linux (5.15.0-176.186) jammy; urgency=medium
* jammy/linux: 5.15.0-176.186 -proposed tracker (LP: #2143539)
* Jammy update: v5.15.199 upstream stable release (LP: #2143343)
- nvmet-tcp: remove boilerplate code
- SAUCE: Fix skb_vlan_inet_prepare() usage
- net: update netdev_lock_{type,name}
- vsock/test: add a final full barrier after run all tests
- net/mlx5e: Restore destroying state bit after profile cleanup
- selftests: drv-net: fix RPS mask handling for high CPU numbers
- ASoC: tlv320adcx140: fix word length
- textsearch: describe @list member in ts_ops search
- mm, kfence: describe @slab parameter in __kfence_obj_info()
- dmaengine: xilinx_dma: Fix uninitialized addr_width when
"xlnx,addrwidth" property is missing
- phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again)
- HID: usbhid: paper over wrong bNumDescriptor field
- ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer
- x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers
- phy: rockchip: inno-usb2: fix disconnection in gadget mode
- phy: rockchip: inno-usb2: fix communication disruption in gadget mode
- phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
- usb: dwc3: Check for USB4 IP_NAME
- USB: OHCI/UHCI: Add soft dependencies on ehci_platform
- USB: serial: option: add Telit LE910 MBIM composition
- USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
- nvme-pci: disable secondary temp for Wodposit WPBSNM8
- hrtimer: Fix softirq base check in update_needs_ipi()
- EDAC/x38: Fix a resource leak in x38_probe1()
- EDAC/i3200: Fix a resource leak in i3200_probe1()
- x86/resctrl: Add missing resctrl initialization for Hygon
- x86/resctrl: Fix memory bandwidth counter width for Hygon
- mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free
- drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
- drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
- dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all()
- dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation
- dmaengine: ti: k3-udma: fix device leak on udma lookup
- posix-clock: introduce posix_clock_context concept
- Fix memory leak in posix_clock_open()
- posix-clock: Store file pointer in struct posix_clock_context
- ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE.
- testptp: add option to shift clock by nanoseconds
- testptp: Add support for testing ptp_clock_info .adjphase callback
- selftests/ptp: Add -x option for testing PTP_SYS_OFFSET_EXTENDED
- selftests/ptp: Add -X option for testing PTP_SYS_OFFSET_PRECISE
- ptp: add testptp mask test
- selftest/ptp: update ptp selftest to exercise the gettimex options
- testptp: Add option to open PHC in readonly mode
- net: usb: dm9601: remove broken SR9700 support
- amd-xgbe: avoid misleading per-packet error log
- netlink: add a proto specification for FOU
- net: fou: rename the source for linking
- net: fou: use policy and operation tables generated from the spec
- comedi: dmm32at: serialize use of paged registers
- w1: fix redundant counter decrement in w1_attach_slave_device()
- Revert "nfc/nci: Add the inconsistency check between the input data
length and count"
- Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
- Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
- scsi: storvsc: Process unsupported MODE_SENSE_10
- x86/kfence: avoid writing L1TF-vulnerable PTEs
- staging:iio:adc:ad7280a: Register define cleanup.
- iio: adc: ad7280a: handle spi_setup() errors in probe()
- ALSA: usb: Increase volume range that triggers a warning
- net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M
- net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue
- usbnet: limit max_mtu based on device's hard_mtu
- drm/amd/pm: Don't clear SI SMC table when setting power limit
- drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
- octeontx2-af: Fix error handling
- x86: make page fault handling disable interrupts properly
- of: fix reference count leak in of_alias_scan()
- iio: adc: ad9467: fix ad9434 vref mask
- iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
- mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
- octeontx2: Fix otx2_dma_map_page() error return code
- slimbus: core: fix runtime PM imbalance on report present
- perf/x86/intel: Do not enable BTS for guests
- net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup()
- net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins()
- ipv6: use the right ifindex when replying to icmpv6 from localhost
- ice: stop counting UDP csum mismatch as rx_errors
- net/mlx5: Add HW definitions of vport debug counters
- net/mlx5e: Expose rx_oversize_pkts_buffer counter
- net/mlx5e: Report rx_discards_phy via rx_dropped
- net/mlx5e: Account for netdev stats in ndo_get_stats64
- net: bridge: fix static key check
- scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg()
- gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler
- dma/pool: distinguish between missing and exhausted atomic pools
- ASoC: fsl: imx-card: Do not force slot width to sample width
- scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo()
- scsi: qla2xxx: edif: Fix dma_free_coherent() size
- mptcp: only reset subflow errors when propagated
- net: Add locking to protect skb->dev access in ip_output
- comedi: Fix getting range information for subdevices 16 to 255
- of: platform: Use default match table for /firmware
- iio: adc: exynos_adc: fix OF populate on driver rebind
- arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s
- w1: w1_therm: use swap() to make code cleaner
- dmaengine: stm32: dmamux: fix OF node leak on route allocation failure
- xfs: set max_agbno to allow sparse alloc of last full inode chunk
- nvme-fc: rename free_ctrl callback to match name pattern
- nvme-pci: do not directly handle subsys reset fallout
- nvme: fix PCIe subsystem reset controller state transition
- mei: trace: treat reg parameter as string
- mm/pagewalk: add walk_page_range_vma()
- wifi: cfg80211: add a work abstraction with special semantics
- wifi: mac80211: use wiphy work for sdata->work
- wifi: mac80211: move TDLS work to wiphy work
- HID: uclogic: Add NULL check in uclogic_input_configured()
- drm/amdkfd: fix a memory leak in device_queue_manager_init()
- btrfs: prevent use-after-free on page private data in
btrfs_subpage_clear_uptodate()
- net/sched: act_ife: convert comma to semicolon
- pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver
- writeback: fix 100% CPU usage when dirtytime_expire_interval is 0
- mptcp: avoid dup SUB_CLOSED events after disconnect
- pinctrl: meson: mark the GPIO controller as sleeping
- wifi: cfg80211: use system_unbound_wq for wiphy work
- wifi: cfg80211: fix wiphy delayed work queueing
- wifi: cfg80211: cancel wiphy_work before freeing wiphy
- wifi: cfg80211: fully move wiphy work to unbound workqueue
- wifi: cfg80211: init wiphy_work before allocating rfkill fails
- Linux 5.15.199
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68340
- team: Move team device type change at the end of team_port_add
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23170
- drm/imx/tve: fix probe device leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23075
- can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38408
- genirq/irq_sim: Initialize work context pointers properly
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2023-54207
- HID: uclogic: Correct devm device reference for hidinput input_dev name
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2023-53520
- Bluetooth: Fix hci_suspend_sync crash
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38125
- net: stmmac: make sure that ptp_rate is not 0 before configuring EST
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-40164
- usbnet: Fix using smp_processor_id() in preemptible code warnings
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38232
- NFSD: fix race between nfsd registration and exports_proc
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2023-53662
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38057
- espintcp: fix skb leaks
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2023-53421
- blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68365
- fs/ntfs3: Initialize allocated memory before use
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68817
- ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2022-50390
- drm/ttm: fix undefined behavior in bit shift for
TTM_TT_FLAG_PRIV_POPULATED
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68211
- ksm: use range-walk function to jump over holes in
scan_get_next_rmap_item
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23093
- ksmbd: smbd: fix dma_unmap_sg() nents
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23078
- ALSA: scarlett2: Fix buffer overflow in config retrieval
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71186
- dmaengine: stm32: dmamux: fix device leak on route allocation
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71197
- w1: therm: Fix off-by-one buffer overflow in alarms_store
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23087
- scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-40149
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23167
- nfc: nci: Fix race between rfkill and nci_unregister_device().
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23150
- nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23164
- rocker: fix memory leak in rocker_world_port_post_fini()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23146
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38591
- bpf: Reject narrower access to pointer ctx fields
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68725
- bpf: Do not let BPF test infra emit invalid GSO types to stack
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23097
- migrate: correct lock ordering for hugetlb file folios
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23108
- can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23080
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23061
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23058
- can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23085
- irqchip/gic-v3-its: Avoid truncating memory addresses
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23098
- netrom: fix double-free in nr_route_frame()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23063
- uacce: ensure safe queue release with state management
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23056
- uacce: implement mremap in uacce_vm_ops to return -EPERM
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23096
- uacce: fix cdev handling in the cleanup path
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23091
- intel_th: fix device leak on output open()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23090
- slimbus: core: fix device reference leak on report present
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23128
- arm64: Set __nocfi on swsusp_arch_resume()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23073
- wifi: rsi: Fix memory corruption due to not set vif driver data size
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23133
- wifi: ath10k: fix dma_free_coherent() pointer
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23089
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23076
- ALSA: ctxfi: Fix potential OOB access in audio mixer handling
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71199
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc
driver
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23101
- leds: led-class: Only Add LED to leds_list when it is fully ready
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23064
- net/sched: act_ife: avoid possible NULL deref
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23119
- bonding: provide a net pointer to __skb_flow_dissect()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23084
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23124
- ipv6: annotate data-race in ndisc_router_discovery()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23121
- mISDN: annotate data-race around dev->work
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23071
- regmap: Fix race condition in hwspinlock irqsave routine
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23105
- net/sched: qfq: Use cl_is_active to determine whether class is active in
qfq_rm_from_ag
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23103
- ipvlan: Make the addrs_lock be per port
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23120
- l2tp: avoid one data-race in l2tp_tunnel_del_work()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23083
- fou: Don't allow 0 for FOU_ATTR_IPPROTO.
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23095
- gue: Fix skb memleak with inner IP protocol 0.
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23125
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23099
- bonding: limit BOND_MODE_8023AD to Ethernet devices
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71194
- btrfs: fix deadlock in wait_current_trans() due to ignored transaction
type
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71185
- dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23026
- dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71188
- dmaengine: lpc18xx-dmamux: fix device leak on route allocation
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71163
- dmaengine: idxd: fix device leaks on compat bind and unbind
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71190
- dmaengine: bcm-sba-raid: fix device leak on probe
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71191
- dmaengine: at_hdmac: fix device leak on of_dma_xlate()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23049
- drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23145
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-22997
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session
upon receiving the second rts
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23033
- dmaengine: omap-dma: fix dma_pool resource leak in error paths
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71196
- phy: stm32-usphyc: Fix off by one in probe()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71162
- dmaengine: tegra-adma: Fix use-after-free
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-22999
- net/sched: sch_qfq: do not free existing class in qfq_change_class()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23011
- ipv4: ip_gre: make ipgre_header() robust
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23001
- macvlan: fix possible UAF in macvlan_forward_source()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23003
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-22998
- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23037
- can: etas_es58x: allow partial RX URB allocation to succeed
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23038
- pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
* ADT test for linux package failed with "fatal: unable to connect to
git.launchpad.net" (LP: #2143033)
- [Packaging] d/t/ubuntu-regression-suite: use https to clone
* efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE patch
(LP: #2141276)
- SAUCE efi: Fix swapped arguments to bsearch() in efi_status_to_*()
* CVE-2026-23111
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate()
* CVE-2026-23209
- macvlan: fix error recovery in macvlan_common_newlink()
* CVE-2025-37849
- KVM: arm64: vgic: Add a non-locking primitive for
kvm_vgic_vcpu_destroy()
- KVM: arm64: Tear down vGIC on failed vCPU creation
* CVE-2026-23074
- net/sched: Enforce that teql can only be used as root qdisc
* CVE-2026-23060
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
spec
-- Stefan Bader <stefan.bader@canonical.com> Wed, 11 Mar 2026 14:57:02 +0100
linux (5.15.0-173.183) jammy; urgency=medium
* Miscellaneous upstream changes
- apparmor: validate DFA start states are in bounds in unpack_pdb
- apparmor: fix memory leak in verify_header
- apparmor: replace recursive profile removal with iterative approach
- apparmor: fix: limit the number of levels of policy namespaces
- apparmor: fix side-effect bug in match_char() macro usage
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
- apparmor: Fix double free of ns_name in aa_replace_profiles()
- apparmor: fix unprivileged local user can do privileged policy
management
- apparmor: fix differential encoding verification
- apparmor: fix race on rawdata dereference
- apparmor: fix race between freeing data and fs accessing it
-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 06 Mar 2026 16:14:08 +0300
linux (5.15.0-172.182) jammy; urgency=medium
* jammy/linux: 5.15.0-172.182 -proposed tracker (LP: #2141059)
* Jammy update: v5.15.198 upstream stable release (LP: #2139704)
- Revert "xfrm: destroy xfrm_state synchronously on net exit path"
- xfrm: flush all states in xfrm_state_fini
- dpaa2-mac: bail if the dpmacs fwnode is not found
- drm/i915/selftests: Fix inconsistent IS_ERR and PTR_ERR
- leds: Replace all non-returning strlcpy with strscpy
- leds: spi-byte: Use devm_led_classdev_register_ext()
- Documentation: process: Also mention Sasha Levin as stable tree
maintainer
- USB: serial: option: add Foxconn T99W760
- USB: serial: option: add Telit Cinterion FE910C04 new compositions
- USB: serial: option: move Telit 0x10c7 composition in the right place
- USB: serial: ftdi_sio: match on interface number for jtag
- serial: add support of CPCI cards
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC
- spi: xilinx: increase number of retries before declaring stall
- spi: imx: keep dma request disabled before dma transfer setup
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration
- platform/x86: acer-wmi: Ignore backlight event
- platform/x86: huawei-wmi: add keys for HONOR models
- HID: elecom: Add support for ELECOM M-XT3URBK (018F)
- drm/panel: visionox-rm69299: Don't clear all mode flags
- USB: Fix descriptor count when handling invalid MBIM extended descriptor
- irqchip/qcom-irq-combiner: Fix section mismatch
- rculist: Add hlist_nulls_replace_rcu() and
hlist_nulls_replace_init_rcu()
- inet: Avoid ehash lookup race in inet_ehash_insert()
- iio: imu: st_lsm6dsx: introduce st_lsm6dsx_device_set_enable routine
- iio: imu: st_lsm6dsx: discard samples during filters settling time
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member
- arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to
uio_fsl_elbc_gpcm_probe
- crypto: hisilicon/qm - restore original qos values
- s390/smp: Fix fallback CPU detection
- s390/ap: Don't leak debug feature files if AP instructions are not
available
- firmware: imx: scu-irq: fix OF node leak in
- phy: mscc: Fix PTP for VSC8574 and VSC8572
- sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock().
- compiler-gcc.h: Define __SANITIZE_ADDRESS__ under hwaddress sanitizer
- kmsan: introduce __no_sanitize_memory and __no_kmsan_checks
- x86: kmsan: don't instrument stack walking functions
- x86/dumpstack: Prevent KASAN false positive warnings in __show_regs()
- pinctrl: stm32: fix hwspinlock resource leak in probe function
- i3c: fix refcount inconsistency in i3c_master_register
- i3c: master: svc: Prevent incomplete IBI transaction
- power: supply: wm831x: Check wm831x_set_bits() return value
- power: supply: apm_power: only unset own apm_get_power_status
- scsi: target: Do not write NUL characters into ASCII configfs output
- spi: tegra210-quad: use device_reset method
- spi: tegra210-quad: add new chips to compatible
- spi: tegra210-quad: combined sequence mode
- spi: tegra210-quad: modify chip select (CS) deactivation
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path
- ext4: minor defrag code improvements
- ext4: correct the checking of quota files before moving extents
- perf/x86/intel: Correct large PEBS flag check
- regulator: core: disable supply if enabling main regulator fails
- nbd: clean up return value checking of sock_xmit()
- nbd: partition nbd_read_stat() into nbd_read_reply() and
nbd_handle_reply()
- scsi: stex: Fix reboot_notifier leak in probe error path
- dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema
- dt-bindings: PCI: amlogic: Fix the register name of the DBI region
- RDMA/rtrs: server: Fix error handling in get_or_create_srv
- ntfs3: init run lock for extend inode
- powerpc/32: Fix unpaired stwcx. on interrupt exit
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper()
- coresight: etm4x: Save restore TRFCR_EL1
- coresight: etm4x: Use Trace Filtering controls dynamically
- coresight-etm4x: add isb() before reading the TRCSTATR
- coresight: etm4x: Extract the trace unit controlling
- coresight: etm4x: Add context synchronization before enabling trace
- clk: renesas: r9a06g032: Fix memory leak in error path
- lib/vsprintf: Check pointer before dereferencing in time_and_date()
- ACPI: property: Fix fwnode refcount leak in
acpi_fwnode_graph_parse_endpoint()
- scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls
- leds: netxbig: Fix GPIO descriptor leak in error paths
- PCI: keystone: Exit ks_pcie_probe() for invalid mode
- ps3disk: use memcpy_{from,to}_bvec index
- selftests/bpf: Fix failure paths in send_signal test
- watchdog: wdat_wdt: Stop watchdog when uninstalling module
- watchdog: wdat_wdt: Fix ACPI table leak in probe function
- NFSD/blocklayout: Fix minlength check in proc_layoutget
- powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE
format
- fs/ntfs3: Remove unused mi_mark_free
- fs/ntfs3: Add new argument is_mft to ntfs_mark_rec_free
- fs/ntfs3: Make ni_ins_new_attr return error
- fs/ntfs3: out1 also needs to put mi
- fs/ntfs3: Prevent memory leaks in add sub record
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue
- pwm: bcm2835: Make sure the channel is enabled after pwm_request()
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path
- usb: chaoskey: fix locking for O_NONBLOCK
- usb: dwc2: disable platform lowlevel hw resources during shutdown
- usb: dwc2: fix hang during shutdown if set as peripheral
- usb: dwc2: fix hang during suspend if set as peripheral
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE
- selftests/bpf: skip test_perf_branches_hw() on unsupported platforms
- selftests/bpf: Improve reliability of test_perf_branches_no_hw()
- crypto: ccree - Correctly handle return of sg_nents_for_len
- staging: fbtft: core: fix potential memory leak in fbtft_probe_common()
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition
- wifi: ieee80211: correct FILS status codes
- backlight: led_bl: Take led_access lock when required
- backlight: lp855x: Fix lp855x.h kernel-doc warnings
- iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-
metal
- RDMA/irdma: Fix data race in irdma_sc_ccq_arm
- RDMA/irdma: Fix data race in irdma_free_pble
- ASoC: fsl_xcvr: Add Counter registers
- ASoC: fsl_xcvr: Add support for i.MX93 platform
- ASoC: fsl_xcvr: clear the channel status control memory
- drm/amd/display: Fix logical vs bitwise bug in
get_embedded_panel_info_v2_1()
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4
- ext4: remove unused return value of __mb_check_buddy
- ext4: improve integrity checking in __mb_check_buddy by enhancing
order-0 validation
- vdpa: Introduce and use vdpa device get, set config helpers
- vdpa: Introduce query of device config layout
- vdpa: Sync calls set/get config/status with cf_mutex
- virtio_vdpa: fix misleading return in void function
- virtio: fix virtqueue_set_affinity() docs
- ASoC: Intel: catpt: Fix error path in hw_params()
- netfilter: flowtable: check for maximum number of encapsulations in
bridge vlan
- netfilter: nf_conncount: reduce unnecessary GC
- netfilter: nf_conncount: rework API to use sk_buff directly
- netfilter: nft_connlimit: update the count if add was skipped
- net: stmmac: fix rx limit check in stmmac_rx_zc()
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds
- remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs
- perf tools: Fix split kallsyms DSO counting
- pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling
- pinctrl: single: Fix incorrect type for error return variable
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe()
- NFS: Label the dentry with a verifier in nfs_rmdir() and nfs_unlink()
- NFS: don't unhash dentry during unlink/rename
- NFS: Avoid changing nlink when file removes and attribute updates race
- fs/nls: Fix utf16 to utf8 conversion
- NFSv4: Add some support for case insensitive filesystems
- NFS: Fix the verifier for case sensitive filesystem in nfs_atomic_open()
- NFS: Initialise verifiers for visible dentries in nfs_atomic_open()
- Revert "nfs: ignore SB_RDONLY when remounting nfs"
- Revert "nfs: clear SB_RDONLY before getting superblock"
- Revert "nfs: ignore SB_RDONLY when mounting nfs"
- fs_context: drop the unused lsm_flags member
- fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8()
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure()
- ASoC: ak4458: Disable regulator when error happens
- ASoC: ak5558: Disable regulator when error happens
- blk-mq: Abort suspend when wakeup events are pending
- block: fix comment for op_is_zone_mgmt() to include RESET_ALL
- dma/pool: eliminate alloc_pages warning in atomic_pool_expand
- ALSA: uapi: Fix typo in asound.h comment
- ARM: 9464/1: fix input-only operand modification in
load_unaligned_zeropad()
- dm-raid: fix possible NULL dereference with undefined raid type
- dm log-writes: Add missing set_freezable() for freezable kthread
- efi/cper: Add a new helper function to print bitmasks
- efi/cper: Adjust infopfx size to accept an extra space
- efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs
- ocfs2: fix memory leak in ocfs2_merge_rec_left()
- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt
- usb: phy: Initialize struct usb_phy list_head
- ASoC: fsl_xcvr: get channel status data when PHY is not exists
- NFS: Fix missing unlock in nfs_unlink()
- netfilter: nf_conncount: garbage collection is not skipped when jiffies
wrap around
- coresight: etm4x: Correct polling IDLE bit
- spi: tegra210-quad: Fix validate combined sequence
- spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers
- bpf, arm64: Do not audit capability check in do_jit()
- btrfs: fix memory leak of fs_devices in degraded seed device path
- x86/ptrace: Always inline trivial accessors
- ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint()
only
- cpufreq: s5pv210: fix refcount leak
- livepatch: Match old_sympos 0 and 1 in klp_find_func()
- fs/ntfs3: Support timestamps prior to epoch
- hfsplus: fix volume corruption issue for generic/070
- hfsplus: fix volume corruption issue for generic/073
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
- ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2()
- broadcom: b44: prevent uninitialized value usage
- netfilter: nf_conncount: fix leaked ct in error paths
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr()
- ethtool: use phydev variable
- net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats
- net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers
- net/mlx5: fw_tracer, Add support for unrecognized string
- net/mlx5: fw_tracer, Handle escaped percent properly
- net: hns3: Align type of some variables with their print type
- net: hns3: using the num_tqps to check whether tqp_index is out of range
when vf get ring info from mbx
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk
table
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf
- spi: fsl-cpm: Check length parity before switching to 16 bit mode
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path
- ipmi: Fix the race between __scan_channels() and deliver_response()
- ipmi: Fix __scan_channels() failing to rescan channels
- firmware: imx: scu-irq: Init workqueue before request mbox channel
- ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4
- powerpc/addnote: Fix overflow on 32-bit builds
- scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled
- scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive
- scsi: qla2xxx: Use reinit_completion on mbx_intr_comp
- exfat: fix remount failure in different process environments
- usbip: Fix locking bug in RT-enabled kernels
- usb: xhci: limit run_graceperiod for only usb 3.0 devices
- usb: usb-storage: No additional quirks need to be added to the EL-R12
optical drive.
