linux (5.15.0-163.173) jammy; urgency=medium
* jammy/linux: 5.15.0-163.173 -proposed tracker (LP: #2127867)
* Add pvpanic kernel modules to linux-modules (LP: #2126659)
- [Packaging] Add pvpanic kernel modules to linux-modules
* Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
kernel and console (LP: #2123815)
- SAUCE: fix: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record
for multiple object contexts
* Hung task when heavily accessing kernfs files (LP: #2125142)
- kernfs: switch global kernfs_rwsem lock to per-fs lock
- kernfs: dont take i_lock on inode attr read
- kernfs: move struct kernfs_root out of the public view.
- kernfs: Introduce separate rwsem to protect inode attributes.
- kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info.
- kernfs: change kernfs_rename_lock into a read-write lock.
- kernfs: prevent early freeing of root node
- kernfs: remove redundant kernfs_rwsem declaration.
- kernfs: fix NULL dereferencing in kernfs_remove
- kernfs: fix potential NULL dereference in __kernfs_remove
- kernfs: fix missing kernfs_iattr_rwsem locking
* ensure mptcp keepalives are honored when set (LP: #2125444)
- mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
* UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer
dereference (LP: #2125053)
- SAUCE: fan: vxlan: check memory allocation for map
* Jammy update: v5.15.193 upstream stable release (LP: #2127112)
- [Config] enable CONFIG_MITIGATION_VMSCAPE
- Linux 5.15.193
* Jammy update: v5.15.192 upstream stable release (LP: #2126782)
- bpf: Add cookie object to bpf maps
- bpf: Move cgroup iterator helpers to bpf.h
- bpf: Move bpf map owner out of common struct
- bpf: Fix oob access in cgroup local storage
- drm/amd/display: Don't warn when missing DCE encoder caps
- fs: writeback: fix use-after-free in __mark_inode_dirty()
- tee: fix NULL pointer dereference in tee_shm_put
- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
- wifi: cfg80211: fix use-after-free in cmp_bss()
- netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
after confirm
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
- xirc2ps_cs: fix register access when enabling FullDuplex
- mISDN: Fix memory leak in dsp_hwec_enable()
- icmp: fix icmp_ndo_send address translation for reply direction
- i40e: Fix potential invalid access when MAC list is empty
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
- wifi: cw1200: cap SSID length in cw1200_do_join()
- wifi: libertas: cap SSID len in lbs_associate()
- net: thunder_bgx: add a missing of_node_put
- net: thunder_bgx: decrement cleanup index before use
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
- ax25: properly unshare skbs in ax25_kiss_rcv()
- net: atm: fix memory leak in atm_register_sysfs when device_register
fail
- ppp: fix memory leak in pad_compress_skb
- ptp: Add generic PTP is_sync() function
- net: phy: mscc: Fix memory leak when using one step timestamping
- phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
arch_sync_kernel_mappings()
- mm: move page table sync declarations to linux/pgtable.h
- wifi: mwifiex: Initialize the chan_stats array to zero
- drm/amdgpu: drop hw access in non-DC audio fini
- scsi: lpfc: Fix buffer free/clear order in deferred receive path
- batman-adv: fix OOB read/write in network-coding decode
- e1000e: fix heap overflow in e1000_set_eeprom
- mm/khugepaged: fix ->anon_vma race
- cpufreq/sched: Explicitly synchronize limits_changed flag handling
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
- spi: tegra114: Remove unnecessary NULL-pointer checks
- spi: tegra114: Don't fail set_cs_timing when delays are zero
- iio: chemical: pms7003: use aligned_s64 for timestamp
- iio: light: opt3001: fix deadlock due to concurrent flag access
- gpio: pca953x: fix IRQ storm on system wake up
- dma-buf: insert memory barrier before updating num_fences
- dmaengine: mediatek: Fix a possible deadlock error in
mtk_cqdma_tx_status()
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family
- net: dsa: microchip: linearize skb for tail-tagging switches
- vmxnet3: update MTU after device quiesce
- arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs
- randstruct: gcc-plugin: Remove bogus void member
- randstruct: gcc-plugin: Fix attribute addition
- mm/slub: avoid accessing metadata when pointer is invalid in
object_err()
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
- pcmcia: Add error handling for add_interval() in do_validate_mem()
- spi: spi-fsl-lpspi: Fix transmissions when using CONT
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
- drm/bridge: ti-sn65dsi86: fix REFCLK setting
- perf bpf-event: Fix use-after-free in synthesis
- clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
- spi: tegra114: Use value to check for invalid delays
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()
- Linux 5.15.192
* Jammy update: v5.15.191 upstream stable release (LP: #2125626)
- pinctrl: STMFX: add missing HAS_IOMEM dependency
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
- scsi: core: sysfs: Correct sysfs attributes access rights
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name
- nfs: fold nfs_page_group_lock_subrequests into
nfs_lock_and_join_requests
- NFS: Fix a race when updating an existing write
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
- net: ipv4: fix regression in local-broadcast routes
- powerpc/kvm: Fix ifdef to remove build warning
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
- net: dlink: fix multicast stats being counted incorrectly
- phy: mscc: Fix when PTP clock is register and unregister
- net/mlx5e: Update and set Xon/Xoff upon MTU set
- net/mlx5e: Update and set Xon/Xoff upon port speed set
- net/mlx5e: Set local Xoff after FW update
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
- sctp: initialize more fields in sctp_v6_from_sk()
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
- KVM: x86: use array_index_nospec with indices that come from guest
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
- HID: wacom: Add a new Art Pen 2
- HID: hid-ntrig: fix unable to handle page fault in
ntrig_report_version()
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
- drm/nouveau/disp: Always accept linear modifier
- HID: mcp2221: Don't set bus speed on every transfer
- HID: mcp2221: Handle reads greater than 60 bytes
- xfs: do not propagate ENODATA disk errors into xattr code
- Linux 5.15.191
* Jammy update: v5.15.190 upstream stable release (LP: #2122364)
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
- USB: serial: option: add Foxconn T99W640
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
- usb: gadget: configfs: Fix OOB read on empty string write
- i2c: stm32: fix the device used for the DMA map
- thunderbolt: Fix bit masking in tb_dp_port_set_hops()
- Input: xpad - set correct controller type for Acer NGR200
- pch_uart: Fix dma_sync_sg_for_device() nents value
- HID: core: ensure the allocated report buffer can contain the reserved
report ID
- HID: core: ensure __hid_request reserves the report ID as the first byte
- HID: core: do not bypass hid_hw_raw_request
- tracing: Add down_write(trace_event_sem) when adding trace event
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in
pep_sock_accept()
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
- af_packet: fix soft lockup issue caused by tpacket_snd()
- dmaengine: nbpfaxi: Fix memory corruption in probe()
- isofs: Verify inode mode when loading from disk
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
- mmc: bcm2835: Fix dma_unmap_sg() nents value
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based
Positivo models
- mmc: sdhci_am654: Workaround for Errata i2312
- pmdomain: governor: Consider CPU latency tolerance from
pm_domain_cpu_gov
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
- iio: adc: max1363: Reorder mode_list[] entries
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler
- comedi: pcl812: Fix bit shift out of bounds
- comedi: aio_iiro_16: Fix bit shift out of bounds
- comedi: das16m1: Fix bit shift out of bounds
- comedi: das6402: Fix bit shift out of bounds
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
- comedi: Fix some signed shift left operations
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
- comedi: Fix initialization of data for instructions that write to
subdevice
- bpf: Reject %p% format string in bprintf-like helpers
- net: emaclite: Fix missing pointer increment in aligned_read()
- rpl: Fix use-after-free in rpl_do_srh_inline().
- pinctrl: mediatek: moore: check if pin_desc is valid before use
- smb: client: fix use-after-free in cifs_oplock_break
- nvme: fix misaccounting of nvme-mpath inflight I/O
- selftests: udpgro: report error when receive failed
- selftests: net: increase inter-packet timeout in udpgro.sh
- hwmon: (corsair-cpro) Validate the size of the received input buffer
- usb: net: sierra: check for no status endpoint
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
- Bluetooth: SMP: If an unallowed command is received consider it a
failure
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
- lib: bitmap: Introduce node-aware alloc API
- net/mlx5e: Add support to klm_umr_wqe
- net/mlx5: Correctly set gso_size when LRO is used
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during
runtime
- net: bridge: Do not offload IGMP/MLD messages
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
- sched: Change nr_uninterruptible type to unsigned long
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the
right userns
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime
pm
- usb: hub: Fix flushing of delayed work used for post resume purposes
- usb: musb: Add and use inline functions musb_{get,set}_state
- usb: musb: fix gadget state on disconnect
- usb: dwc3: qcom: Don't leave BCR asserted
- ASoC: fsl_sai: Force a software reset when starting in consumer mode
- mm/vmalloc: leave lazy MMU mode on PTE mapping error
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be
changed
- platform/x86: think-lmi: Fix kobject cleanup
- bpf, sockmap: Fix panic when calling skb_linearize
- x86: Fix get_wchan() to support the ORC unwinder
- sched: Add wrapper for get_wchan() to keep task blocked
- x86: Fix __get_wchan() for !STACKTRACE
- x86: Pin task-stack in __get_wchan()
- Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
- regulator: core: fix NULL dereference on unbind due to stale coupling
data
- RDMA/core: Rate limit GID cache warning messages
- interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node
- regmap: fix potential memory leak of regmap_bus
- i40e: Add rx_missed_errors for buffer exhaustion
- i40e: report VF tx_dropped with tx_errors instead of tx_discards
- net: appletalk: Fix use-after-free in AARP proxy probe
- net: hns3: fix concurrent setting vlan filter issue
- net: hns3: disable interrupt when ptp init failed
- net: hns3: fixed vf get max channels bug
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among
boots
- i2c: qup: jump out of the loop in case of timeout
- i2c: virtio: Avoid hang by using interruptible completion wait
- bus: fsl-mc: Fix potential double device reference in
fsl_mc_get_endpoint()
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
- dpaa2-eth: Fix device reference count leak in MAC endpoint handling
- dpaa2-switch: Fix device reference count leak in MAC endpoint handling
- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
- e1000e: ignore uninitialized checksum word on tgp
- gve: Fix stuck TX queue for DQ queue format
- nilfs2: reject invalid file types when reading inodes
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
- usb: typec: tcpm: allow to use sink in accessory mode
- usb: typec: tcpm: allow switching to mode accessory to mux properly
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach
- x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode()
- jfs: reject on-disk inodes of an unsupported type
- comedi: comedi_test: Fix possible deletion of uninitialized timers
- ALSA: hda: Add missing NVIDIA HDA codec IDs
- usb: chipidea: add USB PHY event
- usb: phy: mxs: disconnect line when USB charger is attached
- ethernet: intel: fix building with large NR_CPUS
- ASoC: Intel: fix SND_SOC_SOF dependencies
- fs_context: fix parameter name in infofc() macro
- hfsplus: remove mutex_lock check in hfsplus_free_extents
- Revert "fs/ntfs3: Replace inode_trylock with inode_lock"
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value
- selftests: Fix errno checking in syscall_user_dispatch test
- ARM: dts: vfxxx: Correctly use two tuples for timer address
- usb: misc: apple-mfi-fastcharge: Make power supply names unique
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
- vmci: Prevent the dispatching of uninitialized payloads
- pps: fix poll support
- Revert "vmci: Prevent the dispatching of uninitialized payloads"
- usb: early: xhci-dbc: Fix early_ioremap leak
- arm: dts: ti: omap: Fixup pinheader typo
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed
- PM / devfreq: Check governor before using governor->name
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode
- cpufreq: Initialize cpufreq-based frequency-invariance later
- cpufreq: Init policy->rwsem before it may be possibly used
- samples: mei: Fix building on musl libc
- staging: nvec: Fix incorrect null termination of battery manufacturer
- selftests/tracing: Fix false failure of subsystem event test
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
- bpf, sockmap: Fix psock incorrectly pointing to sk
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
- caif: reduce stack size, again
- wifi: rtl818x: Kill URBs before clearing tx status queue
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
- iwlwifi: Add missing check for alloc_ordered_workqueue
- wifi: ath11k: clear initialized flag for deinit-ed srng lists
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
- net/mlx5: Check device memory pointer before usage
- m68k: Don't unregister boot console needlessly
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
- netfilter: nf_tables: adjust lockdep assertions handling
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX
- um: rtc: Avoid shadowing err in uml_rtc_start()
- net/sched: Restrict conditions for adding duplicating netems to qdisc
tree
- net_sched: act_ctinfo: use atomic64_t for three counters
- xen/gntdev: remove struct gntdev_copy_batch from stack
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
- mwl8k: Add missing check after DMA map
- wifi: mac80211: Don't call fq_flow_idx() for management frames
- wifi: mac80211: Check 802.11 encaps offloading in
ieee80211_tx_h_select_key()
- Reapply "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()"
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P
IE
- can: kvaser_pciefd: Store device channel index
- can: kvaser_usb: Assign netdev.dev_port based on device channel index
- netfilter: xt_nfacct: don't assume acct name is null-terminated
- selftests: rtnetlink.sh: remove esp4_offload after test
- vrf: Drop existing dst reference in vrf_ip6_input_dst
- PCI: rockchip-host: Fix "Unexpected Completion" log message
- crypto: marvell/cesa - Fix engine load inaccuracy
- mtd: fix possible integer overflow in erase_xfer()
- clk: davinci: Add NULL check in davinci_lpsc_clk_register()
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
- clk: xilinx: vcu: unregister pll_post only if registered correctly
- power: supply: cpcap-charger: Fix null check for
power_supply_get_by_name
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if
pci_epc_get_next_free_bar() fails
- pinctrl: sunxi: Fix memory leak on krealloc failure
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq
- perf sched: Fix memory leaks for evsel->priv in timehist
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko
- RDMA/hns: Fix -Wframe-larger-than issue
- kernel: trace: preemptirq_delay_test: use offstack cpu mask
- perf tests bp_account: Fix leaked file descriptor
- clk: sunxi-ng: v3s: Fix de clock definition
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
- scsi: mvsas: Fix dma_unmap_sg() nents value
- scsi: isci: Fix dma_unmap_sg() nents value
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify()
- hwrng: mtk - handle devm_pm_runtime_enable errors
- crypto: keembay - Fix dma_unmap_sg() nents value
- crypto: img-hash - Fix dma_unmap_sg() nents value
- soundwire: stream: restore params when prepare ports fail
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem
attribute
- fs/orangefs: Allow 2 more characters in do_c_string()
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
- dmaengine: nbpfaxi: Add missing check after DMA map
- sh: Do not use hyphen in exported variable name
- crypto: qat - fix seq_file position update in adf_ring_next()
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
- jfs: fix metapage reference count leak in dbAllocCtl
- mtd: rawnand: atmel: Fix dma_mapping_error() address
- mtd: rawnand: rockchip: Add missing check after DMA map
- mtd: rawnand: atmel: set pmecc data setup time
- vhost-scsi: Fix log flooding with target does not exist errors
- bpf: Check flow_dissector ctx accesses are aligned
- apparmor: ensure WB_HISTORY_SIZE value is a power of 2
- module: Restore the moduleparam prefix length check
- ucount: fix atomic_long_inc_below() argument type
- rtc: ds1307: fix incorrect maximum clock rate handling
- rtc: hym8563: fix incorrect maximum clock rate handling
- rtc: pcf85063: fix incorrect maximum clock rate handling
- rtc: pcf8563: fix incorrect maximum clock rate handling
- rtc: rv3028: fix incorrect maximum clock rate handling
- f2fs: fix KMSAN uninit-value in extent_info usage
- f2fs: doc: fix wrong quota mount option description
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
- f2fs: fix to avoid panic in f2fs_evict_inode
- f2fs: fix to avoid out-of-boundary access in devs.path
- scsi: mpt3sas: Fix a fw_event memory leak
- scsi: ufs: core: Use link recovery when h8 exit fails during runtime
resume
- kconfig: qconf: fix ConfigList::updateListAllforAll()
- PCI: pnv_php: Clean up allocated IRQs on unplug
- PCI: pnv_php: Work around switches with broken presence detection
- powerpc/eeh: Export eeh_unfreeze_pe()
- powerpc/eeh: Rely on dev->link_active_reporting
- powerpc/eeh: Make EEH driver device hotplug safe
- PCI: pnv_php: Fix surprise plug detection and recovery
- pNFS/flexfiles: don't attempt pnfs on fatal DS errors
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
- NFSv4.2: another fix for listxattr
- XArray: Add calls to might_alloc()
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
- netpoll: prevent hanging NAPI when netcons gets enabled
- phy: mscc: Fix parsing of unicast frames
- pptp: ensure minimal skb length in pptp_xmit()
- net/mlx5: Correctly set gso_segs when LRO is used
- ipv6: reject malicious packets in ipv6_gso_segment()
- net: drop UFO packets in udp_rcv_segment()
- benet: fix BUG when creating VFs
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
- smb: server: remove separate empty_recvmsg_queue
- smb: server: make sure we call ib_dma_unmap_single() only if we called
ib_dma_map_single already
- smb: server: let recv_done() consistently call
put_recvmsg/smb_direct_disconnect_rdma_connection
- smb: server: let recv_done() avoid touching data_transfer after
cleanup/move
- smb: client: let recv_done() cleanup before notifying the callers.
- pptp: fix pptp_xmit() error path
- perf/core: Don't leak AUX buffer refcount on allocation failure
- perf/core: Exit early on perf_mmap() fail
- perf/core: Prevent VMA split of buffer mappings
- selftests/perf_events: Add a mmap() correctness test
- USB: serial: option: add Foxconn T99W709
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
- net: usbnet: Fix the wrong netif_carrier_on() call
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe()
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
- usb: gadget : fix use-after-free in composite_dev_cleanup()
- io_uring: don't use int for ABI
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors
- gpio: virtio: Fix config space reading.
