after-free on failed mount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-36908
- blk-iocost: do not WARN if iocg was already offlined
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-21853
- bpf: avoid holding freeze_mutex during mmap operation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-53128
- sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35867
- smb: client: fix potential UAF in cifs_stats_proc_show()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52757
- smb: client: fix potential deadlock when releasing mids
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46742
- smb/server: fix potential null-ptr-deref of lease_ctx_info in
smb2_open()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52572
- cifs: Fix UAF in cifs_demultiplex_thread()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35866
- smb: client: fix potential UAF in cifs_dump_full_key()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46816
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
max_links
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46774
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-38540
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-27402
- phonet/pep: fix racy skb_queue_empty() use
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50272
- filemap: Fix bounds checking in filemap_read()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50258
- net: fix crash when config small gso_max_size/gso_ipv4_max_size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-56751
- ipv6: release nexthop on device removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23140
- misc: pci_endpoint_test: Avoid issue of interrupts remaining after
request_irq error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37765
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37766
- drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37767
- drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768
- drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37770
- drm/amd/pm/powerplay: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768 // CVE-2025-37771
- drm/amd/pm: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37773
- virtiofs: add filesystem context source name check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37780
- isofs: Prevent the use of too small fid
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37781
- i2c: cros-ec-tunnel: defer probe if parent EC is not present
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37782
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-0927 has been rejected. Revert this fix and apply upstream fix
- Revert "UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to
hfs_bnode_read_key"
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37871
- nfsd: decrease sc_count directly if fail to queue dl_recall
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37787
- net: dsa: mv88e6xxx: avoid unregistering devlink regions which were
never registered
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37788
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37789
- net: openvswitch: fix nested key length validation in the set() action
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37790
- net: mctp: Set SOCK_RCU_FREE
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37875
- igc: fix PTM cycle trigger logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37792
- Bluetooth: btrtl: Prevent potential NULL dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37867
- RDMA/core: Silence oversized kvmalloc() warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37982
- wifi: wl1251: fix memory leak in wl1251_tx_work
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37794
- wifi: mac80211: Purge vif txq in ieee80211_do_stop()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37796
- wifi: at76c50x: fix use after free access in at76_disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37838
- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
Driver Due to Race Condition
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37940
- ftrace: Add cond_resched() to ftrace_graph_set_hash()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23142
- sctp: detect and prevent references to a freed transport in sendmsg
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37892
- mtd: inftlcore: Add error check for inftl_read_oob()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23145
- mptcp: fix NULL pointer in can_accept_new_subflow
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23146
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37839
- jbd2: remove wrong sb->s_sequence check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23147
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23150
- ext4: fix off-by-one error in do_split
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23151
- bus: mhi: host: Fix race between unprepare and queue_buf
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23156
- media: venus: hfi_parser: refactor hfi packet parsing logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23157
- media: venus: hfi_parser: add check to avoid out of bound access
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37840
- mtd: rawnand: brcmnand: fix PM resume warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23158
- media: venus: hfi: add check to handle incorrect queue size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23159
- media: venus: hfi: add a check to handle OOB in sfr region
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37850
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37851
- fbdev: omapfb: Add 'plane' value check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23161
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23163
- net: vlan: don't propagate flags on open
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37857
- scsi: st: Fix array overflow in st_setup()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37738
- ext4: ignore xattrs past end
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37739
- f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37740
- jfs: add sanity check for agwidth in dbMount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37741
- jfs: Prevent copying of nlink with value 0 from disk inode
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37858
- fs/jfs: Prevent integer overflow in AG size calculation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37742
- jfs: Fix uninit-value access of imap allocated in the diMount() function
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37859
- page_pool: avoid infinite loop to schedule delayed worker
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37862
- HID: pidff: Fix null pointer dereference in pidff_find_fields
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37841
- pm: cpupower: bench: Prevent NULL dereference on malloc failure
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37749
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37757
- tipc: fix memory leak in tipc_link_xmit
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37758
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
* CVE-2024-53051
- drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
* CVE-2024-46787
- userfaultfd: fix checks for huge PMDs
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
* CVE-2025-37750
- smb: client: fix UAF in decryption with multichannel
* CVE-2024-53185
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
* CVE-2024-50047
- smb: client: fix UAF in async decryption
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
-- Mehmet Basaran <mehmet.basaran@canonical.com> Mon, 16 Jun 2025 09:39:56 +0300
linux (5.15.0-142.152) jammy; urgency=medium
* jammy/linux: 5.15.0-142.152 -proposed tracker (LP: #2110829)
* Rotate the Canonical Livepatch key (LP: #2111244)
- [Config] Prepare for Canonical Livepatch key rotation
* Jammy generic-64k fails to initialize gVNIC devices (LP: #2109537)
- gve: Perform adminq allocations through a dma_pool.
- gve: Deprecate adminq_pfn for pci revision 0x1.
- gve: Remove obsolete checks that rely on page size.
- gve: Add page size register to the register_page_list command.
- gve: Remove dependency on 4k page size.
* CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
(LP: #2099914) // CVE-2025-2312
- CIFS: New mount option for cifs.upcall namespace resolution
* [UBUNTU 22.04] net/smc: fix neighbour and rtable leak in smc_ib_find_route()
(LP: #2109601) // CVE-2024-36945
- net/smc: fix neighbour and rtable leak in smc_ib_find_route()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355)
- clockevents/drivers/i8253: Fix stop sequence for timer 0
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full
- fbdev: hyperv_fb: iounmap() the correct memory when removing a device
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
- net: dsa: mv88e6xxx: Verify after ATU Load ops
- netpoll: hold rcu read lock in __netpoll_send_skb()
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
- ipvs: prevent integer overflow in do_ip_vs_get_ctl()
- netfilter: nft_exthdr: fix offset with ipv4_find_option()
- gre: Fix IPv6 link-local address generation.
- slab: clean up function prototypes
- slab: Introduce kmalloc_size_roundup()
- openvswitch: Use kmalloc_size_roundup() to match ksize() usage
- net: openvswitch: remove misbehaving actions length check
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
- nvme-fc: go straight to connecting state when initializing
- hrtimers: Mark is_migration_base() with __always_inline
- powercap: call put_device() on an error path in
powercap_register_control_type()
- scsi: core: Use GFP_NOIO to avoid circular locking dependency
- ACPI: resource: IRQ override for Eluktronics MECH-17
- alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
- vboxsf: fix building with GCC 15
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
- sched: Clarify wake_up_q()'s write to task->wake_q.next
- s390/cio: Fix CHPID "configure" attribute caching
- thermal/cpufreq_cooling: Remove structure member documentation
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done
- sctp: Fix undefined behavior in left shift operation
- nvme: only allow entering LIVE from CONNECTING state
- ASoC: tas2770: Fix volume scale
- ASoC: tas2764: Fix power control mask
- ASoC: tas2764: Set the SDOUT polarity correctly
- fuse: don't truncate cached, mutated symlink
- x86/irq: Define trace events conditionally
- mptcp: safety check before fallback
- drm/nouveau: Do not override forced connector status
- block: fix 'kmem_cache of name 'bio-108' already exists'
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
- USB: serial: option: add Telit Cinterion FE990B compositions
- USB: serial: option: fix Telit Cinterion FE990A name
- USB: serial: option: match on interface class for Telit FN990B
- drm/atomic: Filter out redundant DPMS calls
- drm/amd/display: Restore correct backlight brightness after a GPU reset
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c
- lib/buildid: Handle memfd_secret() files in build_id_parse()
- tcp: fix races in tcp_abort()
- ASoC: ops: Consistently treat platform_max as control value
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
- cifs: Fix integer overflow while processing actimeo mount option
- i2c: ali1535: Fix an error handling path in ali1535_probe()
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
- i2c: sis630: Fix an error handling path in sis630_probe()
- drm/amd/display: Check for invalid input params when building scaling params
- smb: client: Fix match_session bug preventing session reuse
- Revert "smb: client: fix potential UAF in cifs_debug_files_proc_show()"
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
- firmware: imx-scu: fix OF node leak in .probe()
- xfrm_output: Force software GSO only in tunnel mode
- ARM: dts: bcm2711: PL011 UARTs are actually r1p5
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
- ARM: dts: bcm2711: Don't mark timer regs unconfigured
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
- RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt()
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
- RDMA/hns: Fix a missing rollback in error path of
hns_roce_create_qp_common()
- RDMA/hns: Fix wrong value of max_sge_rd
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
- Revert "gre: Fix IPv6 link-local address generation."
- i2c: omap: fix IRQ storms
- drm/v3d: Don't run jobs that have errors flagged in its fence
- mmc: atmel-mci: Add missing clk_disable_unprepare()
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment
- batman-adv: Ignore own maximum aggregation size during RX
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
- mptcp: Fix data stream corruption in the address announcement
- arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
- ARM: Remove address checking for MMUless devices
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
- counter: stm32-lptimer-cnt: fix error handling when enabling
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
- net: usb: usbnet: restore usb%d name exception for local mac addresses
- serial: 8250_dma: terminate correct DMA in tx_dma_flush()
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
- cpufreq: scpi: compare kHz instead of Hz
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
- x86/fpu: Avoid copying dynamic FP state from init_task in
arch_dup_task_struct()
- x86/platform: Only allow CONFIG_EISA for 32-bit
- [Config] updateconfigs for HAVE_EISA
- PM: sleep: Adjust check before setting power.must_resume
- selinux: Chain up tool resolving errors in install_policy.sh
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
- EDAC/ie31200: Fix the DIMM size mask for several SoCs
- EDAC/ie31200: Fix the error path order of ie31200_init()
- PM: sleep: Fix handling devices with direct_complete set on errors
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
- media: platform: allgro-dvt: unregister v4l2_device on the error path
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
- ALSA: hda/realtek: Always honor no_shutup_pins
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
compatible
- drm/bridge: ti-sn65dsi86: Fix multiple instances
- drm/dp_mst: Fix drm RAD print
- drm: xlnx: zynqmp: Fix max dma segment size
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
payload
- PCI: brcmstb: Use internal register to change link capability
- PCI/portdrv: Only disable pciehp interrupts early when needed
- PCI: Avoid reset when disabled via sysfs
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
- PCI: Remove stray put_device() in pci_register_host_bridge()
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
- fbdev: au1100fb: Move a variable assignment behind a null pointer check
- mdacon: rework dependency list
- fbdev: sm501fb: Add some geometry checks.