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
- nvme-fc: don't hold rport lock when putting ctrl
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI
quirks
- vhost/vsock: improve RCU read sections around vhost_vsock_get()
- mmc: sdhci-msm: Avoid early clock doubling during HS400 transition
- lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit
- block: rate-limit capacity change info log
- floppy: fix for PAGE_SIZE != 4KB
- fs/ntfs3: fix mount failure for sparse runs in run_unpack()
- ktest.pl: Fix uninitialized var in config-bisect.pl
- ext4: clear i_state_flags when alloc inode
- ext4: fix incorrect group number assertion in mb_check_buddy
- ext4: align max orphan file size with e2fsprogs limit
- jbd2: use a weaker annotation in journal handling
- media: v4l2-mem2mem: Fix outdated documentation
- usb: usb-storage: Maintain minimal modifications to the bcdDevice range.
- media: pvrusb2: Fix incorrect variable used in trace message
- phy: broadcom: bcm63xx-usbh: fix section mismatches
- USB: lpc32xx_udc: Fix error handling in probe
- usb: phy: isp1301: fix non-OF device reference imbalance
- usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
- intel_th: Fix error handling in intel_th_output_open
- cpufreq: nforce2: fix reference count leak in nforce2
- NFSD: use correct reservation type in nfsd4_scsi_fence_client
- tools/testing/nvdimm: Use per-DIMM device handle
- KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with
period=0
- KVM: x86: Explicitly set new periodic hrtimer expiration in
apic_timer_fn()
- KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed
VMRUN)
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM
- nfsd: Mark variable __maybe_unused to avoid W=1 build break
- svcrdma: return 0 on success from svc_rdma_copy_inline_range
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
- amba: tegra-ahb: Fix device leak on SMMU enable
- soc: qcom: ocmem: fix device leak on lookup
- soc: amlogic: canvas: fix device leak on lookup
- rpmsg: glink: fix rpmsg device leak
- i2c: amd-mp2: fix reference leak in MP2 PCI device
- hwmon: (max16065) Use local variable to avoid TOCTOU
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU
- i40e: fix scheduling in set_rx_mode
- i40e: Refactor argument of several client notification functions
- i40e: Refactor argument of i40e_detect_recover_hung()
- i40e: validate ring_len parameter against hardware-specific values
- net: mdio: aspeed: move reg accessing part into separate functions
- net: mdio: aspeed: add dummy read to avoid read-after-write issue
- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy
- platform/x86: msi-laptop: add missing sysfs_remove_group()
- platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic
- genalloc.h: fix htmldocs warning
- firewire: nosy: Fix dma_free_coherent() size
- net: dsa: b53: skip multicast entries for fdb_dump()
- net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group
struct
- RDMA/efa: Remove possible negative shift
- RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr()
- RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db()
- RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send
- RDMA/bnxt_re: Fix to use correct page size for PDE table
- RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation
- RDMA/bnxt_re: fix dma_free_coherent() pointer
- selftests/ftrace: traceonoff_triggers: strip off names
- ASoC: stm32: sai: fix device leak on probe
- ASoC: qcom: q6asm-dai: perform correct state check before closing
- ASoC: qcom: q6adm: the the copp device only during last instance
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment.
- iommu/apple-dart: fix device leak on of_xlate()
- iommu/exynos: fix device leak on of_xlate()
- iommu/ipmmu-vmsa: fix device leak on of_xlate()
- iommu/mediatek-v1: fix device leak on probe_device()
- iommu/mediatek: fix device leak on of_xlate()
- iommu/omap: fix device leaks on probe_device()
- iommu/sun50i: fix device leak on of_xlate()
- iommu/tegra: fix device leak on probe_device()
- HID: logitech-dj: Remove duplicate error logging
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths
- leds: leds-lp50xx: Allow LED 0 to be added to module bank
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices
- media: rc: st_rc: Fix reset control resource leak
- parisc: entry.S: fix space adjustment on interruption for 64-bit
userspace
- parisc: entry: set W bit for !compat tasks in syscall_restore_rfi()
- dm-ebs: Mark full buffer dirty even on partial write
- fbdev: gbefb: fix to use physical address instead of dma address
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing
- fbdev: tcx.c fix mem_map to correct smem_start offset
- media: cec: Fix debugfs leak on bus_register() failure
- media: msp3400: Avoid possible out-of-bounds array accesses in
msp3400c_thread()
- media: TDA1997x: Remove redundant cancel_delayed_work in probe
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe
- idr: fix idr_alloc() returning an ID out of range
- fjes: Add missing iounmap in fjes_hw_init()
- nfsd: Drop the client reference in client_states_open()
- net: usb: sr9700: fix incorrect command used to write single register
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in
prepare_fb
- mm/damon/tests/vaddr-kunit: handle alloc failures in
damon_test_split_evenly_fail()
- mm/damon/tests/vaddr-kunit: handle alloc failures on
damon_do_test_apply_three_regions()
- mm/damon/tests/vaddr-kunit: handle alloc failures on
damon_test_split_evenly_succ()
- mm/damon/tests/core-kunit: handle allocation failures in
damon_test_regions()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_split_at()
- mm/damon/tests/core-kunit: handle alloc failures on
dasmon_test_merge_regions_of()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_merge_two()
- mm/damon/tests/core-kunit: handle memory failure from
damon_test_target()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_split_regions_of()
- mm/damon/tests/core-kunit: handle memory alloc failure from
damon_test_aggregate()
- kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules
- virtio_console: fix order of fields cols and rows
- usb: xhci: move link chain bit quirk checks into one helper function.
- xhci: dbgtty: use IDR to support several dbc instances.
- xhci: dbgtty: fix device unregister
- jbd2: fix the inconsistency between checksum and data in memory for
journal sb
- btrfs: don't rewrite ret from inode_permission
- wifi: mt76: Fix DTS power-limits on little endian systems
- ALSA: wavefront: Clear substream pointers on close
- ALSA: wavefront: Use standard print API
- NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap
- KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-
Exit
- xfs: fix a memory leak in xfs_buf_item_init()
- f2fs: fix to detect recoverable inode during dryrun of
find_fsync_dnodes()
- f2fs: fix to propagate error from f2fs_enable_checkpoint()
- usb: dwc3: keep susphy enabled during exit to avoid controller faults
- mptcp: pm: ignore unknown endpoint flags
- usb: ohci-nxp: Use helper function devm_clk_get_enabled()
- usb: ohci-nxp: fix device leak on probe failure
- ARM: dts: microchip: sama7g5: fix uart fifo size to 32
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN
- media: mediatek: vcodec: Fix a reference leak in
mtk_vcodec_fw_vpu_init()
- media: vpif_capture: fix section mismatch
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index
- media: samsung: exynos4-is: fix potential ABBA deadlock on init
- media: renesas: rcar_drif: fix device node reference leak in
rcar_drif_bond_enabled
- powerpc/pseries/cmm: call balloon_devinfo_init() also without
CONFIG_BALLOON_COMPACTION
- PCI: brcmstb: Fix disabling L0s capability
- iommu/qcom: fix device leak on of_xlate()
- r8169: fix RTL8117 Wake-on-Lan in DASH mode
- ASoC: stm: Use dev_err_probe() helper
- ASoC: stm32: sai: Use the devm_clk_get_optional() helper
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure
- mm/balloon_compaction: make balloon page compaction callbacks static
- mm/balloon_compaction: we cannot have isolated pages in the balloon list
- mm/balloon_compaction: convert balloon_page_delete() to
balloon_page_finalize()
- powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages
- lockd: fix vfs_test_lock() calls
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg()
- KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning
- x86: remove __range_not_ok()
- pwm: stm32: Always program polarity
- ext4: factor out ext4_hash_info_init()
- ext4: fix error message when rejecting the default hash
- firmware: arm_scmi: Fix unused notifier-block in unregister
- Revert "iommu/amd: Skip enabling command/event buffers for kdump"
- net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path
- atm: Fix dma_free_coherent() size
- mei: me: add nova lake point S DID
- lib/crypto: aes: Fix missing MMU protection for AES S-box
- drm/pl111: Fix error handling in pl111_amba_probe
- libceph: make calc_target() set t->paused, not just clear it
- ext4: introduce ITAIL helper
- csky: fix csky_cmpxchg_fixup not working
- ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels
- alpha: don't reference obsolete termio struct for TC* constants
- NFSv4: ensure the open stateid seqid doesn't go backwards
- NFS: Fix up the automount fs_context to use the correct cred
- scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset
- scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe
failure scanned in again after probe failed"
- arm64: dts: add off-on-delay-us for usdhc2 regulator
- ARM: dts: imx6q-ba16: fix RTC interrupt level
- netfilter: nft_synproxy: avoid possible data-race on update operation
- netfilter: nf_tables: fix memory leak in nf_tables_newrule()
- netfilter: nf_conncount: update last_gc only when GC has been performed
- bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress
- inet: ping: Fix icmp out counting
- netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates
- net/mlx5e: Don't print error message due to invalid module
- eth: bnxt: move and rename reset helpers
- bnxt_en: Fix potential data corruption with HW GRO/LRO
- HID: quirks: work around VID/PID conflict for appledisplay
- net: enetc: fix build warning when PAGE_SIZE is greater than 128K
- arp: do not assume dev_hard_header() does not change skb->head
- NFS: trace: show TIMEDOUT instead of 0x6e
- nfs_common: factor out nfs_errtbl and nfs_stat_to_errno
- NFSD: Remove NFSERR_EAGAIN
- pinctrl: qcom: lpass-lpi: Remove duplicate assignment of of_gpio_n_cells
- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
- powercap: fix race condition in register_control_type()
- powercap: fix sscanf() error return value handling
- ASoC: fsl_sai: Add missing registers to cache default
- scsi: sg: Fix occasional bogus elapsed time that exceeds timeout
- firmware: imx: scu-irq: Set mu_resource_id before get handle
- efi/cper: Fix cper_bits_to_str buffer handling and return value
- NFS: unlink/rmdir shouldn't call d_delete() twice on ENOENT
- NFS: add barriers when testing for NFS_FSDATA_BLOCKED
- Linux 5.15.198
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71182
- can: j1939: make j1939_session_activate() fail if device is no longer
registered
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2022-49465
- blk-throttle: Set BIO_THROTTLED when bio has been throttled
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71180
- counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22980
- nfsd: provide locking for v4_end_grace
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-23021
- net: usb: pegasus: fix memory leak in update_eth_regs_async()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22976
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate
in qfq_reset
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22977
- net: sock: fix hardened usercopy panic in sock_recv_errqueue
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22982
- net: mscc: ocelot: Fix crash when adding interface under a lag
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-23019
- net: marvell: prestera: fix NULL dereference on devlink_alloc() failure
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-22121
- ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22992
- libceph: return the handler error from mon_handle_auth_done()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22991
- libceph: make free_choose_arg_map() resilient to partial allocation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22990
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22984
- libceph: prevent potential out-of-bounds reads in handle_auth_done()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22978
- wifi: avoid kernel-infoleak from struct iw_point
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-23020
- net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2024-49968
- ext4: filesystems without casefold feature cannot be mounted with
siphash
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2024-36927
- ipv4: Fix uninit-value access in __ip_make_skb()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2024-36903
- ipv6: Fix potential uninit-value access in __ip6_make_skb()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-38556
- HID: core: Harden s32ton() against conversion to 0 bits
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2024-46830
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-38129
- page_pool: Fix use-after-free in page_pool_recycle_in_ring
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2022-49635
- drm/i915/selftests: fix subtraction overflow bug
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-22111
- net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71127
- wifi: mac80211: Discard Beacon frames to non-broadcast address
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71081
- ASoC: stm32: sai: fix OF node leak on probe
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71078
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68803
- NFSD: NFSv4 file creation neglects setting ACL
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71120
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in
gss_read_proxy_verf
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71113
- crypto: af_alg - zero initialize memory allocated via sock_kmalloc
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71068
- svcrdma: bound check rq_pages index in inline path
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68821
- fuse: fix readahead reclaim deadlock
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68796
- f2fs: fix to avoid updating zero-sized extent in extent cache
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71105
- f2fs: use global inline_xattr_slab instead of per-sb slab cache
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68344
- ALSA: wavefront: Fix integer overflow in sample size validation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71077
- tpm: Cap the number of PCR banks
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68282
- usb: gadget: udc: fix use-after-free in usb_gadget_state_work
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-22022
- usb: xhci: Apply the link chain quirk on NEC isoc endpoints
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-40110
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-38022
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device"
problem
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71083
- drm/ttm: Avoid NULL pointer deref for evicted BOs
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71079
- net: nfc: fix deadlock between nfc_unregister_device and
rfkill_fop_write
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71093
- e1000: fix OOB in e1000_tbi_should_accept()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71084
- RDMA/cm: Fix leaking the multicast GID table reference
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71096
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71136
- media: adv7842: Avoid possible out-of-bounds array accesses in
adv7842_cp_log_status()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71133
- RDMA/irdma: avoid invalid read in irdma_net_event
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71086
- net: rose: fix invalid array index in rose_kill_by_device()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71097
- ipv4: Fix reference count leak when using error routes with nexthop
objects
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71085
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71137
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71094
- net: usb: asix: validate PHY address before use
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71132
- smc91x: fix broken irq-context in PREEMPT_RT
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71154
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71091
- team: fix check for port enabled in
team_queue_override_port_prio_changed()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71098
- ip6_gre: make ip6gre_header() robust
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71082
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71131
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71087
- iavf: fix off-by-one issues in iavf_config_rss_reg()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71111
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68814
- io_uring: fix filename leak in __io_openat_prep()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68788
- fsnotify: do not generate ACCESS/MODIFY events on child for special
files
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71125
- tracing: Do not register unsupported perf events
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71104
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV
timer
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71116
- libceph: make decode_pool() more resilient against corrupted osdmaps
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71121
- parisc: Do not reprogram affinitiy on ASP chip
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71102
- scs: fix a wrong parameter in __scs_magic
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68804
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68771
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68808
- media: vidtv: initialize local pointers upon transfer of memory
ownership
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68769
- f2fs: fix return value of f2fs_recover_fsync_data()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71069
- f2fs: invalidate dentry cache on failed whiteout creation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68782
- scsi: target: Reset t_task_cdb pointer in error case
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71075
- scsi: aic94xx: fix use-after-free in device removal path
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68818
- scsi: Revert "scsi: qla2xxx: Perform lockless command completion in
abort path"
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68797
- char: applicom: fix NULL pointer dereference in ac_ioctl
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68819
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68820
- ext4: xattr: fix null pointer deref in ext4_raw_inode()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71147
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71108
- usb: typec: ucsi: Handle incorrect num_connectors capability
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71114
- via_wdt: fix critical boot hang due to unnamed resource allocation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68783
- ALSA: usb-mixer: us16x08: validate meter packet indices
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68776
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68777
- Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71112
- net: hns3: add VLAN id validation before using
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71064
- net: hns3: using the num_tqps in the vf driver to apply for resources
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68816
- net/mlx5: fw_tracer, Validate format string parameters
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68795
- ethtool: Avoid overflowing userspace buffer on stats query
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68815
- net/sched: ets: Remove drr class from the active list if it changes to
strict
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68799
- caif: fix integer underflow in cffrml_receive()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68813
- ipvs: fix ipv4 null-ptr-deref in route error path
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68785
- net: openvswitch: fix middle attribute validation in push_nsh() action
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68800
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route
stats
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68801
- mlxsw: spectrum_router: Fix neighbour use-after-free
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71066
- net/sched: ets: Always remove class from active list before deleting in
ets_qdisc_change
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68787
- netrom: Fix memory leak in nr_sendmsg()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68767
- hfsplus: Verify inode mode when loading from disk
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68774
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71118
- ACPICA: Avoid walking the Namespace if start_node is NULL
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68780
- sched/deadline: only set free_cpus for online runqueues
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68346
- ALSA: dice: fix buffer overflow in detect_stream_formats()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68764
- NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68349
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68325
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68354
- regulator: core: Protect regulator_supply_alias_list with
regulator_list_mutex
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68758
- backlight: led-bl: Add devlink to supplier LEDs
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68765
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68740
- ima: Handle error code returned by ima_filter_rule_match()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68362
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68759
- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68364
- ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68366
- nbd: defer config unlock in nbd_genl_connect
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68367
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68372
- nbd: defer config put in recv_work
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68746
- spi: tegra210-quad: Fix timeout handling
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68724
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68727
- ntfs3: Fix uninit buffer allocated by __getname()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68728
- ntfs3: fix uninit memory after failed mi_read in mi_format_new
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68757
- drm/vgem-fence: Fix potential deadlock on release
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68732
- gpu: host1x: Fix race in syncpt alloc/free
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68733
- smack: fix bug: unprivileged task can create labels
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68254
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68255
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68257
- comedi: check device's attached status in compat ioctls
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68258
- comedi: multiq3: sanitize config options in multiq3_attach()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68332
- comedi: c6xdigio: Fix invalid PNP driver unregistration
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68266
- bfs: Reconstruct file type when loading from disk
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68335
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68261
- ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68336
- locking/spinlock/debug: Fix data-race in do_raw_write_lock
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68264
- ext4: refresh inline data size before write operations
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68337
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system
corrupted
* Jammy update: v5.15.197 upstream stable release (LP: #2138662)
- x86/bugs: Fix reporting of LFENCE retpoline
- btrfs: scrub: replace max_t()/min_t() with clamp() in
scrub_throttle_dev_io()
- btrfs: always drop log root tree reference in btrfs_replay_log()
- btrfs: use smp_mb__after_atomic() when forcing COW in
create_pending_snapshot()
- net: usb: asix_devices: Check return value of usbnet_get_endpoints
- fbdev: atyfb: Check if pll_ops->init_pll failed
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
- mptcp: restore window probe
- ASoC: qdsp6: q6asm: do not sleep while atomic
- wifi: ath10k: Fix memory leak on unsupported WMI command
- drm/msm/a6xx: Fix GMU firmware parser
- ALSA: usb-audio: fix control pipe direction
- bpf: Do not audit capability check in do_jit()
- riscv, libbpf: Add RISC-V (RV64) support to bpf_tracing.h
- libbpf: Normalize PT_REGS_xxx() macro definitions
- libbpf: Fix powerpc's stack register definition in bpf_tracing.h
- drm/etnaviv: fix flush sequence logic
- net: hns3: return error code when function fails
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
- block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
- serial: 8250_dw: Use devm_add_action_or_reset()
- serial: 8250_dw: handle reset control deassert error
- dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp
- ravb: Exclude gPTP feature support for RZ/G2L
- net: ravb: Enforce descriptor type ordering
- can: gs_usb: increase max interface to U8_MAX
- net: phy: dp83867: Disable EEE support as not implemented
- x86/resctrl: Fix miscount of bandwidth event when reactivating
previously unavailable RMID
- xhci: dbc: Provide sysfs option to configure dbc descriptors
- xhci: dbc: poll at different rate depending on data transfer activity
- xhci: dbc: Allow users to modify DbC poll interval via sysfs
- xhci: dbc: Improve performance by removing delay in transfer event
polling.