- net: gianfar: fix device leak when querying time stamp info
- net: dpaa: fix device leak when querying time stamp info
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op
- sunvdc: Balance device refcount in vdc_port_mpgroup_check
- fs: Prevent file descriptor table allocations exceeding INT_MAX
- eventpoll: Fix semi-unbounded recursion
- Documentation: ACPI: Fix parent device references
- ACPI: processor: perflib: Fix initial _PPC limit application
- ACPI: processor: perflib: Move problematic pr->performance check
- udp: also consider secpath when evaluating ipsec use for checksumming
- netfilter: ctnetlink: fix refcount leak on table dump
- sctp: linearize cloned gso packets in sctp_rcv
- intel_idle: Allow loading ACPI tables for any family
- cpuidle: governors: menu: Avoid using invalid recent intervals data
- ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
- hfs: fix slab-out-of-bounds in hfs_bnode_read()
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
- arm64: Handle KCOV __init vs inline mismatches
- smb/server: avoid deadlock when linking with ReplaceIfExists
- udf: Verify partition map count
- drbd: add missing kref_get in handle_write_conflicts
- hfs: fix not erasing deleted b-tree node issue
- better lockdep annotations for simple_recursive_removal()
- ata: libata-sata: Disallow changing LPM state if not supported
- fs/ntfs3: Add sanity check for file name
- fs/ntfs3: correctly create symlink for relative path
- ext2: Handle fiemap on empty files to prevent EINVAL
- securityfs: don't pin dentries twice, once is enough...
- usb: xhci: print xhci->xhc_state when queue_command failed
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit
time_t
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
- usb: xhci: Avoid showing warnings for dying controller
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
- usb: xhci: Avoid showing errors during surprise removal
- gpio: wcd934x: check the return value of regmap_update_bits()
- cpufreq: Exit governor when failed to start old governor
- ARM: rockchip: fix kernel hang during smp initialization
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in
set_freq_store()
- EDAC/synopsys: Clear the ECC counters on init
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was
successed
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when
required
- tools/nolibc: define time_t in terms of __kernel_old_time_t
- gpio: tps65912: check the return value of regmap_update_bits()
- ARM: tegra: Use I/O memcpy to write to IRAM
- selftests: tracing: Use mutex_unlock for testing glob filter
- ACPI: PRM: Reduce unnecessary printing to avoid user confusion
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads
- PM: sleep: console: Fix the black screen issue
- ACPI: processor: fix acpi_object initialization
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
- pps: clients: gpio: fix interrupt handling order in remove path
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
- x86/bugs: Avoid warning when overriding return thunk
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
- usb: core: usb_submit_urb: downgrade type check
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
- ASoC: codecs: rt5640: Retry DEVICE_ID verification
- xen/netfront: Fix TX response spurious interrupts
- ktest.pl: Prevent recursion of default variable options
- wifi: cfg80211: reject HTC bit for management frames
- s390/time: Use monotonic clock in get_cycles()
- be2net: Use correct byte order and format string for TCP seq and ack_seq
- et131x: Add missing check after DMA map
- net: ag71xx: Add missing check after DMA map
- net/mlx5e: Properly access RCU protected qdisc_sleeping variable
- arm64: Mark kernel as tainted on SAE and SError panic
- rcu: Protect ->defer_qs_iw_pending from data race
- net: mctp: Prevent duplicate binds
- wifi: cfg80211: Fix interface type validation
- net: ipv4: fix incorrect MTU in broadcast routes
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
- sched/deadline: Fix accounting after global limits change
- wifi: iwlwifi: mvm: fix scan request validation
- s390/stp: Remove udelay from stp_sync_clock()
- wifi: mac80211: don't complete management TX on SAE commit
- (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
- ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in
__ipv6_dev_mc_inc().
- drm/msm: use trylock for debugfs
- net: thunderbolt: Fix the parameter passing of
tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
- net: atlantic: add set_power to fw_ops for atl2 to fix wol
- net: fec: allow disable coalescing
- drm/amd/display: Separate set_gsl from set_gsl_source_select
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
- drm/amd/display: Fix 'failed to blank crtc!'
- wifi: rtlwifi: fix possible skb memory leak in
`_rtl_pci_rx_interrupt()`.
- netmem: fix skb_frag_address_safe with unreadable skbs
- wifi: iwlegacy: Check rate_idx range after addition
- dpaa_eth: don't use fixed_phy_change_carrier
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to
manual
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
- gve: Return error for unknown admin queue command
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
- net: dsa: b53: prevent DIS_LEARNING access on BCM5325
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
- wifi: rtlwifi: fix possible skb memory leak in
_rtl_pci_init_one_rxdesc()
- net: ncsi: Fix buffer overflow in fetching version id
- drm/ttm: Should to return the evict error
- uapi: in6: restore visibility of most IPv6 socket options
- drm/ttm: Respect the shrinker core free target
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
- vhost: fail early when __vhost_add_used() fails
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race
condition
- cifs: Fix calling CIFSFindFirst() for root path without msearch
- crypto: hisilicon/hpre - fix dma unmap sequence
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is
allocated
- fs/orangefs: use snprintf() instead of sprintf()
- watchdog: dw_wdt: Fix default timeout
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
- watchdog: iTCO_wdt: Report error if timeout configuration fails
- scsi: bfa: Double-free fix
- jfs: truncate good inode pages when hard link is 0
- jfs: Regular file corruption check
- jfs: upper bound check of tree index in dbAllocAG
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ
control
- leds: leds-lp50xx: Handle reg to get correct multi_index
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
- RDMA/core: reduce stack using in nldev_stat_get_doit()
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport
structure
- scsi: mpt3sas: Correctly handle ATA device errors
- pinctrl: stm32: Manage irq affinity settings
- media: tc358743: Check I2C succeeded during probe
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
- media: tc358743: Increase FIFO trigger level to 374
- media: usb: hdpvr: disable zero-length read messages
- media: dvb-frontends: dib7090p: fix null-ptr-deref in
dib7090p_rw_on_apb()
- media: dvb-frontends: w7090p: fix null-ptr-deref in
w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
- media: uvcvideo: Fix bandwidth issue for Alcor camera
- crypto: octeontx2 - add timeout for load_fvc completion poll
- md: dm-zoned-target: Initialize return variable r to avoid uninitialized
use
- i3c: add missing include to internal header
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
- i3c: don't fail if GETHDRCAP is unsupported
- dm-mpath: don't print the "loaded" message if registering fails
- i2c: Force DLL0945 touchpad i2c freq to 100khz
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
- kconfig: nconf: Ensure null termination where strncpy is used
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
- scsi: target: core: Generate correct identifiers for PR OUT transport
IDs
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
- kconfig: gconf: fix potential memory leak in renderer_edited()
- kconfig: lxdialog: fix 'space' to (de)select options
- ipmi: Fix strcpy source and destination the same
- net: phy: smsc: add proper reset flags for LAN8710A
- block: avoid possible overflow for chunk_sectors check in
blk_stack_limits()
- pNFS: Fix stripe mapping in block/scsi layout
- pNFS: Fix disk addr range check in block/scsi layout
- pNFS: Handle RPC size limit for layoutcommits
- pNFS: Fix uninited ptr deref in block/scsi layout
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
- scsi: lpfc: Remove redundant assignment to avoid memory leak
- ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
- ASoC: soc-dai.h: merge DAI call back functions into ops
- ASoC: fsl_sai: replace regmap_write with regmap_update_bits
- ext4: fix largest free orders lists corruption on mb_optimize_scan
switch
- usb: core: config: Prevent OOB read in SS endpoint companion parsing
- misc: rtsx: usb: Ensure mmc child device is active when card is present
- comedi: fix race between polling and detaching
- thunderbolt: Fix copy+paste error in match_service_id()
- cdc-acm: fix race between initial clearing halt and open
- btrfs: fix log tree replay failure due to file with 0 links and extents
- btrfs: do not allow relocation of partially dropped subvolumes
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
- parisc: Makefile: fix a typo in palo.conf
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
- media: uvcvideo: Do not mark valid metadata as invalid
- HID: magicmouse: avoid setting up battery timer when not needed
- serial: 8250: fix panic due to PSLVERR
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
- m68k: Fix lost column on framebuffer debug console
- usb: atm: cxacru: Merge cxacru_upload_firmware() into
cxacru_heavy_init()
- usb: gadget: udc: renesas_usb3: fix device leak at unbind
- usb: dwc3: meson-g12a: fix device leaks at unbind
- bus: mhi: host: Fix endianness of BHI vector table
- vt: keyboard: Don't process Unicode characters in K_OFF mode
- vt: defkeymap: Map keycodes above 127 to K_HOLE
- lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
- Revert "vgacon: Add check for vc_origin address range in
vgacon_scroll()"
- ext4: check fast symlink for ea_inode correctly
- ext4: fix fsmap end of range reporting with bigalloc
- ext4: fix reserved gdt blocks handling in fsmap
- ext4: don't try to clear the orphan_present feature block device is r/o
- ext4: use kmalloc_array() for array space allocation
- ext4: fix hole length calculation overflow in non-extent inodes
- scsi: mpi3mr: Fix race between config read submit and interrupt
completion
- ata: libata-scsi: Fix ata_to_sense_error() status handling
- zynq_fpga: use sgtable-based scatterlist wrappers
- wifi: brcmsmac: Remove const from tbl_ptr parameter in
wlc_lcnphy_common_read_table()
- wifi: ath11k: fix source ring-buffer corruption
- pwm: imx-tpm: Reset counter if CMOD is 0
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page()
- mtd: rawnand: fsmc: Add missing check after DMA map
- PCI: endpoint: Fix configfs group list head handling
- PCI: endpoint: Fix configfs group removal on driver teardown
- jbd2: prevent softlockup in jbd2_log_do_checkpoint()
- soc/tegra: pmc: Ensure power-domains are in a known state
- media: gspca: Add bounds checking to firmware parser
- media: hi556: correct the test pattern configuration
- media: imx: fix a potential memory leak in
imx_media_csc_scaler_device_init()
- media: v4l2-ctrls: Don't reset handler's error in
v4l2_ctrl_handler_free()
- media: usbtv: Lock resolution while streaming
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
- media: ov2659: Fix memory leaks in ov2659_probe()
- media: venus: Add a check for packet size after reading from shared
memory
- media: venus: hfi: explicitly release IRQ during teardown
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240
- drm/amd: Restore cached power limit during resume
- drm/amd/display: Don't overwrite dce60_clk_mgr
- net, hsr: reject HSR frame if skb can't hold tag
- ipv6: sr: Fix MAC comparison to be constant-time
- mptcp: drop skb if MPTCP skb extension allocation fails
- mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
- mm: drop the assumption that VM_SHARED always implies writable
- mm: update memfd seal write check to include F_SEAL_WRITE
- mm: reinstate ability to map write-sealed memfd mappings read-only
- selftests/memfd: add test for mapping write-sealed memfd read-only
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
- drm/sched: Remove optimization that causes hang when killing dependent
jobs
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
- f2fs: fix to do sanity check on ino and xnid
- iio: hid-sensor-prox: Restore lost scale assignments
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation
- x86/mce/amd: Add default names for MCA banks and blocks
- usb: hub: avoid warm port reset during USB3 disconnect
- usb: hub: Don't try to recover devices lost during warm reset.
- x86/fpu: Delay instruction pointer fixup until after warning
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
- smb: server: Fix extension string in ksmbd_extract_shortname()
- hv_netvsc: Fix panic during namespace deletion with VF
- usb: typec: fusb302: cache PD RX state
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
- block: Make REQ_OP_ZONE_FINISH a write operation
- net: enetc: fix device and OF node leak at probe
- NFS: Create an nfs4_server_set_init_caps() function
- NFS: Fix the setting of capabilities when automounting a new filesystem
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
- usb: musb: omap2430: Convert to platform remove callback returning void
- usb: musb: omap2430: fix device leak at unbind
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
- bus: mhi: host: Detect events pointing to unexpected TREs
- usb: dwc3: imx8mp: fix device leak at unbind
- platform/chrome: cros_ec: Make cros_ec_unregister() return void
- platform/chrome: cros_ec: Use per-device lockdep key
- platform/chrome: cros_ec: remove unneeded label and if-condition
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
- net/sched: sch_ets: properly init all active DRR list handles
- net_sched: sch_ets: implement lockless ets_dump()
- net/sched: ets: use old 'nbands' while purging unused classes
- KVM: VMX: Flush shadow VMCS on emergency reboot
- btrfs: populate otime when logging an inode item
- sch_htb: make htb_deactivate() idempotent
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
- kbuild: userprogs: use correct linker when mixing clang and GNU ld
- selftests: mptcp: make sendfile selftest work
- selftests: mptcp: connect: also cover alt modes
- selftests: mptcp: connect: also cover checksum
- selftests: mptcp: add missing join check
- mptcp: fix error mibs accounting
- mptcp: introduce MAPPING_BAD_CSUM
- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
- mptcp: drop unused sk in mptcp_push_release
- mptcp: do not queue data on closed subflows
- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like
host controllers
- scsi: ufs: ufs-pci: Fix default runtime and system PM levels
- KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix
- memstick: Fix deadlock by moving removing flag earlier
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for
consistency
- squashfs: fix memory leak in squashfs_fill_super
- mm/debug_vm_pgtable: clear page table entries at destroy_args()
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and
EliteBook 830 G6
- drm/amd/display: Avoid a NULL pointer dereference
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
- drm/amd/display: Find first CRTC and its line time in
dce110_fill_display_configs
- drm/amd/display: Fill display clock and vblank time in
dce110_fill_display_configs
- fs/buffer: fix use-after-free when call bh_read() helper
- use uniform permission checks for all mount propagation changes
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
- ftrace: Also allocate and copy hash for reading of filter files
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
- iio: proximity: isl29501: fix buffered read on big-endian systems
- most: core: Drop device reference after usage in get_channel()
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash
Drive
- comedi: Make insn_rw_emulate_bits() do insn->n samples
- comedi: pcl726: Prevent invalid irq number
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and
do_insnlist_ioctl()
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE
test
- usb: renesas-xhci: Fix External ROM access timeouts
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts
- drm/amd/display: Don't overclock DCE 6 by 15%
- mptcp: disable add_addr retransmission when timeout is 0
- f2fs: fix to avoid out-of-boundary access in dnode page
- media: camss: Convert to platform remove callback returning void
- media: qcom: camss: cleanup media device allocated resource on error
path
- media: venus: Add support for SSR trigger using fault injection
- media: venus: protect against spurious interrupts during probe
- locking/barriers, kcsan: Support generic instrumentation
- asm-generic: Add memory barrier dma_mb()
- wifi: ath11k: fix dest ring-buffer corruption when ring is full
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header
- iio: adc: ad_sigma_delta: change to buffer predisable
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
- scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
- pwm: mediatek: Implement .apply() callback
- pwm: mediatek: Handle hardware enable and clock enable separately
- pwm: mediatek: Fix duty and period setting
- selftests: mptcp: pm: check flush doesn't reset limits
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again
- usb: xhci: Fix slot_id resource race conflict
- iio: imu: inv_icm42600: change invalid data error to -EBUSY
- tracing: Remove unneeded goto out logic
- tracing: Limit access to parser->buffer when trace_get_user failed
- iio: light: as73211: Ensure buffer holes are zeroed
- mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
- x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
- mm/page_alloc: detect allocation forbidden by cpuset and bail out early
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on
cpusets_insane_config_key
- RDMA/bnxt_re: Fix to initialize the PBL array
- net: bridge: fix soft lockup in br_multicast_query_expired()
- scsi: qla4xxx: Prevent a potential error pointer dereference
- iommu/amd: Avoid stack buffer overflow from kernel cmdline
- mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug
- ALSA: usb-audio: Fix size validation in convert_chmap_v3()
- drm/amd/display: Add null pointer check in
mod_hdcp_hdcp1_create_session()
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
- ppp: fix race conditions in ppp_fill_forward_path
- net: phy: Use netif_rx().
- phy: mscc: Fix timestamping for vsc8584
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
- igc: fix disabling L1.2 PCI-E link substate on I226 on init
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in
htb_activate
- bonding: update LACP activity flag after setting lacp_active
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs
- s390/hypfs: Enable limited access during lockdown
- netfilter: nf_reject: don't leak dst refcount for loopback packets
- wifi: mac80211: check basic rates validity in sta_link_apply_parameters
- alloc_fdtable(): change calling conventions.
- Linux 5.15.190
* UBUNTU: SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
(LP: #2127864)
- SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
* Jammy update: v5.15.190 upstream stable release (LP: #2122364) //
CVE-2024-50047 fix.
- smb: client: fix use-after-free in crypt_message when using async crypto
* CVE-2024-50061
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
Driver Due to Race Condition
* CVE-2023-53074
- drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
* CVE-2025-38678
- netfilter: nf_tables: reject duplicate device on updates
* CVE-2024-53068
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()
* VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300
- Documentation/hw-vuln: Add VMSCAPE documentation
- x86/vmscape: Enumerate VMSCAPE bug
- x86/vmscape: Add conditional IBPB mitigation
- x86/vmscape: Enable the mitigation
- x86/bugs: Move cpu_bugs_smt_update() down
- x86/vmscape: Warn when STIBP is disabled with SMT
- x86/vmscape: Add old Intel CPUs to affected list
* VMSCAPE CVE-2025-40300 (LP: #2124105)
- [Config] Enable MITIGATION_VMSCAPE config
-- Edoardo Canepa <edoardo.canepa@canonical.com> Tue, 14 Oct 2025 19:35:50 +0200
linux (5.15.0-160.170) jammy; urgency=medium
* jammy/linux: 5.15.0-160.170 -proposed tracker (LP: #2126548)
* [Regression Updates] System hangs when loading audit rules
(5.15.0-156.166) (LP: #2126434)
- netlink: avoid infinite retry looping in netlink_unicast()
-- Stefan Bader <stefan.bader@canonical.com> Wed, 01 Oct 2025 11:49:04 +0200
linux (5.15.0-158.168) jammy; urgency=medium
* jammy/linux: 5.15.0-158.168 -proposed tracker (LP: #2124104)
* [UBUNTU 22.04] s390/pci: Handle PCI error codes other than 0x3a
(LP: #2120344)
- s390/pci: Handle PCI error codes other than 0x3a
* sources list generation using dwarfdump takes up to 0.5hr in build process
(LP: #2104911)
- [Packaging] Don't generate list of source files
* CVE-2024-26700
- drm/amd/display: Fix MST Null Ptr for RV
* CVE-2023-52593
- wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
- wifi: wfx: fix memory leak when starting AP
- wifi: wfx: repair open network AP mode
* CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
-- Stefan Bader <stefan.bader@canonical.com> Tue, 16 Sep 2025 16:14:00 +0200
linux (5.15.0-156.166) jammy; urgency=medium
* jammy/linux: 5.15.0-156.166 -proposed tracker (LP: #2120207)
* minimal kernel lacks modules for blk disk in arm64 openstack environments
where config_drive is required (LP: #2118499)
- [Config] Enable SYM53C8XX_2 on arm64
-- Mehmet Basaran <mehmet.basaran@canonical.com> Sat, 09 Aug 2025 02:40:31 +0300
linux (5.15.0-154.164) jammy; urgency=medium
* jammy/linux: 5.15.0-154.164 -proposed tracker (LP: #2120098)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.08.11)
* warning at iommu_dma_unmap_page when running ibv_rc_pingpong
(LP: #2107816)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type
* dmesg flooded with errors: amdgpu: DP AUX transfer fail:4 (LP: #2115238)
- drm/amd/display: Avoid flooding unnecessary info messages
* Jammy update: v5.15.189 upstream stable release (LP: #2118995)
- ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
- fix proc_sys_compare() handling of in-lookup dentries
- vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also
`transport_local`
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
- atm: clip: Fix memory leak of struct clip_vcc.