- clk: amlogic: gxbb: drop incorrect flag on 32k clock
- crypto: hisilicon/sec2 - fix for aead authsize alignment
- of: property: Increase NR_FWNODE_REFERENCE_ARGS
- remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
- libbpf: Fix hypothetical STT_SECTION extern NULL deref case
- clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
- bpf: Use preempt_count() directly in bpf_send_signal_common()
- lib: 842: Improve error handling in sw842_compress()
- pinctrl: renesas: rza2: Fix missing of_node_put() call
- pinctrl: renesas: rzg2l: Fix missing of_node_put() call
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
- remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
- IB/mad: Check available slots before posting receive WRs
- pinctrl: tegra: Set SFIO mode to Mux Register
- clk: amlogic: g12b: fix cluster A parent data
- clk: amlogic: gxbb: drop non existing 32k clock parent
- clk: amlogic: g12a: fix mmc A peripheral clock
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
- power: supply: max77693: Fix wrong conversion of charge input threshold
value
- crypto: nx - Fix uninitialised hv_nxc on error
- mfd: sm501: Switch to BIT() to mitigate integer overflows
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to
misplaced assignment
- crypto: hisilicon/sec2 - fix for aead auth key length
- clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
- soundwire: slave: fix an OF node reference leak in soundwire slave device
- coresight: catu: Fix number of pages while using 64k pages
- iio: accel: mma8452: Ensure error return on failure to matching oversampling
ratio
- iio: adc: ad7124: Fix comparison of channel configs
- perf units: Fix insufficient array space
- kexec: initialize ELF lowest address to ULONG_MAX
- NFSv4: Don't trigger uneccessary scans for return-on-close delegations
- fuse: fix dax truncate/punch_hole fault path
- i3c: master: svc: Fix missing the IBI rules
- perf python: Fixup description of sample.id event member
- perf python: Decrement the refcount of just created event on failure
- perf python: Don't keep a raw_data pointer to consumed ring buffer space
- perf python: Check if there is space to copy all the event
- fs/procfs: fix the comment above proc_pid_wchan()
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
- exfat: fix the infinite loop in exfat_find_last_cluster()
- ksmbd: fix multichannel connection failure
- ring-buffer: Fix bytes_dropped calculation issue
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are
invalid
- octeontx2-af: Fix mbox INTR handler when num VFs > 64
- octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
- sched/smt: Always inline sched_smt_active()
- wifi: iwlwifi: fw: allocate chained SG tables for dump
- nvme-tcp: fix possible UAF in nvme_tcp_poll
- nvme-pci: clean up CMBMSC when registering CMB fails
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
- affs: generate OFS sequence numbers starting at 1
- affs: don't write overlarge OFS data block size fields
- sched/deadline: Use online cpus for validating runtime
- locking/semaphore: Use wake_q to wake up processes outside lock critical
section
- x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
- drm/amd: Keep display off while going into S4
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
- can: statistics: use atomic access in hot path
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
- riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and
make_call_ra
- ntb: intel: Fix using link status DB's
- netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets
only
- vsock: avoid timeout during connect() if the socket is closing
- tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
- can: flexcan: only change CAN state when link up in system PM
- can: flexcan: disable transceiver during system PM
- mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
- tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related
registers
- platform/x86: ISST: Correct command storage data length
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
- tracing: Ensure module defining synth event cannot be unloaded while tracing
- tracing: Fix synth event printk format for str fields
- tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
- ext4: don't over-report free space or inodes in statvfs
- jfs: add index corruption check to DT_GETPAGE()
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
- mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume
- mm, slab: remove duplicate kernel-doc comment for ksize()
- tracing: Do not use PERF enums when perf is not defined
- mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe()
- Linux 5.15.180
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22025
- nfsd: put dl_stid if fail to queue dl_recall
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-39735
- jfs: fix slab-out-of-bounds read in ea_get()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-37785
- ext4: fix OOB read when checking dotdot dir
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22035
- tracing: Fix use-after-free in print_graph_function_flags during tracer
switching
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22044
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22045
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46753
- btrfs: handle errors from btrfs_dec_ref() properly
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22050
- usbnet:fix NPE during rx_complete
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46812
- drm/amd/display: Skip inactive planes within
ModeSupportAndSystemConfiguration
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46821
- drm/amd/pm: Fix negative array index read
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22054
- arcnet: Add NULL check in com20020pci_probe()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22055
- net: fix geneve_opt length integer overflow
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22056
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22060
- net: mvpp2: Prevent parser TCAM memory corruption
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38637
- net_sched: skbprio: Remove overly strict queue assertions
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22063
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22066
- ASoC: imx-card: Add NULL check in imx_card_probe()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2023-53034
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22071
- spufs: fix a leak in spufs_create_context()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22073
- spufs: fix a leak on spufs_new_file() failure
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21994
- ksmbd: fix incorrect validation for num_aces field of smb_acl
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38575
- ksmbd: use aead_request_free to match aead_request_alloc
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22075
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22079
- ocfs2: validate l_tree_depth to avoid out-of-bounds access
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22081
- fs/ntfs3: Fix a couple integer overflows on 32bit systems
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22086
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22089
- RDMA/core: Don't expose hw_counters outside of init net namespace
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-39728
- clk: samsung: Fix UBSAN panic in samsung_clk_init()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38152
- remoteproc: core: Clear table_sz when rproc_shutdown
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-58093
- PCI/ASPM: Fix link state exit during switch upstream function removal
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22097
- drm/vkms: Fix use after free and double free on init error
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-23136
- thermal: int340x: Add NULL check for adev
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-23138
- watch_queue: fix pipe accounting mismatch
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22020
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22021
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22018
- atm: Fix NULL pointer dereference
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-56664
- bpf, sockmap: Fix race between element replace and close()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-53144 // CVE-2024-8805
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21996
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22014
- soc: qcom: pdr: Fix the potential deadlock
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21999
- proc: fix UAF in proc_get_inode()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22008
- regulator: check that dummy regulator has been probed before using it
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22004
- net: atm: fix use after free in lec_send()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22005
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22007
- Bluetooth: Fix error code in chan_alloc_skb_cb()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22010
- RDMA/hns: Fix soft lockup during bt pages loop
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21941
- drm/amd/display: Fix null check for pipe_ctx->plane_state in
resource_build_scaling_params
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21962
- cifs: Fix integer overflow while processing closetimeo mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21963
- cifs: Fix integer overflow while processing acdirmax mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21964
- cifs: Fix integer overflow while processing acregmax mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21968
- drm/amd/display: Fix slab-use-after-free on hdcp_work
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21956
- drm/amd/display: Assign normalized_pix_clk when color depth = 14
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21991
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21992
- HID: ignore non-functional sensor in HP 5MP Camera
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21957
- scsi: qla1280: Fix kernel oops when debug level > 2
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21970
- net/mlx5: Bridge, fix the crash caused by LAG state check
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21959
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
insert_tree()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21975
- net/mlx5: handle errors in mlx5_chains_create_table()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21981
- ice: fix memory leak in aRFS after reset
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2022-49728
- ipv6: Fix signed integer overflow in __ip6_append_data
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2022-49636
- vlan: fix memory leak in vlan_newlink()
* VM boots slowly with large-BAR GPU Passthrough due to pci/probe.c redundancy
(LP: #2097389)
- PCI: Batch BAR sizing operations
* kexec fails in LPAR when some cpus are disabled (LP: #2075575)
- powerpc/pseries: Fix scv instruction crash with kexec
* CVE-2024-56608
- drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
* CVE-2024-53168
- net: make sock_inuse_add() available
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
* CVE-2024-56551
- drm/amdgpu: fix usage slab after free
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
-- Stefan Bader <stefan.bader@canonical.com> Mon, 19 May 2025 12:17:06 +0200
linux (5.15.0-140.150) jammy; urgency=medium
* jammy/linux: 5.15.0-140.150 -proposed tracker (LP: #2106996)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.04.14)
* NFS, overlay, fstab issue after update to kernel 5.15.0-133-generic and -134
(LP: #2103598)
- udf: Fix directory iteration for longer tail extents
* Remove floppy kernel module causes null pointer deference (LP: #2104326)
- floppy: fix add_disk() assumption on exit due to new developments
* CVE-2025-21971
- net_sched: Prevent creation of classes with TC_H_ROOT
* CVE-2024-56599
- wifi: ath10k: avoid NULL pointer error during sdio remove
* CVE-2024-56721
- x86/CPU/AMD: Terminate the erratum_1386_microcode array
* Jammy update: v5.15.179 upstream stable release (LP: #2106026)
- afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
- afs: Fix directory format encoding struct
- hung_task: move hung_task sysctl interface to hung_task.c
- sysctl: use const for typically used max/min proc sysctls
- sysctl: share unsigned long const values
- fs: move inode sysctls to its own file
- fs: move fs stat sysctls to file_table.c
- fs: fix proc_handler for sysctl_nr_open
- block: deprecate autoloading based on dev_t
- block: retry call probe after request_module in blk_request_module
- pstore/blk: trivial typo fixes
- nvme: Add error check for xa_store in nvme_get_effects_log
- partitions: ldm: remove the initial kernel-doc notation
- select: Fix unbalanced user_access_end()
- afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
- sched/psi: Use task->psi_flags to clear in CPU migration
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
- drm/etnaviv: Fix page property being used for non writecombine buffers
- genirq: Make handle_enforce_irqctx() unconditionally available
- wifi: rtlwifi: do not complete firmware loading needlessly
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
- wifi: rtlwifi: wait for firmware loading before releasing memory
- wifi: rtlwifi: fix init_sw_vars leak when probe fails
- wifi: rtlwifi: usb: fix workqueue leak when probe fails
- spi: zynq-qspi: Add check for clk_enable()
- dt-bindings: mmc: controller: clarify the address-cells description
- spi: dt-bindings: add schema listing peripheral-specific properties
- dt-bindings: Another pass removing cases of 'allOf' containing a '$ref'
- dt-bindings: leds: Add Qualcomm Light Pulse Generator binding
- dt-bindings: leds: Optional multi-led unit address
- dt-bindings: leds: Add multicolor PWM LED bindings
- dt-bindings: leds: class-multicolor: reference class directly in multi-led
node
- dt-bindings: leds: class-multicolor: Fix path to color definitions
- rtlwifi: replace usage of found with dedicated list iterator variable
- wifi: rtlwifi: remove unused timer and related code
- wifi: rtlwifi: remove unused dualmac control leftovers
- wifi: rtlwifi: destroy workqueue at rtl_deinit_core
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory
- HID: multitouch: Add support for lenovo Y9000P Touchpad
- Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
- HID: multitouch: fix support for Goodix PID 0x01e9
- regulator: dt-bindings: mt6315: Drop regulator-compatible property
- ACPI: fan: cleanup resources in the error path of .probe()
- cpupower: fix TSC MHz calculation
- dt-bindings: mfd: bd71815: Fix rsense and typos
- leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
- cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
- clk: imx8mp: Fix clkout1/2 support
- regulator: of: Implement the unwind path of of_regulator_match()
- samples/landlock: Fix possible NULL dereference in parse_path()
- wifi: wlcore: fix unbalanced pm_runtime calls
- net/smc: fix data error when recvmsg with MSG_PEEK flag
- landlock: Move filesystem helpers and add a new one
- wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
- cpufreq: ACPI: Fix max-frequency computation
- selftests: harness: fix printing of mismatch values in __EXPECT()
- wifi: cfg80211: Handle specific BSSID in 6GHz scanning
- wifi: cfg80211: adjust allocation of colocated AP data
- clk: analogbits: Fix incorrect calculation of vco rate delta
- selftests/landlock: Fix error message
- net/mlxfw: Drop hard coded max FW flash image size
- netfilter: nft_flow_offload: update tcp state flags under lock
- tcp_cubic: fix incorrect HyStart round start detection
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
- libbpf: Fix segfault due to libelf functions not setting errno
- ASoC: sun4i-spdif: Add clock multiplier settings
- perf header: Fix one memory leakage in process_bpf_btf()
- perf header: Fix one memory leakage in process_bpf_prog_info()
- perf bpf: Fix two memory leakages when calling
perf_env__insert_bpf_prog_info()
- ASoC: renesas: rz-ssi: Use only the proper amount of dividers
- ktest.pl: Remove unused declarations in run_bisect_test function
- crypto: hisilicon/sec - add some comments for soft fallback
- crypto: hisilicon/sec - delete redundant blank lines
- crypto: hisilicon/sec2 - optimize the error return process
- crypto: hisilicon/sec2 - fix for aead icv error
- crypto: hisilicon/sec2 - fix for aead invalid authsize
- crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
- padata: fix sysfs store callback check
- perf top: Don't complain about lack of vmlinux when not resolving some
kernel samples
- perf report: Fix misleading help message about --demangle
- padata: add pd get/put refcnt helper
- ARM: at91: pm: change BU Power Switch to automatic mode
- arm64: dts: mt8183: set DMIC one-wire mode on Damu
- arm64: dts: mediatek: mt8516: fix GICv2 range
- arm64: dts: mediatek: mt8516: fix wdt irq type
- arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks
- arm64: dts: mediatek: mt8516: add i2c clock-div property
- arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
- RDMA/mlx4: Avoid false error about access to uninitialized gids array
- arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
- arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
- arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
- arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
- arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
- arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
- memory: Add LPDDR2-info helpers
- memory: tegra20-emc: Support matching timings by LPDDR2 configuration
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage
settings
- arm64: dts: qcom: msm8996: Fix up USB3 interrupts
- arm64: dts: qcom: msm8994: Describe USB interrupts
- arm64: dts: qcom: msm8916: correct sleep clock frequency
- arm64: dts: qcom: msm8994: correct sleep clock frequency
- arm64: dts: qcom: sc7280: correct sleep clock frequency
- arm64: dts: qcom: sm6125: correct sleep clock frequency
- arm64: dts: qcom: sm8250: correct sleep clock frequency
- arm64: dts: qcom: sm8350: correct sleep clock frequency
- arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280
properties
- arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
- ARM: dts: mediatek: mt7623: fix IR nodename
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
- RDMA/mlx5: Remove iova from struct mlx5_core_mkey
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
- RDMA/mlx5: Fix indirect mkey ODP page count
- xen/x86: free_p2m_page: use memblock_free_ptr() to free a virtual pointer
- memblock: drop memblock_free_early_nid() and memblock_free_early()
- of: reserved-memory: Do not make kmemleak ignore freed address
- efi: sysfb_efi: fix W=1 warnings when EFI is not set
- media: rc: iguanair: handle timeouts
- media: lmedm04: Handle errors for lme2510_int_read
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
- media: marvell: Add check for clk_enable()
- media: i2c: imx412: Add missing newline to prints
- media: i2c: ov9282: Correct the exposure offset
- media: mipi-csis: Add check for clk_enable()
- media: camif-core: Add check for clk_enable()
- media: uvcvideo: Propagate buf->error to userspace
- mtd: hyperbus: Make hyperbus_unregister_device() return void
- mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning
void
- mtd: hyperbus: hbmc-am654: fix an OF node reference leak
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
- scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
- module: Extend the preempt disabled section in
dereference_symbol_descriptor().
- NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
- NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
- tools/bootconfig: Fix the wrong format specifier
- xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver
- gpio: mxc: remove dead code after switch to DT-only
- net: fec: implement TSO descriptor cleanup
- PM: hibernate: Add error handling for syscore_suspend()
- net: netdevsim: try to close UDP port harness races
- ptp: Properly handle compat ioctls
- perf trace: Fix runtime error of index out of bounds
- vsock: Allow retrying on connect() failure
- bgmac: reduce max frame size to support just MTU 1500
- net: sh_eth: Fix missing rtnl lock in suspend/resume path
- net: hsr: fix fill_frame_info() regression vs VLAN packets
- genksyms: fix memory leak when the same symbol is added from source
- genksyms: fix memory leak when the same symbol is read from *.symref file
- kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
- kconfig: add warn-unknown-symbols sanity check
- kconfig: require a space after '#' for valid input
- kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
- kconfig: deduplicate code in conf_read_simple()
- kconfig: WERROR unmet symbol dependency
- kconfig: fix memory leak in sym_warn_unmet_dep()
- hexagon: fix using plain integer as NULL pointer warning in cmpxchg
- hexagon: Fix unbalanced spinlock in die()
- f2fs: Introduce linear search for dentries
- ktest.pl: Check kernelrelease return in get_version
- ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
- drivers/card_reader/rtsx_usb: Restore interrupt based detection
- usb: gadget: f_tcm: Fix Get/SetInterface return value
- usb: dwc3: core: Defer the probe until USB power supply ready
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
- usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
- btrfs: output the reason for open_ctree() failure
- btrfs: fix data race when accessing the inode's disk_i_size at
btrfs_drop_extents()
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
- sched: Don't try to catch up excess steal time.
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs
- x86/amd_nb: Restrict init function to AMD-based systems
- tun: fix group permission check
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
- HID: Wacom: Add PCI Wacom device support
- net/mlx5: use do_aux_work for PHC overflow checks
- wifi: iwlwifi: avoid memory leak
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
- APEI: GHES: Have GHES honor the panic= setting
- net: wwan: iosm: Fix hibernation by re-binding the driver around it
- mmc: sdhci-msm: Correctly set the load for the regulator
- tipc: re-order conditions in tipc_crypto_key_rcv()
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
- Input: allocate keycode for phone linking
- platform/x86: acer-wmi: Ignore AC events
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
- usb: chipidea: ci_hdrc_imx: use dev_err_probe()
- usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning
void
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in
the error path of .probe()
- net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
- net/ncsi: fix locking in Get MAC Address handling
- xfs: report realtime block quota limits on realtime directories
- xfs: don't over-report free space or inodes in statvfs
- usb: xhci: Add timeout argument in address_device USB HCD callback
- nvme: handle connectivity loss in nvme_set_queue_count
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
- gpu: drm_dp_cec: fix broken CEC adapter properties check
- tg3: Disable tg3 PCIe AER on system reboot
- udp: gso: do not drop small packets when PMTU reduces
- gpio: pca953x: Improve interrupt support
- net: atlantic: fix warning during hot unplug
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
- x86/xen: add FRAME_END to xen_hypercall_hvm()
- tun: revert fix group permission check
- cpufreq: s3c64xx: Fix compilation warning
- leds: lp8860: Write full EEPROM, not only half of it
- drm/modeset: Handle tiled displays in pan_display_atomic.