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are
inactive.
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall
event
- x86/boot: Compile boot code with -std=gnu11 too
- arch: back to -std=gnu89 in < v5.18
- Revert "docs/process/howto: Replace C89 with C11"
- drm/sched: Fix race in drm_sched_entity_select_rq()
- block: make REQ_OP_ZONE_OPEN a write operation
- soc: aspeed: socinfo: Add AST27xx silicon IDs
- soc: qcom: smem: Fix endian-unaware access of num_entries
- spi: loopback-test: Don't use %pK through printk
- soc: ti: pruss: don't use %pK through printk
- bpf: Don't use %pK through printk
- pinctrl: single: fix bias pull up/down handling in pin_config_set
- mmc: host: renesas_sdhi: Fix the actual clock
- memstick: Add timeout to prevent indefinite waiting
- ACPI: video: force native for Lenovo 82K8
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2
- arc: Fix __fls() const-foldability via __builtin_clzl()
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support
- power: supply: sbs-charger: Support multiple devices
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in
acpi_ds_call_control_method()
- tee: allow a driver to allocate a tee_device without a pool
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556
- tools/cpupower: fix error return value in cpupower_write_sysfs()
- cpuidle: Fail cpuidle device registration if there is one already
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel
- uprobe: Do not emulate/sstep original instruction when ip is changed
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040
- tools/cpupower: Fix incorrect size in cpuidle_state_disable()
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
- tools/power x86_energy_perf_policy: Enhance HWP enable
- tools/power x86_energy_perf_policy: Prefer driver HWP limits
- mfd: stmpe: Remove IRQ domain upon removal
- mfd: stmpe-i2c: Add missing MODULE_LICENSE
- mfd: madera: Work around false-positive -Wininitialized warning
- mfd: da9063: Split chip variant reading in two bus transactions
- drm/amd/pm: Use cached metrics data on aldebaran
- drm/amd/pm: Use cached metrics data on arcturus
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
- PCI: Disable MSI on RDC PCI to PCIe bridges
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8
- selftests/net: Ensure assert() triggers in psock_tpacket.c
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs
- media: pci: ivtv: Don't create fake v4l2_fh
- drm/tidss: Use the crtc_* timings when programming the HW
- drm/tidss: Set crtc modesetting parameters with adjusted mode
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
- net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge
- powerpc/eeh: Use result of error_detected() in uevent
- bridge: Redirect to backup port when port is administratively down
- drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before
setting register
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
- char: misc: Does not request module for miscdevice with dynamic minor
- net: When removing nexthops, don't call synchronize_net if it is not
necessary
- net: Call trace_sock_exceed_buf_limit() for memcg failure with
SK_MEM_RECV.
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
- rds: Fix endianness annotation for RDS_MPATH_HASH
- scsi: mpi3mr: Fix controller init failure on fault during queue creation
- scsi: pm80xx: Fix race condition caused by static variables
- extcon: adc-jack: Fix wakeup source leaks on device unbind
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
- media: fix uninitialized symbol warnings
- mips: lantiq: danube: add missing properties to cpu node
- mips: lantiq: danube: add missing device_type in pci node
- mips: lantiq: xway: sysctrl: rename stp clock
- scsi: pm8001: Use int instead of u32 to store error codes
- ptp: Limit time setting of PTP clocks
- dmaengine: sh: setup_xref error handling
- dmaengine: mv_xor: match alloc_wc and free_wc
- dmaengine: dw-edma: Set status for callback_result
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
- ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
- net: call cond_resched() less often in __release_sock()
- iommu/amd: Skip enabling command/event buffers for kdump
- usb: gadget: f_hid: Fix zero length packet transfer
- drm/msm: make sure to not queue up recovery more than once
- net: phy: marvell: Fix 88e1510 downshift counter errata
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0
- net: sh_eth: Disable WoL if system can not suspend
- media: redrat3: use int type to store negative error codes
- selftests: traceroute: Use require_command()
- netfilter: nf_reject: don't reply to icmp error messages
- x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of
PV_UNHALT
- selftests: Disable dad for ipv6 in fcnal-test.sh
- eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP
- [Config] Disable CONFIG_8139TOO_PIO for armhf
- selftests: Replace sleep with slowwait
- net/cls_cgroup: Fix task_get_classid() during qdisc run
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to
clean net/lib dependency
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during
TGT_RESET
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in
lpfc_cleanup
- scsi: lpfc: Define size of debugfs entry for xri rebalancing
- allow finish_no_open(file, ERR_PTR(-E...))
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices
- ipv6: np->rxpmtu race annotation
- net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X
- iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot()
- wifi: ath10k: Fix connection after GTK rekeying
- net: intel: fm10k: Fix parameter idx set but not used
- r8169: set EEE speed down ratio to 1
- sparc/module: Add R_SPARC_UA64 relocation handling
- remoteproc: qcom: q6v5: Avoid handling handover twice
- NFSv4: handle ERR_GRACE on delegation recalls
- NFSv4.1: fix mount hang after CREATE_SESSION failure
- scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
- net: macb: avoid dealing with endianness in macb_set_hwaddr()
- ALSA: usb-audio: add mono main switch to Presonus S1824c
- exfat: limit log print for IO error
- page_pool: Clamp pool size to max 16K pages
- ACPICA: Update dsmethod.c to get rid of unused variable warning
- RDMA/irdma: Fix SD index calculation
- RDMA/irdma: Remove unused struct irdma_cq fields
- RDMA/irdma: Set irdma_cq cq_num field during CQ create
- RDMA/hns: Fix wrong WQE data when QP wraps around
- btrfs: mark dirty extent range for out of bound prealloc extents
- fs/hpfs: Fix error code for new_inode() failure in
mkdir/create/mknod/symlink
- um: Fix help message for ssl-non-raw
- rtc: pcf2127: clear minute/second interrupt
- ARM: at91: pm: save and restore ACR during PLL disable/enable
- clk: at91: clk-master: Add check for divide by 3
- clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
- 9p: fix /sys/fs/9p/caches overwriting itself
- cpufreq: tegra186: Initialize all cores to max frequencies
- 9p: sysfs_init: don't hardcode error to ENOMEM
- ACPI: property: Return present device nodes only on fwnode interface
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
- ceph: add checking of wait_for_completion_killable() return value
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
- Revert "wifi: ath10k: avoid unnecessary wait for service ready message"
- riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro
- net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for
bcm63xx
- selftests/net: fix out-of-order delivery of FIN in gro:tcp test
- selftests/net: fix GRO coalesce test and add ext header coalesce tests
- selftests/net: use destination options instead of hop-by-hop
- netdevsim: add Makefile for selftests
- selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing
ethtool-common.sh
- net: vlan: sync VLAN features with lower device
- net: dsa: b53: fix resetting speed and pause on forced link
- net: dsa: b53: fix enabling ip multicast
- net: dsa: b53: stop reading ARL entries if search is done
- sctp: Hold RCU read lock while iterating over address list
- sctp: Hold sock lock while iterating over address list
- bnxt_en: PTP: Refactor PTP initialization functions
- bnxt_en: Fix a possible memory leak in bnxt_ptp_init
- tracing: Fix memory leaks in create_field_var()
- rtc: rx8025: fix incorrect register reference
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
- extcon: adc-jack: Cleanup wakeup source only if it was enabled
- selftests: netdevsim: set test timeout to 10 minutes
- compiler_types: Move unused static inline functions warning to W=2
- RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid
rfence errors
- NFS4: Fix state renewals missing after boot
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
- NFS: check if suid/sgid was cleared after a write as needed
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
- net/smc: fix mismatch between CLC header and proposal
- net: mdio: fix resource leak in mdiobus_register_device()
- wifi: mac80211: skip rate verification for not captured PSDUs
- net: sched: act: move global static variable net_id to tc_action_ops
- net: sched: act_connmark: get rid of tcf_connmark_walker and
tcf_connmark_search
- net/sched: act_connmark: transition to percpu stats and rcu
- net_sched: act_connmark: use RCU in tcf_connmark_dump()
- net/mlx5e: Fix maxrate wraparound in threshold between units
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
- net_sched: limit try_bulk_dequeue_skb() batches
- hsr: Fix supervision frame sending on HSRv0
- Bluetooth: L2CAP: export l2cap_chan_hold for modules
- acpi,srat: Fix incorrect device handle check for Generic Initiator
- regulator: fixed: fix GPIO descriptor leak on register failure
- ASoC: cs4271: Fix regulator leak on probe failure
- NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
- mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR
- lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
- mtd: onenand: Pass correct pointer to IRQ handler
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
- gcov: add support for GCC 15
- strparser: Fix signed/unsigned mismatch bug
- ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
- spi: Try to get ACPI GPIO IRQ earlier
- EDAC/altera: Handle OCRAM ECC enable after warm reset
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
- net/sched: act_connmark: handle errno on tcf_idr_check_alloc
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
- exfat: check return value of sb_min_blocksize in exfat_read_boot_sector
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO
- drm/tegra: dc: Fix reference leak in tegra_dc_couple()
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()
- net: dsa: hellcreek: fix missing error handling in LED registration
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to
errnos
- kernel.h: Move ARRAY_SIZE() to a separate header
- scsi: core: Fix a regression triggered by scsi_host_busy()
- selftests: net: use BASH for bareudp testing
- net: tls: Cancel RX async resync request on rcd_delta overflow
- kconfig/mconf: Initialize the default locale at startup
- kconfig/nconf: Initialize the default locale at startup
- mm/mm_init: fix hash table order logging in alloc_large_system_hash()
- ALSA: usb-audio: fix uac2 clock source at terminal parser
- tracing/tools: Fix incorrcet short option in usage text for --threads
- uio_hv_generic: Set event for all channels on the device
- Makefile.compiler: replace cc-ifversion with compiler-specific macros
- btrfs: add helper to truncate inode items when logging inode
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
- pmdomain: imx: Fix reference count leak in imx_gpc_remove
- pmdomain: samsung: plug potential memleak during probe
- selftests: mptcp: connect: fix fallback note due to OoO
- mptcp: Disallow MPTCP subflows from sockmap
- usb: deprecate the third argument of usb_maxpacket()
- Input: remove third argument of usb_maxpacket()
- ata: libata-scsi: Fix system suspend for a security locked drive
- dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups
- mptcp: fix ack generation for fallback msk
- mptcp: fix premature close in case of fallback
- mptcp: do not fallback when OoO is present
- Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()"
- Revert "block: don't add or resize partition on the disk with
GENHD_FL_NO_PART"
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing
- net: aquantia: Add missing descriptor cache invalidation on ATL2
- net/mlx5e: Fix validation logic in rate limiting
- net: dsa: sja1105: Convert to mdiobus_c45_read
- net: dsa: sja1105: simplify static configuration reload
- net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing
traffic
- mailbox: mailbox-test: Fix debugfs_create_dir error checking
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields
- iio:common:ssp_sensors: Fix an error handling path ssp_probe()
- MIPS: mm: Prevent a TLB shutdown on initial uniquification
- can: sja1000: fix max irq loop handling
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
- dm-verity: fix unreliable memory allocation
- drivers/usb/dwc3: fix PCI parent check
- thunderbolt: Add support for Intel Wildcat Lake
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves
- serial: amba-pl011: prefer dma_mapping_error() over explicit address
checking
- usb: cdns3: Fix double resource release in cdns3_pci_probe
- USB: storage: Remove subclass and protocol overrides from Novatek quirk
- xhci: dbgtty: Fix data corruption when transmitting data form DbC to
host
- USB: serial: ftdi_sio: add support for u-blox EVK-M101
- USB: serial: option: add support for Rolling RW101R-GL
- drm: sti: fix device leaks at component probe
- staging: rtl8712: Remove driver using deprecated API wext
- [Config] Remove config option for CONFIG_R8712U
- selftests: mptcp: join: rm: set backup flag
- mptcp: avoid unneeded subflow-level drops
- usb: renesas_usbhs: Convert to platform remove callback returning void
- usb: typec: ucsi: psy: Set max current to zero when disconnected
- selftests/bpf: Don't rely on preserving volatile in PT_REGS macros in
loop3
- libbpf: Fix riscv register names
- libbpf, riscv: Use a0 for RC register
- libbpf: Fix invalid return address register in s390
- Linux 5.15.197
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2024-47666
- scsi: pm80xx: Set phy->enable_completion only when we
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68327
- usb: renesas_usbhs: Fix synchronous external abort on unbind
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68295
- smb: client: fix memory leak in cifs_construct_tcon()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68227
- mptcp: Fix proto fallback detection with BPF
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68284
- libceph: prevent potential out-of-bounds writes in
handle_auth_session_key()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68285
- libceph: fix potential use-after-free in have_mon_and_osd_map()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68286
- drm/amd/display: Check NULL before accessing
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68287
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests()
call paths
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68331
- usb: uas: fix urb unmapping issue when the uas device is remove during
ongoing data transfer
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40345
- usb: storage: sddr55: Reject out-of-bound new_pba
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68288
- usb: storage: Fix memory leak in USB bulk transport
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68289
- usb: gadget: f_eem: Fix memory leak in eem_unwrap
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68290
- most: usb: fix double free on late probe failure
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68328
- firmware: stratix10-svc: fix bug in saving controller data
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68339
- atm/fore200e: Fix possible data race in fore200e_open()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68330
- iio: accel: bmc150: Fix irq assumption regression
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68301
- net: atlantic: fix fragment overflow handling in RX path
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68302
- net: sxgbe: fix potential NULL dereference in sxgbe_rx()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68303
- platform/x86: intel: punit_ipc: fix memory corruption
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68308
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40257
- mptcp: fix a race in mptcp_pm_del_add_timer()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68217
- Input: pegasus-notetaker - fix potential out-of-bounds access
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68204
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68245
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2024-37354
- btrfs: fix crash on racing fsync and size-extending write into prealloc
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68220
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return
NULL on error
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40272
- mm/secretmem: fix use-after-free race in fault handler
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40248
- vsock: Ignore signal/timeout on connect() if already established
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40252
- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont()
and qede_tpa_end()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40253
- s390/ctcm: Fix double-kfree
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40254
- net: openvswitch: remove never-working support for setting nsh fields
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40258
- mptcp: fix race condition in mptcp_schedule_work()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68229
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40259
- scsi: sg: Do not sleep in atomic context
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40261
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40262
- Input: imx_sc_key - fix memory corruption on unload
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40263
- Input: cros_ec_keyb - fix an invalid memory access
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40264
- be2net: pass wrb_params in case of OS2BMC
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68238
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68734
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40269
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40271
- fs/proc: fix uaf in proc_readdir_de()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68241
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40273
- NFSD: free copynotify stateid in nfs4_free_ol_stateid()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40040
- mm/ksm: fix flag-dropping behavior in ksm_madvise
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68200
- bpf: Add bpf_prog_run_data_pointers()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40275
- ALSA: usb-audio: Fix NULL pointer dereference in
snd_usb_mixer_controls_badd
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40277
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40278
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-
infoleak
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40279
- net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40280
- tipc: Fix use-after-free in tipc_mon_reinit_self().
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40281
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40282
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40283
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68244
- drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68192
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40331
- sctp: Prevent TOCTOU out-of-bounds write
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40304
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40306
- orangefs: fix xattr related buffer overflow...