- ice: safer stats processing
- rxrpc: Fix oops due to non-existence of prealloc backlog struct
- bpf: fix precision backtracking instruction iteration
- bpf, sockmap: Fix skb refcnt race after locking changes
- xen: replace xen_remap() with memremap()
- x86/mce/amd: Fix threshold limit reset
- x86/mce: Don't remove sysfs if thresholding sysfs init fails
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
- gre: Fix IPv6 multicast route creation.
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts
- drm/sched: Increment job count before swapping tail spsc queue
- drm/gem: Fix race in drm_gem_handle_create_tail()
- Revert "ACPI: battery: negate current when discharging"
- btrfs: propagate last_unlink_trans earlier when doing a rmdir
- btrfs: use btrfs_record_snapshot_destroy() during rmdir
- RDMA/mlx5: Fix vport loopback for MPV device
- pwm: mediatek: Ensure to disable clocks in error path
- netlink: Fix rmem check in netlink_broadcast_deliver().
- netlink: make sure we allow at least one dump skb
- xhci: Allow RPM on the USB controller (1022:43f7) by default
- usb: xhci: quirk for data loss in ISOC transfers
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
- Input: xpad - support Acer NGR 200 Controller
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant
- usb: cdnsp: Fix issue with CV Bad Descriptor test
- usb: dwc3: Abort suspend on soft disconnect failure
- dma-buf: add dma_resv_for_each_fence_unlocked v8
- dma-buf: use new iterator in dma_resv_wait_timeout
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2
- wifi: zd1211rw: Fix potential NULL pointer dereference in
zd_mac_tx_to_dev()
- smb: server: make use of rdma_destroy_qp()
- ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
- net: appletalk: Fix device refcount leak in atrtr_create()
- net: phy: microchip: limit 100M workaround to link-down events on
LAN88xx
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to
debug level
- net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
- bnxt_en: Fix DCB ETS validation
- atm: idt77252: Add missing `dma_map_error()`
- um: vector: Reduce stack usage in vector_eth_configure()
- net: usb: qmi_wwan: add SIMCom 8230C composition
- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
- vt: add missing notification when switching back to text mode
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
- Input: atkbd - do not skip atkbd_deactivate() when skipping
ATKBD_CMD_GETID
- x86/mm: Disable hugetlb page table sharing on 32-bit
- Linux 5.15.189
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38067
- rseq: Fix segfault on registration when rseq_cs is non-zero
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38074
- vhost-scsi: protect vq->log_used with vq->mutex
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38439
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38441
- netfilter: flowtable: account for Ethernet header in
nf_flow_pppoe_proto()
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38443
- nbd: fix uaf in nbd_genl_connect() error path
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38444
- raid10: cleanup memleak at raid10_make_request
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38445
- md/raid1: Fix stack memory use after return in raid1_reshape
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38375
- virtio-net: ensure the received length does not exceed allocated size
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38448
- usb: gadget: u_serial: Fix race condition in TTY wakeup
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2024-44939
- jfs: fix null ptr deref in dtInsertEntry
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2024-26775
- aoe: avoid potential deadlock at set_capacity
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2022-48703
- thermal/int340x_thermal: handle data_vault when the value is
ZERO_SIZE_PTR
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38457
- net/sched: Abort __tc_modify_qdisc if parent class does not exist
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38458
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38459
- atm: clip: Fix infinite recursive call of clip_push().
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38460
- atm: clip: Fix potential null-ptr-deref in to_atmarpd().
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38461
- vsock: Fix transport_* TOCTOU
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38462
- vsock: Fix transport_{g2h,h2g} TOCTOU
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38464
- tipc: Fix use-after-free in tipc_conn_close().
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38465
- netlink: Fix wraparounds of sk->sk_rmem_alloc.
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38466
- perf: Revert to requiring CAP_SYS_ADMIN for uprobes
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38467
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
* Jammy update: v5.15.188 upstream stable release (LP: #2118993)
- Linux 5.15.188
* Jammy update: v5.15.187 upstream stable release (LP: #2118977)
- cifs: Fix cifs_query_path_info() for Windows NT servers
- NFSv4: Always set NLINK even if the server doesn't support it
- NFSv4.2: fix listxattr to return selinux security label
- mailbox: Not protect module_put with spin_lock_irqsave
- mfd: max14577: Fix wakeup source leaks on device unbind
- leds: multicolor: Fix intensity setting while SW blinking
- hwmon: (pmbus/max34440) Fix support for max34451
- ksmbd: allow a filename to contain special characters on SMB3.1.1 posix
extension
- dmaengine: xilinx_dma: Set dma_device directions
- md/md-bitmap: fix dm-raid max_write_behind setting
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp
- um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
- coresight: Only check bottom two claim bits
- usb: dwc2: also exit clock_gating when stopping udc while suspended
- usb: potential integer overflow in usbg_make_tpg()
- usb: common: usb-conn-gpio: use a unique name for usb connector device
- usb: Add checks for snprintf() calls in usb_alloc_dev()
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
- usb: typec: displayport: Receive DP Status Update NAK request exit dp
altmode
- ALSA: hda: Ignore unsol events for cards being shut down
- ALSA: hda: Add new pci id for AMD GPU display HD audio controller
- ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
- ceph: fix possible integer overflow in ceph_zero_objects()
- ovl: Check for NULL d_inode() in ovl_dentry_upper()
- fs/jfs: consolidate sanity checking in dbMount
- media: davinci: vpif: Fix memory leak in probe error path
- media: omap3isp: use sgtable-based scatterlist wrappers
- clk: ti: am43xx: Add clkctrl data for am43xx ADC1
- media: imx-jpeg: Drop the first error frames
- f2fs: don't over-report free space or inodes in statvfs
- Drivers: hv: Rename 'alloced' to 'allocated'
- Drivers: hv: vmbus: Add utility function for querying ring size
- uio_hv_generic: Query the ringbuffer size for device
- uio_hv_generic: Align ring size to system page
- fbcon: delete a few unneeded forward decl
- tty/vt: consolemap: rename and document struct uni_pagedir
- vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen()
- vgacon: remove unneeded forward declarations
- tty: vt: make init parameter of consw::con_init() a bool
- tty: vt: sanitize arguments of consw::con_clear()
- tty: vt: make consw::con_switch() return a bool
- dummycon: Trigger redraw when switching consoles with deferred takeover
- platform/x86: ideapad-laptop: use usleep_range() for EC polling
- i2c: tiny-usb: disable zero-length read messages
- i2c: robotfuzz-osif: disable zero-length read messages
- attach_recursive_mnt(): do not lock the covering tree when sliding
something under it
- libbpf: Fix null pointer dereference in btf_dump__free on allocation
failure
- wifi: mac80211: fix beacon interval calculation overflow
- af_unix: Don't set -ECONNRESET for consumed OOB skb.
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
- um: ubd: Add missing error check in start_io_thread()
- net: enetc: Correct endianness handling in _enetc_rd_reg64
- net: selftests: fix TCP packet checksum
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
- dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation
- dm-raid: fix variable in journal device check
- btrfs: update superblock's device bytes_used when dropping chunk
- HID: wacom: fix memory leak on kobject creation failure
- HID: wacom: fix memory leak on sysfs attribute creation failure
- HID: wacom: fix kobject reference count leak
- drm/tegra: Assign plane type before registration
- drm/tegra: Fix a possible null pointer dereference
- drm/udl: Unregister device before cleaning up on disconnect
- drm/amdkfd: Fix race in GWS queue scheduling
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
- drm/bridge: cdns-dsi: Fix connecting to next bridge
- drm/bridge: cdns-dsi: Check return value when getting default PHY config
- drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
- drm/amd/display: Add null pointer check for get_first_active_display()
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
- media: uvcvideo: Rollback non processed entities on error
- s390/entry: Fix last breaking event handling in case of stack corruption
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
- Revert "ipv6: save dontfrag in cork"
- arm64: Restrict pagetable teardown to avoid false warning
- ARM: 9354/1: ptrace: Use bitfield helpers
- rtc: cmos: use spin_lock_irqsave in cmos_interrupt
- vsock/vmci: Clear the vmci transport packet properly when initializing
it
- mmc: sdhci: Add a helper function for dump register in dynamic debug
mode
- Revert "mmc: sdhci: Disable SD card clock before changing parameters"
- usb: typec: altmodes/displayport: do not index invalid pin_assignments
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
- mtk-sd: Prevent memory corruption from DMA map failure
- mtk-sd: reset host->mrq on prepare_data() error
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
- scsi: ufs: core: Fix spelling of a sysfs attribute name
- RDMA/mlx5: Fix CC counters query for MPV
- btrfs: fix missing error handling when searching for inode refs during
log replay
- drm/exynos: fimd: Guard display clock control with runtime PM calls
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer
- drm/i915/selftests: Change mock_request() to return error pointers
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs
callbacks
- drm/i915/gt: Fix timeline left held on VMA alloc error
- igc: disable L1.2 PCI-E link substate to avoid performance issue
- lib: test_objagg: Set error message in check_expect_hints_stats()
- amd-xgbe: align CL37 AN sequence as per databook
- enic: fix incorrect MTU comparison in enic_change_mtu()
- rose: fix dangling neighbour pointers in rose_rt_device_down()
- nui: Fix dma_mapping_error() check
- drm/msm: Fix a fence leak in submit error path
- ALSA: sb: Don't allow changing the DMA mode during operations
- ALSA: sb: Force to disable DMAs once when DMA mode is changed
- ata: pata_cs5536: fix build on 32-bit UML
- powerpc: Fix struct termio related ioctl macros
- scsi: target: Fix NULL pointer dereference in
core_scsi3_decode_spec_i_port()
- wifi: mac80211: drop invalid source address OCB frames
- wifi: ath6kl: remove WARN on bad firmware input
- ACPICA: Refuse to evaluate a method if arguments are missing
- mtd: spinand: fix memory leak of ECC engine conf
- rcu: Return early if callback is not specified
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier
- regulator: gpio: Add input_supply support in gpio_regulator_config
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
- drm/v3d: Disable interrupts before resetting the GPU
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O
- ethernet: atl1: Add missing DMA mapping error checks and count errors
- dpaa2-eth: Update dpni_get_single_step_cfg command
- dpaa2-eth: Update SINGLE_STEP register access
- net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats
- dpaa2-eth: fix xdp_rxq_info leak
- platform/x86: think-lmi: Fix class device unregistration
- platform/x86: dell-wmi-sysman: Fix class device unregistration
- xhci: dbctty: disable ECHO flag by default
- xhci: dbc: Flush queued requests before stopping dbc
- usb: cdnsp: do not disable slot for disabled slot
- i2c/designware: Fix an initialization issue
- Logitech C-270 even more broken
- platform/x86: think-lmi: Create ksets consecutively
- usb: typec: displayport: Fix potential deadlock
- [Config] enable TSA mitigation
- KVM: x86: add support for CPUID leaf 0x80000021
- Linux 5.15.187
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2024-36350 // CVE-2024-36357
- x86/bugs: Rename MDS machinery to something more generic
- x86/bugs: Add a Transient Scheduler Attacks mitigation
- x86/CPU/AMD: Properly check the TSA microcode
- x86: Fix X86_FEATURE_VERW_CLEAR definition
- KVM: SVM: Advertise TSA CPUID bits to guests
- x86/process: Move the buffer clearing before MONITOR
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2024-26726
- btrfs: don't drop extent_map for free space inode on write error
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38245
- atm: Release atm_dev_mutex after removing procfs in
atm_dev_deregister().
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38249
- ALSA: usb-audio: Fix out-of-bounds read in
snd_usb_get_audioformat_uac3()
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38251
- atm: clip: prevent NULL deref in clip_push()
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38257
- s390/pkey: Prevent overflow in size calculation for memdup_user()
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38230
- jfs: validate AG parameters in dbMount() to prevent crashes
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38262
- tty: serial: uartlite: register uart driver in init
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38263
- bcache: fix NULL pointer in cache_set_flush()
* Jammy update: v5.15.186 upstream stable release (LP: #2116904)
- tracing: Fix compilation warning on arm32
- pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31
- pinctrl: armada-37xx: set GPIO output value before setting direction
- acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
- rtc: Make rtc_time64_to_tm() support dates before 1970
- rtc: Fix offset calculation for .start_secs < 0
- usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
- usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
- USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
- usb: usbtmc: Fix timeout value in get_stb
- thunderbolt: Do not double dequeue a configuration request
- gfs2: gfs2_create_inode error handling fix
- perf/core: Fix broken throttling when max_samples_per_tick=1
- crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions
- x86/cpu: Sanitize CPUID(0x80000000) output
- crypto: marvell/cesa - Handle zero-length skcipher requests
- crypto: marvell/cesa - Avoid empty transfer descriptor
- crypto: lrw - Only add ecb if it is not already there
- crypto: xts - Only add ecb if it is not already there
- crypto: sun8i-ce - move fallback ahash_request to the end of the struct
- EDAC/skx_common: Fix general protection fault
- power: reset: at91-reset: Optimize at91_reset()
- PM: wakeup: Delete space in the end of string shown by
pm_show_wakelocks()
- x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
- ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
- spi: sh-msiof: Fix maximum DMA transfer size
- drm/amd/pp: Fix potential NULL pointer dereference in
atomctrl_initialize_mc_reg_table
- media: rkvdec: Fix frame size enumeration
- fs/ntfs3: handle hdr_first_de() return value
- m68k: mac: Fix macintosh_config for Mac II
- firmware: psci: Fix refcount leak in psci_dt_init
- selftests/seccomp: fix syscall_restart test for arm compat
- drm: rcar-du: Fix memory leak in rcar_du_vsps_init()
- drm/vkms: Adjust vkms_state->active_planes allocation type
- drm/tegra: rgb: Fix the unbound reference count
- firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
- wifi: ath11k: fix node corruption in ar->arvifs list
- IB/cm: use rwlock for MAD agent lock
- bpf, sockmap: fix duplicated data transmission
- f2fs: fix to do sanity check on sbi->total_valid_block_count
- net: ncsi: Fix GCPS 64-bit member variables
- libbpf: Fix buffer overflow in bpf_object__init_prog
- wifi: rtw88: do not ignore hardware read error during DPK
- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
- iommu: Protect against overflow in iommu_pgsize()
- f2fs: clean up w/ fscrypt_is_bounce_page()
- f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
- libbpf: Use proper errno value in linker
- netfilter: bridge: Move specific fragmented packet to slow_path instead
of dropping it
- netfilter: nft_quota: match correctly when the quota just depleted
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
- clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs
- clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
- ktls, sockmap: Fix missing uncharge operation
- libbpf: Use proper errno value in nlattr
- pinctrl: at91: Fix possible out-of-boundary access
- bpf: Fix WARN() in get_bpf_raw_tp_regs
- clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz
- s390/bpf: Store backchain even for leaf progs
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
- wifi: ath9k_htc: Abort software beacon handling if disabled
- netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
- vfio/type1: Fix error unwind in migration dirty bitmap allocation
- bpf, sockmap: Avoid using sk_socket after free when sending
- netfilter: nft_tunnel: fix geneve_opt dump
- net: usb: aqc111: fix error handling of usbnet read calls
- bpf: Avoid __bpf_prog_ret0_warn when jit fails
- net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
- calipso: Don't call calipso functions for AF_INET sk.
- net: openvswitch: Fix the dead loop of MPLS parse
- net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
- f2fs: use d_inode(dentry) cleanup dentry->d_inode
- f2fs: fix to correct check conditions in f2fs_cross_rename
- ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select
- ARM: dts: at91: at91sam9263: fix NAND chip selects
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load
- Squashfs: check return result of sb_min_blocksize
- ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
- nilfs2: add pointer check for nilfs_direct_propagate()
- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
- bus: fsl-mc: fix double-free on mc_dev
- ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon
device
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399
Puma with Haikou
- soc: aspeed: lpc: Fix impossible judgment condition
- soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
- perf build: Warn when libdebuginfod devel files are not available
- perf ui browser hists: Set actions->thread before calling
do_zoom_thread()
- backlight: pm8941: Add NULL check in wled_configure()
- perf scripts python: exported-sql-viewer.py: Fix pattern matching with
Python 3
- remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
- rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send()
- mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in
exynos_lpass_remove()
- mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE
- perf tests switch-tracking: Fix timestamp comparison
- perf record: Fix incorrect --user-regs comments
- nfs: clear SB_RDONLY before getting superblock
- nfs: ignore SB_RDONLY when remounting nfs
- rtc: sh: assign correct interrupts with DT
- PCI: cadence: Fix runtime atomic count underflow
- dmaengine: ti: Add NULL check in udma_probe()
- PCI/DPC: Initialize aer_err_info before using it
- usb: renesas_usbhs: Reorder clock handling and power management in probe
- serial: Fix potential null-ptr-deref in mlb_usio_probe()
- iio: adc: ad7124: Fix 3dB filter frequency reading
- MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a
- vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
- net: stmmac: platform: guarantee uniqueness of bus_id
- gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
- net: tipc: fix refcount warning in tipc_aead_encrypt
- driver: net: ethernet: mtk_star_emac: fix suspend/resume issue
- net/mlx4_en: Prevent potential integer overflow calculating Hz
- spi: bcm63xx-spi: fix shared reset
- spi: bcm63xx-hsspi: fix shared reset
- Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
- ice: create new Tx scheduler nodes for new queues only
- net: dsa: tag_brcm: legacy: fix pskb_may_pull length
- vmxnet3: correctly report gso type for UDP tunnels
- PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
- gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
- netfilter: nf_set_pipapo_avx2: fix initial map fill
- wireguard: device: enable threaded NAPI
- seg6: Fix validation of nexthop addresses
- fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
- do_change_type(): refuse to operate on unmounted/not ours mounts
- pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()
- Input: synaptics-rmi4 - convert to use sysfs_emit() APIs
- Input: synaptics-rmi - fix crash with unsupported versions of F34
- arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property
- arm64: dts: ti: k3-am65-main: Fix sdhci node properties
- arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0
- serial: sh-sci: Check if TX data was written to device in .tx_empty()
- serial: sh-sci: Move runtime PM enable to sci_probe_single()
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- scsi: core: ufs: Fix a hang in the error handler
- ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
- ath10k: snoc: fix unbalanced IRQ enable in crash recovery
- scsi: iscsi: Fix incorrect error path labels for flashnode operations
- net_sched: sch_sfq: fix a potential crash on gso_skb handling
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
- drm/meson: use unsigned long long / Hz for frequency types
- drm/meson: fix debug log statement when setting the HDMI clocks
- drm/meson: use vclk_freq instead of pixel_freq in debug print
- drm/meson: fix more rounding issues with 59.94Hz modes
- i40e: return false from i40e_reset_vf if reset is in progress
- i40e: retry VFLR handling if there is ongoing VF reset
- net: Fix TOCTOU issue in sk_is_readable()
- macsec: MACsec SCI assignment for ES = 0
- net: mdio: C22 is now optional, EOPNOTSUPP if not provided
- net/mdiobus: Fix potential out-of-bounds read/write access
- net/mlx5: Ensure fw pages are always allocated on same NUMA
- net/mlx5: Fix return value when searching for existing flow group
- net_sched: red: fix a race in __red_change()
- net_sched: tbf: fix a race in tbf_change()
- net_sched: ets: fix a race in ets_qdisc_change()
- fs/filesystems: Fix potential unsigned integer underflow in fs_name()
- nvmet-fcloop: access fcpreq only when holding reqlock
- perf: Ensure bpf_perf_link path is properly serialized
- ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and
posix_cpu_timer_del()
- x86/boot/compressed: prefer cc-option for CFLAGS additions
- MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option
- MIPS: Prefer cc-option for additions to cflags
- kbuild: Update assembler calls to use proper flags and language target
- drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation
- kbuild: Add CLANG_FLAGS to as-instr
- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation
- drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for
clang
- usb: usbtmc: Fix read_stb function and get_stb ioctl
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
- usb: cdnsp: Fix issue with detecting command completion event
- usb: cdnsp: Fix issue with detecting USB 3.2 speed
- usb: Flush altsetting 0 endpoints before reinitializating them after
reset.
- usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
- xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
- x86/iopl: Cure TIF_IO_BITMAP inconsistencies
- calipso: unlock rcu before returning -EAFNOSUPPORT
- net: usb: aqc111: debug info before sanitation
- drm/meson: Use 1000ULL when operating with mode->clock
- kbuild: userprogs: fix bitsize and target detection on clang
- kbuild: hdrcheck: fix cross build with clang
- xfs: allow inode inactivation during a ro mount log recovery
- configfs: Do not override creating attribute file failure in
populate_attrs()
- crypto: marvell/cesa - Do not chain submitted requests
- gfs2: move msleep to sleepable context
- ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
- powerpc/pseries/msi: Avoid reading PCI device registers in reduced power
states
- net/mlx5_core: Add error handling
inmlx5_query_nic_vport_qkey_viol_cntr()
- net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
- wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
- nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
- nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
- jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
- wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
- media: ov8856: suppress probe deferral errors
- media: ccs-pll: Start VT pre-PLL multiplier search from correct value
- media: ccs-pll: Start OP pre-PLL multiplier search from correct value
- media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div
- media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case
- media: cxusb: no longer judge rbuf when the write fails
- media: gspca: Add error handling for stv06xx_read_sensor()
- media: v4l2-dev: fix error handling in __video_register_device()
- media: venus: Fix probe error handling
- media: videobuf2: use sgtable-based scatterlist wrappers
- media: vidtv: Terminating the subsequent process of initialization
failure
- media: vivid: Change the siize of the composing
- media: uvcvideo: Return the number of processed controls
- media: uvcvideo: Send control events for partial succeeds
- media: uvcvideo: Fix deferred probing error
- ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
- ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
- bus: mhi: host: Fix conflict between power_up and SYSERR
- can: tcan4x5x: fix power regulator retrieval during probe
- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
- bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
- bus: fsl-mc: fix GET/SET_TAILDROP command ids
- ext4: inline: fix len overflow in ext4_prepare_inline_data
- ext4: fix calculation of credits for extent tree modification
- ext4: factor out ext4_get_maxbytes()
- ext4: ensure i_size is smaller than maxbytes
- Input: ims-pcu - check record size in ims_pcu_flash_firmware()
- f2fs: prevent kernel warning due to negative i_nlink from corrupted
image
- f2fs: fix to do sanity check on sit_bitmap_size
- NFC: nci: uart: Set tty->disc_data only in success path
- EDAC/altera: Use correct write width with the INTTEST register
- fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
- vgacon: Add check for vc_origin address range in vgacon_scroll()
- parisc: fix building with gcc-15
- clk: meson-g12a: add missing fclk_div2 to spicc
- ipc: fix to protect IPCS lookups using RCU
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
- mm: fix ratelimit_pages update error in dirty_ratio_handler()
- mtd: rawnand: sunxi: Add randomizer configuration in
sunxi_nfc_hw_ecc_write_chunk
- mtd: nand: sunxi: Add randomizer configuration before randomizer enable
- dm-mirror: fix a tiny race condition
- ftrace: Fix UAF when lookup kallsym after ftrace disabled
- net: ch9200: fix uninitialised access during mii_nway_restart
- staging: iio: ad5933: Correct settling cycles encoding per datasheet
- mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
- regulator: max14577: Add error check for max14577_read_reg()
- remoteproc: core: Cleanup acquired resources when
rproc_handle_resources() fails in rproc_attach()
- remoteproc: core: Release rproc->clean_table after rproc_attach() fails
- uio_hv_generic: Use correct size for interrupt and monitor pages
- PCI: cadence-ep: Correct PBA offset in .set_msix() callback
- PCI: Add ACS quirk for Loongson PCIe
- PCI: Fix lock symmetry in pci_slot_unlock()
- PCI: dw-rockchip: Fix PHY function call sequence in
rockchip_pcie_phy_deinit()
- iio: accel: fxls8962af: Fix temperature scan element sign
- iio: imu: inv_icm42600: Fix temperature calculation
- iio: adc: ad7606_spi: fix reg write value mask
- ACPICA: fix acpi operand cache leak in dswstate.c
- clocksource: Fix the CPUs' choice in the watchdog per CPU verification
- ACPICA: Avoid sequence overread in call to strncmp()
- ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
- ACPI: bus: Bail out if acpi_kobj registration fails
- ACPICA: fix acpi parse and parseext cache leaks
- power: supply: bq27xxx: Retrieve again when busy
- ACPICA: utilities: Fix overflow check in vsnprintf()
- ASoC: tegra210_ahub: Add check to of_device_get_match_data()
- PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
- ACPI: battery: negate current when discharging
- drm/amdgpu/gfx6: fix CSIB handling
- sunrpc: update nextcheck time when adding new cache entries
- drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling
disable_irq()
- exfat: fix double free in delayed_free
- drm/bridge: anx7625: change the gpiod_set_value API
- media: i2c: imx334: Enable runtime PM before sub-device registration
- drm/msm/hdmi: add runtime PM calls to DDC transfer function
- media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition
- drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit()
- drm/msm/a6xx: Increase HFI response timeout
- media: i2c: imx334: Fix runtime PM handling in remove function
- drm/amdgpu/gfx10: fix CSIB handling
- media: ccs-pll: Better validate VT PLL branch
- media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition
- drm/amdgpu/gfx7: fix CSIB handling
- ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in
ext4_ext_remove_space()
- jfs: fix array-index-out-of-bounds read in add_missing_indices
- media: ti: cal: Fix wrong goto on error path
- media: rkvdec: Initialize the m2m context before the controls
- sunrpc: fix race in cache cleanup causing stale nextcheck time
- ext4: prevent stale extent cache entries caused by concurrent get
es_cache
- drm/amdgpu/gfx8: fix CSIB handling
- drm/amdgpu/gfx9: fix CSIB handling
- jfs: Fix null-ptr-deref in jfs_ioc_trim
- drm/msm/dpu: don't select single flush for active CTL blocks
- drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB
- media: tc358743: ignore video while HPD is low
- media: platform: exynos4-is: Add hardware sync wait to
fimc_is_hw_change_mode()
- media: i2c: imx334: update mode_3840x2160_regs array
- nios2: force update_mmu_cache on spurious tlb-permission--related
pagefaults
- pmdomain: ti: Fix STANDBY handling of PER power domain
- thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for
IP v2+
- cpufreq: Force sync policy boost with global boost on sysfs update
- net: macb: Check return value of dma_set_mask_and_coherent()
- tipc: use kfree_sensitive() for aead cleanup
- i2c: designware: Invoke runtime suspend on quick slave re-registration
- emulex/benet: correct command version selection in be_cmd_get_stats()
- wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
- sctp: Do not wake readers in __sctp_write_space()
- cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
- i2c: npcm: Add clock toggle recovery
- net: dlink: add synchronization for stats update
- tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
- tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
- ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
- net: atlantic: generate software timestamp just before the doorbell
- pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()
- pinctrl: armada-37xx: propagate error from
armada_37xx_gpio_get_direction()
- pinctrl: armada-37xx: propagate error from
armada_37xx_pmx_gpio_set_direction()
- pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
- net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
- wifi: mac80211: do not offer a mesh path if forwarding is disabled
- clk: rockchip: rk3036: mark ddrphy as critical
- libbpf: Add identical pointer detection to btf_dedup_is_equiv()
- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64
commands
- iommu/amd: Ensure GA log notifier callbacks finish running before module
unload
- net: bridge: mcast: re-implement br_multicast_{enable, disable}_port
functions
- vxlan: Do not treat dst cache initialization errors as fatal
- software node: Correct a OOB check in software_node_get_reference_args()
- pinctrl: mcp23s08: Reset all pins to input at probe
- scsi: lpfc: Use memcpy() for BIOS version
- sock: Correct error checking condition for (assign|release)_proto_idx()
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
- bpf, sockmap: Fix data lost during EAGAIN retries
- octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer()
- watchdog: da9052_wdt: respect TWDMIN
- bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
- ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
- tee: Prevent size calculation wraparound on 32-bit kernels
- Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices
first"
- platform/x86: dell_rbu: Fix list usage
- platform/x86: dell_rbu: Stop overwriting data buffer
- powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH
recovery
- Revert "x86/bugs: Make spectre user default depend on
MITIGATION_SPECTRE_V2" on v6.6 and older
- drivers/rapidio/rio_cm.c: prevent possible heap overwrite
- jffs2: check that raw node were preallocated before writing summary
- jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
- scsi: storvsc: Increase the timeouts to storvsc_timeout
- scsi: s390: zfcp: Ensure synchronous unit_add
- udmabuf: use sgtable-based scatterlist wrappers
- selftests/x86: Add a test to detect infinite SIGTRAP handler loop
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
- atm: Revert atm_account_tx() if copy_from_iter_full() fails.
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
- block: default BLOCK_LEGACY_AUTOLOAD to y
- Input: sparcspkr - avoid unannotated fall-through
- ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound
card
- ALSA: hda/intel: Add Thinkpad E15 to PM deny list
- ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
- iio: accel: fxls8962af: Fix temperature calculation
- mm/hugetlb: unshare page tables during VMA split, not before
- mm: hugetlb: independent PMD page table shared count
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
- erofs: remove unused trace event erofs_destroy_inode
- drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
- drm/nouveau/bl: increase buffer size to avoid truncate warning
- hwmon: (occ) Add soft minimum power cap attribute
- hwmon: (occ) Rework attribute registration for stack usage
- hwmon: (occ) fix unaligned accesses
- pldmfw: Select CRC32 when PLDMFW is selected
- aoe: clean device rq_list in aoedev_downdev()
- net: ice: Perform accurate aRFS flow match
- ptp: fix breakage after ptp_vclock_in_use() rework
- wifi: carl9170: do not ping device which has failed to load firmware
- mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
- atm: atmtcp: Free invalid length skb in atmtcp_c_send().
- tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen()
behavior
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
- net: atm: add lec_mutex
- net: atm: fix /proc/net/atm/lec handling
- ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board
- ARM: dts: am335x-bone-common: Increase MDIO reset deassert time
- ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms
- serial: sh-sci: Increment the runtime usage counter for the earlycon
device
- Revert "cpufreq: tegra186: Share policy per cluster"
- arm64: move AARCH64_BREAK_FAULT into insn-def.h
- arm64: insn: add encoders for atomic operations
- arm64: insn: Add support for encoding DSB
- arm64: proton-pack: Expose whether the platform is mitigated by firmware
- arm64: proton-pack: Expose whether the branchy loop k value
- arm64: spectre: increase parameters that can be used to turn off bhb
mitigation individually
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
- net_sched: sch_sfq: reject invalid perturb period
- mm/huge_memory: fix dereferencing invalid pmd migration entry
- ext4: make 'abort' mount option handling standard
- ext4: avoid remount errors with 'abort' mount option
- net: Fix checksum update for ILA adj-transport
- bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
- s390/pci: Fix __pcilg_mio_inuser() inline assembly
- perf: Fix sample vs do_exit()
- arm64/ptrace: Fix stack-out-of-bounds read in
regs_get_kernel_stack_nth()
- scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
- scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
- Linux 5.15.186
* CVE-2024-57996 // CVE-2025-37752
- net_sched: sch_sfq: annotate data-races around q->perturb_period
- net_sched: sch_sfq: handle bigger packets
- net_sched: sch_sfq: don't allow 1 packet limit
- net_sched: sch_sfq: use a temporary work area for validating
configuration
- net_sched: sch_sfq: move the limit validation
* CVE-2025-38350
- net/sched: Always pass notifications when child class becomes empty
* CVE-2024-27407
- fs/ntfs3: Fixed overflow check in mi_enum_attr()
* watchdog: BUG: soft lockup - CPU#6 stuck for 5718s! [wdavdaemon:1134] with
5.15.0-144-generic (LP: #2118407)
- fs/proc: do_task_stat: use __for_each_thread()
-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 08 Aug 2025 13:43:15 +0300
linux (5.15.0-152.162) jammy; urgency=medium
* jammy/linux: 5.15.0-152.162 -proposed tracker (LP: #2117618)
* [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
- s390: add z16 elf platform
- s390: Add z17 elf platform
* Jammy update: v5.15.185 upstream stable release (LP: #2115240)
- dma-mapping: avoid potential unused data compilation warning
- cgroup: Fix compilation issue due to cgroup_mutex not being exported
- net: enetc: refactor bulk flipping of RX buffers to separate function
- bpf: fix possible endless loop in BPF map iteration
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora
- kconfig: merge_config: use an empty file as initfile
- NFSv4: Check for delegation validity in
nfs_start_delegation_return_locked()
- tracing: Mark binary printing functions with __printf() attribute
- mailbox: use error ret code of of_parse_phandle_with_args()
- fbdev: fsl-diu-fb: add missing device_remove_file()
- fbcon: Use correct erase colour for clearing in fbcon
- fbdev: core: tileblit: Implement missing margin clearing for tileblit
- NFSv4: Treat ENETUNREACH errors as fatal for state recovery
- SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
- SUNRPC: rpcbind should never reset the port to the value '0'
- thermal/drivers/qoriq: Power down TMU on system suspend
- dql: Fix dql->limit value when reset.
- lockdep: Fix wait context check on softirq for PREEMPT_RT
- PCI: dwc: ep: Ensure proper iteration over outbound map windows
- tools/build: Don't pass test log files to linker
- pNFS/flexfiles: Report ENETDOWN as a connection error
- PCI: vmd: Disable MSI remapping bypass under Xen
- mmc: host: Wait for Vdd to settle on card power off
- wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2
- i2c: qup: Vote for interconnect bandwidth to DRAM
- i2c: pxa: fix call balance of i2c->clk handling routines
- btrfs: make btrfs_discard_workfn() block_group ref explicit
- btrfs: avoid linker error in btrfs_find_create_tree_block()
- btrfs: get zone unusable bytes while holding lock at
btrfs_reclaim_bgs_work()
- btrfs: send: return -ENAMETOOLONG when attempting a path that is too
long
- i3c: master: svc: Fix missing STOP for master request
- dlm: make tcp still work in multi-link env
- um: Store full CSGSFS and SS register from mcontext
- um: Update min_low_pfn to match changes in uml_reserved
- ext4: reorder capability check last
- scsi: st: Tighten the page format heuristics with MODE SELECT
- scsi: st: ERASE does not change tape location
- vfio/pci: Handle INTx IRQ_NOTCONNECTED
- tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
- rtc: rv3032: fix EERD location
- ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect
- kbuild: fix argument parsing in scripts/config
- crypto: octeontx2 - suppress auth failure screaming due to negative
tests
- dm: restrict dm device size to 2^63-512 bytes
- xen: Add support for XenServer 6.1 platform device
- RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
- posix-timers: Add cond_resched() to posix_timer_add() search loop
- timer_list: Don't use %pK through printk()
- netfilter: conntrack: Bound nf_conntrack sysctl writes
- arm64/mm: Check PUD_TYPE_TABLE in pud_bad()
- mmc: sdhci: Disable SD card clock before changing parameters
- ipv6: save dontfrag in cork
- auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
hd44780_common"
- ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup()
- cpufreq: tegra186: Share policy per cluster
- arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator
- powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7
- tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
- rtc: ds1307: stop disabling alarms on probe
- ieee802154: ca8210: Use proper setters and getters for bitwise types
- ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114
- media: c8sectpfe: Call of_node_put(i2c_bus) only once in
c8sectpfe_probe()
- remoteproc: qcom_wcnss: Handle platforms with only single power domain
- drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
- pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
- net: ethernet: ti: cpsw_new: populate netdev of_node
- net: pktgen: fix mpls maximum labels list parsing
- ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
- media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
- clk: imx8mp: inform CCF of maximum frequency of clocks
- x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
- hwmon: (gpio-fan) Add missing mutex locks
- ARM: at91: pm: fix at91_suspend_finish for ZQ calibration
- drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence
- fpga: altera-cvp: Increase credit timeout
- PCI: brcmstb: Expand inbound window size up to 64GB
- PCI: brcmstb: Add a softdep to MIP MSI-X driver
- net/mlx5: Avoid report two health errors on same syndrome
- selftests/net: have `gro.sh -t` return a correct exit code
- drm/amdkfd: KFD release_work possible circular locking
- net: xgene-v2: remove incorrect ACPI_PTR annotation
- bonding: report duplicate MAC address in all situations
- soc: ti: k3-socinfo: Do not use syscon helper to build regmap
- x86/build: Fix broken copy command in genimage.sh when making isoimage
- drm/amd/display: handle max_downscale_src_width fail check
- x86/nmi: Add an emergency handler in nmi_desc & use it in
nmi_shootdown_cpus()
- cpuidle: menu: Avoid discarding useful information
- libbpf: Fix out-of-bound read
- x86/kaslr: Reduce KASLR entropy on most x86 systems
- MIPS: Use arch specific syscall name match function
- MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core
- clocksource: mips-gic-timer: Enable counter when CPUs start
- scsi: mpt3sas: Send a diag reset if target reset fails
- wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU
- wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU
- wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31
- EDAC/ie31200: work around false positive build warning
- RDMA/core: Fix best page size finding when it can cross SG entries
- can: c_can: Use of_property_present() to test existence of DT property
- eth: mlx4: don't try to complete XDP frames in netpoll
- PCI: Fix old_size lower bound in calculate_iosize() too
- ACPI: HED: Always initialize before evged
- net/mlx5: Modify LSB bitmask in temperature event to include only the
first bit
- net/mlx5: Apply rate-limiting to high temperature warning
- ASoC: ops: Enforce platform maximum on initial value
- ASoC: tas2764: Power up/down amp on mute ops
- ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot()
- pinctrl: devicetree: do not goto err when probing hogs in
pinctrl_dt_to_map
- smack: recognize ipv4 CIPSO w/o categories
- media: v4l: Memset argument to 0 before calling get_mbus_config pad op
- net/mlx4_core: Avoid impossible mlx4_db_alloc() order value
- phy: core: don't require set_mode() callback for phy_get_mode() to work
- drm/amdgpu: reset psp->cmd to NULL after releasing the buffer
- drm/amd/display: Initial psr_version with correct setting
- net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB
- net/mlx5e: set the tx_queue_len for pfifo_fast
- net/mlx5e: reduce rep rxq depth to 256 for ECPF
- wifi: mac80211: don't unconditionally call drv_mgd_complete_tx()
- wifi: mac80211: remove misplaced drv_mgd_complete_tx() call
- arch/powerpc/perf: Check the instruction type before creating sample
with perf_mem_data_src
- ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().