- s390/futex: Fix FUTEX_OP_ANDN implementation
- m68k: vga: Fix I/O defines
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
- drm/amd/pm: Mark MM activity as unsupported
- drm/komeda: Add check for komeda_get_layer_fourcc_list()
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
- Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
- clk: sunxi-ng: a100: enable MMC clock reparenting
- clk: qcom: clk-alpha-pll: fix alpha mode configuration
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15
- perf bench: Fix undefined behavior in cmpworker()
- of: Correct child specifier used as input of the 2nd nexus node
- of: Fix of_find_node_opts_by_path() handling of alias+path+options
- of: reserved-memory: Fix using wrong number of cells to get property
'alignment'
- HID: hid-sensor-hub: don't use stale platform-data on remove
- wifi: rtlwifi: rtl8821ae: Fix media status report
- usb: gadget: f_tcm: Translate error to sense
- usb: gadget: f_tcm: Decrement command ref count on cleanup
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
- usb: gadget: f_tcm: Don't prepare BOT write request twice
- serial: sh-sci: Drop __initdata macro for port_cfg
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
in use
- MIPS: Loongson64: remove ROM Size unit in boardinfo
- powerpc/pseries/eeh: Fix get PE state translation
- dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
- dm-crypt: track tag_offset in convert_context
- mips/math-emu: fix emulation of the prefx instruction
- ALSA: hda/realtek: Enable headset mic on Positivo C6400
- PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
- scsi: qla2xxx: Move FCE Trace buffer allocation to user control
- scsi: storvsc: Set correct data length for sending SCSI command without
payload
- kbuild: Move -Wenum-enum-conversion to W=2
- x86/boot: Use '-std=gnu11' to fix build with GCC 15
- arm64: dts: qcom: sm8350: Fix MPSS memory length
- crypto: qce - fix priority to be less than ARMv8 CE
- xfs: Add error handling for xfs_reflink_cancel_cow_range
- media: ccs: Clean up parsed CCS static data on parse failure
- iio: light: as73211: fix channel handling in only-color triggered buffer
- soc: qcom: smem_state: fix missing of_node_put in error path
- media: mc: fix endpoint iteration
- media: ov5640: fix get_light_freq on auto
- media: ccs: Fix CCS static data parsing for large block sizes
- media: ccs: Fix cleanup order in ccs_probe()
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events
- media: uvcvideo: Remove redundant NULL assignment
- crypto: qce - fix goto jump in error path
- crypto: qce - unregister previously registered algos in error path
- nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
- nvmem: core: improve range check for nvmem_cell_write()
- vfio/platform: check the bounds of read/write syscalls
- pnfs/flexfiles: retry getting layout segment for reads
- ocfs2: fix incorrect CPU endianness conversion causing mount failure
- mtd: onenand: Fix uninitialized retlen in do_otp_read()
- misc: fastrpc: Fix registered buffer page address
- net/ncsi: wait for the last response to Deselect Package before configuring
channel
- net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
- MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
- net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
- gpio: xilinx: remove excess kernel doc
- memory: tegra20-emc: Correct memory device mask
- ocfs2: check dir i_size in ocfs2_find_entry
- mptcp: prevent excessive coalescing on receive
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
- drm/i915/selftests: avoid using uninitialized context
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
- gpio: bcm-kona: Add missing newline to dev_err format string
- xen: remove a confusing comment on auto-translated guest I/O
- x86/xen: allow larger contiguous memory regions in PV guests
- media: cxd2841er: fix 64-bit division on gcc-9
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci
- Grab mm lock before grabbing pt lock
- x86/mm/tlb: Only trim the mm_cpumask once a second
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
- batman-adv: Ignore neighbor throughput metrics in error case
- perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
- usb: roles: set switch registered flag early on
- usb: gadget: udc: renesas_usb3: Fix compiler warning
- usb: dwc2: gadget: remove of_node reference upon udc_stop
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
- usb: core: fix pipe creation for get_bMaxPacketSize0
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
- usb: cdc-acm: Fix handling of oversized fragments
- USB: serial: option: add MeiG Smart SLM828
- USB: serial: option: add Telit Cinterion FN990B compositions
- USB: serial: option: fix Telit Cinterion FN990A name
- USB: serial: option: drop MeiG Smart defines
- can: c_can: fix unbalanced runtime PM disable in error path
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
length zero
- alpha: make stack 16-byte aligned (most cases)
- efi: Avoid cold plugged memory for placing the kernel
- cgroup: fix race between fork and cgroup.kill
- serial: 8250: Fix fifo underflow on flush
- alpha: align stack for page fault and user unaligned trap handlers
- gpio: stmpe: Check return value of stmpe_reg_read in
stmpe_gpio_irq_sync_unlock
- regmap-irq: Add missing kfree()
- arm64: Handle .ARM.attributes section in linker scripts
- mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
- btrfs: fix hole expansion when writing at an offset beyond EOF
- clocksource: Replace cpumask_weight() with cpumask_empty()
- clocksource: Use pr_info() for "Checking clocksource synchronization"
message
- ipv4: add RCU protection to ip4_dst_hoplimit()
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu()
- net: add dev_net_rcu() helper
- ipv4: use RCU protection in rt_is_expired()
- ipv4: use RCU protection in inet_select_addr()
- Namespaceify min_pmtu sysctl
- Namespaceify mtu_expires sysctl
- selftest: net: Test IPv4 PMTU exceptions with DSCP and ECN
- net: ipv4: Cache pmtu for all packet paths if multipath enabled
- neighbour: delete redundant judgment statements
- drm/tidss: Fix issue in irq handling causing irq-flood issue
- drm/tidss: Clear the interrupt status for interrupts being disabled
- kdb: Do not assume write() callback available
- alpha: replace hardcoded stack offsets with autogenerated ones
- nilfs2: do not output warnings when clearing dirty buffers
- can: ems_pci: move ASIX AX99100 ids to pci_ids.h
- serial: 8250_pci: add support for ASIX AX99100
- parport_pc: add support for ASIX AX99100
- netdevsim: print human readable IP address
- selftests: rtnetlink: update netdevsim ipsec output format
- ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus
- x86/i8253: Disable PIT timer 0 when not in use
- Revert "btrfs: avoid monopolizing a core when activating a swap file"
- btrfs: avoid monopolizing a core when activating a swap file
- arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
- crypto: testmgr - fix wrong key length for pkcs1pad
- crypto: testmgr - Fix wrong test case of RSA
- crypto: testmgr - fix version number of RSA tests
- crypto: testmgr - populate RSA CRT parameters in RSA test vectors
- crypto: testmgr - some more fixes to RSA test vectors
- mm: update mark_victim tracepoints fields
- drm/probe-helper: Create a HPD IRQ event helper for a single connector
- drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
- ASoC: renesas: rz-ssi: Add a check for negative sample_space
- arm64: dts: mediatek: mt8183: Disable DSI display output by default
- tpm: Use managed allocation for bios event log
- kfence: allow use of a deferrable timer
- [Config] updateconfigs to disable new KFENCE_DEFERRABLE
- kfence: enable check kfence canary on panic via boot param
- kfence: skip __GFP_THISNODE allocations on NUMA systems
- soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled()
- soc: mediatek: mtk-devapc: Fix leaking IO map on error paths
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove
- media: uvcvideo: Set error_idx during ctrl_commit errors
- media: uvcvideo: Refactor iterators
- media: uvcvideo: Only save async fh if success
- batman-adv: Drop initialization of flexible ethtool_link_ksettings
- usb: dwc3: Increase DWC3 controller halt timeout
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
- ALSA: hda/realtek: Fixup ALC225 depop procedure
- geneve: Suppress list corruption splat in geneve_destroy_tunnels().
- net: extract port range fields from fl_flow_key
- flow_dissector: Fix handling of mixed port and port-range keys
- flow_dissector: Fix port range key handling in BPF conversion
- net: Add non-RCU dev_getbyhwaddr() helper
- arp: switch to dev_getbyhwaddr() in arp_req_set_public()
- power: supply: da9150-fg: fix potential overflow
- nvme/ioctl: add missing space in err message
- bpf: skip non exist keys in generic_map_lookup_batch
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
- acct: block access to kernel internal filesystems
- mtd: rawnand: cadence: fix error code in cadence_nand_init()
- mtd: rawnand: cadence: use dma_map_resource for sdma address
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
- IB/mlx5: Set and get correct qp_num for a DCT QP
- ovl: use wrappers to all vfs_*xattr() calls
- ovl: pass ofs to creation operations
- scsi: core: Don't memset() the entire scsi_cmnd in scsi_init_command()
- scsi: core: Clear driver private data when retrying request
- RDMA/mlx5: Fix bind QP error cleanup flow
- sunrpc: suppress warnings for unused procfs functions
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
- afs: remove variable nr_servers
- afs: Make it possible to find the volumes that are using a server
- afs: Fix the server_list to unuse a displaced server rather than putting it
- net: loopback: Avoid sending IP packets without an Ethernet header
- net: cadence: macb: Synchronize stats calculations
- ASoC: es8328: fix route from DAC to output
- ipvs: Always clear ipvs_property flag in skb_scrub_packet()
- tcp: Defer ts_recent changes until req is owned
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
- net/mlx5: IRQ, Fix null string in debug print
- seg6: add support for SRv6 H.Encaps.Red behavior
- seg6: add support for SRv6 H.L2Encaps.Red behavior
- include: net: add static inline dst_dev_overhead() to dst.h
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loop on input in seg6 lwt
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loop on input in rpl lwt
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
- ftrace: Avoid potential division by zero in function_stat_show()
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
- perf/core: Fix low freq setting via IOC_PERIOD
- drm/amd/display: Fix HPD after gpu reset
- net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
- net: enetc: update UDP checksum when updating originTimestamp field
- net: enetc: correct the xdp_tx statistics
- phy: tegra: xusb: reset VBUS & ID OVERRIDE
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk
- vmlinux.lds: Ensure that const vars with relocations are mapped R/O
- intel_idle: Handle older CPUs, which stop the TSC in deeper C states,
correctly
- drm/amdgpu: Check extended configuration space register when system uses
large bar
- drm/amdgpu: disable BAR resize on Dell G5 SE
- Revert "of: reserved-memory: Fix using wrong number of cells to get property
'alignment'"
- HID: appleir: Fix potential NULL dereference at raw event handle
- gpio: rcar: Use raw_spinlock to protect register access
- gpio: aggregator: protect driver attr handlers against module unload
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
- ALSA: hda/realtek: update ALC222 depop optimize
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
- wifi: cfg80211: regulatory: improve invalid hints checking
- wifi: nl80211: reject cooked mode if it is set along with other flags
- rapidio: add check for rio_add_net() in rio_scan_alloc_net()
- rapidio: fix an API misues when rio_add_net() fails
- s390/traps: Fix test_monitor_call() inline assembly
- block: fix conversion of GPT partition name to 7-bit
- mm/page_alloc: fix uninitialized variable
- mm: don't skip arch_sync_kernel_mappings() in error paths
- wifi: iwlwifi: limit printed string from FW file
- HID: google: fix unused variable warning under !CONFIG_ACPI
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
- net: gso: fix ownership in __udp_gso_segment
- caif_virtio: fix wrong pointer check in cfv_probe()
- hwmon: (pmbus) Initialise page count in pmbus_identify()
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
- hwmon: (ad7314) Validate leading zero bits and return error
- ALSA: usx2y: validate nrpacks module parameter on probe
- llc: do not use skb_get() before dev_queue_xmit()
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
- drm/sched: Fix preprocessor guard
- be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
- net: hns3: make sure ptp clock is unregister and freed if
hclge_ptp_get_cycle returns an error
- ppp: Fix KMSAN uninit-value warning with bpf
- vlan: enforce underlying device type
- x86/sgx: Support loading enclave page without VMA permissions check
- x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes()
- x86/sgx: Export sgx_encl_{grow,shrink}()
- x86/sgx: Support VA page allocation without reclaiming
- x86/sgx: Fix size overflows in sgx_encl_create()
- exfat: fix soft lockup in exfat_clear_bitmap
- net-timestamp: support TCP GSO case for a few missing flags
- sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
- net: ipv6: fix dst ref loop in ila lwtunnel
- net: ipv6: fix missing dst ref drop in ila lwtunnel
- gpio: rcar: Fix missing of_node_put() call
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
- usb: renesas_usbhs: Call clk_put()
- usb: renesas_usbhs: Use devm_usb_get_phy()
- usb: hub: lack of clearing xHC resources
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader
- usb: renesas_usbhs: Flush the notify_hotplug_work
- usb: atm: cxacru: fix a flaw in existing endpoint checks
- usb: dwc3: Set SUSPENDENABLE soon after phy init
- usb: dwc3: gadget: Prevent irq storm when TH re-executes
- usb: typec: ucsi: increase timeout for PPM reset operations
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
- usb: gadget: Fix setting self-powered state on suspend
- usb: gadget: Check bmAttributes only if configuration is valid
- xhci: pci: Fix indentation in the PCI device ID definitions
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805
- mei: me: add panther lake P DID
- intel_th: pci: Add Arrow Lake support
- intel_th: pci: Add Panther Lake-H support
- intel_th: pci: Add Panther Lake-P/U support
- slimbus: messaging: Free transaction ID in delayed interrupt scenario
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
- eeprom: digsy_mtc: Make GPIO lookup table match the device
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
- media: uvcvideo: Avoid invalid memory access
- media: uvcvideo: Avoid returning invalid controls
- md: select BLOCK_LEGACY_AUTOLOAD
- [Config] updateconfigs to select BLOCK_LEGACY_AUTOLOAD
- mtd: rawnand: cadence: fix unchecked dereference
- spi-mxs: Fix chipselect glitch
- nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
- nilfs2: eliminate staggered calls to kunmap in nilfs_rename
- bpf, vsock: Invoke proto::close on close()
- kbuild: userprogs: use correct lld when linking through clang
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
- Linux 5.15.179
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21647
- sched: sch_cake: add bounds checks to host bulk flow fairness counts
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58002
- media: uvcvideo: Remove dangling pointers
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58079
- media: uvcvideo: Fix crash during unbind if gpio unit is in use
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21721
- nilfs2: handle errors that nilfs_prepare_chunk() may return
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-26982
- Squashfs: check the inode number is not the invalid value of zero
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21844
- smb: client: Add check for next_buffer in receive_encrypted_standard()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58090
- sched/core: Prevent rescheduling when interrupts are disabled
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21875
- mptcp: always handle address removal under msk socket lock
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21877
- usbnet: gl620a: fix endpoint checking in genelink_bind()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21878
- i2c: npcm: disable interrupt enable bit before devm_request_irq
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21887
- ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21846
- acct: perform last write from workqueue
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21848
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21862
- drop_monitor: fix incorrect initialization order
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21871
- tee: optee: Fix supplicant wait loop
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21865
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21858
- geneve: Fix use-after-free in geneve_find_dev().