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40308
- Bluetooth: bcsp: receive data only if registered
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40309
- Bluetooth: SCO: Fix UAF on sco_conn_free
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40361
- fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68185
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
dereferencing
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68176
- PCI: cadence: Check for the existence of cdns_pcie::ops before using it
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68168
- jfs: fix uninitialized waitqueue in transaction manager
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40312
- jfs: Verify inode mode when loading from disk
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68321
- page_pool: always add GFP_NOWARN for ATOMIC allocations
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68191
- udp_tunnel: use netdev_warn() instead of netdev_WARN()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40313
- ntfs3: pretend $Extend records as regular files
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40314
- usb: cdns3: gadget: Use-after-free during failed initialization and exit
of cdnsp gadget
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68194
- media: imon: make send_packet() more robust
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40363
- net: ipv6: fix field-spanning memcpy warning in AH output
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40342
- nvme-fc: use lock accessing port_state and rport state
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40343
- nvmet-fc: avoid scheduling association deletion twice
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68177
- cpufreq/longhaul: handle NULL policy in longhaul_exit
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40360
- drm/sysfb: Do not dereference NULL pointer in plane reset
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40315
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40317
- regmap: slimbus: fix bus_context pointer in regmap init calls
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68312
- usbnet: Prevents free active kevent
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40319
- bpf: Sync pending IRQ work before freeing ring buffer
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40321
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP
Mode
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40322
- fbdev: bitblit: bound-check glyph index in bit_putcs*
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40211
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40324
- NFSD: Fix crash in nfsd4_read_release()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40083
- net/sched: sch_qfq: Fix null-deref in agg_dequeue
* CVE-2024-41014
- xfs: add bounds checking to xlog_recover_process_data
* CVE-2022-49267
- mmc: core: use sysfs_emit() instead of sprintf()
* CVE-2025-21780
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
-- Edoardo Canepa <edoardo.canepa@canonical.com> Sat, 07 Feb 2026 09:17:42 +0100
linux (5.15.0-170.180) jammy; urgency=medium
* jammy/linux: 5.15.0-170.180 -proposed tracker (LP: #2137825)
* ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)
- SAUCE increase socat timeout in gre_gso.sh
* CVE-2025-40256
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that
were never added
* CVE-2025-40215
- xfrm: delete x->tunnel as we delete x
* CVE-2025-38248
- bridge: mcast: Fix use-after-free during router port configuration
* selftests: net: veth: fix compatibility with older ethtool versions
(LP: #2136734)
- SAUCE: selftests: net: veth: use short form gro for ethtool -K
- SAUCE: selftests: net: veth: accept 0 for unsupported combined channels
* veth.sh from ubuntu_kselftests_net failed on J-5.15 / N-6.8 (with xdp
attached - gro flag) (LP: #2065369)
- selftests: net: veth: test the ability to independently manipulate GRO
and XDP
* Jammy update: v5.15.196 upstream stable release (LP: #2134182)
- r8152: add error handling in rtl8152_driver_init
- jbd2: ensure that all ongoing I/O complete before freeing blocks
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already
running
- media: s5p-mfc: remove an unused/uninitialized variable
- media: rc: Directly use ida_free()
- media: lirc: Fix error handling in lirc_register()
- blk-crypto: fix missing blktrace bio split events
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in
functions
- drm/exynos: exynos7_drm_decon: properly clear channels during bind
- drm/exynos: exynos7_drm_decon: remove ctx->suspended
- crypto: rockchip - Fix dma_unmap_sg() nents value
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay
- HID: multitouch: fix sticky fingers
- dax: skip read lock assertion for read-only filesystems
- can: m_can: m_can_plat_remove(): add missing pm_runtime_disable()
- net: dlink: handle dma_map_single() failure properly
- doc: fix seg6_flowlabel path
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H
- amd-xgbe: Avoid spurious link down messages during interface toggle
- tcp: fix tcp_tso_should_defer() vs large RTT
- tg3: prevent use of uninitialized remote_adv and local_adv variables
- splice, net: Add a splice_eof op to file-ops and socket-ops
- net: tls: wait for async completion on last message
- tls: wait for async encrypt in case of error during latter iterations of
sendmsg
- tls: always set record_type in tls_process_cmsg
- tls: don't rely on tx_work during send()
- net: usb: use eth_hw_addr_set() instead of ether_addr_copy()
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in
lan78xx_reset
- riscv: kprobes: Fix probe address validation
- drm/amd/powerplay: Fix CIK shutdown temperature
- sched/balancing: Rename newidle_balance() => sched_balance_newidle()
- sched/fair: Fix pelt lost idle time detection
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
- PCI/sysfs: Ensure devices are powered for config reads (part 2)
- exec: Fix incorrect type for ret
- nios2: ensure that memblock.current_limit is set when setting pfn limits
- hfs: clear offset and space out of valid records in b-tree node
- hfs: make proper initalization of struct hfs_find_data
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
- hfs: validate record offset in hfsplus_bmap_alloc
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
- dlm: check for defined force value in dlm_lockspace_release
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
- hfsplus: return EIO when type of hidden directory mismatch in
hfsplus_fill_super()
- m68k: bitops: Fix find_*_bit() signatures
- net: rtnetlink: add helper to extract msg type's kind
- net: rtnetlink: use BIT for flag values
- net: netlink: add NLM_F_BULK delete request modifier
- net: rtnetlink: add bulk delete support flag
- net: add ndo_fdb_del_bulk
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del
- rtnetlink: Allow deleting FDB entries in user namespace
- net: enetc: correct the value of ENETC_RXB_TRUESIZE
- dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
- arm64, mm: avoid always making PTE dirty in pte_mkwrite()
- sctp: avoid NULL dereference when chunk data buffer is missing
- net: bonding: fix possible peer notify event loss or dup issue
- Revert "cpuidle: menu: Avoid discarding useful information"
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from
registering
- ocfs2: clear extent cache after moving/defragmenting extents
- vsock: fix lock inversion in vsock_assign_transport()
- net: usb: rtl8150: Fix frame padding
- net: ravb: Ensure memory write completes before ringing TX doorbell
- USB: serial: option: add UNISOC UIS7720
- USB: serial: option: add Quectel RG255C
- USB: serial: option: add Telit FN920C04 ECM compositions
- usb/core/quirks: Add Huawei ME906S to wakeup quirk
- usb: raw-gadget: do not limit transfer length
- xhci: dbc: enable back DbC in resume if it was enabled before suspend
- binder: remove "invalid inc weak" check
- mei: me: add wildcat lake P DID
- most: usb: Fix use-after-free in hdm_disconnect
- most: usb: hdm_probe: Fix calling put_device() before device
initialization
- serial: 8250_exar: add support for Advantech 2 port card with Device ID
0x0018
- arm64: cputype: Add Neoverse-V3AE definitions
- arm64: errata: Apply workarounds for Neoverse-V3AE
- s390/cio: Update purge function to unregister the unused subchannels
- xfs: rename the old_crc variable in xlog_recover_process
- xfs: fix log CRC mismatches between i386 and other architectures
- NFSD: Rework encoding and decoding of nfsd4_deviceid
- NFSD: Minor cleanup in layoutcommit processing
- NFSD: Fix last write offset handling in layoutcommit
- iio: imu: inv_icm42600: use = { } instead of memset()
- iio: imu: inv_icm42600: Avoid configuring if already pm_runtime
suspended
- PM: runtime: Add new devm functions
- iio: imu: inv_icm42600: Simplify pm_runtime setup
- padata: Reset next CPU when reorder sequence wraps around
- fuse: allocate ff->release_args only if release is needed
- fuse: fix livelock in synchronous file put from fuseblk workers
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl"
exists
- PCI: j721e: Fix programming sequence of "strap" settings
- wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock
- drm/amdgpu: use atomic functions with memory barriers for vm fault info
- f2fs: fix wrong block mapping for multi-devices
- PCI: tegra194: Handle errors in BPMP response
- PCI: rcar: Finish transition to L1 state in rcar_pcie_config_access()
- PCI: rcar-host: Drop PMSR spinlock
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode
- devcoredump: Fix circular locking dependency with devcd->mutex.
- xfs: always warn about deprecated mount options
- arch_topology: Fix incorrect error check in
topology_parse_cpu_capacity()
- usb: gadget: Store endpoint pointer in usb_request
- usb: gadget: Introduce free_usb_request helper
- net: rtnetlink: fix module reference count leak issue in
rtnetlink_rcv_msg
- PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
- Linux 5.15.196
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40094
- usb: gadget: f_acm: Refactor bind path to use __free()
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40092
- usb: gadget: f_ncm: Refactor bind path to use __free()
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40087
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40105
- vfs: Don't leak disconnected dentries on umount
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40106
- comedi: fix divide-by-zero in comedi_buf_munge()
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40088
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40085
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40173
- net/ip6_tunnel: Prevent perpetual tunnel growth
* Jammy update: v5.15.196 upstream stable release (LP: #2134182) //
CVE-2025-40167
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
* Jammy update: v5.15.195 upstream stable release (LP: #2133909)
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support
- KVM: arm64: Fix softirq masking in FPSIMD register saving sequence
- media: tunner: xc5000: Refactor firmware load
- USB: serial: option: add SIMCom 8230C compositions
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
- dm-integrity: limit MAX_TAG_SIZE to 255
- perf subcmd: avoid crash in exclude_cmds when excludes is empty
- hid: fix I2C read buffer overflow in raw_event() for mcp2221
- serial: stm32: allow selecting console when the driver is module
- staging: axis-fifo: fix maximum TX packet length check
- staging: axis-fifo: flush RX FIFO on read errors
- driver core/PM: Set power.no_callbacks along with power.no_pm
- minmax: add in_range() macro
- filelock: add FL_RECLAIM to show_fl_flags() macro
- selftests: arm64: Check fread return value in exec_target
- coresight: trbe: Prevent overflow in PERF_IDX2OFF()
- x86/vdso: Fix output operand size of RDPID
- regmap: Remove superfluous check for !config in __regmap_init()
- libbpf: Fix reuse of DEVMAP
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus()
- ACPI: processor: idle: Fix memory leak when register cpuidle device
failed
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
- pinctrl: meson-gxl: add missing i2c_d pinmux
- ARM: at91: pm: fix MCKx restore routine
- regulator: scmi: Use int type to store negative error codes
- block: use int to store blk_stack_limits() return value
- PM: sleep: core: Clear power.must_resume in noirq suspend error path
- pinctrl: renesas: Use int type to store negative error codes
- firmware: firmware: meson-sm: fix compile-test default
- arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible
- pwm: tiehrpwm: Fix corner case in clock divisor calculation
- i3c: master: svc: Recycle unused IBI slot
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported
- smp: Fix up and expand the smp_call_function_many() kerneldoc
- tools/nolibc: make time_t robust if __kernel_old_time_t is missing in
host headers
- thermal/drivers/qcom: Make LMH select QCOM_SCM
- thermal/drivers/qcom/lmh: Add missing IRQ includes
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD
- i2c: designware: Add disabling clocks when probe fails
- drm/radeon/r600_cs: clean up of dead code in r600_cs
- scsi: myrs: Fix dma_alloc_coherent() error check
- media: rj54n1cb0c: Fix memleak in rj54n1_probe()
- ALSA: lx_core: use int type to store negative error codes
- drm/amdgpu: Power up UVD 3 for FW validation (v2)
- wifi: mwifiex: send world regulatory domain to driver
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation
- tcp: fix __tcp_close() to only send RST when required
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl()
- usb: phy: twl6030: Fix incorrect type for ret
- usb: gadget: configfs: Correctly set use_os_string at bind
- misc: genwqe: Fix incorrect cmd field being reported in error
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed()
- netfilter: ipset: Remove unused htable_bits in macro ahash_region
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the
watchdog
- drivers/base/node: handle error properly in register_one_node()
- RDMA/cm: Rate limit destroy CM ID timeout error message
- wifi: mt76: fix potential memory leak in mt76_wmac_probe()
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message
- scsi: qla2xxx: edif: Fix incorrect sign of error code
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES()
- Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems
Running"
- RDMA/core: Resolve MAC of next-hop device without ARP support
- IB/sa: Fix sa_local_svc_timeout_ms read race
- Documentation: trace: historgram-design: Separate sched_waking histogram
section heading and the following diagram
- wifi: ath10k: avoid unnecessary wait for service ready message
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice
- NFSv4.1: fix backchannel max_resp_sz verification check
- usb: vhci-hcd: Prevent suspending virtually attached devices
- RDMA/siw: Always report immediate post SQ errors
- Bluetooth: MGMT: Fix not exposing debug UUID on
MGMT_OP_READ_EXP_FEATURES_INFO
- drivers/base/node: fix double free in register_one_node()
- nfp: fix RSS hash key size when RSS is not supported
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not
configurable
- Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set"
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data()
- ext4: fix checks for orphan inodes
- nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe()
- Input: atmel_mxt_ts - allow reset GPIO to sleep
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call
- fs: always return zero on success from replace_fd()
- clocksource/drivers/clps711x: Fix resource leaks in error paths
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE
- perf evsel: Avoid container_of on a NULL leader
- libperf event: Ensure tracing data is multiple of 8 sized
- clk: at91: peripheral: fix return value
- perf util: Fix compression checks returning -1 as bool
- rtc: x1205: Fix Xicor X1205 vendor prefix
- perf session: Fix handling when buffer exceeds 2 GiB
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate()
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver
- cpufreq: tegra186: Set target frequency for all cpus in policy
- scsi: libsas: Add sas_task_find_rq()
- scsi: mvsas: Delete mvs_tag_init()
- scsi: mvsas: Use sas_task_find_rq() for tagging
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()
- s390/cio: unregister the subchannel while purging
- drm/vmwgfx: Copy DRM hash-table code into driver
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe
- tools build: Align warning options with perf
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes
- drm/amdgpu: Add additional DCE6 SCL registers
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
- drm/amd/display: Properly disable scaling on DCE6
- bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
- gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells
- gpio: wcd934x: mark the GPIO controller as sleeping
- bpf: Avoid RCU context warning when unpinning htab with internal structs
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT
- ACPI: debug: fix signedness issues in read/write helpers
- arm64: dts: qcom: msm8916: Add missing MDSS reset
- ARM: OMAP2+: pm33xx-core: ix device node reference leaks in
amx3_idle_init
- xen/events: Cleanup find_virq() return codes
- xen/manage: Fix suspend error path
- firmware: meson_sm: fix device leak at probe
- media: i2c: mt9v111: fix incorrect type for ret
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep
- bus: mhi: host: Do not use uninitialized 'dev' pointer in
mhi_init_irq_setup()
- copy_sighand: Handle architectures where sizeof(unsigned long) <
sizeof(u64)
- crypto: atmel - Fix dma_unmap_sg() direction
- fs/ntfs3: Fix a resource leak bug in wnd_extend()
- iio: dac: ad5360: use int type to store negative error codes
- iio: dac: ad5421: use int type to store negative error codes
- iio: frequency: adf4350: Fix prescaler usage.
- init: handle bootloader identifier in kernel parameters
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in
resume
- iommu/vt-d: PRS isn't usable if PDS isn't supported
- KEYS: trusted_tpm1: Compare HMAC values in constant time
- lib/genalloc: fix device leak in of_gen_pool_get()
- openat2: don't trigger automounts with RESOLVE_NO_XDEV
- parisc: don't reference obsolete termio struct for TC* constants
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
- powerpc/powernv/pci: Fix underflow and leak issue
- powerpc/pseries/msi: Fix potential underflow and leak issue
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()
- sparc64: fix hugetlb for sun4u
- sparc: fix error handling in scan_one_device()
- mtd: rawnand: fsmc: Default to autodetect buswidth
- mmc: core: SPI mode remove cmd7
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled
- rtc: interface: Fix long-standing race when setting alarm
- rseq/selftests: Use weak symbol reference, not definition, to link with
glibc
- PCI/sysfs: Ensure devices are powered for config reads
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
- PCI/ERR: Fix uevent on failure to recover
- PCI/AER: Fix missing uevent on recovery when a reset is requested
- PCI/AER: Support errors introduced by PCIe r6.0
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on
exit
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq()
- spi: cadence-quadspi: Flush posted register writes before INDAC access
- spi: cadence-quadspi: Flush posted register writes before DAC access
- x86/umip: Check that the instruction opcode is at least two bytes
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT
aliases)
- mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
- ext4: increase i_disksize to offset + len in
ext4_update_disksize_before_punch()
- ext4: correctly handle queries for metadata mappings
- ext4: guard against EA inode refcount underflow in xattr update
- ext4: free orphan info with kvfree
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older
- ASoC: codecs: wcd934x: Simplify with dev_err_probe
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data()
- Squashfs: add additional inode sanity checking
- media: mc: Clear minor number before put device
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register
value
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag
- ksmbd: fix error code overwriting in smb2_get_info_filesystem()
- locking: Introduce __cleanup() based infrastructure
- fscontext: do not consume log entries when returning -EMSGSIZE
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range()
- arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees
- minmax: Introduce {min,max}_array()
- minmax: deduplicate __unconst_integer_typeof()
- minmax: fix indentation of __cmp_once() and __clamp_once()
- minmax: avoid overly complicated constant expressions in VM code
- minmax: add a few more MIN_T/MAX_T users
- minmax: simplify and clarify min_t()/max_t() implementation
- minmax: make generic MIN() and MAX() macros available everywhere
- minmax: don't use max() in situations that want a C constant expression
- minmax: simplify min()/max()/clamp() implementation
- minmax: improve macro expansion and type checking
- minmax: fix up min3() and max3() too
- minmax.h: add whitespace around operators and after commas
- minmax.h: update some comments
- minmax.h: reduce the #define expansion of min(), max() and clamp()
- minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp()
- minmax.h: move all the clamp() definitions after the min/max() ones
- minmax.h: simplify the variants of clamp()
- minmax.h: remove some #defines that are only expanded once
- minixfs: Verify inode mode when loading from disk
- fs: Add 'initramfs_options' to set initramfs mount options
- cramfs: Verify inode mode when loading from disk
- writeback: Avoid softlockup when switching many inodes
- writeback: Avoid excessively long inode switching times
- media: switch from 'pci_' to 'dma_' API
- media: cx18: Add missing check after DMA map
- arm64: mte: Do not flag the zero page as PG_mte_tagged
- media: pci/ivtv: switch from 'pci_' to 'dma_' API
- media: pci: ivtv: Add missing check after DMA map
- xen/events: Update virq_to_irq on migration
- media: pci: ivtv: Add check for DMA map result
- mm/slab: make __free(kfree) accept error pointers
- mptcp: pm: in-kernel: usable client side with C-flag
- selftests: mptcp: join: validate C-flag + def limit
- Linux 5.15.195
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40178
- pid: Add a judgment for ns null in pid_nr_ns
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40134
- dm: fix NULL pointer dereference in __dm_suspend()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40042
- tracing: Fix race condition in kprobe initialization causing NULL
pointer dereference
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40120
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40200
- Squashfs: reject negative file sizes in squashfs_read_inode()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40026
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40179
- ext4: verify orphan file size is not too big
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40204
- sctp: Fix MAC comparison to be constant-time
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40188
- pwm: berlin: Fix wrong register in suspend/resume
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40194
- cpufreq: intel_pstate: Fix object lifecycle issue in
update_qos_request()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40205
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40183
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40187
- net/sctp: fix a null dereference in sctp_disposition
sctp_sf_do_5_1D_ce()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40111
- drm/vmwgfx: Fix Use-after-free in validation
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40001
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40029
- bus: fsl-mc: Check return value of platform_get_resource()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40030
- pinctrl: check the return value of pinmux_ops::get_function_name()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40035
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info
leak
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40153
- mm: hugetlb: avoid soft lockup when mprotect to large memory area
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40043
- net: nfc: nci: Add parameter validation for packet data
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40044
- fs: udf: fix OOB read in lengthAllocDescs handling
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40048
- uio_hv_generic: Let userspace take care of interrupt mask
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40049
- Squashfs: fix uninit-value in squashfs_get_parent
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40053
- net: dlink: handle copy_thresh allocation failure
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40055
- ocfs2: fix double free in user_cluster_connect()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40127
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40140
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40115
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40060
- coresight: trbe: Return NULL pointer for allocation failures
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40112
- sparc: fix accurate exception reporting in copy_{from_to}_user for
Niagara
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40124
- sparc: fix accurate exception reporting in copy_{from_to}_user for
UltraSPARC III
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40126
- sparc: fix accurate exception reporting in copy_{from_to}_user for
UltraSPARC
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40068
- fs: ntfs3: Fix integer overflow in run_unpack()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40121
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40154
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40070
- pps: fix warning in pps_register_cdev when register device fail
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40118
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40116
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40078
- bpf: Explicitly check accesses to bpf_sock_addr
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40171
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40125
- blk-mq: check kobject state_in_sysfs before deleting in
blk_mq_unregister_hctx
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40081
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40027
- net/9p: fix double req put in p9_fd_cancelled
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-40109
- crypto: rng - Ensure set_ent is always present
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2024-58011
- platform/x86: int3472: Check for adev == NULL
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-39995
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in
probe
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-39994
- media: tuner: xc5000: Fix use-after-free in xc5000_release
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-22058
- udp: Fix memory accounting leak.
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-39996
- media: b2c2: Fix use-after-free causing by irq_check_work in
flexcop_pci_remove
* Jammy update: v5.15.195 upstream stable release (LP: #2133909) //
CVE-2025-39998
- scsi: target: target_core_configfs: Add length check to avoid buffer
overflow
* CAP_PERFMON insufficient to get perf data (LP: #2131046)
- SAUCE: perf/core: Allow CAP_PERFMON for paranoid level 4
* Jammy Linux: Introduced Warning with CVE-2024-53090 fix (LP: #2130553)
- SAUCE: Remove warning introduced during CVE-2024-53090 fix
* [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
namespaces (LP: #2121257)
- apparmor: shift ouid when mediating hard links in userns
- apparmor: shift uid when mediating af_unix in userns
* Jammy update: v5.15.194 upstream stable release (LP: #2127866)
- Revert "fbdev: Disable sysfb device registration when removing
conflicting FBs"
- xfs: short circuit xfs_growfs_data_private() if delta is zero
- kunit: kasan_test: disable fortify string checker on kasan_strings()
test
- mm: introduce and use {pgd,p4d}_populate_kernel()
- media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
- media: i2c: imx214: Fix link frequency validation
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
- tracing: Do not add length to print format in synthetic events
- mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
- flexfiles/pNFS: fix NULL checks on result of
ff_layout_choose_ds_for_read
- NFSv4: Don't clear capabilities that won't be reset
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
- tracing: Fix tracing_marker may trigger page fault during
preempt_disable
- NFSv4/flexfiles: Fix layout merge mirror check.
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to
allocate psock->cork.