- r8152: add vendor/device ID pair for Dell Alienware AW1022z
- wifi: rtw88: Fix download_firmware_validate() for RTL8814AU
- clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs
- hwmon: (xgene-hwmon) use appropriate type for the latency value
- media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is
available
- r8169: don't scan PHY addresses > 0
- rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y
- rcu: fix header guard for rcu_all_qs()
- net/mana: fix warning in the writer of client oob
- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine
- scsi: st: Restore some drive settings after reset
- HID: usbkbd: Fix the bit shift number for LED_KANA
- drm/ast: Find VBIOS mode from regular display size
- bpftool: Fix readlink usage in get_fd_type
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt
- wifi: rtw88: Don't use static local variable in
rtw8822b_set_tx_power_index_by_rate
- spi: zynqmp-gqspi: Always acknowledge interrupts
- regulator: ad5398: Add device tree support
- wifi: ath9k: return by of_get_mac_address
- drm/atomic: clarify the rules around drm_atomic_state->allow_modeset
- drm: Add valid clones check
- ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of()
- pinctrl: meson: define the pull up/down resistor value as 60 kOhm
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx
- xenbus: Allow PVH dom0 a non-local xenstore
- remoteproc: qcom_wcnss: Fix on platforms without fallback regulators
- xfrm: Sanitize marks before insert
- Bluetooth: L2CAP: Fix not checking l2cap_chan security level
- bridge: netfilter: Fix forwarding of fragmented packets
- net: dwmac-sun8i: Use parsed internal PHY address instead of 1
- octeontx2-af: Set LMT_ENA bit for APR table entries
- llc: fix data loss when reading from a socket in llc_ui_recvmsg()
- drm/edid: fixed the bug that hdr metadata was not reset
- memcg: always call cond_resched() after fn()
- mm/page_alloc.c: avoid infinite retries caused by cpuset race
- Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection"
- spi: spi-fsl-dspi: restrict register range for regmap access
- spi: spi-fsl-dspi: Halt the module after a new message transfer
- spi: spi-fsl-dspi: Reset SR flags before sending a new message
- kbuild: Disable -Wdefault-const-init-unsafe
- i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work()
- xen/swiotlb: relax alignment requirements
- drm/i915/gvt: fix unterminated-string-initialization warning
- x86/its: Fix undefined reference to cpu_wants_rethunk_at()
- smb: client: Reset all search buffer pointers when releasing buffer
- arm64: dts: qcom: sm8350: Fix typo in pil_camera_mem node
- coredump: fix error handling for replace_fd()
- pid: add pidfd_prepare()
- fork: use pidfd_prepare()
- coredump: hand a pidfd to the usermode coredump helper
- HID: quirks: Add ADATA XPG alpha wireless mouse support
- nfs: don't share pNFS DS connections between net namespaces
- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
- um: let 'make clean' properly clean underlying SUBARCH as well
- spi: spi-sun4i: fix early activation
- nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro
- tpm: tis: Double the timeout B to 4s
- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
- platform/x86: thinkpad_acpi: Ignore battery threshold change event
notification
- perf/arm-cmn: Initialise cmn->cpu earlier
- Linux 5.15.185
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38051
- smb: client: Fix use-after-free in cifs_fill_dirent
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38030
- Revert "drm/amd: Keep display off while going into S4"
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38077
- platform/x86: dell-wmi-sysman: Avoid buffer overflow in
current_password_store()
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38078
- ALSA: pcm: Fix race of buffer access at PCM OSS layer
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38003
- can: bcm: add missing rcu read protection for procfs content
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38004
- can: bcm: add locking for bcm_op runtime updates
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38031
- padata: do not leak refcount in reorder_work
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38079
- crypto: algif_hash - fix double free in hash_accept
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38052
- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38058
- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38034
- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38035
- nvmet-tcp: don't restore null sk_state_change
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38037
- vxlan: Annotate FDB data races
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38061
- net: pktgen: fix access outside of user given buffer in
pktgen_thread_write()
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38043
- firmware: arm_ffa: Set dma_mask for ffa devices
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38044
- media: cx231xx: set device_caps for 417
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38065
- orangefs: Do not truncate file size
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38066
- dm cache: prevent BUG_ON by blocking retries on failed device resumes
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38068
- crypto: lzo - Fix compression buffer overrun
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38072
- libnvdimm/labels: Fix divide error in nd_label_data_init()
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38048
- virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN
* Jammy update: v5.15.185 upstream stable release (LP: #2115240) //
CVE-2025-38075
- scsi: target: iscsi: Fix timeout on deleted connection
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
* raid10: block discard causes a NULL pointer dereference after
5.15.0-144-generic (LP: #2117395)
- md: move initialization and destruction of 'io_acct_set' to md.c
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
* CVE-2024-50073
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
-- Stefan Bader <stefan.bader@canonical.com> Wed, 23 Jul 2025 11:19:03 +0200
linux (5.15.0-144.157) jammy; urgency=medium
* jammy/linux: 5.15.0-144.157 -proposed tracker (LP: #2114581)
* cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
- cifs: fix NULL ptr dereference in refresh_mounts()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- tracing: probes: Fix a possible race in trace_probe_log APIs
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: chemical: sps30: use aligned_s64 for timestamp
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
- nfs: handle failure of nfs_get_lock_context in unlock path
- spi: loopback-test: Do not split 1024-byte hexdumps
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- x86,nospec: Simplify {JMP,CALL}_NOSPEC
- x86/speculation: Simplify and make CALL_NOSPEC consistent
- x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
- x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- [Config] enable ITS mitigation
- x86/alternative: Optimize returns patching
- x86/alternatives: Remove faulty optimization
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/its: Use dynamic thunks for indirect branches
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
interrupted"
- btrfs: fix discard worker infinite loop after disabling discard
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- wifi: mt76: disable napi on driver removal
- dmaengine: ti: k3-udma: Add missing locking
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- block: fix direct io NOWAIT flag not work
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
- selftests/mm: compaction_test: support platform with huge mount of
memory
- netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
- netfilter: nf_tables: wait for rcu grace period on net_device removal
- netfilter: nf_tables: do not defer rule destruction via call_rcu
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
- Linux 5.15.184
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49063
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49168
- btrfs: do not clean up repair bio if submit fails
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-46751
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-22062
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-53203
- usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-35790
- usb: typec: altmodes/displayport: create sysfs nodes as driver's default
device attribute group
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
output (LP: #2107516)
- SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
device"
* Jammy update: v5.15.183 upstream stable release (LP: #2111705)
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- openvswitch: Fix unsafe attribute parsing in output_userspace()
- gre: Fix again IPv6 link-local address generation.
- can: gw: use call_rcu() instead of costly synchronize_rcu()
- rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
- can: gw: fix RCU/BH usage in cgw_create_job()
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: fix learning on VLAN unaware bridges
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- iio: adc: ad7606: fix serial register access
- iio: adis16201: Correct inclinometer channel resolution
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- usb: uhci-platform: Make the clock really optional
- module: ensure that kobject_put() is safe for module type kobjects
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- usb: typec: ucsi: displayport: Fix NULL pointer access
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- types: Complement the aligned types with signed 64-bit one
- iio: adc: dln2: Use aligned_s64 for timestamp
- MIPS: Fix MAX_REG_OFFSET
- drm/panel: simple: Update timings for AUO G101EVN010
- nvme: unblock ctrl state transition for firmware update
- do_umount(): add missing barrier before refcount checks in sync case
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- Linux 5.15.183
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37964
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
* Jammy update: v5.15.182 upstream stable release (LP: #2111618)
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5: E-switch, Fix error handling for enabling roce
- net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- ice: Refactor promiscuous functions
- net: dlink: Correct endianness handling of led_mode
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: add support for external loopback test
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- PCI: imx6: Skip controller_id generation logic for i.MX7D
- net: hns3: fix deadlock issue when externel_lb and reset are executed
together
- ARM: dts: opos6ul: add ksz8081 phy properties
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
- irqchip/gic-v2m: Add const to of_device_id
- irqchip/gic-v2m: Mark a few functions __init
- iommu/arm-smmu-v3: Use the new rb tree helpers
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- dm: fix copying after src array boundaries
- Linux 5.15.182
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2022-21546
- scsi: target: Fix WRITE_SAME No Data Buffer crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37819
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-38541
- of: module: add buffer overflow check in of_modalias()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-26739
- net/sched: act_mirred: don't override retval if we already lost the skb
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-21839
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606)
- net: ethtool: Don't call .cleanup_data when prepare_data fails
- ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining
ones
- ata: sata_sx4: Add error handling in pdc20621_i2c_read()
- nvmet-fcloop: swap list_add_tail arguments
- nft_set_pipapo: fix incorrect avx2 match of 5th field octet
- umount: Allow superblock owners to force umount
- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
when running in a virtual machine
- perf: arm_pmu: Don't disable counter in armpmu_add()
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
- xen/mcelog: Add __nonstring annotations for unterminated strings
- HID: pidff: Convert infinite length from Linux API to PID standard
- HID: pidff: Do not send effect envelope if it's empty
- ALSA: hda: intel: Fix Optimus when GPU has no sound
- ASoC: fsl_audmix: register card device depends on 'dais' property
- ALSA: usb-audio: Fix CME quirk for UF series keyboards
- fs/jfs: cast inactags to s64 to prevent potential overflow
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller
- ext4: protect ext4_release_dquot against freezing
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
- tracing: fix return value in __ftrace_event_enable_disable for
TRACE_REG_UNREGISTER
- Bluetooth: hci_uart: fix race during initialization
- drm: allow encoder mode_set even when connectors change for crtc
- drm/amd/display: Update Cursor request mode to the beginning prefetch
always
- drm: panel-orientation-quirks: Add support for AYANEO 2S
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2
- drm/bridge: panel: forbid initializing a panel with unknown connector
type
- drivers: base: devres: Allow to release group on device release
- drm/amdkfd: clamp queue size to minimum
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories
- pwm: rcar: Simplify multiplication/shift logic
- pwm: rcar: Improve register calculation
- pwm: fsl-ftm: Handle clk_get_rate() returning 0
- bpf: Add endian modifiers to fix endian warnings
- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
- ext4: don't treat fhandle lookup of ea_inode as FS corruption
- media: i2c: adv748x: Fix test pattern selection mask
- media: vim2m: print device name after registering device
- media: siano: Fix error handling in smsdvb_module_init()
- xenfs/xensyms: respect hypervisor's "next" indication
- arm64: cputype: Add MIDR_CORTEX_A76AE
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe
list
- spi: cadence-qspi: Fix probe on AM62A LP SK
- media: streamzap: prevent processing IR data on URB failure
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
- media: i2c: ccs: Set the device's runtime PM status correctly in remove
- media: i2c: ccs: Set the device's runtime PM status correctly in probe
- media: i2c: ov7251: Set enable GPIO low in probe
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
- mtd: Add check for devm_kcalloc()
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320
family
- mtd: Replace kcalloc() with devm_kcalloc()
- clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init
wakeup
- wifi: mt76: Add check for devm_kstrdup()
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
- vdpa/mlx5: Fix oversized null mkey longer than 32bit
- i3c: master: svc: Use readsb helper for reading MDB
- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist
offsets
- mptcp: only inc MPJoinAckHMacFailure for HMAC failures
- mtd: rawnand: Add status chack in r852_ready()
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
- sparc/mm: disable preemption in lazy mmu mode
- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
- mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
- crypto: ccp - Fix check for the primary ASP device
- dm-integrity: set ti->error on memory allocation failure
- gpio: zynq: Fix wakeup source leaks on device unbind
- ntb: use 64-bit arithmetic for the MSI doorbell mask
- of/irq: Fix device node refcount leakages in of_irq_count()
- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
- of/irq: Fix device node refcount leakages in of_irq_init()
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
- PCI: Fix reference leak in pci_alloc_child_bus()
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected()
lists
- ACPI: platform-profile: Fix CFI violation when accessing sysfs files
- x86/e820: Fix handling of subpage regions when calculating nosave ranges
in e820__register_nosave_regions()
- Bluetooth: hci_uart: Fix another race during initialization
- scsi: hisi_sas: Start delivery hisi_sas_task_exec() directly
- scsi: hisi_sas: Pass abort structure for internal abort
- scsi: hisi_sas: Factor out task prep and delivery code
- scsi: hisi_sas: Fix setting of hisi_sas_slot.is_internal
- scsi: libsas: Delete lldd_clear_aca callback
- scsi: libsas: Add struct sas_tmf_task
- scsi: hisi_sas: Enable force phy when SATA disk directly connected
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
- scsi: iscsi: Fix missing scsi_host_put() in error path
- md/raid10: fix missing discard IO accounting
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
- RDMA/hns: Fix wrong maximum DMA segment size
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid
address
- Bluetooth: l2cap: Check encryption key size on incoming connection
- Revert "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()"
- igc: move ktime snapshot into PTM retry loop
- igc: handle the IGC_PTP_ENABLED flag correctly
- igc: cleanup PTP module if probe fails
- net: b53: enable BPDU reception for management port
- net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del()
fails
- riscv: Properly export reserved regions in /proc/iomem
- riscv: KGDB: Do not inline arch_kgdb_breakpoint()
- riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
- writeback: fix false warning in inode_to_wb()
- Revert "PCI: Avoid reset when disabled via sysfs"
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
- asus-laptop: Fix an uninitialized variable
- nfs: move nfs_fhandle_hash to common include file
- nfs: add missing selections of CONFIG_CRC32
- btrfs: correctly escape subvol in btrfs_show_options()
- crypto: caam/qi - Fix drv_ctx refcount bug
- loop: properly send KOBJ_CHANGED uevent for disk device
- loop: LOOP_SET_FD: send uevents for partitions
- mm/gup: fix wrongly calculated returned value in
fault_in_safe_writeable()
- riscv: Avoid fortify warning in syscall_get_arguments()
- tracing: Fix filter string testing
- perf/x86/intel: Allow to update user space GPRs from PEBS records
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
- drm/repaper: fix integer overflows in repeat functions
- drm/amdgpu/dma_buf: fix page_link check
- drm/sti: remove duplicate object names
- KVM: arm64: Get rid of host SVE tracking/saving
- KVM: arm64: Always start with clearing SVE flag on load
- KVM: arm64: Discard any SVE state when entering KVM guests
- arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
- arm64/fpsimd: Have KVM explicitly say which FP registers to save
- arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
- KVM: arm64: Remove host FPSIMD saving for non-protected KVM
- KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
- KVM: arm64: Calculate cptr_el2 traps on activating traps
- KVM: arm64: Eagerly switch ZCR_EL{1,2}
- cpufreq: Reference count policy in cpufreq_update_limits()
- kbuild: Add '-fno-builtin-wcslen'
- mptcp: sockopt: fix getting IPV6_V6ONLY
- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq'
error
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
- x86/pvh: Call C code via the kernel virtual mapping
- landlock: Add the errata interface
- nvmet-fc: Remove unused functions
- Revert "smb: client: fix use-after-free bug in
cifs_debug_data_proc_show()"
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
- blk-cgroup: support to track if policy is online
- net: openvswitch: fix race on port output
- openvswitch: fix lockup on tx to unregistering netdev with carrier
- MIPS: dec: Declare which_prom() as static
- MIPS: cevt-ds1287: Add missing ds1287.h include
- MIPS: ds1287: Match ds1287_set_base_clock() function types
- mm: fix apply_to_existing_page_range()
- module: sign with sha512 instead of sha1 by default
- media: streamzap: remove unnecessary ir_raw_event_reset and handle
- media: streamzap: no need for usb pid/vid in device name
- media: streamzap: less chatter
- media: streamzap: remove unused struct members
- auxdisplay: hd44780: Convert to platform remove callback returning void
- auxdisplay: hd44780: Fix an API misuse in hd44780.c
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family
- soc: samsung: exynos-chipid: avoid soc_device_to_device()
- soc: samsung: exynos-chipid: Pass revision reg offsets
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
return value check
- iio: adc: ad7768-1: Fix conversion result sign
- backlight: led_bl: Convert to platform remove callback returning void
- cifs: print TIDs as hex
- cifs: fix integer overflow in match_server()
- gpio: tegra186: Force one interrupt per bank
- gpio: tegra186: fix resource handling in ACPI probe path
- Revert "PCI: Coalesce host bridge contiguous apertures"
- PCI: Coalesce host bridge contiguous apertures
- PCI: Assign PCI domain IDs by ida_alloc()
- ksmbd: Prevent integer overflow in calculation of deadtime
- selftests/mm: generate a temporary mountpoint for cgroup filesystem
- kmsan: disable strscpy() optimization under KMSAN
- string: Add load_unaligned_zeropad() code path to sized_strscpy()
- drm/msm/a6xx: Improve gpu recovery sequence
- drm/msm/a6xx: Handle GMU prepare-slumber hfi failure