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21866
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as
VM_ALLOC
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21859
- USB: gadget: f_midi: f_midi_complete to call queue_work
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21823
- batman-adv: Drop unmanaged ELP metric worker
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58005
- tpm: Change to kvalloc() in eventlog/acpi.c
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21748
- ksmbd: fix integer overflows on 32 bit systems
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57977
- memcg: fix soft lockup in the OOM process
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57978
- media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57979
- pps: Fix a use-after-free
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-47726
- f2fs: fix to wait dio completion
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21811
- nilfs2: protect access to buffers with no active references
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21722
- nilfs2: do not force clear folio if buffer is referenced
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58086
- drm/v3d: Stop active perfmon if it is being destroyed
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21758
- ipv6: mcast: add RCU protection to mld_newpack()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21760
- ndisc: extend RCU protection in ndisc_send_skb()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21761
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21762
- arp: use RCU protection in arp_xmit()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21763
- neighbour: use RCU protection in __neigh_notify()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21764
- ndisc: use RCU protection in ndisc_alloc_skb()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21765
- ipv6: use RCU protection in ip6_default_advmss()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21766
- ipv4: use RCU protection in __ip_rt_update_pmtu()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21767
- clocksource: Use migrate_disable() to avoid calling get_random_u32() in
atomic context
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21772
- partitions: mac: fix handling of bogus partition table
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21704
- usb: cdc-acm: Check control transfer buffer size before access
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21776
- USB: hub: Ignore non-compliant devices with too many configs or interfaces
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21835
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21779
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21781
- batman-adv: fix panic during interface removal
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21782
- orangefs: fix a oob in orangefs_debug_write
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57834
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21785
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21787
- team: better TEAM_OPTION_TYPE_STRING validation
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21791
- vrf: use RCU protection in l3mdev_l3_out()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58020
- HID: multitouch: Add NULL check in mt_input_configured
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21795
- NFSD: fix hang in nfsd4_shutdown_callback
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21796
- nfsd: clear acl_access/acl_default after releasing them
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21820
- tty: xilinx_uartps: split sysrq handling
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21814
- ptp: Ensure info->enable callback is always set
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21735
- NFC: nci: Add bounds checking in nci_hci_create_pipe()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21736
- nilfs2: fix possible int overflows in nilfs_fiemap()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58001
- ocfs2: handle a symlink read error correctly
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58007
- soc: qcom: socinfo: Avoid out of bounds read of serial number
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21744
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21745
- blk-cgroup: Fix class @block_class's subsystem refcount leakage
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58076
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58083
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58010
- binfmt_flat: Fix integer overflow bug on 32 bit systems
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21749
- net: rose: lock the socket in rose_bind()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57981
- usb: xhci: Fix NULL pointer dereference on certain command aborts
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21684
- gpio: xilinx: Convert gpio_lock to raw spinlock
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58085
- tomoyo: don't emit warning in tomoyo_write_control()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58014
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58016
- safesetid: check size of policy writes
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58017
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21753
- btrfs: fix use-after-free when attempting to join an aborted transaction
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58055
- usb: gadget: f_tcm: Don't free command immediately
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57980
- media: uvcvideo: Fix double free in error path
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21707
- mptcp: consolidate suboption status
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21708
- net: usb: rtl8150: enable basic endpoint checking
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21826
- netfilter: nf_tables: reject mismatching sum of field_len with set key
length
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21715
- net: davicom: fix UAF in dm9000_drv_remove
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21718
- net: rose: fix timer races against user threads
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21719
- ipmr: do not call mr_mfc_uses_dev() for unres entries
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21802
- net: hns3: fix oops when unload drivers paralleling
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58058
- ubifs: skip dumping tnc tree when zroot is null
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58069
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21804
- PCI: rcar-ep: Fix incorrect variable used when calling
devm_request_mem_region()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58034
- memory: tegra20-emc: fix an OF node reference bug in
tegra_emc_find_node_by_ram_code()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57973
- rdma/cxgb4: Prevent potential integer overflow on 32bit
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21726
- padata: avoid UAF for reorder_work
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21727
- padata: fix UAF in padata_reorder
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21728
- bpf: Send signals asynchronously if !preemptible
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21711
- net/rose: prevent integer overflows in rose_setsockopt()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21799
- net: ethernet: ti: am65-cpsw: fix freeing IRQ in
am65_cpsw_nuss_remove_tx_chns()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21806
- net: let net.core.dev_weight always be non-zero
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21830
- landlock: Handle weird files
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58071
- team: prevent adding a device which is already a team device lower
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58063
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58072
- wifi: rtlwifi: remove unused check_buddy_priv
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58051
- ipmi: ipmb: Add check devm_kasprintf() returned value
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58052
- drm/amdgpu: Fix potential NULL pointer dereference in
atomctrl_get_smc_sclk_range_table
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57986
- HID: core: Fix assumption that Resolution Multipliers must be in Logical
Collections
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21731
- nbd: don't allow reconnect after disconnect
* Fix bugs preventing boot on Intel TDX-enabled hosts (LP: #2097811)
- x86/mtrr: Remove physical address size calculation
* Build failure when CONFIG_NET_SWITCHDEV=n due to CVE-2024-26837 fix backport
(LP: #2104380)
- SAUCE: net: switchdev: fix compilation error for CONFIG_NET_SWITCHDEV=n
* nfsd hangs and never recovers after NFS4ERR_DELAY and a connection loss
(LP: #2103564)
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY
* kernel hard lockup in cgroups during eBPF workload (LP: #2089318)
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
- cgroup: Homogenize cgroup_get_from_id() return value
- cgroup: Make cgroup_get_from_id() prettier
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes
- cgroup: Reorganize css_set_lock and kernfs path processing
* CVE-2023-52664
- net: atlantic: eliminate double free in error handling logic
* CVE-2023-52927
- netfilter: allow exp not to be removed in nf_ct_find_expectation
-- Mehmet Basaran <mehmet.basaran@canonical.com> Sat, 12 Apr 2025 08:33:00 +0300
linux (5.15.0-138.148) jammy; urgency=medium
* jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)
* ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
(LP: #2096976)
- SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload
* CVE-2025-21756
- vsock: Keep the binding until socket destruction
- vsock: Orphan socket after transport release
* CVE-2024-50256
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
* CVE-2025-21702
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0
* CVE-2025-21703
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
* CVE-2025-21700
- net: sched: Disallow replacing of child qdisc from one parent to another
* CVE-2024-46826
- ELF: fix kernel.randomize_va_space double read
* CVE-2024-56651
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
* iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
* CVE-2024-50248
- ntfs3: Add bounds checking to mi_enum_attr()
- fs/ntfs3: Sequential field availability check in mi_enum_attr()
* CVE-2022-0995
- watch_queue: Use the bitmap API when applicable
* CVE-2024-26837
- net: bridge: switchdev: Skip MDB replays of deferred events on offload
* CVE-2025-21701
- net: avoid race between device unregistration and ethnl ops
* CVE-2024-57798
- drm/dp_mst: Skip CSN if topology probing is not done yet
- drm/dp_mst: Ensure mst_primary pointer is valid in
drm_dp_mst_handle_up_req()
* CVE-2024-56658
- net: defer final 'struct net' free in netns dismantle
* CVE-2024-35864
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
* CVE-2024-35864/CVE-2024-26928
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
-- Stefan Bader <stefan.bader@canonical.com> Fri, 14 Mar 2025 15:32:05 +0100
linux (5.15.0-135.146) jammy; urgency=medium
* jammy/linux: 5.15.0-135.146 -proposed tracker (LP: #2098300)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.02.10)
* Jammy update: v5.15.178 upstream stable release (LP: #2098441)
- ASoC: wm8994: Add depends on MFD core
- ASoC: samsung: Add missing selects for MFD_WM8994
- seccomp: Stub for !CONFIG_SECCOMP
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- ASoC: samsung: Add missing depends on I2C
- regmap: detach regmap from dev on regmap_exit
- mptcp: don't always assume copied data in mptcp_cleanup_rbuf()
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
- net: sched: fix ets qdisc OOB Indexing
- vfio/platform: check the bounds of read/write syscalls
- fs/ntfs3: Additional check in ntfs_file_release
- platform/chrome: cros_ec_typec: Check for EC driver
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
- wifi: iwlwifi: add a few rate index validity checks
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
- ALSA: usb-audio: Add delay quirk for USB Audio Device
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add support for wooting two he (arm)
- drm/v3d: Assign job pointer to NULL before signaling the fence
- Linux 5.15.178
* CVE-2024-49925
- fbdev: efifb: Register sysfs groups through driver core
* Jammy update: v5.15.177 upstream stable release (LP: #2097298)
- ceph: give up on paths longer than PATH_MAX
- jbd2: flush filesystem device before updating tail sequence
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix cursor index when skipping across block boundaries
- exfat: fix the infinite loop in exfat_readdir()
- exfat: fix the infinite loop in __exfat_free_cluster()
- ASoC: mediatek: disable buffer pre-allocation
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
- bnxt_en: Fix possible memory leak when hwrm_req_replace fails
- cxgb4: Avoid removal of uninserted tid
- tls: Fix tls_sw_sendmsg error handling
- netfilter: nf_tables: imbalance in flowtable binding
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX
- drm/mediatek: Add support for 180-degree rotation in the display driver
- ksmbd: fix a missing return value check bug
- afs: Fix the maximum cell name length
- dm thin: make get_first_thin use rcu-safe list first function
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- sctp: sysctl: udp_port: avoid using current->nsproxy
- sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- riscv: Fix sleeping in invalid context in die()
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and transitivity
- USB: serial: option: add MeiG Smart SRM815
- USB: serial: option: add Neoway N723-EA support
- staging: iio: ad9834: Correct phase range check
- staging: iio: ad9832: Correct phase range check
- usb-storage: Add max sectors quirk for Nokia 208
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb: dwc3: gadget: fix writing NYET threshold
- topology: Keep the cpumask unchanged when printing cpumap
- USB: usblp: return error when setting unsupported protocol
- USB: core: Disable LPM only for non-suspended ports
- usb: fix reference leak in usb_new_device()
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
- iio: pressure: zpa2326: fix information leak in triggered buffer
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered
buffer
- iio: light: vcnl4035: fix information leak in triggered buffer
- iio: imu: kmx61: fix information leak in triggered buffer
- iio: adc: ti-ads8688: fix information leak in triggered buffer
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
- iio: adc: at91: call input_free_device() on allocated iio_dev
- iio: inkern: call iio_device_put() only on mapped devices
- iio: adc: ad7124: Disable all channels at probe time
- block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
- arm64: dts: rockchip: add hevc power domain clock to rk3328
- of: unittest: Add bus address range parsing tests
- of/address: Add support for 3 address cell bus
- of: address: Fix address translation when address-size is greater than 2
- of: address: Remove duplicated functions
- of: address: Store number of bus flag cells rather than bool
- of: address: Preserve the flags portion on 1:1 dma-ranges mapping
- phy: usb: Add "wake on" functionality for newer Synopsis XHCI controllers
- phy: usb: Toggle the PHY power during init
- ocfs2: correct return value of ocfs2_local_free_info()
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
- mptcp: drop port parameter of mptcp_pm_add_addr_signal
- mptcp: fix TCP options overflow.
- phy: usb: Use slow clock for wake enabled suspend
- phy: usb: Fix clock imbalance for suspend/resume
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- bpf: Fix bpf_sk_select_reuseport() memory leak
- pktgen: Avoid out-of-bounds access in get_imix_entries
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Destroy device along with udp socket's netns dismantle.