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
- KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
- KVM: SVM: Set synthesized TSA CPUID flags
- EDAC/altera: Delete an inappropriate dma_free_coherent() call
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined
- ocfs2: fix recursive semaphore deadlock in fiemap call
- mtd: rawnand: stm32_fmc2: fix ECC overwrite
- fuse: check if copy_file_range() returns larger than requested size
- fuse: prevent overflow in copy_file_range return value
- libceph: fix invalid accesses to ceph_connection_v1_info
- mm/khugepaged: fix the address passed to notifier on testing young
- mtd: nand: raw: atmel: Fix comment in timings preparation
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
- mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk
table
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally
- dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
- tunnels: reset the GSO metadata before reusing the skb
- igb: fix link test skipping when interface is admin down
- genirq: Provide new interfaces for affinity hints
- i40e: Use irq_update_affinity_hint()
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
j1939_local_ecu_get() failed
- can: j1939: j1939_local_ecu_get(): undo increment when
j1939_local_ecu_get() fails
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted
SKB
- net: hsr: Disable promiscuous mode in offload mode
- net: hsr: Add support for MC filtering at the slave device
- net: hsr: Add VLAN CTAG filter support
- hsr: use rtnl lock when iterating over ports
- hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
- regulator: sy7636a: fix lifecycle of power good gpio
- hrtimer: Remove unused function
- hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
- hrtimers: Unconditionally update target CPU base after offline timer
migration
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
- phy: tegra: xusb: fix device and OF node leak at probe
- phy: ti-pipe3: fix device leak at unbind
- soc: qcom: mdt_loader: Deal with zero e_shentsize
- drm/amdgpu: fix a memory leak in fence cleanup when unloading
- drm/i915/power: fix size for for_each_set_bit() in abox iteration
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
memory
- net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is
not supported
- wifi: mac80211: fix incorrect type for ret
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section
mismatch
- cgroup: split cgroup_destroy_wq into 3 workqueues
- um: virtio_uml: Fix use-after-free after put_device in probe
- dpaa2-switch: fix buffer pool seeding for control traffic
- qed: Don't collect too many protection override GRC elements
- net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
- i40e: remove redundant memory barrier when cleaning Tx descs
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
- Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
- net: liquidio: fix overflow in octeon_init_instr_queue()
- cnic: Fix use-after-free bugs in cnic_delete_task
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq
battery
- power: supply: bq27xxx: restrict no-battery detection to bq27000
- btrfs: tree-checker: fix the incorrect inode ref size check
- mmc: mvsdio: Fix dma_unmap_sg() nents value
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
- rds: ib: Increment i_fastreg_wrs before bailing out
- ASoC: wm8940: Correct typo in control name
- ASoC: wm8974: Correct PLL rate rounding
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error
message
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
- serial: sc16is7xx: fix bug in flow control levels init
- xhci: dbc: decouple endpoint allocation from initialization
- xhci: dbc: Fix full DbC transfer ring after several reconnects
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
- phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning
- phy: Use device_get_match_data()
- phy: ti: omap-usb2: fix device leak at unbind
- mptcp: set remote_deny_join_id0 on SYN recv
- ksmbd: smbdirect: validate data_offset and data_length field of
smb_direct_data_transfer
- mptcp: propagate shutdown to subflows when possible
- net: rfkill: gpio: add DT support
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized
pointer
- ALSA: usb-audio: Fix block comments in mixer_quirks
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
- ALSA: usb-audio: Convert comma to semicolon
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n
- usb: core: Add 0x prefix to quirks debug output
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
- arm64: dts: imx8mp: Correct thermal sensor index
- cpufreq: Initialize cpufreq-based invariance before subsys
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
- bpf: Reject bpf_timer for PREEMPT_RT
- can: bittiming: allow TDC{V,O} to be zero and add
can_tdc_const::tdc{v,o,f}_min
- can: bittiming: replace CAN units with the generic ones from
linux/units.h
- can: dev: add generic function can_ethtool_op_get_ts_info_hwts()
- can: dev: add generic function can_eth_ioctl_hwts()
- can: etas_es58x: advertise timestamping capabilities and add ioctl
support
- can: etas_es58x: sort the includes by alphabetic order
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
- can: peak_usb: fix shift-out-of-bounds issue
- ethernet: rvu-af: Remove slash from the driver name
- bnxt_en: correct offset handling for IPv6 destination address
- nexthop: Forbid FDB status change while nexthop is in a group
- selftests: fib_nexthops: Fix creation of non-FDB nexthops
- net: dsa: lantiq_gswip: do also enable or disable cpu port
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to
port_setup()
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries
added to the CPU port
- drm/gma500: Fix null dereference in hdmi teardown
- i40e: fix idx validation in i40e_validate_queue_map
- i40e: fix input validation logic for action_meta
- i40e: add max boundary check for VF filters
- i40e: add mask to apply valid bits for itr_idx
- tracing: dynevent: Add a missing lockdown check on dynevent
- fbcon: fix integer overflow in fbcon_do_set_font
- fbcon: Fix OOB access in font allocation
- af_unix: Don't leave consecutive consumed OOB skbs.
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
- mm/hugetlb: fix folio is still mapped when deleted
- i40e: fix validation of VF state in get resources
- i40e: fix idx validation in config queues msg
- i40e: increase max descriptors for XL710
- i40e: add validation for ring_len param
- drm/i915/backlight: Return immediately when scale() finds invalid
parameters
- Linux 5.15.194
* CVE-2024-56538
- drm: zynqmp_kms: Unplug DRM device before removal
* CVE-2024-53114
- tools headers cpufeatures: Sync with the kernel sources
- x86: Fix comment for X86_FEATURE_ZEN
- x86/CPU/AMD: Add ZenX generations flags
- x86/CPU/AMD: Carve out the erratum 1386 fix
- x86/CPU/AMD: Move the Zen3 BTC_NO detection to the Zen3 init function
- x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function
- x86/CPU/AMD: Call the spectral chicken in the Zen2 init function
- x86/CPU/AMD: Rename init_amd_zn() to init_amd_zen_common()
- x86/CPU/AMD: Move Zenbleed check to the Zen2 init function
- x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function
- x86/CPU/AMD: Get rid of amd_erratum_1054[]
- x86/CPU/AMD: Get rid of amd_erratum_383[]
- x86/CPU/AMD: Get rid of amd_erratum_400[]
- x86/CPU/AMD: Get rid of amd_erratum_1485[]
- x86/CPU/AMD: Drop now unused CPU erratum checking function
- x86/CPU/AMD: Add X86_FEATURE_ZEN1
- tools headers x86 cpufeatures: Sync with the kernel sources to pick TDX,
Zen, APIC MSR fence changes
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
- x86/cpu/amd: Fix workaround for erratum 1054
* CVE-2025-38584
- padata: Fix pd UAF once and for all
- padata: Remove comment for reorder_work
* CVE-2025-40019
- crypto: essiv - Check ssize for decryption and in-place encryption
* Black screen when booting 5.15.0-160 (on AMD Lucienne / Cezanne / Navi /
Renoir / Rembrandt) (LP: #2128729)
- SAUCE: drm/amd/display: Fix incorrect code path taken in
amdgpu_dm_atomic_check()
* CVE-2025-38561
- ksmbd: fix Preauh_HashValue race condition
* Miscellaneous Ubuntu changes
- [SAUCE] Fix selftest/net/rtnetlink.sh for Big Endian
* Miscellaneous upstream changes
- selftests: net: use slowwait to stabilize vrf_route_leaking test
-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 09 Jan 2026 18:51:02 +0300
linux (5.15.0-164.174) jammy; urgency=medium
* jammy/linux: 5.15.0-164.174 -proposed tracker (LP: #2131429)
* CVE-2024-53218
- f2fs: fix race in concurrent f2fs_stop_gc_thread
* CVE-2024-47691
- f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
* CVE-2025-39993
- media: rc: fix races with imon_disconnect()
* i40e driver is triggering VF resets on every link state change
(LP: #2130552)
- i40e: avoid redundant VF link state updates
* CVE-2025-40018
- ipvs: Defer ip_vs_ftp unregister during netns cleanup
* CVE-2025-21855
- ibmvnic: Don't reference skb after sending to VIOS
* CVE-2024-50067
- uprobes: encapsulate preparation of uprobe args buffer
- uprobe: avoid out-of-bounds memory access of fetching args
* CVE-2024-53090
- afs: Fix lock recursion
* CVE-2025-39964
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
* CVE-2022-49390
- macsec: fix UAF bug for real_dev
-- Manuel Diewald <manuel.diewald@canonical.com> Fri, 14 Nov 2025 17:49:39 +0100
linux (5.15.0-163.173) jammy; urgency=medium
* jammy/linux: 5.15.0-163.173 -proposed tracker (LP: #2127867)
* Add pvpanic kernel modules to linux-modules (LP: #2126659)
- [Packaging] Add pvpanic kernel modules to linux-modules
* Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
kernel and console (LP: #2123815)
- SAUCE: fix: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record
for multiple object contexts
* Hung task when heavily accessing kernfs files (LP: #2125142)
- kernfs: switch global kernfs_rwsem lock to per-fs lock
- kernfs: dont take i_lock on inode attr read
- kernfs: move struct kernfs_root out of the public view.
- kernfs: Introduce separate rwsem to protect inode attributes.
- kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info.
- kernfs: change kernfs_rename_lock into a read-write lock.
- kernfs: prevent early freeing of root node
- kernfs: remove redundant kernfs_rwsem declaration.
- kernfs: fix NULL dereferencing in kernfs_remove
- kernfs: fix potential NULL dereference in __kernfs_remove
- kernfs: fix missing kernfs_iattr_rwsem locking
* ensure mptcp keepalives are honored when set (LP: #2125444)
- mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
* UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer
dereference (LP: #2125053)
- SAUCE: fan: vxlan: check memory allocation for map
* Jammy update: v5.15.193 upstream stable release (LP: #2127112)
- [Config] enable CONFIG_MITIGATION_VMSCAPE
- Linux 5.15.193
* Jammy update: v5.15.192 upstream stable release (LP: #2126782)
- bpf: Add cookie object to bpf maps
- bpf: Move cgroup iterator helpers to bpf.h
- bpf: Move bpf map owner out of common struct
- bpf: Fix oob access in cgroup local storage
- drm/amd/display: Don't warn when missing DCE encoder caps
- fs: writeback: fix use-after-free in __mark_inode_dirty()
- tee: fix NULL pointer dereference in tee_shm_put
- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
- wifi: cfg80211: fix use-after-free in cmp_bss()
- netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
after confirm
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
- xirc2ps_cs: fix register access when enabling FullDuplex
- mISDN: Fix memory leak in dsp_hwec_enable()
- icmp: fix icmp_ndo_send address translation for reply direction
- i40e: Fix potential invalid access when MAC list is empty
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
- wifi: cw1200: cap SSID length in cw1200_do_join()
- wifi: libertas: cap SSID len in lbs_associate()
- net: thunder_bgx: add a missing of_node_put
- net: thunder_bgx: decrement cleanup index before use
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
- ax25: properly unshare skbs in ax25_kiss_rcv()
- net: atm: fix memory leak in atm_register_sysfs when device_register
fail
- ppp: fix memory leak in pad_compress_skb
- ptp: Add generic PTP is_sync() function
- net: phy: mscc: Fix memory leak when using one step timestamping
- phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
arch_sync_kernel_mappings()
- mm: move page table sync declarations to linux/pgtable.h
- wifi: mwifiex: Initialize the chan_stats array to zero
- drm/amdgpu: drop hw access in non-DC audio fini
- scsi: lpfc: Fix buffer free/clear order in deferred receive path
- batman-adv: fix OOB read/write in network-coding decode
- e1000e: fix heap overflow in e1000_set_eeprom
- mm/khugepaged: fix ->anon_vma race
- cpufreq/sched: Explicitly synchronize limits_changed flag handling
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
- spi: tegra114: Remove unnecessary NULL-pointer checks
- spi: tegra114: Don't fail set_cs_timing when delays are zero
- iio: chemical: pms7003: use aligned_s64 for timestamp
- iio: light: opt3001: fix deadlock due to concurrent flag access
- gpio: pca953x: fix IRQ storm on system wake up
- dma-buf: insert memory barrier before updating num_fences
- dmaengine: mediatek: Fix a possible deadlock error in
mtk_cqdma_tx_status()
- net: dsa: microchip: update tag_ksz masks for KSZ9477 family
- net: dsa: microchip: linearize skb for tail-tagging switches
- vmxnet3: update MTU after device quiesce
- arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs
- randstruct: gcc-plugin: Remove bogus void member
- randstruct: gcc-plugin: Fix attribute addition
- mm/slub: avoid accessing metadata when pointer is invalid in
object_err()
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
- pcmcia: Add error handling for add_interval() in do_validate_mem()
- spi: spi-fsl-lpspi: Fix transmissions when using CONT
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
- drm/bridge: ti-sn65dsi86: fix REFCLK setting
- perf bpf-event: Fix use-after-free in synthesis
- clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
- spi: tegra114: Use value to check for invalid delays
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()
- Linux 5.15.192
* Jammy update: v5.15.191 upstream stable release (LP: #2125626)
- pinctrl: STMFX: add missing HAS_IOMEM dependency
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
- scsi: core: sysfs: Correct sysfs attributes access rights
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name
- nfs: fold nfs_page_group_lock_subrequests into
nfs_lock_and_join_requests
- NFS: Fix a race when updating an existing write
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
- net: ipv4: fix regression in local-broadcast routes
- powerpc/kvm: Fix ifdef to remove build warning
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
- net: dlink: fix multicast stats being counted incorrectly
- phy: mscc: Fix when PTP clock is register and unregister
- net/mlx5e: Update and set Xon/Xoff upon MTU set
- net/mlx5e: Update and set Xon/Xoff upon port speed set
- net/mlx5e: Set local Xoff after FW update
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
- sctp: initialize more fields in sctp_v6_from_sk()
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
- KVM: x86: use array_index_nospec with indices that come from guest
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
- HID: wacom: Add a new Art Pen 2
- HID: hid-ntrig: fix unable to handle page fault in
ntrig_report_version()
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
- drm/nouveau/disp: Always accept linear modifier
- HID: mcp2221: Don't set bus speed on every transfer
- HID: mcp2221: Handle reads greater than 60 bytes
- xfs: do not propagate ENODATA disk errors into xattr code
- Linux 5.15.191
* Jammy update: v5.15.190 upstream stable release (LP: #2122364)
- phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
- USB: serial: option: add Foxconn T99W640
- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
- usb: gadget: configfs: Fix OOB read on empty string write
- i2c: stm32: fix the device used for the DMA map
- thunderbolt: Fix bit masking in tb_dp_port_set_hops()
- Input: xpad - set correct controller type for Acer NGR200
- pch_uart: Fix dma_sync_sg_for_device() nents value
- HID: core: ensure the allocated report buffer can contain the reserved
report ID
- HID: core: ensure __hid_request reserves the report ID as the first byte
- HID: core: do not bypass hid_hw_raw_request
- tracing: Add down_write(trace_event_sem) when adding trace event
- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in
pep_sock_accept()
- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
- af_packet: fix soft lockup issue caused by tpacket_snd()
- dmaengine: nbpfaxi: Fix memory corruption in probe()
- isofs: Verify inode mode when loading from disk
- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
- mmc: bcm2835: Fix dma_unmap_sg() nents value
- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based
Positivo models
- mmc: sdhci_am654: Workaround for Errata i2312
- pmdomain: governor: Consider CPU latency tolerance from
pm_domain_cpu_gov
- soc: aspeed: lpc-snoop: Cleanup resources in stack-order
- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
- iio: adc: max1363: Reorder mode_list[] entries
- iio: adc: stm32-adc: Fix race in installing chained IRQ handler
- comedi: pcl812: Fix bit shift out of bounds
- comedi: aio_iiro_16: Fix bit shift out of bounds
- comedi: das16m1: Fix bit shift out of bounds
- comedi: das6402: Fix bit shift out of bounds
- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
- comedi: Fix some signed shift left operations
- comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
- comedi: Fix initialization of data for instructions that write to
subdevice
- bpf: Reject %p% format string in bprintf-like helpers
- net: emaclite: Fix missing pointer increment in aligned_read()
- rpl: Fix use-after-free in rpl_do_srh_inline().
- pinctrl: mediatek: moore: check if pin_desc is valid before use
- smb: client: fix use-after-free in cifs_oplock_break
- nvme: fix misaccounting of nvme-mpath inflight I/O
- selftests: udpgro: report error when receive failed
- selftests: net: increase inter-packet timeout in udpgro.sh
- hwmon: (corsair-cpro) Validate the size of the received input buffer
- usb: net: sierra: check for no status endpoint
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
- Bluetooth: SMP: If an unallowed command is received consider it a
failure
- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
- lib: bitmap: Introduce node-aware alloc API
- net/mlx5e: Add support to klm_umr_wqe
- net/mlx5: Correctly set gso_size when LRO is used
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during
runtime
- net: bridge: Do not offload IGMP/MLD messages
- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
- sched: Change nr_uninterruptible type to unsigned long
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the
right userns
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime
pm
- usb: hub: Fix flushing of delayed work used for post resume purposes
- usb: musb: Add and use inline functions musb_{get,set}_state
- usb: musb: fix gadget state on disconnect
- usb: dwc3: qcom: Don't leave BCR asserted
- ASoC: fsl_sai: Force a software reset when starting in consumer mode
- mm/vmalloc: leave lazy MMU mode on PTE mapping error
- powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be
changed
- platform/x86: think-lmi: Fix kobject cleanup
- bpf, sockmap: Fix panic when calling skb_linearize
- x86: Fix get_wchan() to support the ORC unwinder
- sched: Add wrapper for get_wchan() to keep task blocked
- x86: Fix __get_wchan() for !STACKTRACE
- x86: Pin task-stack in __get_wchan()
- Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
- regulator: core: fix NULL dereference on unbind due to stale coupling
data
- RDMA/core: Rate limit GID cache warning messages
- interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node
- regmap: fix potential memory leak of regmap_bus
- i40e: Add rx_missed_errors for buffer exhaustion
- i40e: report VF tx_dropped with tx_errors instead of tx_discards
- net: appletalk: Fix use-after-free in AARP proxy probe
- net: hns3: fix concurrent setting vlan filter issue
- net: hns3: disable interrupt when ptp init failed
- net: hns3: fixed vf get max channels bug
- platform/x86: ideapad-laptop: Fix kbd backlight not remembered among
boots
- i2c: qup: jump out of the loop in case of timeout
- i2c: virtio: Avoid hang by using interruptible completion wait
- bus: fsl-mc: Fix potential double device reference in
fsl_mc_get_endpoint()
- ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
- dpaa2-eth: Fix device reference count leak in MAC endpoint handling
- dpaa2-switch: Fix device reference count leak in MAC endpoint handling
- e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
- e1000e: ignore uninitialized checksum word on tgp
- gve: Fix stuck TX queue for DQ queue format
- nilfs2: reject invalid file types when reading inodes
- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
- usb: typec: tcpm: allow to use sink in accessory mode
- usb: typec: tcpm: allow switching to mode accessory to mux properly
- usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach
- x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode()
- jfs: reject on-disk inodes of an unsupported type
- comedi: comedi_test: Fix possible deletion of uninitialized timers
- ALSA: hda: Add missing NVIDIA HDA codec IDs
- usb: chipidea: add USB PHY event
- usb: phy: mxs: disconnect line when USB charger is attached
- ethernet: intel: fix building with large NR_CPUS
- ASoC: Intel: fix SND_SOC_SOF dependencies
- fs_context: fix parameter name in infofc() macro
- hfsplus: remove mutex_lock check in hfsplus_free_extents
- Revert "fs/ntfs3: Replace inode_trylock with inode_lock"
- ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
- ASoC: ops: dynamically allocate struct snd_ctl_elem_value
- selftests: Fix errno checking in syscall_user_dispatch test
- ARM: dts: vfxxx: Correctly use two tuples for timer address
- usb: misc: apple-mfi-fastcharge: Make power supply names unique
- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
- vmci: Prevent the dispatching of uninitialized payloads
- pps: fix poll support
- Revert "vmci: Prevent the dispatching of uninitialized payloads"
- usb: early: xhci-dbc: Fix early_ioremap leak
- arm: dts: ti: omap: Fixup pinheader typo
- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
- arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed
- arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed
- PM / devfreq: Check governor before using governor->name
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode
- cpufreq: Initialize cpufreq-based frequency-invariance later
- cpufreq: Init policy->rwsem before it may be possibly used
- samples: mei: Fix building on musl libc
- staging: nvec: Fix incorrect null termination of battery manufacturer
- selftests/tracing: Fix false failure of subsystem event test
- drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
- bpf, sockmap: Fix psock incorrectly pointing to sk
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
- caif: reduce stack size, again
- wifi: rtl818x: Kill URBs before clearing tx status queue
- wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
- iwlwifi: Add missing check for alloc_ordered_workqueue
- wifi: ath11k: clear initialized flag for deinit-ed srng lists
- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
- net/mlx5: Check device memory pointer before usage
- m68k: Don't unregister boot console needlessly
- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
- netfilter: nf_tables: adjust lockdep assertions handling
- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX
- um: rtc: Avoid shadowing err in uml_rtc_start()
- net/sched: Restrict conditions for adding duplicating netems to qdisc
tree
- net_sched: act_ctinfo: use atomic64_t for three counters
- xen/gntdev: remove struct gntdev_copy_batch from stack
- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
- mwl8k: Add missing check after DMA map
- wifi: mac80211: Don't call fq_flow_idx() for management frames
- wifi: mac80211: Check 802.11 encaps offloading in
ieee80211_tx_h_select_key()
- Reapply "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()"
- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P
IE
- can: kvaser_pciefd: Store device channel index
- can: kvaser_usb: Assign netdev.dev_port based on device channel index
- netfilter: xt_nfacct: don't assume acct name is null-terminated
- selftests: rtnetlink.sh: remove esp4_offload after test
- vrf: Drop existing dst reference in vrf_ip6_input_dst
- PCI: rockchip-host: Fix "Unexpected Completion" log message
- crypto: marvell/cesa - Fix engine load inaccuracy
- mtd: fix possible integer overflow in erase_xfer()
- clk: davinci: Add NULL check in davinci_lpsc_clk_register()
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
- clk: xilinx: vcu: unregister pll_post only if registered correctly
- power: supply: cpcap-charger: Fix null check for
power_supply_get_by_name
- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
- PCI: endpoint: pci-epf-vntb: Return -ENOENT if
pci_epc_get_next_free_bar() fails
- pinctrl: sunxi: Fix memory leak on krealloc failure
- clk: clk-axi-clkgen: fix fpfd_max frequency for zynq
- perf sched: Fix memory leaks for evsel->priv in timehist
- crypto: inside-secure - Fix `dma_unmap_sg()` nents value
- crypto: ccp - Fix crash when rebind ccp device for ccp.ko
- RDMA/hns: Fix -Wframe-larger-than issue
- kernel: trace: preemptirq_delay_test: use offstack cpu mask
- perf tests bp_account: Fix leaked file descriptor
- clk: sunxi-ng: v3s: Fix de clock definition
- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
- scsi: mvsas: Fix dma_unmap_sg() nents value
- scsi: isci: Fix dma_unmap_sg() nents value
- watchdog: ziirave_wdt: check record length in ziirave_firm_verify()
- hwrng: mtk - handle devm_pm_runtime_enable errors
- crypto: keembay - Fix dma_unmap_sg() nents value
- crypto: img-hash - Fix dma_unmap_sg() nents value
- soundwire: stream: restore params when prepare ports fail
- PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem
attribute
- fs/orangefs: Allow 2 more characters in do_c_string()
- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
- dmaengine: nbpfaxi: Add missing check after DMA map
- sh: Do not use hyphen in exported variable name
- crypto: qat - fix seq_file position update in adf_ring_next()
- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
- jfs: fix metapage reference count leak in dbAllocCtl
- mtd: rawnand: atmel: Fix dma_mapping_error() address
- mtd: rawnand: rockchip: Add missing check after DMA map
- mtd: rawnand: atmel: set pmecc data setup time
- vhost-scsi: Fix log flooding with target does not exist errors
- bpf: Check flow_dissector ctx accesses are aligned
- apparmor: ensure WB_HISTORY_SIZE value is a power of 2
- module: Restore the moduleparam prefix length check
- ucount: fix atomic_long_inc_below() argument type
- rtc: ds1307: fix incorrect maximum clock rate handling
- rtc: hym8563: fix incorrect maximum clock rate handling
- rtc: pcf85063: fix incorrect maximum clock rate handling
- rtc: pcf8563: fix incorrect maximum clock rate handling
- rtc: rv3028: fix incorrect maximum clock rate handling
- f2fs: fix KMSAN uninit-value in extent_info usage
- f2fs: doc: fix wrong quota mount option description
- f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
- f2fs: fix to avoid panic in f2fs_evict_inode
- f2fs: fix to avoid out-of-boundary access in devs.path
- scsi: mpt3sas: Fix a fw_event memory leak
- scsi: ufs: core: Use link recovery when h8 exit fails during runtime
resume
- kconfig: qconf: fix ConfigList::updateListAllforAll()
- PCI: pnv_php: Clean up allocated IRQs on unplug
- PCI: pnv_php: Work around switches with broken presence detection
- powerpc/eeh: Export eeh_unfreeze_pe()
- powerpc/eeh: Rely on dev->link_active_reporting
- powerpc/eeh: Make EEH driver device hotplug safe
- PCI: pnv_php: Fix surprise plug detection and recovery
- pNFS/flexfiles: don't attempt pnfs on fatal DS errors
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
- NFSv4.2: another fix for listxattr
- XArray: Add calls to might_alloc()
- NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
- netpoll: prevent hanging NAPI when netcons gets enabled
- phy: mscc: Fix parsing of unicast frames
- pptp: ensure minimal skb length in pptp_xmit()
- net/mlx5: Correctly set gso_segs when LRO is used
- ipv6: reject malicious packets in ipv6_gso_segment()
- net: drop UFO packets in udp_rcv_segment()
- benet: fix BUG when creating VFs
- ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
- smb: server: remove separate empty_recvmsg_queue
- smb: server: make sure we call ib_dma_unmap_single() only if we called
ib_dma_map_single already
- smb: server: let recv_done() consistently call
put_recvmsg/smb_direct_disconnect_rdma_connection
- smb: server: let recv_done() avoid touching data_transfer after
cleanup/move
- smb: client: let recv_done() cleanup before notifying the callers.