- drm/msm/a6xx: Avoid gx gbit halt during rpm suspend
- drm/msm/a6xx: Fix stale rpmh votes from GPU
- dma/contiguous: avoid warning about unused size_bytes
- cpufreq: cppc: Fix invalid return value in .get() callback
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
- virtio_console: fix missing byte order handling for cols and rows
- net: selftests: initialize TCP header and skb payload with zero
- drm/amd/display: Fix gpu reset in multidisplay config
- KVM: SVM: Allocate IR data using atomic allocation
- USB: storage: quirk for ADATA Portable HDD CH94
- mei: me: add panther lake H DID
- serial: sifive: lock port in startup()/shutdown() callbacks
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
- USB: serial: option: add Sierra Wireless EM9291
- USB: serial: simple: add OWON HDS200 series oscilloscope support
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
- USB: VLI disk crashes if LPM is used
- USB: wdm: handle IO errors in wdm_wwan_port_start
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
- USB: wdm: add annotation
- MIPS: cm: Detect CM quirks from device tree
- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
- parisc: PDT: Fix missing prototype warning
- s390/tty: Fix a potential memory leak bug
- usb: host: max3421-hcd: Add missing spi_device_id table
- fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
- dmaengine: dmatest: Fix dmatest waiting less when interrupted
- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
wcd934x_slim_irq_handler()
- ntb: reduce stack usage in idt_scan_mws
- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
- KVM: s390: Don't use %pK through tracepoints
- selftests: ublk: fix test_stripe_04
- xen: Change xen-acpi-processor dom0 dependency
- nvme: requeue namespace scan on missed AENs
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
- nvme: re-read ANA log page after ns scan completes
- objtool: Stop UNRET validation on UD2
- selftests/mincore: Allow read-ahead pages to reach the end of the file
- x86/bugs: Use SBPB in write_ibpb() if applicable
- x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
- x86/bugs: Don't fill RSB on context switch with eIBRS
- nvmet-fc: take tgtport reference only once
- nvmet-fc: put ref when assoc->del_work is already scheduled
- ext4: make block validity check resistent to sb bh corruption
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
- scsi: pm80xx: Set phy_attached to zero when device is gone
- loop: aio inherit the ioprio of original request
- ubsan: Fix panic from test_ubsan_out_of_bounds
- md/raid1: Add check for missing source disk in process_checks()
- jfs: define xtree root and page independently
- comedi: jr3_pci: Fix synchronous deletion of timer
- crypto: atmel-sha204a - Set hwrng quality to lowest possible
- net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
- net: dsa: mv88e6xxx: enable PVT for 6321 switch
- net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
- xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
- MIPS: cm: Fix warning if MIPS_CM is disabled
- nvme: fixup scan failure for non-ANA multipath controllers
- PCI: Fix use-after-free in pci_bus_release_domain_nr()
- PCI: Fix dropping valid root bus resources with .end = zero
- PCI: Release resource invalidated by coalescing
- Linux 5.15.181
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49989
- drm/amd/display: fix double free issue during amdgpu module unload
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37803
- udmabuf: fix a buf size overflow issue during udmabuf creation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37983
- qibfs: fix _another_ leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37881
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37805
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37883
- s390/sclp: Add check for get_zeroed_page()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37808
- crypto: null - Use spin lock instead of mutex
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37985
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37810
- usb: dwc3: gadget: check that event count does not exceed event buffer
length
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37811
- usb: chipidea: ci_hdrc_imx: fix usbmisc handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37812
- usb: cdns3: Fix deadlock when using NCM gadget
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37885
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37817
- mcb: fix a double free bug in chameleon_parse_gdd()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37823
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37824
- tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37989
- net: phy: leds: fix memory leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37829
- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37830
- cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37836
- PCI: Fix reference leak in pci_register_host_bridge()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37844
- cifs: avoid NULL pointer dereference in dbg call
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23144
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23148
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-22027
- media: streamzap: fix race between device disconnection and urb callback
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50125
- Bluetooth: SCO: Fix UAF on sco_sock_timeout
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-49535
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35943
- pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-26686
- fs/proc: do_task_stat: use sig->stats_lock to gather the
threads/children stats
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-48893
- drm/i915/gt: Cleanup partial engine discovery failures
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50280
- dm cache: fix flushing uninitialized delayed_work on cache_ctr error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-54458
- scsi: ufs: bsg: Set bsg_queue to NULL after removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-42322
- ipvs: properly dereference pe in ip_vs_add_service
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49960
- ext4: fix timer use-after-free on failed mount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-36908
- blk-iocost: do not WARN if iocg was already offlined
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-21853
- bpf: avoid holding freeze_mutex during mmap operation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-53128
- sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35867
- smb: client: fix potential UAF in cifs_stats_proc_show()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52757
- smb: client: fix potential deadlock when releasing mids
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46742
- smb/server: fix potential null-ptr-deref of lease_ctx_info in
smb2_open()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52572
- cifs: Fix UAF in cifs_demultiplex_thread()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35866
- smb: client: fix potential UAF in cifs_dump_full_key()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46816
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
max_links
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46774
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-38540
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-27402
- phonet/pep: fix racy skb_queue_empty() use
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50272
- filemap: Fix bounds checking in filemap_read()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50258
- net: fix crash when config small gso_max_size/gso_ipv4_max_size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-56751
- ipv6: release nexthop on device removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23140
- misc: pci_endpoint_test: Avoid issue of interrupts remaining after
request_irq error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37765
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37766
- drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37767
- drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768
- drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37770
- drm/amd/pm/powerplay: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768 // CVE-2025-37771
- drm/amd/pm: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37773
- virtiofs: add filesystem context source name check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37780
- isofs: Prevent the use of too small fid
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37781
- i2c: cros-ec-tunnel: defer probe if parent EC is not present
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37782
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-0927 has been rejected. Revert this fix and apply upstream fix
- Revert "UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to
hfs_bnode_read_key"
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37871
- nfsd: decrease sc_count directly if fail to queue dl_recall
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37787
- net: dsa: mv88e6xxx: avoid unregistering devlink regions which were
never registered
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37788
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37789
- net: openvswitch: fix nested key length validation in the set() action
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37790
- net: mctp: Set SOCK_RCU_FREE
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37875
- igc: fix PTM cycle trigger logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37792
- Bluetooth: btrtl: Prevent potential NULL dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37867
- RDMA/core: Silence oversized kvmalloc() warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37982
- wifi: wl1251: fix memory leak in wl1251_tx_work
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37794
- wifi: mac80211: Purge vif txq in ieee80211_do_stop()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37796
- wifi: at76c50x: fix use after free access in at76_disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37838
- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
Driver Due to Race Condition
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37940
- ftrace: Add cond_resched() to ftrace_graph_set_hash()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23142
- sctp: detect and prevent references to a freed transport in sendmsg
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37892
- mtd: inftlcore: Add error check for inftl_read_oob()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23145
- mptcp: fix NULL pointer in can_accept_new_subflow
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23146
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37839
- jbd2: remove wrong sb->s_sequence check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23147
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23150
- ext4: fix off-by-one error in do_split
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23151
- bus: mhi: host: Fix race between unprepare and queue_buf
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23156
- media: venus: hfi_parser: refactor hfi packet parsing logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23157
- media: venus: hfi_parser: add check to avoid out of bound access
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37840
- mtd: rawnand: brcmnand: fix PM resume warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23158
- media: venus: hfi: add check to handle incorrect queue size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23159
- media: venus: hfi: add a check to handle OOB in sfr region
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37850
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37851
- fbdev: omapfb: Add 'plane' value check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23161
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23163
- net: vlan: don't propagate flags on open
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37857
- scsi: st: Fix array overflow in st_setup()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37738
- ext4: ignore xattrs past end
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37739
- f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37740
- jfs: add sanity check for agwidth in dbMount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37741
- jfs: Prevent copying of nlink with value 0 from disk inode
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37858
- fs/jfs: Prevent integer overflow in AG size calculation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37742
- jfs: Fix uninit-value access of imap allocated in the diMount() function
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37859
- page_pool: avoid infinite loop to schedule delayed worker
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37862
- HID: pidff: Fix null pointer dereference in pidff_find_fields
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37841
- pm: cpupower: bench: Prevent NULL dereference on malloc failure
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37749
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37757
- tipc: fix memory leak in tipc_link_xmit
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37758
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
* CVE-2024-53051
- drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
* CVE-2024-46787
- userfaultfd: fix checks for huge PMDs
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
* CVE-2025-37750
- smb: client: fix UAF in decryption with multichannel
* CVE-2024-53185
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
* CVE-2024-50047
- smb: client: fix UAF in async decryption
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
-- Mehmet Basaran <mehmet.basaran@canonical.com> Mon, 16 Jun 2025 09:39:56 +0300
linux (5.15.0-142.152) jammy; urgency=medium
* jammy/linux: 5.15.0-142.152 -proposed tracker (LP: #2110829)
* Rotate the Canonical Livepatch key (LP: #2111244)
- [Config] Prepare for Canonical Livepatch key rotation
* Jammy generic-64k fails to initialize gVNIC devices (LP: #2109537)
- gve: Perform adminq allocations through a dma_pool.
- gve: Deprecate adminq_pfn for pci revision 0x1.
- gve: Remove obsolete checks that rely on page size.
- gve: Add page size register to the register_page_list command.
- gve: Remove dependency on 4k page size.
* CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
(LP: #2099914) // CVE-2025-2312
- CIFS: New mount option for cifs.upcall namespace resolution
* [UBUNTU 22.04] net/smc: fix neighbour and rtable leak in smc_ib_find_route()
(LP: #2109601) // CVE-2024-36945
- net/smc: fix neighbour and rtable leak in smc_ib_find_route()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355)
- clockevents/drivers/i8253: Fix stop sequence for timer 0
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full
- fbdev: hyperv_fb: iounmap() the correct memory when removing a device
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
- net: dsa: mv88e6xxx: Verify after ATU Load ops
- netpoll: hold rcu read lock in __netpoll_send_skb()
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
- ipvs: prevent integer overflow in do_ip_vs_get_ctl()
- netfilter: nft_exthdr: fix offset with ipv4_find_option()
- gre: Fix IPv6 link-local address generation.
- slab: clean up function prototypes
- slab: Introduce kmalloc_size_roundup()
- openvswitch: Use kmalloc_size_roundup() to match ksize() usage
- net: openvswitch: remove misbehaving actions length check
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
- nvme-fc: go straight to connecting state when initializing
- hrtimers: Mark is_migration_base() with __always_inline
- powercap: call put_device() on an error path in
powercap_register_control_type()
- scsi: core: Use GFP_NOIO to avoid circular locking dependency
- ACPI: resource: IRQ override for Eluktronics MECH-17
- alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
- vboxsf: fix building with GCC 15
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
- sched: Clarify wake_up_q()'s write to task->wake_q.next
- s390/cio: Fix CHPID "configure" attribute caching
- thermal/cpufreq_cooling: Remove structure member documentation
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done
- sctp: Fix undefined behavior in left shift operation
- nvme: only allow entering LIVE from CONNECTING state
- ASoC: tas2770: Fix volume scale
- ASoC: tas2764: Fix power control mask
- ASoC: tas2764: Set the SDOUT polarity correctly
- fuse: don't truncate cached, mutated symlink
- x86/irq: Define trace events conditionally
- mptcp: safety check before fallback
- drm/nouveau: Do not override forced connector status
- block: fix 'kmem_cache of name 'bio-108' already exists'
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
- USB: serial: option: add Telit Cinterion FE990B compositions
- USB: serial: option: fix Telit Cinterion FE990A name
- USB: serial: option: match on interface class for Telit FN990B
- drm/atomic: Filter out redundant DPMS calls
- drm/amd/display: Restore correct backlight brightness after a GPU reset
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c
- lib/buildid: Handle memfd_secret() files in build_id_parse()
- tcp: fix races in tcp_abort()
- ASoC: ops: Consistently treat platform_max as control value
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
- cifs: Fix integer overflow while processing actimeo mount option
- i2c: ali1535: Fix an error handling path in ali1535_probe()
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
- i2c: sis630: Fix an error handling path in sis630_probe()
- drm/amd/display: Check for invalid input params when building scaling params
- smb: client: Fix match_session bug preventing session reuse
- Revert "smb: client: fix potential UAF in cifs_debug_files_proc_show()"
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
- firmware: imx-scu: fix OF node leak in .probe()
- xfrm_output: Force software GSO only in tunnel mode
- ARM: dts: bcm2711: PL011 UARTs are actually r1p5
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
- ARM: dts: bcm2711: Don't mark timer regs unconfigured
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
- RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt()
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
- RDMA/hns: Fix a missing rollback in error path of
hns_roce_create_qp_common()
- RDMA/hns: Fix wrong value of max_sge_rd
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
- Revert "gre: Fix IPv6 link-local address generation."
- i2c: omap: fix IRQ storms
- drm/v3d: Don't run jobs that have errors flagged in its fence
- mmc: atmel-mci: Add missing clk_disable_unprepare()
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment
- batman-adv: Ignore own maximum aggregation size during RX
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
- mptcp: Fix data stream corruption in the address announcement
- arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
- ARM: Remove address checking for MMUless devices
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
- counter: stm32-lptimer-cnt: fix error handling when enabling
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
- net: usb: usbnet: restore usb%d name exception for local mac addresses
- serial: 8250_dma: terminate correct DMA in tx_dma_flush()
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
- cpufreq: scpi: compare kHz instead of Hz
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
- x86/fpu: Avoid copying dynamic FP state from init_task in
arch_dup_task_struct()
- x86/platform: Only allow CONFIG_EISA for 32-bit
- [Config] updateconfigs for HAVE_EISA
- PM: sleep: Adjust check before setting power.must_resume
- selinux: Chain up tool resolving errors in install_policy.sh
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
- EDAC/ie31200: Fix the DIMM size mask for several SoCs
- EDAC/ie31200: Fix the error path order of ie31200_init()
- PM: sleep: Fix handling devices with direct_complete set on errors
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
- media: platform: allgro-dvt: unregister v4l2_device on the error path
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
- ALSA: hda/realtek: Always honor no_shutup_pins
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
compatible
- drm/bridge: ti-sn65dsi86: Fix multiple instances
- drm/dp_mst: Fix drm RAD print
- drm: xlnx: zynqmp: Fix max dma segment size
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
payload
- PCI: brcmstb: Use internal register to change link capability
- PCI/portdrv: Only disable pciehp interrupts early when needed
- PCI: Avoid reset when disabled via sysfs
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
- PCI: Remove stray put_device() in pci_register_host_bridge()
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
- fbdev: au1100fb: Move a variable assignment behind a null pointer check
- mdacon: rework dependency list
- fbdev: sm501fb: Add some geometry checks.