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow
- net/mlx5: Add priorities for counters in RDMA namespaces
- net/mlx5: Refactor mlx5_get_flow_namespace
- net/mlx5: Fix RDMA TX steering prio
- drm/v3d: Ensure job pointer is set to NULL after job completion
- Revert "mtd: spi-nor: core: replace dummy buswidth from addr to data"
- i2c: mux: demux-pinctrl: check initial mux selection, too
- i2c: rcar: fix NACK handling when being a target
- mac802154: check local interfaces before deleting sdata list
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
- nvmet: propagate npwg topology
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
- filemap: avoid truncating 64-bit offset to 32 bits
- fs/proc: fix softlockup in __read_vmcore (part 2)
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- hrtimers: Handle CPU state correctly on hotplug
- drm/i915/fb: Relax clear color alignment to 64 bytes
- iio: imu: inv_icm42600: fix spi burst write not supported
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
- iio: adc: rockchip_saradc: fix information leak in triggered buffer
- Revert "drm/amdgpu: rework resume handling for display (v2)"
- Revert "regmap: detach regmap from dev on regmap_exit"
- vsock/virtio: discard packets if the transport changes
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
- nfsd: add list_head nf_gc to struct nfsd_file
- x86/xen: fix SLS mitigation in xen_hypercall_iret()
- scsi: sg: Fix slab-use-after-free read in sg_release()
- net: fix data-races around sk->sk_forward_alloc
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM
conditionals
- Linux 5.15.177
* CVE-2024-46784
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
* CVE-2024-44938
- jfs: Fix shift-out-of-bounds in dbDiscardAG
* CVE-2024-43900
- media: xc2028: avoid use-after-free in load_firmware_cb()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327)
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
- usb: cdns3: Add quirk flag to enable suspend residency
- ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP
- PCI: vmd: Create domain symlink before pci_bus_add_devices()
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- MIPS: Loongson64: DTS: Fix msi node for ls7a
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with
iommu enabled
- i2c: pnx: Fix timeout in wait functions
- erofs: fix incorrect symlink detection in fast symlink
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll
- ionic: use ee->offset when returning sprom data
- net: hinic: Fix cleanup in create_rxqs/txqs()
- net: ethernet: bgmac-platform: fix an OF node reference leak
- netfilter: ipset: Fix for recursive locking warning
- net: mdiobus: fix an OF node reference leak
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk
- chelsio/chtls: prevent potential integer overflow on 32bit
- i2c: riic: Always round-up when calculating bus period
- efivarfs: Fix error on non-existent file
- USB: serial: option: add TCL IK512 MBIM & ECM
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Telit FE910C04 rmnet compositions
- hwmon: (tmp513) Don't use "proxy" headers
- hwmon: (tmp513) Simplify with dev_err_probe()
- hwmon: (tmp513) Use SI constants from units.h
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit
Registers
- hwmon: (tmp513) Fix Current Register value interpretation
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit
Registers
- hwmon: (tmp513) Fix division of negative numbers
- sh: clk: Fix clk_enable() to return 0 on NULL clk
- zram: refuse to use zero sized block device as backing device
- btrfs: tree-checker: reject inline extent items with 0 ref count
- tracing: Fix test_event_printk() to process entire print argument
- tracing: Add missing helper functions in event pointer dereference check
- tracing: Add "%s" check in test_event_printk()
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()
- udmabuf: also check for F_SEAL_FUTURE_WRITE
- of: Fix error path in of_parse_phandle_with_args_map()
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent()
- ceph: validate snapdirname option length when mounting
- epoll: Add synchronous wakeup support for ep_poll_callback
- drm/amdgpu: Handle NULL bo->tbo.resource (again) in amdgpu_vm_bo_update
- mm/vmstat: fix a W=1 clang compiler warning
- tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress()
- tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
- bpf: Check negative offsets in __bpf_skb_min_len()
- nfsd: restore callback functionality for NFSv4.0
- mtd: diskonchip: Cast an operand to prevent potential overflow
- mtd: rawnand: arasan: Fix double assertion of chip-select
- mtd: rawnand: arasan: Fix missing de-registration of NAND
- phy: core: Fix an OF node refcount leakage in _of_phy_get()
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup()
- phy: core: Fix that API devm_phy_put() fails to release the phy
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to
unregister the phy provider
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy
- dmaengine: mv_xor: fix child node refcount handling in early exit
- dmaengine: dw: Select only supported masters for ACPI devices
- mtd: rawnand: fix double free in atmel_pmecc_create_user()
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label
update
- watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- ALSA: hda/conexant: fix Z60MR100 startup pop issue
- regmap: Use correct format specifier for logging range errors
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load
time
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN
as an error
- virtio-blk: don't keep queue frozen during system suspend
- vmalloc: fix accounting with i915
- MIPS: Probe toolchain support of -msym32
- arm64: mm: Rename asid2idx() to ctxid2asid()
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses 8-bit
ASIDs
- drm/dp_mst: Verify request type in the corresponding down message reply
- lib: stackinit: hide never-taken branch from compiler
- ksmbd: fix racy issue from session lookup and expire
- tracing: Constify string literal data member in struct trace_event_call
- btrfs: avoid monopolizing a core when activating a swap file
- x86/hyperv: Fix hv tsc page based sched_clock for hibernation
- selinux: ignore unknown extended permissions
- tracing: Have process_string() also allow arrays
- thunderbolt: Add support for Intel Raptor Lake
- thunderbolt: Add support for Intel Meteor Lake
- thunderbolt: Add Intel Barlow Ridge PCI ID
- thunderbolt: Add support for Intel Lunar Lake
- thunderbolt: Add support for Intel Panther Lake-M/P
- xhci: retry Stop Endpoint on buggy NEC controllers
- usb: xhci: Limit Stop Endpoint retries
- xhci: Turn NEC specific quirk for handling Stop Endpoint errors generic
- RDMA/mlx5: Enforce same type port association for multiport RoCE
- RDMA/bnxt_re: Add check for path mtu in modify_qp
- RDMA/bnxt_re: Fix reporting hw_ver in query_device
- RDMA/bnxt_re: Fix max_qp_wrs reported
- RDMA/bnxt_re: Fix the locking while accessing the QP table
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly
- RDMA/hns: Remove redundant 'attr_mask' in modify_qp_init_to_init()
- RDMA/hns: Remove redundant 'bt_level' for hem_list_alloc_item()
- RDMA/hns: Fix mapping error of zero-hop WQE buffer
- RDMA/hns: Fix warning storm caused by invalid input in IO path
- RDMA/hns: Fix missing flush CQE for DWQE
- net: stmmac: platform: provide devm_stmmac_probe_config_dt()
- net: stmmac: don't create a MDIO bus if unnecessary
- net: stmmac: restructure the error path of stmmac_probe_config_dt()
- drm/i915/dg1: Fix power gate sequence.
- net: llc: reset skb->transport_header
- ALSA: usb-audio: US16x08: Initialize array before use
- eth: bcmsysport: fix call balance of priv->clk handling routines
- net: mv643xx_eth: fix an OF node reference leak
- net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
- btrfs: rename and export __btrfs_cow_block()
- btrfs: sysfs: convert scnprintf and snprintf to sysfs_emit
- btrfs: sysfs: fix direct super block member reads
- wifi: mac80211: wake the queues in case of failure in resume
- sound: usb: enable DSD output for ddHiFi TC44C
- sound: usb: format: don't warn that raw DSD is unsupported
- bpf: fix potential error return
- net: usb: qmi_wwan: add Telit FE910C04 compositions
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
- ARC: build: Try to guess GCC variant of cross compiler
- usb: xhci: Avoid queuing redundant Stop Endpoint commands
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host
- modpost: fix the missed iteration for the max bit in do_input()
- kcov: mark in_softirq_really() as __always_inline
- sky2: Add device ID 11ab:4373 for Marvell 88E8075
- net/sctp: Prevent autoclose integer overflow in sctp_association_init()
- drm: adv7511: Drop dsi single lane support
- dt-bindings: display: adi,adv7533: Drop single lane support
- Linux 5.15.176
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57884
- mm: vmscan: account for free pages to prevent infinite Loop in
throttle_direct_reclaim()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57889
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57890
- RDMA/uverbs: Prevent integer overflow issue
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57896
- btrfs: flush delalloc workers queue before stopping cleaner kthread during
unmount
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57897
- drm/amdkfd: Correct the migration DMA map direction
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56759
- btrfs: fix use-after-free when COWing tree bock and tracing is enabled
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57900
- ila: serialize calls to nf_register_net_hooks()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57901
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57902
- af_packet: fix vlan_get_tci() vs MSG_PEEK
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57903
- net: restrict SO_REUSEPORT to inet sockets
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-36476
- RDMA/rtrs: Ensure 'ib_sge list' is accessible
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57802
- netrom: check buffer length before accessing it
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57841
- net: fix memory leak in tcp_conn_request()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-49998
- net: dsa: improve shutdown sequence
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-50121
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57792
- power: supply: gpio-charger: Fix set charge current limits
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56763
- tracing: Prevent bad count for tracing_cpumask_write
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56626
- ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56627
- ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56616
- drm/dp_mst: Fix MST sideband message body length check
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-53099
- bpf: Check validity of link->type in bpf_link_show_fdinfo()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57807
- scsi: megaraid_sas: Fix for a potential deadlock
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56767
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56769
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-53690
- nilfs2: prevent use of deleted inode
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-55881
- KVM: x86: Play nice with protected guests in complete_hypercall_exit()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-55916
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56369
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56715
- ionic: Fix netdev notifier unregister on failure
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-56716
- netdevsim: prevent bad user input in nsim_dev_health_break_write()
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-57791
- net/smc: check return value of sock_recvmsg when draining clc data
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-47408
- net/smc: check smcd_v2_ext_offset when receiving proposal msg
* Jammy update: v5.15.176 upstream stable release (LP: #2095327) //
CVE-2024-49571
- net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal
msg
* Jammy update: v5.15.175 upstream stable release (LP: #2095302)
- tcp: check space before adding MPTCP SYN options
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5
- usb: host: max3421-hcd: Correctly abort a USB request.
- ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys()
- usb: dwc2: Fix HCD resume
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- usb: dwc2: Fix HCD port connection race
- usb: ehci-hcd: fix call balance of clocks handling routines
- drm/i915: Fix memory leak by correcting cache object name in error handler
- xfs: update btree keys correctly when _insrec splits an inode root block
- xfs: don't drop errno values when we fail to ficlone the entire range
- xfs: return from xfs_symlink_verify early on V4 filesystems
- xfs: fix scrub tracepoints when inode-rooted btrees are involved
- bpf, sockmap: Fix update element with same
- batman-adv: Do not send uninitialized TT changes
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not let TT changes list grows indefinitely
- tipc: fix NULL deref in cleanup_bearer()
- selftests: mlxsw: sharedbuffer: Remove h1 ingress test case
- selftests: mlxsw: sharedbuffer: Remove duplicate test cases
- ptp: kvm: Use decrypted memory in confidential guest on x86
- ptp: kvm: x86: Return EOPNOTSUPP instead of ENODEV from kvm_arch_ptp_init()
- net: sparx5: fix FDMA performance issue
- net: sparx5: fix the maximum frame length register
- ACPI: resource: Fix memory resource type union access
- cxgb4: use port number to set mac addr
- qca_spi: Fix clock speed for multiple QCA7000
- qca_spi: Make driver probing reliable
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value
- bonding: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- team: Fix feature propagation of NETIF_F_GSO_ENCAP_ALL
- ACPICA: events/evxfregn: don't release the ContextMutex that was never
acquired
- blk-iocost: Avoid using clamp() on inuse in __propagate_weights()
- tracing/kprobes: Skip symbol counting logic for module symbols in
create_local_trace_kprobe()
- xen/netfront: fix crash when removing device
- x86: make get_cpu_vendor() accessible from Xen code
- objtool/x86: allow syscall instruction
- x86/static-call: provide a way to do very early static-call updates
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0
- x86/asm: Make serialize() always_inline
- x86/xen: don't do PV iret hypercall through hypercall page
- x86/xen: add central hypercall functions
- x86/xen: use new hypercall functions instead of hypercall page
- x86/xen: remove hypercall page
- ALSA: usb-audio: Fix a DMA to stack memory bug
- x86/static-call: fix 32-bit build
- Linux 5.15.175
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-53125
- bpf: sync_linked_regs() must preserve subreg_def
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56770
- net/sched: netem: account for backlog updates from child qdisc
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56659
- net: lapb: increase LAPB_HEADER_LEN
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56662
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-42315
- exfat: fix potential deadlock on __exfat_get_dentry_set
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-53119
- virtio/vsock: Fix accept_queue memory leak
* Jammy update: v5.15.175 upstream stable release (LP: #2095302) //
CVE-2024-56670
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to
accessing null pointer
* Jammy update: v5.15.174 upstream stable release (LP: #2095283)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate()
- media: uvcvideo: Stop stream during unregister
- vmstat: call fold_vm_zone_numa_events() before show per zone NUMA event
- iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables
- leds: lp55xx: Remove redundant test for invalid channel number
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3
- samples: pktgen: correct dev to DEV
- ARM: 9419/1: mm: Fix kernel memory mapping for xip kernels
- x86/mm: Fix a kdump kernel failure on SME system when CONFIG_IMA_KEXEC=y
- vdpa/mlx5: Fix PA offset with unaligned starting iotlb map
- KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled
- ocfs2: fix UBSAN warning in ocfs2_verify_volume()
- drm/bridge: tc358768: Fix DSI command tx
- mmc: sunxi-mmc: Add D1 MMC variant
- mmc: sunxi-mmc: Fix A100 compatible description
- lib/buildid: Fix build ID parsing logic
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point
- NFSD: Async COPY result needs to return a write verifier
- NFSD: Initialize struct nfsd4_copy earlier
- NFSD: Never decrement pending_async_copies on error
- mm: revert "mm: shmem: fix data-race in shmem_getattr()"
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook
- mm: unconditionally close VMAs on error
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling
- NFS: nfs_async_write_reschedule_io must not recurse into the writeback code
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
- ASoC: Intel: sst: Support LPE0F28 ACPI HID
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend
- mac80211: fix user-power when emulating chanctx
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver
- selftests/watchdog-test: Fix system accidentally reset after watchdog-test
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
- net: usb: qmi_wwan: add Quectel RG650V
- soc: qcom: Add check devm_kasprintf() returned value
- regulator: rk808: Add apply_bit for BUCK3 on RK809
- platform/x86: dell-smbios-base: Extends support to Alienware products
- platform/x86: dell-wmi-base: Handle META key Lock/Unlock events
- can: j1939: fix error in J1939 documentation.