- pptp: fix pptp_xmit() error path
- perf/core: Don't leak AUX buffer refcount on allocation failure
- perf/core: Exit early on perf_mmap() fail
- perf/core: Prevent VMA split of buffer mappings
- selftests/perf_events: Add a mmap() correctness test
- USB: serial: option: add Foxconn T99W709
- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
- net: usbnet: Fix the wrong netif_carrier_on() call
- ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe()
- MIPS: mm: tlb-r4k: Uniquify TLB entries on init
- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
- usb: gadget : fix use-after-free in composite_dev_cleanup()
- io_uring: don't use int for ABI
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors
- gpio: virtio: Fix config space reading.
- net: gianfar: fix device leak when querying time stamp info
- net: dpaa: fix device leak when querying time stamp info
- net: usb: asix_devices: add phy_mask for ax88772 mdio bus
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
- NFSD: detect mismatch of file handle and delegation stateid in OPEN op
- sunvdc: Balance device refcount in vdc_port_mpgroup_check
- fs: Prevent file descriptor table allocations exceeding INT_MAX
- eventpoll: Fix semi-unbounded recursion
- Documentation: ACPI: Fix parent device references
- ACPI: processor: perflib: Fix initial _PPC limit application
- ACPI: processor: perflib: Move problematic pr->performance check
- udp: also consider secpath when evaluating ipsec use for checksumming
- netfilter: ctnetlink: fix refcount leak on table dump
- sctp: linearize cloned gso packets in sctp_rcv
- intel_idle: Allow loading ACPI tables for any family
- cpuidle: governors: menu: Avoid using invalid recent intervals data
- ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
- hfs: fix slab-out-of-bounds in hfs_bnode_read()
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
- arm64: Handle KCOV __init vs inline mismatches
- smb/server: avoid deadlock when linking with ReplaceIfExists
- udf: Verify partition map count
- drbd: add missing kref_get in handle_write_conflicts
- hfs: fix not erasing deleted b-tree node issue
- better lockdep annotations for simple_recursive_removal()
- ata: libata-sata: Disallow changing LPM state if not supported
- fs/ntfs3: Add sanity check for file name
- fs/ntfs3: correctly create symlink for relative path
- ext2: Handle fiemap on empty files to prevent EINVAL
- securityfs: don't pin dentries twice, once is enough...
- usb: xhci: print xhci->xhc_state when queue_command failed
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit
time_t
- usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
- usb: xhci: Avoid showing warnings for dying controller
- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
- usb: xhci: Avoid showing errors during surprise removal
- gpio: wcd934x: check the return value of regmap_update_bits()
- cpufreq: Exit governor when failed to start old governor
- ARM: rockchip: fix kernel hang during smp initialization
- PM / devfreq: governor: Replace sscanf() with kstrtoul() in
set_freq_store()
- EDAC/synopsys: Clear the ECC counters on init
- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was
successed
- thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when
required
- tools/nolibc: define time_t in terms of __kernel_old_time_t
- gpio: tps65912: check the return value of regmap_update_bits()
- ARM: tegra: Use I/O memcpy to write to IRAM
- selftests: tracing: Use mutex_unlock for testing glob filter
- ACPI: PRM: Reduce unnecessary printing to avoid user confusion
- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
- thermal: sysfs: Return ENODATA instead of EAGAIN for reads
- PM: sleep: console: Fix the black screen issue
- ACPI: processor: fix acpi_object initialization
- mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
- pps: clients: gpio: fix interrupt handling order in remove path
- reset: brcmstb: Enable reset drivers for ARCH_BCM2835
- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
- x86/bugs: Avoid warning when overriding return thunk
- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
- ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
- usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
- usb: core: usb_submit_urb: downgrade type check
- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
- platform/chrome: cros_ec_typec: Defer probe on missing EC parent
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
- ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
- iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
- ASoC: codecs: rt5640: Retry DEVICE_ID verification
- xen/netfront: Fix TX response spurious interrupts
- ktest.pl: Prevent recursion of default variable options
- wifi: cfg80211: reject HTC bit for management frames
- s390/time: Use monotonic clock in get_cycles()
- be2net: Use correct byte order and format string for TCP seq and ack_seq
- et131x: Add missing check after DMA map
- net: ag71xx: Add missing check after DMA map
- net/mlx5e: Properly access RCU protected qdisc_sleeping variable
- arm64: Mark kernel as tainted on SAE and SError panic
- rcu: Protect ->defer_qs_iw_pending from data race
- net: mctp: Prevent duplicate binds
- wifi: cfg80211: Fix interface type validation
- net: ipv4: fix incorrect MTU in broadcast routes
- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
- sched/deadline: Fix accounting after global limits change
- wifi: iwlwifi: mvm: fix scan request validation
- s390/stp: Remove udelay from stp_sync_clock()
- wifi: mac80211: don't complete management TX on SAE commit
- (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
- ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in
__ipv6_dev_mc_inc().
- drm/msm: use trylock for debugfs
- net: thunderbolt: Fix the parameter passing of
tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
- net: atlantic: add set_power to fw_ops for atl2 to fix wol
- net: fec: allow disable coalescing
- drm/amd/display: Separate set_gsl from set_gsl_source_select
- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
- drm/amd/display: Fix 'failed to blank crtc!'
- wifi: rtlwifi: fix possible skb memory leak in
`_rtl_pci_rx_interrupt()`.
- netmem: fix skb_frag_address_safe with unreadable skbs
- wifi: iwlegacy: Check rate_idx range after addition
- dpaa_eth: don't use fixed_phy_change_carrier
- drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to
manual
- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
- gve: Return error for unknown admin queue command
- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
- net: dsa: b53: prevent DIS_LEARNING access on BCM5325
- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
- wifi: rtlwifi: fix possible skb memory leak in
_rtl_pci_init_one_rxdesc()
- net: ncsi: Fix buffer overflow in fetching version id
- drm/ttm: Should to return the evict error
- uapi: in6: restore visibility of most IPv6 socket options
- drm/ttm: Respect the shrinker core free target
- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
- vhost: fail early when __vhost_add_used() fails
- watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race
condition
- cifs: Fix calling CIFSFindFirst() for root path without msearch
- crypto: hisilicon/hpre - fix dma unmap sequence
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is
allocated
- fs/orangefs: use snprintf() instead of sprintf()
- watchdog: dw_wdt: Fix default timeout
- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
- watchdog: iTCO_wdt: Report error if timeout configuration fails
- scsi: bfa: Double-free fix
- jfs: truncate good inode pages when hard link is 0
- jfs: Regular file corruption check
- jfs: upper bound check of tree index in dbAllocAG
- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ
control
- leds: leds-lp50xx: Handle reg to get correct multi_index
- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
- RDMA/core: reduce stack using in nldev_stat_get_doit()
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport
structure
- scsi: mpt3sas: Correctly handle ATA device errors
- pinctrl: stm32: Manage irq affinity settings
- media: tc358743: Check I2C succeeded during probe
- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
- media: tc358743: Increase FIFO trigger level to 374
- media: usb: hdpvr: disable zero-length read messages
- media: dvb-frontends: dib7090p: fix null-ptr-deref in
dib7090p_rw_on_apb()
- media: dvb-frontends: w7090p: fix null-ptr-deref in
w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
- media: uvcvideo: Fix bandwidth issue for Alcor camera
- crypto: octeontx2 - add timeout for load_fvc completion poll
- md: dm-zoned-target: Initialize return variable r to avoid uninitialized
use
- i3c: add missing include to internal header
- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
- i3c: don't fail if GETHDRCAP is unsupported
- dm-mpath: don't print the "loaded" message if registering fails
- i2c: Force DLL0945 touchpad i2c freq to 100khz
- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
- kconfig: nconf: Ensure null termination where strncpy is used
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
- scsi: target: core: Generate correct identifiers for PR OUT transport
IDs
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY
- ipmi: Use dev_warn_ratelimited() for incorrect message warnings
- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
- kconfig: gconf: fix potential memory leak in renderer_edited()
- kconfig: lxdialog: fix 'space' to (de)select options
- ipmi: Fix strcpy source and destination the same
- net: phy: smsc: add proper reset flags for LAN8710A
- block: avoid possible overflow for chunk_sectors check in
blk_stack_limits()
- pNFS: Fix stripe mapping in block/scsi layout
- pNFS: Fix disk addr range check in block/scsi layout
- pNFS: Handle RPC size limit for layoutcommits
- pNFS: Fix uninited ptr deref in block/scsi layout
- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
- scsi: lpfc: Remove redundant assignment to avoid memory leak
- ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
- ASoC: soc-dai.h: merge DAI call back functions into ops
- ASoC: fsl_sai: replace regmap_write with regmap_update_bits
- ext4: fix largest free orders lists corruption on mb_optimize_scan
switch
- usb: core: config: Prevent OOB read in SS endpoint companion parsing
- misc: rtsx: usb: Ensure mmc child device is active when card is present
- comedi: fix race between polling and detaching
- thunderbolt: Fix copy+paste error in match_service_id()
- cdc-acm: fix race between initial clearing halt and open
- btrfs: fix log tree replay failure due to file with 0 links and extents
- btrfs: do not allow relocation of partially dropped subvolumes
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
- parisc: Makefile: fix a typo in palo.conf
- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
- media: uvcvideo: Do not mark valid metadata as invalid
- HID: magicmouse: avoid setting up battery timer when not needed
- serial: 8250: fix panic due to PSLVERR
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
- m68k: Fix lost column on framebuffer debug console
- usb: atm: cxacru: Merge cxacru_upload_firmware() into
cxacru_heavy_init()
- usb: gadget: udc: renesas_usb3: fix device leak at unbind
- usb: dwc3: meson-g12a: fix device leaks at unbind
- bus: mhi: host: Fix endianness of BHI vector table
- vt: keyboard: Don't process Unicode characters in K_OFF mode
- vt: defkeymap: Map keycodes above 127 to K_HOLE
- lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
- Revert "vgacon: Add check for vc_origin address range in
vgacon_scroll()"
- ext4: check fast symlink for ea_inode correctly
- ext4: fix fsmap end of range reporting with bigalloc
- ext4: fix reserved gdt blocks handling in fsmap
- ext4: don't try to clear the orphan_present feature block device is r/o
- ext4: use kmalloc_array() for array space allocation
- ext4: fix hole length calculation overflow in non-extent inodes
- scsi: mpi3mr: Fix race between config read submit and interrupt
completion
- ata: libata-scsi: Fix ata_to_sense_error() status handling
- zynq_fpga: use sgtable-based scatterlist wrappers
- wifi: brcmsmac: Remove const from tbl_ptr parameter in
wlc_lcnphy_common_read_table()
- wifi: ath11k: fix source ring-buffer corruption
- pwm: imx-tpm: Reset counter if CMOD is 0
- hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
- mtd: spinand: propagate spinand_wait() errors from spinand_write_page()
- mtd: rawnand: fsmc: Add missing check after DMA map
- PCI: endpoint: Fix configfs group list head handling
- PCI: endpoint: Fix configfs group removal on driver teardown
- jbd2: prevent softlockup in jbd2_log_do_checkpoint()
- soc/tegra: pmc: Ensure power-domains are in a known state
- media: gspca: Add bounds checking to firmware parser
- media: hi556: correct the test pattern configuration
- media: imx: fix a potential memory leak in
imx_media_csc_scaler_device_init()
- media: v4l2-ctrls: Don't reset handler's error in
v4l2_ctrl_handler_free()
- media: usbtv: Lock resolution while streaming
- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
- media: ov2659: Fix memory leaks in ov2659_probe()
- media: venus: Add a check for packet size after reading from shared
memory
- media: venus: hfi: explicitly release IRQ during teardown
- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
- media: venus: venc: Clamp param smaller than 1fps and bigger than 240
- drm/amd: Restore cached power limit during resume
- drm/amd/display: Don't overwrite dce60_clk_mgr
- net, hsr: reject HSR frame if skb can't hold tag
- ipv6: sr: Fix MAC comparison to be constant-time
- mptcp: drop skb if MPTCP skb extension allocation fails
- mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
- mm: drop the assumption that VM_SHARED always implies writable
- mm: update memfd seal write check to include F_SEAL_WRITE
- mm: reinstate ability to map write-sealed memfd mappings read-only
- selftests/memfd: add test for mapping write-sealed memfd read-only
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
- drm/sched: Remove optimization that causes hang when killing dependent
jobs
- arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
- f2fs: fix to do sanity check on ino and xnid
- iio: hid-sensor-prox: Restore lost scale assignments
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation
- x86/mce/amd: Add default names for MCA banks and blocks
- usb: hub: avoid warm port reset during USB3 disconnect
- usb: hub: Don't try to recover devices lost during warm reset.
- x86/fpu: Delay instruction pointer fixup until after warning
- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
- smb: server: Fix extension string in ksmbd_extract_shortname()
- hv_netvsc: Fix panic during namespace deletion with VF
- usb: typec: fusb302: cache PD RX state
- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
- block: Make REQ_OP_ZONE_FINISH a write operation
- net: enetc: fix device and OF node leak at probe
- NFS: Create an nfs4_server_set_init_caps() function
- NFS: Fix the setting of capabilities when automounting a new filesystem
- mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
- usb: musb: omap2430: Convert to platform remove callback returning void
- usb: musb: omap2430: fix device leak at unbind
- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
- bus: mhi: host: Detect events pointing to unexpected TREs
- usb: dwc3: imx8mp: fix device leak at unbind
- platform/chrome: cros_ec: Make cros_ec_unregister() return void
- platform/chrome: cros_ec: Use per-device lockdep key
- platform/chrome: cros_ec: remove unneeded label and if-condition
- platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
- net/sched: sch_ets: properly init all active DRR list handles
- net_sched: sch_ets: implement lockless ets_dump()
- net/sched: ets: use old 'nbands' while purging unused classes
- KVM: VMX: Flush shadow VMCS on emergency reboot
- btrfs: populate otime when logging an inode item
- sch_htb: make htb_deactivate() idempotent
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
- kbuild: userprogs: use correct linker when mixing clang and GNU ld
- selftests: mptcp: make sendfile selftest work
- selftests: mptcp: connect: also cover alt modes
- selftests: mptcp: connect: also cover checksum
- selftests: mptcp: add missing join check
- mptcp: fix error mibs accounting
- mptcp: introduce MAPPING_BAD_CSUM
- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
- mptcp: drop unused sk in mptcp_push_release
- mptcp: do not queue data on closed subflows
- scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like
host controllers
- scsi: ufs: ufs-pci: Fix default runtime and system PM levels
- KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix
- memstick: Fix deadlock by moving removing flag earlier
- mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for
consistency
- squashfs: fix memory leak in squashfs_fill_super
- mm/debug_vm_pgtable: clear page table entries at destroy_args()
- ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and
EliteBook 830 G6
- drm/amd/display: Avoid a NULL pointer dereference
- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
- drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
- drm/amd/display: Find first CRTC and its line time in
dce110_fill_display_configs
- drm/amd/display: Fill display clock and vblank time in
dce110_fill_display_configs
- fs/buffer: fix use-after-free when call bh_read() helper
- use uniform permission checks for all mount propagation changes
- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
- ftrace: Also allocate and copy hash for reading of filter files
- iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
- iio: proximity: isl29501: fix buffered read on big-endian systems
- most: core: Drop device reference after usage in get_channel()
- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash
Drive
- comedi: Make insn_rw_emulate_bits() do insn->n samples
- comedi: pcl726: Prevent invalid irq number
- comedi: Fix use of uninitialized memory in do_insn_ioctl() and
do_insnlist_ioctl()
- usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE
test
- usb: renesas-xhci: Fix External ROM access timeouts
- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
- usb: storage: realtek_cr: Use correct byte order for bcs->Residue
- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
- usb: dwc3: Remove WARN_ON for device endpoint command timeouts
- drm/amd/display: Don't overclock DCE 6 by 15%
- mptcp: disable add_addr retransmission when timeout is 0
- f2fs: fix to avoid out-of-boundary access in dnode page
- media: camss: Convert to platform remove callback returning void
- media: qcom: camss: cleanup media device allocated resource on error
path
- media: venus: Add support for SSR trigger using fault injection
- media: venus: protect against spurious interrupts during probe
- locking/barriers, kcsan: Support generic instrumentation
- asm-generic: Add memory barrier dma_mb()
- wifi: ath11k: fix dest ring-buffer corruption when ring is full
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header
- iio: adc: ad_sigma_delta: change to buffer predisable
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
- scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
- scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
- pwm: mediatek: Implement .apply() callback
- pwm: mediatek: Handle hardware enable and clock enable separately
- pwm: mediatek: Fix duty and period setting
- selftests: mptcp: pm: check flush doesn't reset limits
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again
- usb: xhci: Fix slot_id resource race conflict
- iio: imu: inv_icm42600: change invalid data error to -EBUSY
- tracing: Remove unneeded goto out logic
- tracing: Limit access to parser->buffer when trace_get_user failed
- iio: light: as73211: Ensure buffer holes are zeroed
- mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
- x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
- mm/page_alloc: detect allocation forbidden by cpuset and bail out early
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on
cpusets_insane_config_key
- RDMA/bnxt_re: Fix to initialize the PBL array
- net: bridge: fix soft lockup in br_multicast_query_expired()
- scsi: qla4xxx: Prevent a potential error pointer dereference
- iommu/amd: Avoid stack buffer overflow from kernel cmdline
- mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug
- ALSA: usb-audio: Fix size validation in convert_chmap_v3()
- drm/amd/display: Add null pointer check in
mod_hdcp_hdcp1_create_session()
- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
- ppp: fix race conditions in ppp_fill_forward_path
- net: phy: Use netif_rx().