- clk: amlogic: gxbb: drop incorrect flag on 32k clock
- crypto: hisilicon/sec2 - fix for aead authsize alignment
- of: property: Increase NR_FWNODE_REFERENCE_ARGS
- remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
- libbpf: Fix hypothetical STT_SECTION extern NULL deref case
- clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
- bpf: Use preempt_count() directly in bpf_send_signal_common()
- lib: 842: Improve error handling in sw842_compress()
- pinctrl: renesas: rza2: Fix missing of_node_put() call
- pinctrl: renesas: rzg2l: Fix missing of_node_put() call
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
- remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
- IB/mad: Check available slots before posting receive WRs
- pinctrl: tegra: Set SFIO mode to Mux Register
- clk: amlogic: g12b: fix cluster A parent data
- clk: amlogic: gxbb: drop non existing 32k clock parent
- clk: amlogic: g12a: fix mmc A peripheral clock
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
- power: supply: max77693: Fix wrong conversion of charge input threshold
value
- crypto: nx - Fix uninitialised hv_nxc on error
- mfd: sm501: Switch to BIT() to mitigate integer overflows
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to
misplaced assignment
- crypto: hisilicon/sec2 - fix for aead auth key length
- clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
- soundwire: slave: fix an OF node reference leak in soundwire slave device
- coresight: catu: Fix number of pages while using 64k pages
- iio: accel: mma8452: Ensure error return on failure to matching oversampling
ratio
- iio: adc: ad7124: Fix comparison of channel configs
- perf units: Fix insufficient array space
- kexec: initialize ELF lowest address to ULONG_MAX
- NFSv4: Don't trigger uneccessary scans for return-on-close delegations
- fuse: fix dax truncate/punch_hole fault path
- i3c: master: svc: Fix missing the IBI rules
- perf python: Fixup description of sample.id event member
- perf python: Decrement the refcount of just created event on failure
- perf python: Don't keep a raw_data pointer to consumed ring buffer space
- perf python: Check if there is space to copy all the event
- fs/procfs: fix the comment above proc_pid_wchan()
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
- exfat: fix the infinite loop in exfat_find_last_cluster()
- ksmbd: fix multichannel connection failure
- ring-buffer: Fix bytes_dropped calculation issue
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are
invalid
- octeontx2-af: Fix mbox INTR handler when num VFs > 64
- octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
- sched/smt: Always inline sched_smt_active()
- wifi: iwlwifi: fw: allocate chained SG tables for dump
- nvme-tcp: fix possible UAF in nvme_tcp_poll
- nvme-pci: clean up CMBMSC when registering CMB fails
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
- affs: generate OFS sequence numbers starting at 1
- affs: don't write overlarge OFS data block size fields
- sched/deadline: Use online cpus for validating runtime
- locking/semaphore: Use wake_q to wake up processes outside lock critical
section
- x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
- drm/amd: Keep display off while going into S4
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
- can: statistics: use atomic access in hot path
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
- riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and
make_call_ra
- ntb: intel: Fix using link status DB's
- netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets
only
- vsock: avoid timeout during connect() if the socket is closing
- tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
- can: flexcan: only change CAN state when link up in system PM
- can: flexcan: disable transceiver during system PM
- mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
- tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related
registers
- platform/x86: ISST: Correct command storage data length
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
- tracing: Ensure module defining synth event cannot be unloaded while tracing
- tracing: Fix synth event printk format for str fields
- tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
- ext4: don't over-report free space or inodes in statvfs
- jfs: add index corruption check to DT_GETPAGE()
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
- mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume
- mm, slab: remove duplicate kernel-doc comment for ksize()
- tracing: Do not use PERF enums when perf is not defined
- mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe()
- Linux 5.15.180
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22025
- nfsd: put dl_stid if fail to queue dl_recall
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-39735
- jfs: fix slab-out-of-bounds read in ea_get()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-37785
- ext4: fix OOB read when checking dotdot dir
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22035
- tracing: Fix use-after-free in print_graph_function_flags during tracer
switching
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22044
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22045
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46753
- btrfs: handle errors from btrfs_dec_ref() properly
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22050
- usbnet:fix NPE during rx_complete
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46812
- drm/amd/display: Skip inactive planes within
ModeSupportAndSystemConfiguration
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46821
- drm/amd/pm: Fix negative array index read
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22054
- arcnet: Add NULL check in com20020pci_probe()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22055
- net: fix geneve_opt length integer overflow
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22056
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22060
- net: mvpp2: Prevent parser TCAM memory corruption
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38637
- net_sched: skbprio: Remove overly strict queue assertions
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22063
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22066
- ASoC: imx-card: Add NULL check in imx_card_probe()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2023-53034
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22071
- spufs: fix a leak in spufs_create_context()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22073
- spufs: fix a leak on spufs_new_file() failure
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21994
- ksmbd: fix incorrect validation for num_aces field of smb_acl
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38575
- ksmbd: use aead_request_free to match aead_request_alloc
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22075
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22079
- ocfs2: validate l_tree_depth to avoid out-of-bounds access
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22081
- fs/ntfs3: Fix a couple integer overflows on 32bit systems
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22086
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22089
- RDMA/core: Don't expose hw_counters outside of init net namespace
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-39728
- clk: samsung: Fix UBSAN panic in samsung_clk_init()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38152
- remoteproc: core: Clear table_sz when rproc_shutdown
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-58093
- PCI/ASPM: Fix link state exit during switch upstream function removal
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22097
- drm/vkms: Fix use after free and double free on init error
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-23136
- thermal: int340x: Add NULL check for adev
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-23138
- watch_queue: fix pipe accounting mismatch
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22020
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22021
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22018
- atm: Fix NULL pointer dereference
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-56664
- bpf, sockmap: Fix race between element replace and close()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-53144 // CVE-2024-8805
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21996
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22014
- soc: qcom: pdr: Fix the potential deadlock
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21999
- proc: fix UAF in proc_get_inode()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22008
- regulator: check that dummy regulator has been probed before using it
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22004
- net: atm: fix use after free in lec_send()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22005
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22007
- Bluetooth: Fix error code in chan_alloc_skb_cb()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22010
- RDMA/hns: Fix soft lockup during bt pages loop
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21941
- drm/amd/display: Fix null check for pipe_ctx->plane_state in
resource_build_scaling_params
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21962
- cifs: Fix integer overflow while processing closetimeo mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21963
- cifs: Fix integer overflow while processing acdirmax mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21964
- cifs: Fix integer overflow while processing acregmax mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21968
- drm/amd/display: Fix slab-use-after-free on hdcp_work
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21956
- drm/amd/display: Assign normalized_pix_clk when color depth = 14
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21991
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21992
- HID: ignore non-functional sensor in HP 5MP Camera
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21957
- scsi: qla1280: Fix kernel oops when debug level > 2
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21970
- net/mlx5: Bridge, fix the crash caused by LAG state check
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21959
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
insert_tree()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21975
- net/mlx5: handle errors in mlx5_chains_create_table()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21981
- ice: fix memory leak in aRFS after reset
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2022-49728
- ipv6: Fix signed integer overflow in __ip6_append_data
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2022-49636
- vlan: fix memory leak in vlan_newlink()
* VM boots slowly with large-BAR GPU Passthrough due to pci/probe.c redundancy
(LP: #2097389)
- PCI: Batch BAR sizing operations
* kexec fails in LPAR when some cpus are disabled (LP: #2075575)
- powerpc/pseries: Fix scv instruction crash with kexec
* CVE-2024-56608
- drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
* CVE-2024-53168
- net: make sock_inuse_add() available
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
* CVE-2024-56551
- drm/amdgpu: fix usage slab after free
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
-- Stefan Bader <stefan.bader@canonical.com> Mon, 19 May 2025 12:17:06 +0200
linux (5.15.0-140.150) jammy; urgency=medium
* jammy/linux: 5.15.0-140.150 -proposed tracker (LP: #2106996)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.04.14)
* NFS, overlay, fstab issue after update to kernel 5.15.0-133-generic and -134
(LP: #2103598)
- udf: Fix directory iteration for longer tail extents
* Remove floppy kernel module causes null pointer deference (LP: #2104326)
- floppy: fix add_disk() assumption on exit due to new developments
* CVE-2025-21971
- net_sched: Prevent creation of classes with TC_H_ROOT
* CVE-2024-56599
- wifi: ath10k: avoid NULL pointer error during sdio remove
* CVE-2024-56721
- x86/CPU/AMD: Terminate the erratum_1386_microcode array
* Jammy update: v5.15.179 upstream stable release (LP: #2106026)
- afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
- afs: Fix directory format encoding struct
- hung_task: move hung_task sysctl interface to hung_task.c
- sysctl: use const for typically used max/min proc sysctls
- sysctl: share unsigned long const values
- fs: move inode sysctls to its own file
- fs: move fs stat sysctls to file_table.c
- fs: fix proc_handler for sysctl_nr_open
- block: deprecate autoloading based on dev_t
- block: retry call probe after request_module in blk_request_module
- pstore/blk: trivial typo fixes
- nvme: Add error check for xa_store in nvme_get_effects_log
- partitions: ldm: remove the initial kernel-doc notation
- select: Fix unbalanced user_access_end()
- afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
- sched/psi: Use task->psi_flags to clear in CPU migration
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
- drm/etnaviv: Fix page property being used for non writecombine buffers
- genirq: Make handle_enforce_irqctx() unconditionally available
- wifi: rtlwifi: do not complete firmware loading needlessly
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
- wifi: rtlwifi: wait for firmware loading before releasing memory
- wifi: rtlwifi: fix init_sw_vars leak when probe fails
- wifi: rtlwifi: usb: fix workqueue leak when probe fails
- spi: zynq-qspi: Add check for clk_enable()
- dt-bindings: mmc: controller: clarify the address-cells description
- spi: dt-bindings: add schema listing peripheral-specific properties
- dt-bindings: Another pass removing cases of 'allOf' containing a '$ref'
- dt-bindings: leds: Add Qualcomm Light Pulse Generator binding
- dt-bindings: leds: Optional multi-led unit address
- dt-bindings: leds: Add multicolor PWM LED bindings
- dt-bindings: leds: class-multicolor: reference class directly in multi-led
node
- dt-bindings: leds: class-multicolor: Fix path to color definitions
- rtlwifi: replace usage of found with dedicated list iterator variable
- wifi: rtlwifi: remove unused timer and related code
- wifi: rtlwifi: remove unused dualmac control leftovers
- wifi: rtlwifi: destroy workqueue at rtl_deinit_core
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory
- HID: multitouch: Add support for lenovo Y9000P Touchpad
- Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
- HID: multitouch: fix support for Goodix PID 0x01e9
- regulator: dt-bindings: mt6315: Drop regulator-compatible property
- ACPI: fan: cleanup resources in the error path of .probe()
- cpupower: fix TSC MHz calculation
- dt-bindings: mfd: bd71815: Fix rsense and typos
- leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
- cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
- clk: imx8mp: Fix clkout1/2 support
- regulator: of: Implement the unwind path of of_regulator_match()
- samples/landlock: Fix possible NULL dereference in parse_path()
- wifi: wlcore: fix unbalanced pm_runtime calls
- net/smc: fix data error when recvmsg with MSG_PEEK flag
- landlock: Move filesystem helpers and add a new one
- wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
- cpufreq: ACPI: Fix max-frequency computation
- selftests: harness: fix printing of mismatch values in __EXPECT()
- wifi: cfg80211: Handle specific BSSID in 6GHz scanning
- wifi: cfg80211: adjust allocation of colocated AP data
- clk: analogbits: Fix incorrect calculation of vco rate delta
- selftests/landlock: Fix error message
- net/mlxfw: Drop hard coded max FW flash image size
- netfilter: nft_flow_offload: update tcp state flags under lock
- tcp_cubic: fix incorrect HyStart round start detection
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
- libbpf: Fix segfault due to libelf functions not setting errno
- ASoC: sun4i-spdif: Add clock multiplier settings
- perf header: Fix one memory leakage in process_bpf_btf()
- perf header: Fix one memory leakage in process_bpf_prog_info()
- perf bpf: Fix two memory leakages when calling
perf_env__insert_bpf_prog_info()
- ASoC: renesas: rz-ssi: Use only the proper amount of dividers
- ktest.pl: Remove unused declarations in run_bisect_test function
- crypto: hisilicon/sec - add some comments for soft fallback
- crypto: hisilicon/sec - delete redundant blank lines
- crypto: hisilicon/sec2 - optimize the error return process
- crypto: hisilicon/sec2 - fix for aead icv error
- crypto: hisilicon/sec2 - fix for aead invalid authsize
- crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
- padata: fix sysfs store callback check
- perf top: Don't complain about lack of vmlinux when not resolving some
kernel samples
- perf report: Fix misleading help message about --demangle
- padata: add pd get/put refcnt helper
- ARM: at91: pm: change BU Power Switch to automatic mode
- arm64: dts: mt8183: set DMIC one-wire mode on Damu
- arm64: dts: mediatek: mt8516: fix GICv2 range
- arm64: dts: mediatek: mt8516: fix wdt irq type
- arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks
- arm64: dts: mediatek: mt8516: add i2c clock-div property
- arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
- RDMA/mlx4: Avoid false error about access to uninitialized gids array
- arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
- arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
- arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
- arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
- arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
- arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
- memory: Add LPDDR2-info helpers
- memory: tegra20-emc: Support matching timings by LPDDR2 configuration
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage
settings
- arm64: dts: qcom: msm8996: Fix up USB3 interrupts
- arm64: dts: qcom: msm8994: Describe USB interrupts
- arm64: dts: qcom: msm8916: correct sleep clock frequency
- arm64: dts: qcom: msm8994: correct sleep clock frequency
- arm64: dts: qcom: sc7280: correct sleep clock frequency
- arm64: dts: qcom: sm6125: correct sleep clock frequency
- arm64: dts: qcom: sm8250: correct sleep clock frequency
- arm64: dts: qcom: sm8350: correct sleep clock frequency
- arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280
properties
- arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
- ARM: dts: mediatek: mt7623: fix IR nodename
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
- RDMA/mlx5: Remove iova from struct mlx5_core_mkey
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
- RDMA/mlx5: Fix indirect mkey ODP page count
- xen/x86: free_p2m_page: use memblock_free_ptr() to free a virtual pointer
- memblock: drop memblock_free_early_nid() and memblock_free_early()
- of: reserved-memory: Do not make kmemleak ignore freed address
- efi: sysfb_efi: fix W=1 warnings when EFI is not set
- media: rc: iguanair: handle timeouts
- media: lmedm04: Handle errors for lme2510_int_read
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
- media: marvell: Add check for clk_enable()
- media: i2c: imx412: Add missing newline to prints
- media: i2c: ov9282: Correct the exposure offset
- media: mipi-csis: Add check for clk_enable()
- media: camif-core: Add check for clk_enable()
- media: uvcvideo: Propagate buf->error to userspace
- mtd: hyperbus: Make hyperbus_unregister_device() return void
- mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning
void
- mtd: hyperbus: hbmc-am654: fix an OF node reference leak
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
- scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
- module: Extend the preempt disabled section in
dereference_symbol_descriptor().
- NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
- NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
- tools/bootconfig: Fix the wrong format specifier
- xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver
- gpio: mxc: remove dead code after switch to DT-only
- net: fec: implement TSO descriptor cleanup
- PM: hibernate: Add error handling for syscore_suspend()
- net: netdevsim: try to close UDP port harness races
- ptp: Properly handle compat ioctls
- perf trace: Fix runtime error of index out of bounds
- vsock: Allow retrying on connect() failure
- bgmac: reduce max frame size to support just MTU 1500
- net: sh_eth: Fix missing rtnl lock in suspend/resume path
- net: hsr: fix fill_frame_info() regression vs VLAN packets
- genksyms: fix memory leak when the same symbol is added from source
- genksyms: fix memory leak when the same symbol is read from *.symref file
- kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
- kconfig: add warn-unknown-symbols sanity check
- kconfig: require a space after '#' for valid input
- kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
- kconfig: deduplicate code in conf_read_simple()
- kconfig: WERROR unmet symbol dependency
- kconfig: fix memory leak in sym_warn_unmet_dep()
- hexagon: fix using plain integer as NULL pointer warning in cmpxchg
- hexagon: Fix unbalanced spinlock in die()
- f2fs: Introduce linear search for dentries
- ktest.pl: Check kernelrelease return in get_version
- ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
- drivers/card_reader/rtsx_usb: Restore interrupt based detection
- usb: gadget: f_tcm: Fix Get/SetInterface return value
- usb: dwc3: core: Defer the probe until USB power supply ready
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
- usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
- btrfs: output the reason for open_ctree() failure
- btrfs: fix data race when accessing the inode's disk_i_size at
btrfs_drop_extents()
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
- sched: Don't try to catch up excess steal time.
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs
- x86/amd_nb: Restrict init function to AMD-based systems
- tun: fix group permission check
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
- HID: Wacom: Add PCI Wacom device support
- net/mlx5: use do_aux_work for PHC overflow checks
- wifi: iwlwifi: avoid memory leak
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
- APEI: GHES: Have GHES honor the panic= setting
- net: wwan: iosm: Fix hibernation by re-binding the driver around it
- mmc: sdhci-msm: Correctly set the load for the regulator
- tipc: re-order conditions in tipc_crypto_key_rcv()
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
- Input: allocate keycode for phone linking
- platform/x86: acer-wmi: Ignore AC events
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
- usb: chipidea: ci_hdrc_imx: use dev_err_probe()
- usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning
void
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in
the error path of .probe()
- net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
- net/ncsi: fix locking in Get MAC Address handling
- xfs: report realtime block quota limits on realtime directories
- xfs: don't over-report free space or inodes in statvfs
- usb: xhci: Add timeout argument in address_device USB HCD callback
- nvme: handle connectivity loss in nvme_set_queue_count
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
- gpu: drm_dp_cec: fix broken CEC adapter properties check
- tg3: Disable tg3 PCIe AER on system reboot
- udp: gso: do not drop small packets when PMTU reduces
- gpio: pca953x: Improve interrupt support
- net: atlantic: fix warning during hot unplug
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
- x86/xen: add FRAME_END to xen_hypercall_hvm()
- tun: revert fix group permission check
- cpufreq: s3c64xx: Fix compilation warning
- leds: lp8860: Write full EEPROM, not only half of it
- drm/modeset: Handle tiled displays in pan_display_atomic.