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate()
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div()
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry
- ARM: 9420/1: smp: Fix SMP for xip kernels
- ipmr: Fix access to mfc_cache_list without lock held
- nvme: fix metadata handling in nvme-passthrough
- x86/barrier: Do not serialize MSR accesses on AMD
- kselftest/arm64: mte: fix printf type warnings about longs
- s390/cio: Do not unregister the subchannel based on DNV
- brd: remove brd_devices_mutex mutex
- mips: asm: fix warning when disabling MIPS_FP_SUPPORT
- m68k: mvme147: Fix SCSI controller IRQ numbers
- m68k: mvme16x: Add and use "mvme16x.h"
- m68k: mvme147: Reinstate early console
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
- s390/syscalls: Avoid creation of arch/arch/ directory
- firmware: google: Unregister driver_info on failure
- crypto: qat - remove faulty arbiter config reset
- thermal: core: Initialize thermal zones before registering them
- EDAC/fsl_ddr: Fix bad bit shift operations
- crypto: cavium - Fix the if condition to exit loop after timeout
- ACPI: CPPC: Fix _CPC register setting issue
- crypto: caam - add error check to caam_rsa_set_priv_key_form
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
- time: Fix references to _msecs_to_jiffies() handling of values
- timekeeping: Consolidate fast timekeeper
- seqlock/latch: Provide raw_read_seqcount_latch_retry()
- kcsan, seqlock: Support seqcount_latch_t
- kcsan, seqlock: Fix incorrect assumption in read_seqbegin()
- clocksource/drivers:sp804: Make user selectable
- spi: spi-fsl-lpspi: downgrade log level for pio mode
- spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq()
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq()
- mmc: mmc_spi: drop buggy snprintf()
- tpm: fix signed/unsigned bug when checking event logs
- arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4
- arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4
- arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source
trackpad
- Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline"
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
- arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns
- arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns
- arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns
- pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle
- ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
- pmdomain: ti-sci: Add missing of_node_put() for args.np
- spi: tegra210-quad: Avoid shift-out-of-bounds
- spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time​
- regmap: irq: Set lockdep class for hierarchical IRQ domains
- arm64: dts: mt8183: jacuzzi: remove unused ddc-i2c-bus
- arm64: dts: mt8183: jacuzzi: Move panel under aux-bus
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed
regulators
- selftests/resctrl: Protect against array overrun during iMC config parsing
- media: venus: venc: Use pmruntime autosuspend
- media: venus: vdec: decoded picture buffer handling during reconfig sequence
- media: venus : Addition of EOS Event support for Encoder
- media: venus : Addition of support for VIDIOC_TRY_ENCODER_CMD
- venus: venc: add handling for VIDIOC_ENCODER_CMD
- media: venus: provide ctx queue lock for ioctl synchronization
- media: atomisp: remove #ifdef HAS_NO_HMEM
- platform/x86: panasonic-laptop: Replace snprintf in show functions with
sysfs_emit
- platform/x86: panasonic-laptop: Return errno correctly in show callback
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
- drm/omap: Fix possible NULL dereference
- drm/omap: Fix locking in omap_gem_new_dmabuf()
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/v3d: Address race-condition in MMU flush
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
- ASoC: fsl_micfil: Drop unnecessary register read
- ASoC: fsl_micfil: do not define SHIFT/MASK for single bits
- ASoC: fsl_micfil: use GENMASK to define register bit fields
- ASoC: fsl_micfil: fix regmap_write_bits usage
- ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode
- drm/bridge: anx7625: Drop EDID cache on bridge power off
- libbpf: Fix output .symtab byte-order during linking
- bpf: Fix the xdp_adjust_tail sample prog issue
- libbpf: fix sym_is_subprog() logic for weak global subprogs
- xfrm: rename xfrm_state_offload struct to allow reuse
- xfrm: store and rely on direction to construct offload flags
- netdevsim: rely on XFRM state direction instead of flags
- netdevsim: copy addresses for both in and out paths
- drm/bridge: tc358767: Fix link properties discovery
- selftests/bpf: Fix msg_verify_data in test_sockmap
- selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap
- drm: fsl-dcu: enable PIXCLK on LS1021A
- drm/panfrost: Remove unused id_mask from struct panfrost_model
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited
- drm/etnaviv: fix power register offset on GC300
- drm/etnaviv: hold GPU lock across perfmon sampling
- wifi: wfx: Fix error handling in wfx_core_init()
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk()
- netfilter: nf_tables: skip transaction if update object is not implemented
- netfilter: nf_tables: must hold rcu read lock while iterating object type
list
- netlink: typographical error in nlmsg_type constants definition
- selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap
- selftests/bpf: Fix SENDPAGE data logic in test_sockmap
- selftests, bpf: Add one test for sockmap with strparser
- selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap
- selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap
- bpf, sockmap: Several fixes to bpf_msg_push_data
- bpf, sockmap: Fix sk_msg_reset_curr
- selftests: net: really check for bg process completion
- drm/amdkfd: Fix wrong usage of INIT_WORK()
- net: rfkill: gpio: Add check for clk_enable()
- driver core: Introduce device_find_any_child() helper
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
- wireguard: selftests: load nf_conntrack if not present
- trace/trace_event_perf: remove duplicate samples on the first tracepoint
event
- pinctrl: zynqmp: drop excess struct member description
- powerpc/vdso: Flag VDSO64 entry points as functions
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race
- mfd: da9052-spi: Change read-mask to write-mask
- mfd: intel_soc_pmic_bxtwc: Use dev_err_probe()
- cpufreq: loongson2: Unregister platform_driver on failure
- mtd: rawnand: atmel: Fix possible memory leak
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
- clk: imx: lpcg-scu: SW workaround for errata (e10858)
- clk: imx: clk-scu: fix clk enable state save and restore
- mfd: rt5033: Fix missing regmap_del_irq_chip()
- scsi: fusion: Remove unused variable 'rc'
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE
- powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
- powerpc/kexec: Fix return of uninitialized variable
- fbdev/sh7760fb: Alloc DMA memory from hardware device
- dt-bindings: clock: axi-clkgen: include AXI clk
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock
- pinctrl: k210: Undef K210_PC_DEFAULT
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb()
- perf cs-etm: Don't flush when packet_queue fills up
- perf probe: Fix libdw memory leak
- perf probe: Correct demangled symbols in C++ program
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
- PCI: cpqphp: Fix PCIBIOS_* return value confusion
- f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block
- f2fs: remove struct segment_allocation default_salloc_ops
- f2fs: open code allocate_segment_by_default
- f2fs: remove the unused flush argument to change_curseg
- f2fs: check curseg->inited before write_sum_page in change_curseg
- perf trace: avoid garbage when not printing a trace event's arguments
- m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
- m68k: coldfire/device.c: only build FEC when HW macros are defined
- perf trace: Do not lose last events in a race
- perf trace: Avoid garbage when not printing a syscall's arguments
- rpmsg: glink: Add TX_DATA_CONT command while sending
- rpmsg: glink: Send READ_NOTIFY command in FIFO full case
- rpmsg: glink: Fix GLINK command prefix
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
- remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table
- NFSD: Fix nfsd4_shutdown_copy()
- hwmon: (tps23861) Fix reporting of negative temperatures
- vdpa/mlx5: Fix suboptimal range on iotlb iteration
- selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels
- fs_parser: update mount_api doc to match function signature
- power: supply: core: Remove might_sleep() from power_supply_put()
- power: supply: bq27xxx: Fix registers of bq27426
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL
configuration
- net: mdio-ipq4019: add missing error check
- marvell: pxa168_eth: fix call balance of pep->clk handling routines
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- octeontx2-af: RPM: Fix mismatch in lmac type
- spi: atmel-quadspi: Fix register name in verbose logging function
- net: hsr: fix hsr_init_sk() vs network/transport headers.
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down
- iio: light: al3010: Fix an error handling path in al3010_probe()
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
- usb: yurex: make waiting on yurex_write interruptible
- USB: chaoskey: fail open after removal
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
- misc: apds990x: Fix missing pm_runtime_disable()
- counter: stm32-timer-cnt: Add check for clk_enable()
- ALSA: hda/realtek: Update ALC256 depop procedure
- apparmor: fix 'Do simple duplicate message elimination'
- usb: ehci-spear: fix call balance of sehci clk handling routines
- Revert "drivers: clk: zynqmp: update divider round rate logic"
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe()
- ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
- ext4: fix FS_IOC_GETFSMAP handling
- jfs: xattr: check invalid xattr size more strictly
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
- perf/x86/intel/pt: Fix buffer full but size is 0 case
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
- fsnotify: fix sending inotify event with unexpected filename
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
- locking/lockdep: Avoid creating new name string literals in
lockdep_set_subclass()
- exfat: fix uninit-value in __exfat_get_dentry_set
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
- gpio: exar: set value when external pull-up or pull-down is present
- spi: Fix acpi deferred irq probe
- mtd: spi-nor: core: replace dummy buswidth from addr to data
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power()
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- serial: 8250: omap: Move pm_runtime_get_sync
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- block: fix ordering between checking BLK_MQ_S_STOPPED request adding
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting()
- media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
- ALSA: hda/realtek: Update ALC225 depop procedure
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
- ALSA: hda/realtek: Apply quirk for Medion E15433
- usb: dwc3: gadget: Fix checking for number of TRBs left
- lib: string_helpers: silence snprintf() output truncation warning
- rpmsg: glink: Propagate TX failures in intentless mode as well
- um: Fix the return value of elf_core_copy_task_fpregs
- um: Always dump trace for specified task in show_stack
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
- rtc: abx80x: Fix WDT bit position of the status register
- ubifs: Correct the total block count by deducting journal reservation
- jffs2: fix use of uninitialized variable
- block: return unsigned int from bdev_io_min
- 9p/xen: fix init sequence
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
- modpost: remove incorrect code in do_eisa_entry()
- nfs: ignore SB_RDONLY when mounting nfs
- sunrpc: remove unnecessary test in rpc_task_set_client()
- SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE
- ASoC: fsl_micfil: fix the naming style for mask definition
- xfs: fix log recovery when unknown rocompat bits are set
- xfs: remove unknown compat feature check in superblock write validation
- btrfs: add might_sleep() annotations
- util_macros.h: fix/rework find_closest() macros
- scsi: ufs: exynos: Fix hibern8 notify callbacks
- PCI: keystone: Add link up check to ks_pcie_other_map_bus()
- ovl: properly handle large files in ovl_security_fileattr
- dm thin: Add missing destroy_work_on_stack()
- PCI: rockchip-ep: Fix address translation unit programming
- drm/etnaviv: flush shader L1 cache after user commandstream
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart()
- can: peak_usb: CANFD: store 64-bits hw timestamps
- can: do not increase rx statistics when generating a CAN rx error message
frame
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation
fails
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
- ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
- ptp: Add error handling for adjfine callback in ptp_clock_adjtime
- net/sched: tbf: correct backlog statistic for GSO packets
- net/smc: Limit backlog connections
- net/qed: allow old cards not supporting "num_images" to work
- net: sched: fix erspan_opt settings in cls_flower
- netfilter: nft_set_hash: skip duplicated elements pending gc run
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
- ethtool: Fix wrong mod state in case of verbose and no_mask bitset
- gpio: grgpio: use a helper variable to store the address of ofdev->dev
- dt_bindings: rs485: Correct delay values
- dt-bindings: serial: rs485: Fix rs485-rts-delay property
- serial: amba-pl011: Use port lock wrappers
- serial: amba-pl011: Fix RX stall when DMA is used
- bpftool: Remove asserts from JIT disassembler
- bpftool: fix potential NULL pointer dereferencing in prog_dump()
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter
- ALSA: pcm: Add more disconnection checks at file ops
- ALSA: pcm: Avoid reference to status->state
- ALSA: usb-audio: Notify xrun for low-latency mode
- tools: Override makefile ARCH variable if defined, but empty
- drm/v3d: Enable Performance Counters before clearing them
- bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie
- bpf: Fix exact match conditions in trie_get_next_key()
- watchdog: rti: of: honor timeout-sec property
- tracing: Fix cmp_entries_dup() to respect sort() comparison rules
- ALSA: usb-audio: add mixer mapping for Corsair HS80
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG)
- scsi: qla2xxx: Fix abort in bsg timeout
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
- dma-buf: fix dma_fence_array_signaled v4
- regmap: detach regmap from dev on regmap_exit
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10
tablet
- mmc: core: Further prevent card detect during shutdown
- ocfs2: update seq_file index in ocfs2_dlm_seq_next
- epoll: annotate racy check
- btrfs: avoid unnecessary device path update for the same device
- kselftest/arm64: Don't leak pipe fds in pac.exec_sign_all()
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- drm/vc4: hvs: Set AXI panic modes for the HVS
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- drm/mcde: Enable module autoloading
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check()
- r8169: don't apply UDP padding quirk on RTL8126A
- samples/bpf: Fix a resource leak
- net: fec_mpc52xx_phy: Use %pa to format resource_size_t
- net: ethernet: fs_enet: Use %pa to format resource_size_t
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
- wifi: ath5k: add PCI ID for SX76X
- wifi: ath5k: add PCI ID for Arcadyan devices
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih
- drm/amdgpu: Dereference the ATCS ACPI buffer
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment
- ASoC: hdmi-codec: reorder channel allocation list
- rocker: fix link status detection in rocker_carrier_init()
- net/neighbor: clear error in case strict check is not set
- netpoll: Use rcu_access_pointer() in __netpoll_setup
- pinctrl: freescale: fix COMPILE_TEST error with PINCTRL_IMX_SCU
- tracing: Use atomic64_inc_return() in trace_clock_counter()
- scsi: st: Don't modify unknown block number in MTIOCGET
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- pinctrl: qcom-pmic-gpio: add support for PM8937
- nvdimm: rectify the illogical code within nd_dax_probe()
- PCI: Detect and trust built-in Thunderbolt chips
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- modpost: Include '.text.*' in TEXT_SECTIONS
- modpost: Add .irqentry.text to OTHER_SECTIONS
- sched/core: Remove the unnecessary need_resched() check in nohz_csd_func()
- sched/fair: Add NOHZ balancer flag for nohz.next_balance updates
- sched/fair: Check idle_cpu() before need_resched() to detect ilb CPU turning
busy
- sched/core: Prevent wakeup of ksoftirqd during idle load balance
- btrfs: fix missing snapshot drew unlock when root is dead during swap
activation
- tracing/eprobe: Fix to release eprobe when failed to add dyn_event
- Revert "unicode: Don't special case ignorable code points"
- KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- jffs2: Fix rtime decompressor
- mm/damon/vaddr-test: split a test function having >1024 bytes frame size
- mm/damon/vaddr: fix issue in damon_va_evenly_split_region()
- xhci: dbc: Fix STALL transfer event handling
- mmc: mtk-sd: Fix error handle of probe function
- ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"
- Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()"
- scsi: core: Fix scsi_mode_select() buffer length handling
- gve: Fixes for napi_poll when budget is 0
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint
- net: dsa: microchip: correct KSZ8795 static MAC table access
- drm/amdgpu: rework resume handling for display (v2)
- serial: amba-pl011: fix build regression
- media: venus: vdec: fixed possible memory leak issue
- net/smc: Fix af_ops of child socket pointing to released memory
- Bluetooth: hci_core: Fix calling mgmt_device_connected
- Linux 5.15.174
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46871
- drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49950
- Bluetooth: L2CAP: Fix uaf in l2cap_connect
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50275
- arm64/sve: Discard stale CPU state when handling SVE traps
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-47730
- crypto: hisilicon/qm - inject error before stopping queue
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46809
- drm/amd/display: Check BIOS images before it is used
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57850
- jffs2: Prevent rtime decompress memory corruption
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56781
- powerpc/prom_init: Fixup missing powermac #size-cells
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56785
- MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-43098
- i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to
avoid deadlock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-45828
- i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56586
- f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56587
- leds: class: Protect brightness_show() with led_cdev->led_access mutex
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56589
- scsi: hisi_sas: Add cond_resched() for no forced preemption model
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56590
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56593
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56594
- drm/amdgpu: set the right AMDGPU sg segment limitation
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56595
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56596
- jfs: fix array-index-out-of-bounds in jfs_readdir
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56597
- jfs: fix shift-out-of-bounds in dbSplit
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56598
- jfs: array-index-out-of-bounds fix in dtReadFirst
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-47143
- dma-debug: fix a possible deadlock on radix_lock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56600
- net: inet6: do not leave a dangling sk pointer in inet6_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56601
- net: inet: do not leave a dangling sk pointer in inet_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56602
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56603
- net: af_can: do not leave a dangling sk pointer in can_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56605
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in
l2cap_sock_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56606
- af_packet: avoid erroring out after sock_init_data() in packet_create()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56787
- soc: imx8m: Probe the SoC driver as platform driver
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56610
- kcsan: Turn report_filterlist_lock into a raw_spinlock
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57849
- s390/cpum_sf: Handle CPU hotplug remove during sampling
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56568
- iommu/arm-smmu: Defer probe of clients after smmu device bound
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56614
- xsk: fix OOB map writes when deleting elements
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56615
- bpf: fix OOB devmap writes when deleting elements
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-48881
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56619
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56622
- scsi: ufs: core: sysfs: Prevent div by zero
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56623
- scsi: qla2xxx: Fix use after free on unload
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57874
- arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56625
- can: dev: can_set_termination(): allow sleeping GPIOs
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56629
- HID: wacom: fix when get product name maybe null pointer
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56630
- ocfs2: free inode when ocfs2_get_init_inode() fails
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50051
- spi: mpc52xx: Add cancel_work_sync before module remove
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56633
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56634
- gpio: grgpio: Add NULL check in grgpio_probe
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56636
- geneve: do not assume mac header is set in geneve_xmit_skb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56637
- netfilter: ipset: Hold module reference while requesting a module
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-52332
- igb: Fix potential invalid memory access in igb_init_module()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56640
- net/smc: fix LGR and link use-after-free issue
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56642
- tipc: Fix use-after-free of kernel socket in cleanup_bearer().