- phy: mscc: Fix timestamping for vsc8584
- net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
- igc: fix disabling L1.2 PCI-E link substate on I226 on init
- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
- net/sched: Remove unnecessary WARNING condition for empty child qdisc in
htb_activate
- bonding: update LACP activity flag after setting lacp_active
- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs
- s390/hypfs: Enable limited access during lockdown
- netfilter: nf_reject: don't leak dst refcount for loopback packets
- wifi: mac80211: check basic rates validity in sta_link_apply_parameters
- alloc_fdtable(): change calling conventions.
- Linux 5.15.190
* UBUNTU: SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
(LP: #2127864)
- SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
* Jammy update: v5.15.190 upstream stable release (LP: #2122364) //
CVE-2024-50047 fix.
- smb: client: fix use-after-free in crypt_message when using async crypto
* CVE-2024-50061
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master
Driver Due to Race Condition
* CVE-2023-53074
- drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
* CVE-2025-38678
- netfilter: nf_tables: reject duplicate device on updates
* CVE-2024-53068
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()
* VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300
- Documentation/hw-vuln: Add VMSCAPE documentation
- x86/vmscape: Enumerate VMSCAPE bug
- x86/vmscape: Add conditional IBPB mitigation
- x86/vmscape: Enable the mitigation
- x86/bugs: Move cpu_bugs_smt_update() down
- x86/vmscape: Warn when STIBP is disabled with SMT
- x86/vmscape: Add old Intel CPUs to affected list
* VMSCAPE CVE-2025-40300 (LP: #2124105)
- [Config] Enable MITIGATION_VMSCAPE config
-- Edoardo Canepa <edoardo.canepa@canonical.com> Tue, 14 Oct 2025 19:35:50 +0200
linux (5.15.0-160.170) jammy; urgency=medium
* jammy/linux: 5.15.0-160.170 -proposed tracker (LP: #2126548)
* [Regression Updates] System hangs when loading audit rules
(5.15.0-156.166) (LP: #2126434)
- netlink: avoid infinite retry looping in netlink_unicast()
-- Stefan Bader <stefan.bader@canonical.com> Wed, 01 Oct 2025 11:49:04 +0200
linux (5.15.0-158.168) jammy; urgency=medium
* jammy/linux: 5.15.0-158.168 -proposed tracker (LP: #2124104)
* [UBUNTU 22.04] s390/pci: Handle PCI error codes other than 0x3a
(LP: #2120344)
- s390/pci: Handle PCI error codes other than 0x3a
* sources list generation using dwarfdump takes up to 0.5hr in build process
(LP: #2104911)
- [Packaging] Don't generate list of source files
* CVE-2024-26700
- drm/amd/display: Fix MST Null Ptr for RV
* CVE-2023-52593
- wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
- wifi: wfx: fix memory leak when starting AP
- wifi: wfx: repair open network AP mode
* CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
-- Stefan Bader <stefan.bader@canonical.com> Tue, 16 Sep 2025 16:14:00 +0200
linux (5.15.0-156.166) jammy; urgency=medium
* jammy/linux: 5.15.0-156.166 -proposed tracker (LP: #2120207)
* minimal kernel lacks modules for blk disk in arm64 openstack environments
where config_drive is required (LP: #2118499)
- [Config] Enable SYM53C8XX_2 on arm64
-- Mehmet Basaran <mehmet.basaran@canonical.com> Sat, 09 Aug 2025 02:40:31 +0300
linux (5.15.0-154.164) jammy; urgency=medium
* jammy/linux: 5.15.0-154.164 -proposed tracker (LP: #2120098)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.08.11)
* warning at iommu_dma_unmap_page when running ibv_rc_pingpong
(LP: #2107816)
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type
* dmesg flooded with errors: amdgpu: DP AUX transfer fail:4 (LP: #2115238)
- drm/amd/display: Avoid flooding unnecessary info messages
* Jammy update: v5.15.189 upstream stable release (LP: #2118995)
- ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode
- fix proc_sys_compare() handling of in-lookup dentries
- vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also
`transport_local`
- net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap
- net: phy: smsc: Fix link failure in forced mode with Auto-MDIX
- atm: clip: Fix memory leak of struct clip_vcc.
- ice: safer stats processing
- rxrpc: Fix oops due to non-existence of prealloc backlog struct
- bpf: fix precision backtracking instruction iteration
- bpf, sockmap: Fix skb refcnt race after locking changes
- xen: replace xen_remap() with memremap()
- x86/mce/amd: Fix threshold limit reset
- x86/mce: Don't remove sysfs if thresholding sysfs init fails
- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
- gre: Fix IPv6 multicast route creation.
- pinctrl: qcom: msm: mark certain pins as invalid for interrupts
- drm/sched: Increment job count before swapping tail spsc queue
- drm/gem: Fix race in drm_gem_handle_create_tail()
- Revert "ACPI: battery: negate current when discharging"
- btrfs: propagate last_unlink_trans earlier when doing a rmdir
- btrfs: use btrfs_record_snapshot_destroy() during rmdir
- RDMA/mlx5: Fix vport loopback for MPV device
- pwm: mediatek: Ensure to disable clocks in error path
- netlink: Fix rmem check in netlink_broadcast_deliver().
- netlink: make sure we allow at least one dump skb
- xhci: Allow RPM on the USB controller (1022:43f7) by default
- usb: xhci: quirk for data loss in ISOC transfers
- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
- Input: xpad - support Acer NGR 200 Controller
- usb:cdnsp: remove TRB_FLUSH_ENDPOINT command
- usb: cdnsp: Replace snprintf() with the safer scnprintf() variant
- usb: cdnsp: Fix issue with CV Bad Descriptor test
- usb: dwc3: Abort suspend on soft disconnect failure
- dma-buf: add dma_resv_for_each_fence_unlocked v8
- dma-buf: use new iterator in dma_resv_wait_timeout
- dma-buf: fix timeout handling in dma_resv_wait_timeout v2
- wifi: zd1211rw: Fix potential NULL pointer dereference in
zd_mac_tx_to_dev()
- smb: server: make use of rdma_destroy_qp()
- ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked()
- net: appletalk: Fix device refcount leak in atrtr_create()
- net: phy: microchip: limit 100M workaround to link-down events on
LAN88xx
- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to
debug level
- net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam()
- bnxt_en: Fix DCB ETS validation
- atm: idt77252: Add missing `dma_map_error()`
- um: vector: Reduce stack usage in vector_eth_configure()
- net: usb: qmi_wwan: add SIMCom 8230C composition
- HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2
- vt: add missing notification when switching back to text mode
- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
- Input: atkbd - do not skip atkbd_deactivate() when skipping
ATKBD_CMD_GETID
- x86/mm: Disable hugetlb page table sharing on 32-bit
- Linux 5.15.189
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38067
- rseq: Fix segfault on registration when rseq_cs is non-zero
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38074
- vhost-scsi: protect vq->log_used with vq->mutex
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38439
- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38441
- netfilter: flowtable: account for Ethernet header in
nf_flow_pppoe_proto()
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38443
- nbd: fix uaf in nbd_genl_connect() error path
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38444
- raid10: cleanup memleak at raid10_make_request
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38445
- md/raid1: Fix stack memory use after return in raid1_reshape
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38375
- virtio-net: ensure the received length does not exceed allocated size
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38448
- usb: gadget: u_serial: Fix race condition in TTY wakeup
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2024-44939
- jfs: fix null ptr deref in dtInsertEntry
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2024-26775
- aoe: avoid potential deadlock at set_capacity
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2022-48703
- thermal/int340x_thermal: handle data_vault when the value is
ZERO_SIZE_PTR
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38457
- net/sched: Abort __tc_modify_qdisc if parent class does not exist
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38458
- atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38459
- atm: clip: Fix infinite recursive call of clip_push().
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38460
- atm: clip: Fix potential null-ptr-deref in to_atmarpd().
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38461
- vsock: Fix transport_* TOCTOU
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38462
- vsock: Fix transport_{g2h,h2g} TOCTOU
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38464
- tipc: Fix use-after-free in tipc_conn_close().
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38465
- netlink: Fix wraparounds of sk->sk_rmem_alloc.
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38466
- perf: Revert to requiring CAP_SYS_ADMIN for uprobes
* Jammy update: v5.15.189 upstream stable release (LP: #2118995) //
CVE-2025-38467
- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
* Jammy update: v5.15.188 upstream stable release (LP: #2118993)
- Linux 5.15.188
* Jammy update: v5.15.187 upstream stable release (LP: #2118977)
- cifs: Fix cifs_query_path_info() for Windows NT servers
- NFSv4: Always set NLINK even if the server doesn't support it
- NFSv4.2: fix listxattr to return selinux security label
- mailbox: Not protect module_put with spin_lock_irqsave
- mfd: max14577: Fix wakeup source leaks on device unbind
- leds: multicolor: Fix intensity setting while SW blinking
- hwmon: (pmbus/max34440) Fix support for max34451
- ksmbd: allow a filename to contain special characters on SMB3.1.1 posix
extension
- dmaengine: xilinx_dma: Set dma_device directions
- md/md-bitmap: fix dm-raid max_write_behind setting
- iio: pressure: zpa2326: Use aligned_s64 for the timestamp
- um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h
- coresight: Only check bottom two claim bits
- usb: dwc2: also exit clock_gating when stopping udc while suspended
- usb: potential integer overflow in usbg_make_tpg()
- usb: common: usb-conn-gpio: use a unique name for usb connector device
- usb: Add checks for snprintf() calls in usb_alloc_dev()
- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
- usb: typec: displayport: Receive DP Status Update NAK request exit dp
altmode
- ALSA: hda: Ignore unsol events for cards being shut down
- ALSA: hda: Add new pci id for AMD GPU display HD audio controller
- ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock
- ceph: fix possible integer overflow in ceph_zero_objects()
- ovl: Check for NULL d_inode() in ovl_dentry_upper()
- fs/jfs: consolidate sanity checking in dbMount
- media: davinci: vpif: Fix memory leak in probe error path
- media: omap3isp: use sgtable-based scatterlist wrappers
- clk: ti: am43xx: Add clkctrl data for am43xx ADC1
- media: imx-jpeg: Drop the first error frames
- f2fs: don't over-report free space or inodes in statvfs
- Drivers: hv: Rename 'alloced' to 'allocated'
- Drivers: hv: vmbus: Add utility function for querying ring size
- uio_hv_generic: Query the ringbuffer size for device
- uio_hv_generic: Align ring size to system page
- fbcon: delete a few unneeded forward decl
- tty/vt: consolemap: rename and document struct uni_pagedir
- vgacon: switch vgacon_scrolldelta() and vgacon_restore_screen()
- vgacon: remove unneeded forward declarations
- tty: vt: make init parameter of consw::con_init() a bool
- tty: vt: sanitize arguments of consw::con_clear()
- tty: vt: make consw::con_switch() return a bool
- dummycon: Trigger redraw when switching consoles with deferred takeover
- platform/x86: ideapad-laptop: use usleep_range() for EC polling
- i2c: tiny-usb: disable zero-length read messages
- i2c: robotfuzz-osif: disable zero-length read messages
- attach_recursive_mnt(): do not lock the covering tree when sliding
something under it
- libbpf: Fix null pointer dereference in btf_dump__free on allocation
failure
- wifi: mac80211: fix beacon interval calculation overflow
- af_unix: Don't set -ECONNRESET for consumed OOB skb.
- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
- um: ubd: Add missing error check in start_io_thread()
- net: enetc: Correct endianness handling in _enetc_rd_reg64
- net: selftests: fix TCP packet checksum
- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()
- dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive
- Bluetooth: L2CAP: Fix L2CAP MTU negotiation
- dm-raid: fix variable in journal device check
- btrfs: update superblock's device bytes_used when dropping chunk
- HID: wacom: fix memory leak on kobject creation failure
- HID: wacom: fix memory leak on sysfs attribute creation failure
- HID: wacom: fix kobject reference count leak
- drm/tegra: Assign plane type before registration
- drm/tegra: Fix a possible null pointer dereference
- drm/udl: Unregister device before cleaning up on disconnect
- drm/amdkfd: Fix race in GWS queue scheduling
- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
- drm/bridge: cdns-dsi: Fix connecting to next bridge
- drm/bridge: cdns-dsi: Check return value when getting default PHY config
- drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready
- drm/amd/display: Add null pointer check for get_first_active_display()
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
- media: uvcvideo: Rollback non processed entities on error
- s390/entry: Fix last breaking event handling in case of stack corruption
- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
- Revert "ipv6: save dontfrag in cork"
- arm64: Restrict pagetable teardown to avoid false warning
- ARM: 9354/1: ptrace: Use bitfield helpers
- rtc: cmos: use spin_lock_irqsave in cmos_interrupt
- vsock/vmci: Clear the vmci transport packet properly when initializing
it
- mmc: sdhci: Add a helper function for dump register in dynamic debug
mode
- Revert "mmc: sdhci: Disable SD card clock before changing parameters"
- usb: typec: altmodes/displayport: do not index invalid pin_assignments
- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data
- mtk-sd: Prevent memory corruption from DMA map failure
- mtk-sd: reset host->mrq on prepare_data() error
- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
- scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database()
- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()
- scsi: ufs: core: Fix spelling of a sysfs attribute name
- RDMA/mlx5: Fix CC counters query for MPV
- btrfs: fix missing error handling when searching for inode refs during
log replay
- drm/exynos: fimd: Guard display clock control with runtime PM calls
- spi: spi-fsl-dspi: Clear completion counter before initiating transfer
- drm/i915/selftests: Change mock_request() to return error pointers
- platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs
callbacks
- drm/i915/gt: Fix timeline left held on VMA alloc error
- igc: disable L1.2 PCI-E link substate to avoid performance issue
- lib: test_objagg: Set error message in check_expect_hints_stats()
- amd-xgbe: align CL37 AN sequence as per databook
- enic: fix incorrect MTU comparison in enic_change_mtu()
- rose: fix dangling neighbour pointers in rose_rt_device_down()
- nui: Fix dma_mapping_error() check
- drm/msm: Fix a fence leak in submit error path
- ALSA: sb: Don't allow changing the DMA mode during operations
- ALSA: sb: Force to disable DMAs once when DMA mode is changed
- ata: pata_cs5536: fix build on 32-bit UML
- powerpc: Fix struct termio related ioctl macros
- scsi: target: Fix NULL pointer dereference in
core_scsi3_decode_spec_i_port()
- wifi: mac80211: drop invalid source address OCB frames
- wifi: ath6kl: remove WARN on bad firmware input
- ACPICA: Refuse to evaluate a method if arguments are missing
- mtd: spinand: fix memory leak of ECC engine conf
- rcu: Return early if callback is not specified
- mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier
- regulator: gpio: Add input_supply support in gpio_regulator_config
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
- drm/v3d: Disable interrupts before resetting the GPU
- NFSv4/flexfiles: Fix handling of NFS level errors in I/O
- ethernet: atl1: Add missing DMA mapping error checks and count errors
- dpaa2-eth: Update dpni_get_single_step_cfg command
- dpaa2-eth: Update SINGLE_STEP register access
- net: dpaa2-eth: rearrange variable in dpaa2_eth_get_ethtool_stats
- dpaa2-eth: fix xdp_rxq_info leak
- platform/x86: think-lmi: Fix class device unregistration
- platform/x86: dell-wmi-sysman: Fix class device unregistration
- xhci: dbctty: disable ECHO flag by default
- xhci: dbc: Flush queued requests before stopping dbc
- usb: cdnsp: do not disable slot for disabled slot
- i2c/designware: Fix an initialization issue
- Logitech C-270 even more broken
- platform/x86: think-lmi: Create ksets consecutively
- usb: typec: displayport: Fix potential deadlock
- [Config] enable TSA mitigation
- KVM: x86: add support for CPUID leaf 0x80000021
- Linux 5.15.187
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2024-36350 // CVE-2024-36357
- x86/bugs: Rename MDS machinery to something more generic
- x86/bugs: Add a Transient Scheduler Attacks mitigation
- x86/CPU/AMD: Properly check the TSA microcode
- x86: Fix X86_FEATURE_VERW_CLEAR definition
- KVM: SVM: Advertise TSA CPUID bits to guests
- x86/process: Move the buffer clearing before MONITOR
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2024-26726
- btrfs: don't drop extent_map for free space inode on write error
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38245
- atm: Release atm_dev_mutex after removing procfs in
atm_dev_deregister().