- s390/futex: Fix FUTEX_OP_ANDN implementation
- m68k: vga: Fix I/O defines
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
- drm/amd/pm: Mark MM activity as unsupported
- drm/komeda: Add check for komeda_get_layer_fourcc_list()
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
- Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
- clk: sunxi-ng: a100: enable MMC clock reparenting
- clk: qcom: clk-alpha-pll: fix alpha mode configuration
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15
- perf bench: Fix undefined behavior in cmpworker()
- of: Correct child specifier used as input of the 2nd nexus node
- of: Fix of_find_node_opts_by_path() handling of alias+path+options
- of: reserved-memory: Fix using wrong number of cells to get property
'alignment'
- HID: hid-sensor-hub: don't use stale platform-data on remove
- wifi: rtlwifi: rtl8821ae: Fix media status report
- usb: gadget: f_tcm: Translate error to sense
- usb: gadget: f_tcm: Decrement command ref count on cleanup
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
- usb: gadget: f_tcm: Don't prepare BOT write request twice
- serial: sh-sci: Drop __initdata macro for port_cfg
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
in use
- MIPS: Loongson64: remove ROM Size unit in boardinfo
- powerpc/pseries/eeh: Fix get PE state translation
- dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
- dm-crypt: track tag_offset in convert_context
- mips/math-emu: fix emulation of the prefx instruction
- ALSA: hda/realtek: Enable headset mic on Positivo C6400
- PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
- scsi: qla2xxx: Move FCE Trace buffer allocation to user control
- scsi: storvsc: Set correct data length for sending SCSI command without
payload
- kbuild: Move -Wenum-enum-conversion to W=2
- x86/boot: Use '-std=gnu11' to fix build with GCC 15
- arm64: dts: qcom: sm8350: Fix MPSS memory length
- crypto: qce - fix priority to be less than ARMv8 CE
- xfs: Add error handling for xfs_reflink_cancel_cow_range
- media: ccs: Clean up parsed CCS static data on parse failure
- iio: light: as73211: fix channel handling in only-color triggered buffer
- soc: qcom: smem_state: fix missing of_node_put in error path
- media: mc: fix endpoint iteration
- media: ov5640: fix get_light_freq on auto
- media: ccs: Fix CCS static data parsing for large block sizes
- media: ccs: Fix cleanup order in ccs_probe()
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events
- media: uvcvideo: Remove redundant NULL assignment
- crypto: qce - fix goto jump in error path
- crypto: qce - unregister previously registered algos in error path
- nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
- nvmem: core: improve range check for nvmem_cell_write()
- vfio/platform: check the bounds of read/write syscalls
- pnfs/flexfiles: retry getting layout segment for reads
- ocfs2: fix incorrect CPU endianness conversion causing mount failure
- mtd: onenand: Fix uninitialized retlen in do_otp_read()
- misc: fastrpc: Fix registered buffer page address
- net/ncsi: wait for the last response to Deselect Package before configuring
channel
- net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
- MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
- net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
- gpio: xilinx: remove excess kernel doc
- memory: tegra20-emc: Correct memory device mask
- ocfs2: check dir i_size in ocfs2_find_entry
- mptcp: prevent excessive coalescing on receive
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
- drm/i915/selftests: avoid using uninitialized context
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
- gpio: bcm-kona: Add missing newline to dev_err format string
- xen: remove a confusing comment on auto-translated guest I/O
- x86/xen: allow larger contiguous memory regions in PV guests
- media: cxd2841er: fix 64-bit division on gcc-9
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci
- Grab mm lock before grabbing pt lock
- x86/mm/tlb: Only trim the mm_cpumask once a second
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
- batman-adv: Ignore neighbor throughput metrics in error case
- perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
- usb: roles: set switch registered flag early on
- usb: gadget: udc: renesas_usb3: Fix compiler warning
- usb: dwc2: gadget: remove of_node reference upon udc_stop
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
- usb: core: fix pipe creation for get_bMaxPacketSize0
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
- usb: cdc-acm: Fix handling of oversized fragments
- USB: serial: option: add MeiG Smart SLM828
- USB: serial: option: add Telit Cinterion FN990B compositions
- USB: serial: option: fix Telit Cinterion FN990A name
- USB: serial: option: drop MeiG Smart defines
- can: c_can: fix unbalanced runtime PM disable in error path
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
length zero
- alpha: make stack 16-byte aligned (most cases)
- efi: Avoid cold plugged memory for placing the kernel
- cgroup: fix race between fork and cgroup.kill
- serial: 8250: Fix fifo underflow on flush
- alpha: align stack for page fault and user unaligned trap handlers
- gpio: stmpe: Check return value of stmpe_reg_read in
stmpe_gpio_irq_sync_unlock
- regmap-irq: Add missing kfree()
- arm64: Handle .ARM.attributes section in linker scripts
- mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
- btrfs: fix hole expansion when writing at an offset beyond EOF
- clocksource: Replace cpumask_weight() with cpumask_empty()
- clocksource: Use pr_info() for "Checking clocksource synchronization"
message
- ipv4: add RCU protection to ip4_dst_hoplimit()
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu()
- net: add dev_net_rcu() helper
- ipv4: use RCU protection in rt_is_expired()
- ipv4: use RCU protection in inet_select_addr()
- Namespaceify min_pmtu sysctl
- Namespaceify mtu_expires sysctl
- selftest: net: Test IPv4 PMTU exceptions with DSCP and ECN
- net: ipv4: Cache pmtu for all packet paths if multipath enabled
- neighbour: delete redundant judgment statements
- drm/tidss: Fix issue in irq handling causing irq-flood issue
- drm/tidss: Clear the interrupt status for interrupts being disabled
- kdb: Do not assume write() callback available
- alpha: replace hardcoded stack offsets with autogenerated ones
- nilfs2: do not output warnings when clearing dirty buffers
- can: ems_pci: move ASIX AX99100 ids to pci_ids.h
- serial: 8250_pci: add support for ASIX AX99100
- parport_pc: add support for ASIX AX99100
- netdevsim: print human readable IP address
- selftests: rtnetlink: update netdevsim ipsec output format
- ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus
- x86/i8253: Disable PIT timer 0 when not in use
- Revert "btrfs: avoid monopolizing a core when activating a swap file"
- btrfs: avoid monopolizing a core when activating a swap file
- arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
- crypto: testmgr - fix wrong key length for pkcs1pad
- crypto: testmgr - Fix wrong test case of RSA
- crypto: testmgr - fix version number of RSA tests
- crypto: testmgr - populate RSA CRT parameters in RSA test vectors
- crypto: testmgr - some more fixes to RSA test vectors
- mm: update mark_victim tracepoints fields
- drm/probe-helper: Create a HPD IRQ event helper for a single connector
- drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
- ASoC: renesas: rz-ssi: Add a check for negative sample_space
- arm64: dts: mediatek: mt8183: Disable DSI display output by default
- tpm: Use managed allocation for bios event log
- kfence: allow use of a deferrable timer
- [Config] updateconfigs to disable new KFENCE_DEFERRABLE
- kfence: enable check kfence canary on panic via boot param
- kfence: skip __GFP_THISNODE allocations on NUMA systems
- soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled()
- soc: mediatek: mtk-devapc: Fix leaking IO map on error paths
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove
- media: uvcvideo: Set error_idx during ctrl_commit errors
- media: uvcvideo: Refactor iterators
- media: uvcvideo: Only save async fh if success
- batman-adv: Drop initialization of flexible ethtool_link_ksettings
- usb: dwc3: Increase DWC3 controller halt timeout
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
- ALSA: hda/realtek: Fixup ALC225 depop procedure
- geneve: Suppress list corruption splat in geneve_destroy_tunnels().
- net: extract port range fields from fl_flow_key
- flow_dissector: Fix handling of mixed port and port-range keys
- flow_dissector: Fix port range key handling in BPF conversion
- net: Add non-RCU dev_getbyhwaddr() helper
- arp: switch to dev_getbyhwaddr() in arp_req_set_public()
- power: supply: da9150-fg: fix potential overflow
- nvme/ioctl: add missing space in err message
- bpf: skip non exist keys in generic_map_lookup_batch
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
- acct: block access to kernel internal filesystems
- mtd: rawnand: cadence: fix error code in cadence_nand_init()
- mtd: rawnand: cadence: use dma_map_resource for sdma address
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
- IB/mlx5: Set and get correct qp_num for a DCT QP
- ovl: use wrappers to all vfs_*xattr() calls
- ovl: pass ofs to creation operations
- scsi: core: Don't memset() the entire scsi_cmnd in scsi_init_command()
- scsi: core: Clear driver private data when retrying request
- RDMA/mlx5: Fix bind QP error cleanup flow
- sunrpc: suppress warnings for unused procfs functions
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
- afs: remove variable nr_servers
- afs: Make it possible to find the volumes that are using a server
- afs: Fix the server_list to unuse a displaced server rather than putting it
- net: loopback: Avoid sending IP packets without an Ethernet header
- net: cadence: macb: Synchronize stats calculations
- ASoC: es8328: fix route from DAC to output
- ipvs: Always clear ipvs_property flag in skb_scrub_packet()
- tcp: Defer ts_recent changes until req is owned
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
- net/mlx5: IRQ, Fix null string in debug print
- seg6: add support for SRv6 H.Encaps.Red behavior
- seg6: add support for SRv6 H.L2Encaps.Red behavior
- include: net: add static inline dst_dev_overhead() to dst.h
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loop on input in seg6 lwt
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loop on input in rpl lwt
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
- ftrace: Avoid potential division by zero in function_stat_show()
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
- perf/core: Fix low freq setting via IOC_PERIOD
- drm/amd/display: Fix HPD after gpu reset
- net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
- net: enetc: update UDP checksum when updating originTimestamp field
- net: enetc: correct the xdp_tx statistics
- phy: tegra: xusb: reset VBUS & ID OVERRIDE
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk
- vmlinux.lds: Ensure that const vars with relocations are mapped R/O
- intel_idle: Handle older CPUs, which stop the TSC in deeper C states,
correctly
- drm/amdgpu: Check extended configuration space register when system uses
large bar
- drm/amdgpu: disable BAR resize on Dell G5 SE
- Revert "of: reserved-memory: Fix using wrong number of cells to get property
'alignment'"
- HID: appleir: Fix potential NULL dereference at raw event handle
- gpio: rcar: Use raw_spinlock to protect register access
- gpio: aggregator: protect driver attr handlers against module unload
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
- ALSA: hda/realtek: update ALC222 depop optimize
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
- wifi: cfg80211: regulatory: improve invalid hints checking
- wifi: nl80211: reject cooked mode if it is set along with other flags
- rapidio: add check for rio_add_net() in rio_scan_alloc_net()
- rapidio: fix an API misues when rio_add_net() fails
- s390/traps: Fix test_monitor_call() inline assembly
- block: fix conversion of GPT partition name to 7-bit
- mm/page_alloc: fix uninitialized variable
- mm: don't skip arch_sync_kernel_mappings() in error paths
- wifi: iwlwifi: limit printed string from FW file
- HID: google: fix unused variable warning under !CONFIG_ACPI
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
- net: gso: fix ownership in __udp_gso_segment
- caif_virtio: fix wrong pointer check in cfv_probe()
- hwmon: (pmbus) Initialise page count in pmbus_identify()
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
- hwmon: (ad7314) Validate leading zero bits and return error
- ALSA: usx2y: validate nrpacks module parameter on probe
- llc: do not use skb_get() before dev_queue_xmit()
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
- drm/sched: Fix preprocessor guard
- be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
- net: hns3: make sure ptp clock is unregister and freed if
hclge_ptp_get_cycle returns an error
- ppp: Fix KMSAN uninit-value warning with bpf
- vlan: enforce underlying device type
- x86/sgx: Support loading enclave page without VMA permissions check
- x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes()
- x86/sgx: Export sgx_encl_{grow,shrink}()
- x86/sgx: Support VA page allocation without reclaiming
- x86/sgx: Fix size overflows in sgx_encl_create()
- exfat: fix soft lockup in exfat_clear_bitmap
- net-timestamp: support TCP GSO case for a few missing flags
- sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
- net: ipv6: fix dst ref loop in ila lwtunnel
- net: ipv6: fix missing dst ref drop in ila lwtunnel
- gpio: rcar: Fix missing of_node_put() call
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
- usb: renesas_usbhs: Call clk_put()
- usb: renesas_usbhs: Use devm_usb_get_phy()
- usb: hub: lack of clearing xHC resources
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader
- usb: renesas_usbhs: Flush the notify_hotplug_work
- usb: atm: cxacru: fix a flaw in existing endpoint checks
- usb: dwc3: Set SUSPENDENABLE soon after phy init
- usb: dwc3: gadget: Prevent irq storm when TH re-executes
- usb: typec: ucsi: increase timeout for PPM reset operations
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
- usb: gadget: Fix setting self-powered state on suspend
- usb: gadget: Check bmAttributes only if configuration is valid
- xhci: pci: Fix indentation in the PCI device ID definitions
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805
- mei: me: add panther lake P DID
- intel_th: pci: Add Arrow Lake support
- intel_th: pci: Add Panther Lake-H support
- intel_th: pci: Add Panther Lake-P/U support
- slimbus: messaging: Free transaction ID in delayed interrupt scenario
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
- eeprom: digsy_mtc: Make GPIO lookup table match the device
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
- media: uvcvideo: Avoid invalid memory access
- media: uvcvideo: Avoid returning invalid controls
- md: select BLOCK_LEGACY_AUTOLOAD
- [Config] updateconfigs to select BLOCK_LEGACY_AUTOLOAD
- mtd: rawnand: cadence: fix unchecked dereference
- spi-mxs: Fix chipselect glitch
- nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
- nilfs2: eliminate staggered calls to kunmap in nilfs_rename
- bpf, vsock: Invoke proto::close on close()
- kbuild: userprogs: use correct lld when linking through clang
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
- Linux 5.15.179
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21647
- sched: sch_cake: add bounds checks to host bulk flow fairness counts
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58002
- media: uvcvideo: Remove dangling pointers
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58079
- media: uvcvideo: Fix crash during unbind if gpio unit is in use
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21721
- nilfs2: handle errors that nilfs_prepare_chunk() may return
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-26982
- Squashfs: check the inode number is not the invalid value of zero
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21844
- smb: client: Add check for next_buffer in receive_encrypted_standard()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58090
- sched/core: Prevent rescheduling when interrupts are disabled
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21875
- mptcp: always handle address removal under msk socket lock
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21877
- usbnet: gl620a: fix endpoint checking in genelink_bind()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21878
- i2c: npcm: disable interrupt enable bit before devm_request_irq
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21887
- ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21846
- acct: perform last write from workqueue
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21848
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21862
- drop_monitor: fix incorrect initialization order
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21871
- tee: optee: Fix supplicant wait loop
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21865
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21858
- geneve: Fix use-after-free in geneve_find_dev().
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21866
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as
VM_ALLOC
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21859
- USB: gadget: f_midi: f_midi_complete to call queue_work
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21823
- batman-adv: Drop unmanaged ELP metric worker
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58005
- tpm: Change to kvalloc() in eventlog/acpi.c
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21748
- ksmbd: fix integer overflows on 32 bit systems
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57977
- memcg: fix soft lockup in the OOM process
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57978
- media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57979
- pps: Fix a use-after-free
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-47726
- f2fs: fix to wait dio completion
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21811
- nilfs2: protect access to buffers with no active references
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21722
- nilfs2: do not force clear folio if buffer is referenced
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58086
- drm/v3d: Stop active perfmon if it is being destroyed
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21758
- ipv6: mcast: add RCU protection to mld_newpack()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21760
- ndisc: extend RCU protection in ndisc_send_skb()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21761
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21762
- arp: use RCU protection in arp_xmit()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21763
- neighbour: use RCU protection in __neigh_notify()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21764
- ndisc: use RCU protection in ndisc_alloc_skb()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21765
- ipv6: use RCU protection in ip6_default_advmss()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21766
- ipv4: use RCU protection in __ip_rt_update_pmtu()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21767
- clocksource: Use migrate_disable() to avoid calling get_random_u32() in
atomic context
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21772
- partitions: mac: fix handling of bogus partition table
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21704
- usb: cdc-acm: Check control transfer buffer size before access
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21776
- USB: hub: Ignore non-compliant devices with too many configs or interfaces
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21835
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21779
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21781
- batman-adv: fix panic during interface removal
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21782
- orangefs: fix a oob in orangefs_debug_write
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57834
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21785
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21787
- team: better TEAM_OPTION_TYPE_STRING validation
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21791
- vrf: use RCU protection in l3mdev_l3_out()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58020
- HID: multitouch: Add NULL check in mt_input_configured
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21795
- NFSD: fix hang in nfsd4_shutdown_callback
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21796
- nfsd: clear acl_access/acl_default after releasing them
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21820
- tty: xilinx_uartps: split sysrq handling
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21814
- ptp: Ensure info->enable callback is always set
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21735
- NFC: nci: Add bounds checking in nci_hci_create_pipe()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21736
- nilfs2: fix possible int overflows in nilfs_fiemap()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58001
- ocfs2: handle a symlink read error correctly
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58007
- soc: qcom: socinfo: Avoid out of bounds read of serial number
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21744
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21745
- blk-cgroup: Fix class @block_class's subsystem refcount leakage
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58076
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58083
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58010
- binfmt_flat: Fix integer overflow bug on 32 bit systems
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21749
- net: rose: lock the socket in rose_bind()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57981
- usb: xhci: Fix NULL pointer dereference on certain command aborts
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21684
- gpio: xilinx: Convert gpio_lock to raw spinlock
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58085
- tomoyo: don't emit warning in tomoyo_write_control()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58014
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58016
- safesetid: check size of policy writes
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58017
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21753
- btrfs: fix use-after-free when attempting to join an aborted transaction
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58055
- usb: gadget: f_tcm: Don't free command immediately
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57980
- media: uvcvideo: Fix double free in error path
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21707
- mptcp: consolidate suboption status
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21708
- net: usb: rtl8150: enable basic endpoint checking
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21826
- netfilter: nf_tables: reject mismatching sum of field_len with set key
length
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21715
- net: davicom: fix UAF in dm9000_drv_remove
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21718
- net: rose: fix timer races against user threads
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21719
- ipmr: do not call mr_mfc_uses_dev() for unres entries
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21802
- net: hns3: fix oops when unload drivers paralleling
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58058
- ubifs: skip dumping tnc tree when zroot is null
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58069
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21804
- PCI: rcar-ep: Fix incorrect variable used when calling
devm_request_mem_region()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58034
- memory: tegra20-emc: fix an OF node reference bug in
tegra_emc_find_node_by_ram_code()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57973
- rdma/cxgb4: Prevent potential integer overflow on 32bit
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21726
- padata: avoid UAF for reorder_work
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21727
- padata: fix UAF in padata_reorder
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21728
- bpf: Send signals asynchronously if !preemptible
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21711
- net/rose: prevent integer overflows in rose_setsockopt()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21799
- net: ethernet: ti: am65-cpsw: fix freeing IRQ in
am65_cpsw_nuss_remove_tx_chns()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21806
- net: let net.core.dev_weight always be non-zero
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21830
- landlock: Handle weird files
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58071
- team: prevent adding a device which is already a team device lower
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58063
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58072
- wifi: rtlwifi: remove unused check_buddy_priv
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58051
- ipmi: ipmb: Add check devm_kasprintf() returned value
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58052
- drm/amdgpu: Fix potential NULL pointer dereference in
atomctrl_get_smc_sclk_range_table
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57986
- HID: core: Fix assumption that Resolution Multipliers must be in Logical
Collections
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21731
- nbd: don't allow reconnect after disconnect
* Fix bugs preventing boot on Intel TDX-enabled hosts (LP: #2097811)
- x86/mtrr: Remove physical address size calculation
* Build failure when CONFIG_NET_SWITCHDEV=n due to CVE-2024-26837 fix backport
(LP: #2104380)
- SAUCE: net: switchdev: fix compilation error for CONFIG_NET_SWITCHDEV=n
* nfsd hangs and never recovers after NFS4ERR_DELAY and a connection loss
(LP: #2103564)
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY
* kernel hard lockup in cgroups during eBPF workload (LP: #2089318)
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
- cgroup: Homogenize cgroup_get_from_id() return value
- cgroup: Make cgroup_get_from_id() prettier
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes
- cgroup: Reorganize css_set_lock and kernfs path processing
* CVE-2023-52664
- net: atlantic: eliminate double free in error handling logic
* CVE-2023-52927
- netfilter: allow exp not to be removed in nf_ct_find_expectation
-- Mehmet Basaran <mehmet.basaran@canonical.com> Sat, 12 Apr 2025 08:33:00 +0300
linux (5.15.0-138.148) jammy; urgency=medium
* jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)
* ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
(LP: #2096976)
- SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload
* CVE-2025-21756
- vsock: Keep the binding until socket destruction
- vsock: Orphan socket after transport release
* CVE-2024-50256
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
* CVE-2025-21702
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0
* CVE-2025-21703
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
* CVE-2025-21700
- net: sched: Disallow replacing of child qdisc from one parent to another
* CVE-2024-46826
- ELF: fix kernel.randomize_va_space double read
* CVE-2024-56651
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
* iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
* CVE-2024-50248
- ntfs3: Add bounds checking to mi_enum_attr()
- fs/ntfs3: Sequential field availability check in mi_enum_attr()
* CVE-2022-0995
- watch_queue: Use the bitmap API when applicable
* CVE-2024-26837
- net: bridge: switchdev: Skip MDB replays of deferred events on offload
* CVE-2025-21701
- net: avoid race between device unregistration and ethnl ops
* CVE-2024-57798
- drm/dp_mst: Skip CSN if topology probing is not done yet
- drm/dp_mst: Ensure mst_primary pointer is valid in
drm_dp_mst_handle_up_req()
* CVE-2024-56658
- net: defer final 'struct net' free in netns dismantle
* CVE-2024-35864
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
* CVE-2024-35864/CVE-2024-26928
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
-- Stefan Bader <stefan.bader@canonical.com> Fri, 14 Mar 2025 15:32:05 +0100
# For older changelog entries, run 'apt-get changelog linux-tools-5.15.0-163'
Generated by dwww version 1.14 on Fri Dec 5 01:12:31 CET 2025.