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56643
- dccp: Fix memory leak in dccp_feat_change_recv
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56644
- net/ipv6: release expired exception dst cached in socket
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56645
- can: j1939: j1939_session_new(): fix skb reference counting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56648
- net: hsr: avoid potential out-of-bound access in fill_frame_info()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56650
- netfilter: x_tables: fix LED ID check in led_tg_check()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56776
- drm/sti: avoid potential dereference of error pointers
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56777
- drm/sti: avoid potential dereference of error pointers in
sti_gdp_atomic_check
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56778
- drm/sti: avoid potential dereference of error pointers in
sti_hqvdp_atomic_check
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-46841
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
walk_down_proc()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56779
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56558
- nfsd: make sure exp active before svc_export_show
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56562
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-57838
- s390/entry: Mark IRQ entries to fix stack depot warnings
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56567
- ad7780: fix division by zero in ad7780_write_raw()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56581
- btrfs: ref-verify: fix use-after-free after invalid ref action
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56774
- btrfs: add a sanity check for btrfs root in btrfs_search_slot()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56780
- quota: flush quota_release_work upon quota writeback
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53165
- sh: intc: Fix use-after-free bug in register_intc_controller()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56688
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56704
- 9p/xen: fix release of IRQ
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53171
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53172
- ubi: fastmap: Fix duplicate slab cache names while attaching
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56739
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53173
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53145
- um: Fix potential integer overflow during physmem setup
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53174
- SUNRPC: make sure cache entry active before cache_show
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53146
- NFSD: Prevent a potential integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56698
- usb: dwc3: gadget: Fix looping of queued SG entries
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53180
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56700
- media: wl128x: Fix atomicity violation in fmc_send_cmd()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2022-49034
- sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53181
- um: vector: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53183
- um: net: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53184
- um: ubd: Do not use drvdata in release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50055
- driver core: bus: Fix double free in driver API bus_register()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56741
- apparmor: test: Fix memory leak for aa_unpack_strdup()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53148
- comedi: Flush partial mappings in error case
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53194
- PCI: Fix use-after-free of slot->bus on hot remove
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53197
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53150
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53198
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-50283
- ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53206
- tcp: Fix use-after-free of nreq in reqsk_timer_handler().
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53214
- vfio/pci: Properly hide first-in-list PCIe extended capability
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53215
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53217
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53151
- svcrdma: Address an integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56745
- PCI: Fix reset_method_store() memory leak
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56746
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53155
- ocfs2: fix uninitialized value in ocfs2_file_read_iter()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53226
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56747
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56748
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53227
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56701
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56678
- powerpc/mm/fault: Fix kfence page fault reporting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56723
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56724
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56691
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56694
- bpf: fix recursive lock when verdict program return SK_PASS
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53237
- Bluetooth: fix use-after-free in device_for_each_child()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53239
- ALSA: 6fire: Release resources at card release
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56531
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56532
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56533
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56720
- bpf, sockmap: Several fixes to bpf_msg_pop_data
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56726
- octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56728
- octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56679
- octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56539
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53156
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56705
- media: atomisp: Add check for rgby_data memory allocation failure
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53157
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53158
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56681
- crypto: bcm - add error check in the ahash_hmac_init function
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56708
- EDAC/igen6: Avoid segmentation fault on module unload
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56690
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return
-EBUSY
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53161
- EDAC/bluefield: Fix potential integer overflow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56754
- crypto: caam - Fix the pointer passed to caam_qi_shutdown()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56548
- hfsplus: don't query the device logical block size multiple times
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56756
- nvme-pci: fix freeing of the HMB descriptor table
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53142
- initramfs: avoid filename buffer overrun
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56693
- brd: defer automatic disk creation until module initialization succeeds
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49996
- cifs: Fix buffer overflow when parsing NFS reparse points
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53096
- mm: resolve faulty mmap_region() error path behaviour
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53122
- mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-49974
- NFSD: Limit the number of concurrent async COPY operations
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53127
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53130
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53131
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53135
- KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
CONFIG_BROKEN
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53112
- ocfs2: uncache inode which has failed entering the group
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53113
- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53120
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53138
- net/mlx5e: kTLS, Fix incorrect page refcounting
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53121
- net/mlx5: fs, lock FTE when checking if active
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53129
- drm/rockchip: vop: Fix a dereferenced before check warning
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-53140
- netlink: terminate outstanding dump on socket close
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56569
- ftrace: Fix regression with module command in stack_trace_filter
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56570
- ovl: Filter invalid inodes with missing lookup function
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56572
- media: platform: allegro-dvt: Fix possible memory leak in
allocate_buffers_internal()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56574
- media: ts2020: fix null-ptr-deref in ts2020_probe()
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56575
- media: imx-jpeg: Ensure power suppliers be suspended before detach them
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56576
- media: i2c: tc358743: Fix crash in the probe error path when using polling
* Jammy update: v5.15.174 upstream stable release (LP: #2095283) //
CVE-2024-56578
- media: imx-jpeg: Set video drvdata before register video device
* CVE-2024-56672
- blk-cgroup: Fix UAF in blkcg_unpin_online()
-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 14 Feb 2025 15:34:34 +0300
linux (5.15.0-133.144) jammy; urgency=medium
* CVE-2025-0927
- SAUCE: fs: hfs/hfsplus: add key_len boundary check to hfs_bnode_read_key
-- Manuel Diewald <manuel.diewald@canonical.com> Fri, 07 Feb 2025 18:44:33 +0100
linux (5.15.0-132.143) jammy; urgency=medium
* jammy/linux: 5.15.0-132.143 -proposed tracker (LP: #2093735)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.01.13)
* KVM: Cache CPUID at KVM.ko module init to reduce latency of VM-Enter and VM-
Exit (LP: #2093146)
- kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule
- KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init
* Jammy update: v5.15.173 upstream stable release (LP: #2089541)
- 9p: Avoid creating multiple slab caches with the same name
- irqchip/ocelot: Fix trigger register address
- block: Fix elevator_get_default() checking for NULL q->tag_set
- HID: multitouch: Add support for B2402FVA track point
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
- bpf: use kvzmalloc to allocate BPF verifier environment
- crypto: marvell/cesa - Disable hash algorithms
- sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
- drm/vmwgfx: Limit display layout ioctl array size to
VMWGFX_NUM_DISPLAY_UNITS
- powerpc/powernv: Free name on error in opal_event_init()
- vDPA/ifcvf: Fix pci_read_config_byte() return code handling
- fs: Fix uninitialized value issue in from_kuid and from_kgid
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
- md/raid10: improve code of mrdev in raid10_sync_request
- mm/memory: add non-anonymous page check in the copy_present_page()
- udf: Allocate name buffer in directory iterator on heap
- udf: Avoid directory type conversion failure due to ENOMEM
- 9p: fix slab cache name creation for real
- Linux 5.15.173
* Jammy update: v5.15.173 upstream stable release (LP: #2089541) //
CVE-2024-41080
- io_uring: fix possible deadlock in io_register_iowq_max_workers()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-
excavator
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc
- arm64: dts: imx8mp: correct sdhc ipg clk
- ARM: dts: rockchip: fix rk3036 acodec node
- ARM: dts: rockchip: drop grf reference from rk3036 hdmi
- ARM: dts: rockchip: Fix the spi controller on rk3036
- ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible
- NFS: Add a tracepoint to show the results of nfs_set_cache_invalid()
- NFSv3: handle out-of-order write replies.