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38249
- ALSA: usb-audio: Fix out-of-bounds read in
snd_usb_get_audioformat_uac3()
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38251
- atm: clip: prevent NULL deref in clip_push()
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38257
- s390/pkey: Prevent overflow in size calculation for memdup_user()
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38230
- jfs: validate AG parameters in dbMount() to prevent crashes
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38262
- tty: serial: uartlite: register uart driver in init
* Jammy update: v5.15.187 upstream stable release (LP: #2118977) //
CVE-2025-38263
- bcache: fix NULL pointer in cache_set_flush()
* Jammy update: v5.15.186 upstream stable release (LP: #2116904)
- tracing: Fix compilation warning on arm32
- pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31
- pinctrl: armada-37xx: set GPIO output value before setting direction
- acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio()
- rtc: Make rtc_time64_to_tm() support dates before 1970
- rtc: Fix offset calculation for .start_secs < 0
- usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
- usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
- USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB
- usb: usbtmc: Fix timeout value in get_stb
- thunderbolt: Do not double dequeue a configuration request
- gfs2: gfs2_create_inode error handling fix
- perf/core: Fix broken throttling when max_samples_per_tick=1
- crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions
- x86/cpu: Sanitize CPUID(0x80000000) output
- crypto: marvell/cesa - Handle zero-length skcipher requests
- crypto: marvell/cesa - Avoid empty transfer descriptor
- crypto: lrw - Only add ecb if it is not already there
- crypto: xts - Only add ecb if it is not already there
- crypto: sun8i-ce - move fallback ahash_request to the end of the struct
- EDAC/skx_common: Fix general protection fault
- power: reset: at91-reset: Optimize at91_reset()
- PM: wakeup: Delete space in the end of string shown by
pm_show_wakelocks()
- x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()
- ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
- spi: sh-msiof: Fix maximum DMA transfer size
- drm/amd/pp: Fix potential NULL pointer dereference in
atomctrl_initialize_mc_reg_table
- media: rkvdec: Fix frame size enumeration
- fs/ntfs3: handle hdr_first_de() return value
- m68k: mac: Fix macintosh_config for Mac II
- firmware: psci: Fix refcount leak in psci_dt_init
- selftests/seccomp: fix syscall_restart test for arm compat
- drm: rcar-du: Fix memory leak in rcar_du_vsps_init()
- drm/vkms: Adjust vkms_state->active_planes allocation type
- drm/tegra: rgb: Fix the unbound reference count
- firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES
- wifi: ath11k: fix node corruption in ar->arvifs list
- IB/cm: use rwlock for MAD agent lock
- bpf, sockmap: fix duplicated data transmission
- f2fs: fix to do sanity check on sbi->total_valid_block_count
- net: ncsi: Fix GCPS 64-bit member variables
- libbpf: Fix buffer overflow in bpf_object__init_prog
- wifi: rtw88: do not ignore hardware read error during DPK
- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h
- iommu: Protect against overflow in iommu_pgsize()
- f2fs: clean up w/ fscrypt_is_bounce_page()
- f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed()
- libbpf: Use proper errno value in linker
- netfilter: bridge: Move specific fragmented packet to slow_path instead
of dropping it
- netfilter: nft_quota: match correctly when the quota just depleted
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
- bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ
- clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs
- clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
- ktls, sockmap: Fix missing uncharge operation
- libbpf: Use proper errno value in nlattr
- pinctrl: at91: Fix possible out-of-boundary access
- bpf: Fix WARN() in get_bpf_raw_tp_regs
- clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz
- s390/bpf: Store backchain even for leaf progs
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
- wifi: ath9k_htc: Abort software beacon handling if disabled
- netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy
- vfio/type1: Fix error unwind in migration dirty bitmap allocation
- bpf, sockmap: Avoid using sk_socket after free when sending
- netfilter: nft_tunnel: fix geneve_opt dump
- net: usb: aqc111: fix error handling of usbnet read calls
- bpf: Avoid __bpf_prog_ret0_warn when jit fails
- net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy
- calipso: Don't call calipso functions for AF_INET sk.
- net: openvswitch: Fix the dead loop of MPLS parse
- net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames
- f2fs: use d_inode(dentry) cleanup dentry->d_inode
- f2fs: fix to correct check conditions in f2fs_cross_rename
- ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select
- ARM: dts: at91: at91sam9263: fix NAND chip selects
- arm64: dts: imx8mm-beacon: Fix RTC capacitive load
- arm64: dts: imx8mn-beacon: Fix RTC capacitive load
- Squashfs: check return result of sb_min_blocksize
- ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery
- nilfs2: add pointer check for nilfs_direct_propagate()
- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()
- bus: fsl-mc: fix double-free on mc_dev
- ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon
device
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399
Puma with Haikou
- soc: aspeed: lpc: Fix impossible judgment condition
- soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
- perf build: Warn when libdebuginfod devel files are not available
- perf ui browser hists: Set actions->thread before calling
do_zoom_thread()
- backlight: pm8941: Add NULL check in wled_configure()
- perf scripts python: exported-sql-viewer.py: Fix pattern matching with
Python 3
- remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe
- rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send()
- mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in
exynos_lpass_remove()
- mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE
- perf tests switch-tracking: Fix timestamp comparison
- perf record: Fix incorrect --user-regs comments
- nfs: clear SB_RDONLY before getting superblock
- nfs: ignore SB_RDONLY when remounting nfs
- rtc: sh: assign correct interrupts with DT
- PCI: cadence: Fix runtime atomic count underflow
- dmaengine: ti: Add NULL check in udma_probe()
- PCI/DPC: Initialize aer_err_info before using it
- usb: renesas_usbhs: Reorder clock handling and power management in probe
- serial: Fix potential null-ptr-deref in mlb_usio_probe()
- iio: adc: ad7124: Fix 3dB filter frequency reading
- MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a
- vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()
- net: stmmac: platform: guarantee uniqueness of bus_id
- gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt
- net: tipc: fix refcount warning in tipc_aead_encrypt
- driver: net: ethernet: mtk_star_emac: fix suspend/resume issue
- net/mlx4_en: Prevent potential integer overflow calculating Hz
- spi: bcm63xx-spi: fix shared reset
- spi: bcm63xx-hsspi: fix shared reset
- Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION
- ice: create new Tx scheduler nodes for new queues only
- net: dsa: tag_brcm: legacy: fix pskb_may_pull length
- vmxnet3: correctly report gso type for UDP tunnels
- PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
- gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
- netfilter: nf_set_pipapo_avx2: fix initial map fill
- wireguard: device: enable threaded NAPI
- seg6: Fix validation of nexthop addresses
- fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2)
- do_change_type(): refuse to operate on unmounted/not ours mounts
- pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()
- Input: synaptics-rmi4 - convert to use sysfs_emit() APIs
- Input: synaptics-rmi - fix crash with unsupported versions of F34
- arm64: dts: ti: k3-am65-main: Drop deprecated ti,otap-del-sel property
- arm64: dts: ti: k3-am65-main: Fix sdhci node properties
- arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0
- serial: sh-sci: Check if TX data was written to device in .tx_empty()
- serial: sh-sci: Move runtime PM enable to sci_probe_single()
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- scsi: core: ufs: Fix a hang in the error handler
- ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use()
- ath10k: snoc: fix unbalanced IRQ enable in crash recovery
- scsi: iscsi: Fix incorrect error path labels for flashnode operations
- net_sched: sch_sfq: fix a potential crash on gso_skb handling
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
- drm/meson: use unsigned long long / Hz for frequency types
- drm/meson: fix debug log statement when setting the HDMI clocks
- drm/meson: use vclk_freq instead of pixel_freq in debug print
- drm/meson: fix more rounding issues with 59.94Hz modes
- i40e: return false from i40e_reset_vf if reset is in progress
- i40e: retry VFLR handling if there is ongoing VF reset
- net: Fix TOCTOU issue in sk_is_readable()
- macsec: MACsec SCI assignment for ES = 0
- net: mdio: C22 is now optional, EOPNOTSUPP if not provided
- net/mdiobus: Fix potential out-of-bounds read/write access
- net/mlx5: Ensure fw pages are always allocated on same NUMA
- net/mlx5: Fix return value when searching for existing flow group
- net_sched: red: fix a race in __red_change()
- net_sched: tbf: fix a race in tbf_change()
- net_sched: ets: fix a race in ets_qdisc_change()
- fs/filesystems: Fix potential unsigned integer underflow in fs_name()
- nvmet-fcloop: access fcpreq only when holding reqlock
- perf: Ensure bpf_perf_link path is properly serialized
- ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and
posix_cpu_timer_del()
- x86/boot/compressed: prefer cc-option for CFLAGS additions
- MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option
- MIPS: Prefer cc-option for additions to cflags
- kbuild: Update assembler calls to use proper flags and language target
- drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang
- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation
- kbuild: Add CLANG_FLAGS to as-instr
- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS
- kbuild: Add KBUILD_CPPFLAGS to as-option invocation
- drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for
clang
- usb: usbtmc: Fix read_stb function and get_stb ioctl
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
- usb: cdnsp: Fix issue with detecting command completion event
- usb: cdnsp: Fix issue with detecting USB 3.2 speed
- usb: Flush altsetting 0 endpoints before reinitializating them after
reset.
- usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()
- xen/arm: call uaccess_ttbr0_enable for dm_op hypercall
- x86/iopl: Cure TIF_IO_BITMAP inconsistencies
- calipso: unlock rcu before returning -EAFNOSUPPORT
- net: usb: aqc111: debug info before sanitation
- drm/meson: Use 1000ULL when operating with mode->clock
- kbuild: userprogs: fix bitsize and target detection on clang
- kbuild: hdrcheck: fix cross build with clang
- xfs: allow inode inactivation during a ro mount log recovery
- configfs: Do not override creating attribute file failure in
populate_attrs()
- crypto: marvell/cesa - Do not chain submitted requests
- gfs2: move msleep to sleepable context
- ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()
- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing
- powerpc/pseries/msi: Avoid reading PCI device registers in reduced power
states
- net/mlx5_core: Add error handling
inmlx5_query_nic_vport_qkey_viol_cntr()
- net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()
- wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
- nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request
- nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
- jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()
- wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
- media: ov8856: suppress probe deferral errors
- media: ccs-pll: Start VT pre-PLL multiplier search from correct value
- media: ccs-pll: Start OP pre-PLL multiplier search from correct value
- media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div
- media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case
- media: cxusb: no longer judge rbuf when the write fails
- media: gspca: Add error handling for stv06xx_read_sensor()
- media: v4l2-dev: fix error handling in __video_register_device()
- media: venus: Fix probe error handling
- media: videobuf2: use sgtable-based scatterlist wrappers
- media: vidtv: Terminating the subsequent process of initialization
failure
- media: vivid: Change the siize of the composing
- media: uvcvideo: Return the number of processed controls
- media: uvcvideo: Send control events for partial succeeds
- media: uvcvideo: Fix deferred probing error
- ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()
- ARM: omap: pmic-cpcap: do not mess around without CPCAP or OMAP4
- bus: mhi: host: Fix conflict between power_up and SYSERR
- can: tcan4x5x: fix power regulator retrieval during probe
- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
- bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
- bus: fsl-mc: fix GET/SET_TAILDROP command ids
- ext4: inline: fix len overflow in ext4_prepare_inline_data
- ext4: fix calculation of credits for extent tree modification
- ext4: factor out ext4_get_maxbytes()
- ext4: ensure i_size is smaller than maxbytes
- Input: ims-pcu - check record size in ims_pcu_flash_firmware()
- f2fs: prevent kernel warning due to negative i_nlink from corrupted
image
- f2fs: fix to do sanity check on sit_bitmap_size
- NFC: nci: uart: Set tty->disc_data only in success path
- EDAC/altera: Use correct write width with the INTTEST register
- fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
- vgacon: Add check for vc_origin address range in vgacon_scroll()
- parisc: fix building with gcc-15
- clk: meson-g12a: add missing fclk_div2 to spicc
- ipc: fix to protect IPCS lookups using RCU
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
- mm: fix ratelimit_pages update error in dirty_ratio_handler()
- mtd: rawnand: sunxi: Add randomizer configuration in
sunxi_nfc_hw_ecc_write_chunk
- mtd: nand: sunxi: Add randomizer configuration before randomizer enable
- dm-mirror: fix a tiny race condition
- ftrace: Fix UAF when lookup kallsym after ftrace disabled
- net: ch9200: fix uninitialised access during mii_nway_restart
- staging: iio: ad5933: Correct settling cycles encoding per datasheet
- mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
- regulator: max14577: Add error check for max14577_read_reg()
- remoteproc: core: Cleanup acquired resources when
rproc_handle_resources() fails in rproc_attach()
- remoteproc: core: Release rproc->clean_table after rproc_attach() fails
- uio_hv_generic: Use correct size for interrupt and monitor pages
- PCI: cadence-ep: Correct PBA offset in .set_msix() callback
- PCI: Add ACS quirk for Loongson PCIe
- PCI: Fix lock symmetry in pci_slot_unlock()
- PCI: dw-rockchip: Fix PHY function call sequence in
rockchip_pcie_phy_deinit()
- iio: accel: fxls8962af: Fix temperature scan element sign
- iio: imu: inv_icm42600: Fix temperature calculation
- iio: adc: ad7606_spi: fix reg write value mask
- ACPICA: fix acpi operand cache leak in dswstate.c
- clocksource: Fix the CPUs' choice in the watchdog per CPU verification
- ACPICA: Avoid sequence overread in call to strncmp()
- ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change
- ACPI: bus: Bail out if acpi_kobj registration fails
- ACPICA: fix acpi parse and parseext cache leaks
- power: supply: bq27xxx: Retrieve again when busy
- ACPICA: utilities: Fix overflow check in vsnprintf()
- ASoC: tegra210_ahub: Add check to of_device_get_match_data()
- PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()
- ACPI: battery: negate current when discharging
- drm/amdgpu/gfx6: fix CSIB handling
- sunrpc: update nextcheck time when adding new cache entries
- drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling
disable_irq()
- exfat: fix double free in delayed_free
- drm/bridge: anx7625: change the gpiod_set_value API
- media: i2c: imx334: Enable runtime PM before sub-device registration
- drm/msm/hdmi: add runtime PM calls to DDC transfer function
- media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition
- drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit()
- drm/msm/a6xx: Increase HFI response timeout
- media: i2c: imx334: Fix runtime PM handling in remove function
- drm/amdgpu/gfx10: fix CSIB handling
- media: ccs-pll: Better validate VT PLL branch
- media: uapi: v4l: Change V4L2_TYPE_IS_CAPTURE condition
- drm/amdgpu/gfx7: fix CSIB handling
- ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in
ext4_ext_remove_space()
- jfs: fix array-index-out-of-bounds read in add_missing_indices
- media: ti: cal: Fix wrong goto on error path
- media: rkvdec: Initialize the m2m context before the controls
- sunrpc: fix race in cache cleanup causing stale nextcheck time
- ext4: prevent stale extent cache entries caused by concurrent get
es_cache
- drm/amdgpu/gfx8: fix CSIB handling
- drm/amdgpu/gfx9: fix CSIB handling
- jfs: Fix null-ptr-deref in jfs_ioc_trim
- drm/msm/dpu: don't select single flush for active CTL blocks
- drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB
- media: tc358743: ignore video while HPD is low
- media: platform: exynos4-is: Add hardware sync wait to
fimc_is_hw_change_mode()
- media: i2c: imx334: update mode_3840x2160_regs array
- nios2: force update_mmu_cache on spurious tlb-permission--related
pagefaults
- pmdomain: ti: Fix STANDBY handling of PER power domain
- thermal/drivers/qcom/tsens: Update conditions to strictly evaluate for
IP v2+
- cpufreq: Force sync policy boost with global boost on sysfs update
- net: macb: Check return value of dma_set_mask_and_coherent()
- tipc: use kfree_sensitive() for aead cleanup
- i2c: designware: Invoke runtime suspend on quick slave re-registration
- emulex/benet: correct command version selection in be_cmd_get_stats()
- wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R
- sctp: Do not wake readers in __sctp_write_space()
- cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
- i2c: npcm: Add clock toggle recovery
- net: dlink: add synchronization for stats update
- tcp: always seek for minimal rtt in tcp_rcv_rtt_update()
- tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
- ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT
- net: atlantic: generate software timestamp just before the doorbell
- pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()
- pinctrl: armada-37xx: propagate error from
armada_37xx_gpio_get_direction()
- pinctrl: armada-37xx: propagate error from
armada_37xx_pmx_gpio_set_direction()
- pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()
- net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info
- wifi: mac80211: do not offer a mesh path if forwarding is disabled
- clk: rockchip: rk3036: mark ddrphy as critical
- libbpf: Add identical pointer detection to btf_dedup_is_equiv()
- scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64
commands
- iommu/amd: Ensure GA log notifier callbacks finish running before module
unload
- net: bridge: mcast: re-implement br_multicast_{enable, disable}_port
functions
- vxlan: Do not treat dst cache initialization errors as fatal
- software node: Correct a OOB check in software_node_get_reference_args()
- pinctrl: mcp23s08: Reset all pins to input at probe
- scsi: lpfc: Use memcpy() for BIOS version
- sock: Correct error checking condition for (assign|release)_proto_idx()
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
- bpf, sockmap: Fix data lost during EAGAIN retries
- octeontx2-pf: Add error log forcn10k_map_unmap_rq_policer()
- watchdog: da9052_wdt: respect TWDMIN
- bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value
- ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
- tee: Prevent size calculation wraparound on 32-bit kernels
- Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices
first"
- platform/x86: dell_rbu: Fix list usage
- platform/x86: dell_rbu: Stop overwriting data buffer
- powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH
recovery
- Revert "x86/bugs: Make spectre user default depend on
MITIGATION_SPECTRE_V2" on v6.6 and older
- drivers/rapidio/rio_cm.c: prevent possible heap overwrite
- jffs2: check that raw node were preallocated before writing summary
- jffs2: check jffs2_prealloc_raw_node_refs() result in few other places
- scsi: storvsc: Increase the timeouts to storvsc_timeout
- scsi: s390: zfcp: Ensure synchronous unit_add
- udmabuf: use sgtable-based scatterlist wrappers
- selftests/x86: Add a test to detect infinite SIGTRAP handler loop
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len
- atm: Revert atm_account_tx() if copy_from_iter_full() fails.
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
- block: default BLOCK_LEGACY_AUTOLOAD to y
- Input: sparcspkr - avoid unannotated fall-through
- ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound
card
- ALSA: hda/intel: Add Thinkpad E15 to PM deny list
- ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
- iio: accel: fxls8962af: Fix temperature calculation
- mm/hugetlb: unshare page tables during VMA split, not before
- mm: hugetlb: independent PMD page table shared count
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
- erofs: remove unused trace event erofs_destroy_inode
- drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate
- drm/nouveau/bl: increase buffer size to avoid truncate warning
- hwmon: (occ) Add soft minimum power cap attribute
- hwmon: (occ) Rework attribute registration for stack usage
- hwmon: (occ) fix unaligned accesses
- pldmfw: Select CRC32 when PLDMFW is selected
- aoe: clean device rq_list in aoedev_downdev()
- net: ice: Perform accurate aRFS flow match
- ptp: fix breakage after ptp_vclock_in_use() rework
- wifi: carl9170: do not ping device which has failed to load firmware
- mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().
- atm: atmtcp: Free invalid length skb in atmtcp_c_send().
- tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen()
behavior
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
- net: atm: add lec_mutex
- net: atm: fix /proc/net/atm/lec handling
- ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board
- ARM: dts: am335x-bone-common: Increase MDIO reset deassert time
- ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms
- serial: sh-sci: Increment the runtime usage counter for the earlycon
device
- Revert "cpufreq: tegra186: Share policy per cluster"
- arm64: move AARCH64_BREAK_FAULT into insn-def.h
- arm64: insn: add encoders for atomic operations
- arm64: insn: Add support for encoding DSB
- arm64: proton-pack: Expose whether the platform is mitigated by firmware
- arm64: proton-pack: Expose whether the branchy loop k value
- arm64: spectre: increase parameters that can be used to turn off bhb
mitigation individually
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
- net_sched: sch_sfq: reject invalid perturb period
- mm/huge_memory: fix dereferencing invalid pmd migration entry
- ext4: make 'abort' mount option handling standard
- ext4: avoid remount errors with 'abort' mount option
- net: Fix checksum update for ILA adj-transport
- bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE
- s390/pci: Fix __pcilg_mio_inuser() inline assembly
- perf: Fix sample vs do_exit()
- arm64/ptrace: Fix stack-out-of-bounds read in
regs_get_kernel_stack_nth()
- scsi: elx: efct: Fix memory leak in efct_hw_parse_filter()
- scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
- Linux 5.15.186
* CVE-2024-57996 // CVE-2025-37752
- net_sched: sch_sfq: annotate data-races around q->perturb_period
- net_sched: sch_sfq: handle bigger packets
- net_sched: sch_sfq: don't allow 1 packet limit
- net_sched: sch_sfq: use a temporary work area for validating
configuration
- net_sched: sch_sfq: move the limit validation
* CVE-2025-38350
- net/sched: Always pass notifications when child class becomes empty
* CVE-2024-27407
- fs/ntfs3: Fixed overflow check in mi_enum_attr()
* watchdog: BUG: soft lockup - CPU#6 stuck for 5718s! [wdavdaemon:1134] with
5.15.0-144-generic (LP: #2118407)
- fs/proc: do_task_stat: use __for_each_thread()
-- Mehmet Basaran <mehmet.basaran@canonical.com> Fri, 08 Aug 2025 13:43:15 +0300
# For older changelog entries, run 'apt-get changelog linux-tools-5.15.0-176'
Generated by dwww version 1.14 on Sat Jun 13 03:50:32 CEST 2026.