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping
- net: enetc: set MAC address to the VF net_device
- can: c_can: fix {rx,tx}_errors statistics
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag
- net: stmmac: Fix unbalanced IRQ wake disable warning on single irq case
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown"
- media: stb0899_algo: initialize cfr before using it
- media: dvb_frontend: don't play tricks with underflow values
- media: adv7604: prevent underflow condition when reporting colorspace
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init()
- media: pulse8-cec: fix data timestamp at pulse8_setup()
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
- pwm: imx-tpm: Use correct MODULO value for EPWM mode
- drm/amdgpu: Adjust debugfs eviction and IB access permissions
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
- thermal/drivers/qcom/lmh: Remove false lockdep backtrace
- dm cache: correct the number of origin blocks to match the target length
- dm cache: optimize dirty bit checking with find_next_bit when resizing
- dm-unstriped: cast an operand to sector_t to prevent potential uint32_t
overflow
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
- io_uring: rename kiocb_end_write() local helper
- fs: create kiocb_{start,end}_write() helpers
- io_uring: use kiocb_{start,end}_write() helpers
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in
uvc_parse_format
- fs/proc: fix compile warning about variable 'vmcore_mmap_ops'
- usb: dwc3: fix fault at system suspend if device was already runtime
suspended
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
- USB: serial: option: add Fibocom FG132 0x0112 composition
- USB: serial: option: add Quectel RG650V
- irqchip/gic-v3: Force propagation of the active state with a read-back
- ucounts: fix counter leak in inc_rlimit_get_ucounts()
- ALSA: usb-audio: Support jack detection on Dell dock
- ALSA: usb-audio: Add quirks for Dell WD19 dock
- ACPI: PRM: Clean up guid type in struct prm_handler_info
- ALSA: usb-audio: Add endianness annotations
- Linux 5.15.172
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50265
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50267
- USB: serial: io_edgeport: fix use after free in debug printk
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50268
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50269
- usb: musb: sunxi: Fix accessing an released usb phy
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50036
- net: do not delay dst_entries_add() in dst_release()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-42291
- ice: Add a per-VF limit on number of FDIR filters
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50273
- btrfs: reinitialize delayed ref list after deleting it from the list
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53066
- nfs: Fix KMSAN warning in decode_getfattr_attrs()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53052
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50278
- dm cache: fix potential out-of-bounds access on the first resume
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50279
- dm cache: fix out-of-bounds access to the dirty bitset when resizing
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50282
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50287
- media: v4l2-tpg: prevent the risk of a division by zero
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50290
- media: cx24116: prevent overflows on SNR calculus
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53061
- media: s5p-jpeg: prevent buffer overflows
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50292
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53063
- media: dvbdev: prevent the risk of out of memory access
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50295
- net: arc: fix the device for dma_map_single/dma_unmap_single
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50296
- net: hns3: fix kernel crash when uninstalling driver
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-53088
- i40e: fix race condition by adding filter's intermediate sync state
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50299
- sctp: properly validate chunk size in sctp_sf_ootb()
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50301
- security/keys: fix slab-out-of-bounds in key_task_permission
* Jammy update: v5.15.172 upstream stable release (LP: #2089533) //
CVE-2024-50302
- HID: core: zero-initialize the report buffer
* Jammy update: v5.15.171 upstream stable release (LP: #2089405)
- selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test
- ACPI: PRM: Remove unnecessary blank lines
- ACPI: PRM: Change handler_addr type to void pointer
- cgroup: Fix potential overflow issue when checking max_depth
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
- wifi: brcm80211: BRCM_TRACING should depend on TRACING
- RDMA/cxgb4: Dump vendor specific QP details
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down
- RDMA/bnxt_re: synchronize the qp-handle table array
- mac80211: do drv_reconfig_complete() before restarting all
- mac80211: Add support to trigger sta disconnect on hardware restart
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
- gtp: allow -1 to be specified as file description from userspace
- net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state()
- fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
- scsi: scsi_transport_fc: Allow setting rport state to current state
- net: amd: mvme147: Fix probe banner message
- NFS: remove revoked delegation from server's delegation list
- misc: sgi-gru: Don't disable preemption in GRU driver
- usbip: tools: Fix detach_port() invalid port error path
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes()
- xhci: Fix Link TRB DMA in command ring stopped completion event
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems
- Revert "driver core: Fix uevent_show() vs driver detach race"
- iio: light: veml6030: fix microlux value calculation
- riscv: vdso: Prevent the compiler from inserting calls to memset()
- riscv: efi: Set NX compat flag in PE/COFF header
- riscv: Use '%u' to format the output of 'cpu'
- riscv: Remove unused GENERATING_ASM_OFFSETS
- riscv: Remove duplicated GET_RM
- mm/page_alloc: call check_new_pages() while zone spinlock is not held
- mm/page_alloc: fix tracepoint mm_page_alloc_zone_locked()
- mm/page_alloc: split out buddy removal code from rmqueue into separate
helper
- mm/page_alloc: rename ALLOC_HIGH to ALLOC_MIN_RESERVE
- mm/page_alloc: treat RT tasks similar to __GFP_HIGH
- mm/page_alloc: explicitly record high-order atomic allocations in
alloc_flags
- mm/page_alloc: explicitly define what alloc flags deplete min reserves
- mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations
accesses reserves
- Revert "drm/mipi-dsi: Set the fwnode for mipi_dsi_device"
- vt: prevent kernel-infoleak in con_font_get()
- mac80211: always have ieee80211_sta_restart()
- Linux 5.15.171
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2023-52913
- drm/i915: Fix potential context UAFs
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50228
- mm: shmem: fix data-race in shmem_getattr()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53055
- wifi: iwlwifi: mvm: fix 6 GHz scan construction
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50230
- nilfs2: fix kernel bug due to missing clearing of checked flag
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50072
- x86/bugs: Use code segment selector for VERW operand
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50218
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50219
- mm/page_alloc: let GFP_ATOMIC order-0 allocs access highatomic reserves
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50229
- nilfs2: fix potential deadlock with newly created symlinks
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50232
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50233
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50234
- wifi: iwlegacy: Clear stale interrupts before resuming device
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50236
- wifi: ath10k: Fix memory leak in management tx
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50237
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50244
- fs/ntfs3: Additional check in ni_clear()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50245
- fs/ntfs3: Fix possible deadlock in mi_read
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50247
- fs/ntfs3: Check if more than chunk-size bytes are written
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50249
- ACPI: CPPC: Make rmw_lock a raw_spin_lock
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50251
- netfilter: nft_payload: sanitize offset and length before calling
skb_checksum()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50257
- netfilter: Fix use-after-free in get_info()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50262
- bpf: Fix out-of-bounds write in trie_get_next_key()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50259
- netdevsim: Add trailing zero to terminate the string in
nsim_nexthop_bucket_activity_write()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53042
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53058
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-53059
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50141
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
* Jammy update: v5.15.171 upstream stable release (LP: #2089405) //
CVE-2024-50086
- ksmbd: fix user-after-free from session log off
* Jammy update: v5.15.170 upstream stable release (LP: #2089272)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure
- x86/resctrl: Avoid overflow in MB settings in bw_validate()
- ARM: dts: bcm2837-rpi-cm3-io3: Fix HDMI hpd-gpio pin
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP
- RDMA/irdma: Fix misspelling of "accept*"
- ipv4: give an IPv4 dev to blackhole_netdev
- RDMA/bnxt_re: Return more meaningful error
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation
- drm/msm: Allocate memory for disp snapshot with kvzalloc()
- net: usb: usbnet: fix race in probe failure
- octeontx2-af: Fix potential integer overflows on integer shifts
- macsec: don't increment counters for an unrelated SA
- net: ethernet: aeroflex: fix potential memory leak in
greth_start_xmit_gbit()
- net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid
- net: xilinx: axienet: fix potential memory leak in axienet_start_xmit()
- genetlink: hold RCU in genlmsg_mcast()
- s390: Initialize psw mask in perf_arch_fetch_caller_regs()
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian
- KVM: s390: gaccess: Check if guest address is in memslot
- usb: gadget: Add function wakeup support
- XHCI: Separate PORT and CAPs macros into dedicated file
- usb: dwc3: core: Fix system suspend on TI AM62 platforms
- block, bfq: fix procress reference leakage for bfqq in merge chain
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to
default regs values
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
- arm64: Force position-independent veneers
- platform/x86: dell-wmi: Ignore suspend notifications
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
- platform/x86: dell-sysman: add support for alienware products
- jfs: Fix sanity check in dbMount
- xfrm: extract dst lookup parameters into a struct
- xfrm: respect ip protocols rules criteria when performing dst lookups
- net: plip: fix break; causing plip to never transmit
- net: dsa: mv88e6xxx: Fix error when setting port policy on mv88e6393x
- net: usb: usbnet: fix name regression
- r8169: avoid unsolicited interrupts
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
- bpf,perf: Fix perf_event_detach_bpf_prog error handling
- ALSA: hda/realtek: Update default depop procedure
- btrfs: zoned: fix zone unusable accounting for freed reserved extent
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid
detection issue
- openat2: explicitly return -E2BIG for (usize > PAGE_SIZE)
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event
- selinux: improve error checking in sel_write_load()
- net: phy: dp83822: Fix reset pin definitions
- Linux 5.15.170
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50142
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50103
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50058
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50110
- xfrm: fix one more kernel-infoleak in algo dumping
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50115
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50116
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50117
- drm/amd: Guard against bad data for ATIF ACPI method
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50205
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50127
- net: sched: fix use-after-free in taprio_change()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50128
- net: wwan: fix global oob in wwan_rtnl_policy
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50167
- be2net: fix potential memory leak in be_xmit()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50168
- net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50131
- tracing: Consider the NULL character when validating the event length
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50143
- udf: fix uninit-value use in udf_get_fileshortad
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50134
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real
VLA
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50010
- exec: don't WARN for racy path_noexec check
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50194
- arm64: probes: Fix uprobes for big-endian kernels
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50148
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50150
- usb: typec: altmode should keep reference to parent
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50151
- smb: client: fix OOBs when building SMB2_IOCTL request
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50153
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50154
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50171
- net: systemport: fix potential memory leak in bcm_sysport_xmit()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50156
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50208
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50160
- ALSA: hda/cs8409: Fix possible NULL dereference
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50209
- RDMA/bnxt_re: Add a check for memory allocation
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50162
- bpf: devmap: provide rxq after redirect
* Jammy update: v5.15.170 upstream stable release (LP: #2089272) //
CVE-2024-50163
- bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
* kernel:nft "Could not process rule: Device or resource busy" on unreferenced
chain (LP: #2089699)
- SAUCE: netfilter: nf_tables: Fix EBUSY on deleting unreferenced chain
* WARN in trc_wait_for_one_reader about failed IPIs (LP: #2089373)
- SAUCE: rcu-tasks: fix mismerge in trc_inspect_reader
- rcu-tasks: Idle tasks on offline CPUs are in quiescent states
* CVE-2024-35887
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer
* CVE-2024-40965
- clk: Add a devm variant of clk_rate_exclusive_get()
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
* CVE-2024-40982
- ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
* CVE-2024-41066
- ibmvnic: Add tx check to prevent skb leak
* CVE-2024-42252
- closures: Change BUG_ON() to WARN_ON()
* CVE-2024-53097
- mm: krealloc: Fix MTE false alarm in __do_krealloc
* Add list of source files to linux-buildinfo (LP: #2086606)
- [Packaging] Sort build dependencies alphabetically
- [Packaging] Add list of used source files to buildinfo package
* UFS: uspi->s_3apb UBSAN: shift-out-of-bounds (LP: #2087853)
- ufs: ufs_sb_private_info: remove unused s_{2, 3}apb fields
* Jammy update: v5.15.169 upstream stable release (LP: #2088231)
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
- udf: New directory iteration code
- udf: Convert udf_expand_dir_adinicb() to new directory iteration
- udf: Move udf_expand_dir_adinicb() to its callsite
- udf: Implement searching for directory entry using new iteration code
- udf: Provide function to mark entry as deleted using new directory iteration
code
- udf: Convert udf_rename() to new directory iteration code
- udf: Convert udf_readdir() to new directory iteration
- udf: Convert udf_lookup() to use new directory iteration code
- udf: Convert udf_get_parent() to new directory iteration code
- udf: Convert empty_dir() to new directory iteration code
- udf: Convert udf_rmdir() to new directory iteration code
- udf: Convert udf_unlink() to new directory iteration code
- udf: Implement adding of dir entries using new iteration code
- udf: Convert udf_add_nondir() to new directory iteration
- udf: Convert udf_mkdir() to new directory iteration code
- udf: Convert udf_link() to new directory iteration code
- udf: Remove old directory iteration code
- udf: Handle error when expanding directory
- udf: Don't return bh from udf_expand_dir_adinicb()
- udf: Fix bogus checksum computation in udf_rename()
- net: enetc: remove xdp_drops statistic from enetc_xdp_drop()
- net: enetc: add missing static descriptor and inline keyword
- posix-clock: Fix missing timespec64 check in pc_clock_settime()
- arm64: probes: Remove broken LDR (literal) uprobe support
- arm64: probes: Fix simulate_ldr*_literal()
- net: macb: Avoid 20s boot delay by skipping MDIO bus registration for fixed-
link PHY
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1
- fat: fix uninitialized variable
- mm/swapfile: skip HugeTLB pages for unuse_vma
- secretmem: disable memfd_secret() if arch cannot set direct map
- dm-crypt, dm-verity: disable tasklets
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
- drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
- io_uring/sqpoll: do not allow pinning outside of cpuset
- io_uring/sqpoll: retain test for whether the CPU is valid
- io_uring/sqpoll: do not put cpumask on stack
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
- KVM: s390: Change virtual to physical address access in diag 0x258 handler
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag
- x86/entry: Have entry_ibpb() invalidate return predictions
- x86/bugs: Skip RSB fill at VMEXIT
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
- io_uring/sqpoll: close race on waiting for sqring entries
- drm/radeon: Fix encoder->possible_clones
- drm/vmwgfx: Handle surface check failure correctly
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency()
- iio: light: veml6030: fix ALS sensor resolution
- iio: light: veml6030: fix IIO device retrieval from embedded device
- iio: light: opt3001: add missing full-scale range value
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig
- Bluetooth: Remove debugfs directory on module init failure
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001
- xhci: Fix incorrect stream context type macro
- xhci: Mitigate failed set dequeue pointer commands
- USB: serial: option: add support for Quectel EG916Q-GL
- USB: serial: option: add Telit FN920C04 MBIM compositions
- parport: Proper fix for array out-of-bounds access
- x86/resctrl: Annotate get_mem_config() functions as __init
- x86/apic: Always explicitly disarm TSC-deadline timer
- x86/entry_32: Do not clobber user EFLAGS.ZF
- x86/entry_32: Clear CPU buffers after register restore in NMI return
- pinctrl: ocelot: fix system hang on level based interrupts
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
- mptcp: track and update contiguous data status
- mptcp: handle consistently DSS corruption
- tcp: fix mptcp DSS corruption due to large pmtu xmit
- mptcp: fallback when MPTCP opts are dropped after 1st data
- mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
- mptcp: prevent MPC handshake on port-based signal endpoints
- nilfs2: propagate directory read errors from nilfs_find_entry()
- powerpc/mm: Always update max/min_low_pfn in mem_topology_setup()
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne
1000 G2
- Linux 5.15.169
-- Stefan Bader <stefan.bader@canonical.com> Wed, 15 Jan 2025 15:52:39 +0100
linux (5.15.0-131.141) jammy; urgency=medium
* jammy/linux: 5.15.0-131.141 -proposed tracker (LP: #2093573)
* CVE-2024-53164
- net: sched: fix ordering of qlen adjustment
* CVE-2024-53141
- netfilter: ipset: add missing range check in bitmap_ip_uadt
* CVE-2024-53103
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
-- Manuel Diewald <manuel.diewald@canonical.com> Fri, 10 Jan 2025 18:45:15 +0100
linux (5.15.0-130.140) jammy; urgency=medium
* jammy/linux: 5.15.0-130.140 -proposed tracker (LP: #2092132)
* ovs/linuxbridge jobs running on ubuntu jammy broken with latest kernel
5.15.0-127.137 (LP: #2091990)
- netfilter: xtables: fix typo causing some targets not to load on IPv6
-- Mehmet Basaran <mehmet.basaran@canonical.com> Wed, 18 Dec 2024 20:19:08 +0300
linux (5.15.0-128.138) jammy; urgency=medium
* jammy/linux: 5.15.0-128.138 -proposed tracker (LP: #2090163)
* CVE-2024-50264
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
* CVE-2024-53057
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
* CVE-2024-43904
- drm/amd/display: Add null checks for 'stream' and 'plane' before
dereferencing
* CVE-2024-40973
- media: mtk-vcodec: potential null pointer deference in SCP
* CVE-2024-38553
- net: fec: remove .ndo_poll_controller to avoid deadlocks
* CVE-2024-26822
- smb: client: set correct id, uid and cruid for multiuser automounts
* CVE-2020-12351 // CVE-2020-12352 // CVE-2020-24490
- [Config] Disable BlueZ highspeed support
* CVE-2024-40910
- ax25: Fix refcount imbalance on inbound connections
* CVE-2024-35963
- Bluetooth: hci_sock: Fix not validating setsockopt user input
* CVE-2024-35965
- Bluetooth: L2CAP: Fix not validating setsockopt user input
* CVE-2024-35966
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
* CVE-2024-35967
- Bluetooth: SCO: Fix not validating setsockopt user input
-- Manuel Diewald <manuel.diewald@canonical.com> Sat, 30 Nov 2024 19:12:45 +0100
# For older changelog entries, run 'apt-get changelog linux-tools-5.15.0-144'
Generated by dwww version 1.14 on Fri Jul 18 18:50:23 CEST 2025.