[ubuntu/jammy-proposed] linux 5.15.0-165.175 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Dec 3 00:55:57 UTC 2025
linux (5.15.0-165.175) jammy; urgency=medium
* jammy/linux: 5.15.0-165.175 -proposed tracker (LP: #2132307)
* CAP_PERFMON insufficient to get perf data (LP: #2131046)
- SAUCE: perf/core: Allow CAP_PERFMON for paranoid level 4
* Jammy Linux: Introduced Warning with CVE-2024-53090 fix (LP: #2130553)
- SAUCE: Remove warning introduced during CVE-2024-53090 fix
* [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
namespaces (LP: #2121257)
- apparmor: shift ouid when mediating hard links in userns
- apparmor: shift uid when mediating af_unix in userns
* i40e driver is triggering VF resets on every link state change
(LP: #2130552)
- i40e: avoid redundant VF link state updates
* Jammy update: v5.15.194 upstream stable release (LP: #2127866)
- Revert "fbdev: Disable sysfb device registration when removing
conflicting FBs"
- xfs: short circuit xfs_growfs_data_private() if delta is zero
- kunit: kasan_test: disable fortify string checker on kasan_strings()
test
- mm: introduce and use {pgd,p4d}_populate_kernel()
- media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
- media: i2c: imx214: Fix link frequency validation
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
- tracing: Do not add length to print format in synthetic events
- mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
- flexfiles/pNFS: fix NULL checks on result of
ff_layout_choose_ds_for_read
- NFSv4: Don't clear capabilities that won't be reset
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
- tracing: Fix tracing_marker may trigger page fault during
preempt_disable
- NFSv4/flexfiles: Fix layout merge mirror check.
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to
allocate psock->cork.
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
- KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
- KVM: SVM: Set synthesized TSA CPUID flags
- EDAC/altera: Delete an inappropriate dma_free_coherent() call
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined
- ocfs2: fix recursive semaphore deadlock in fiemap call
- mtd: rawnand: stm32_fmc2: fix ECC overwrite
- fuse: check if copy_file_range() returns larger than requested size
- fuse: prevent overflow in copy_file_range return value
- libceph: fix invalid accesses to ceph_connection_v1_info
- mm/khugepaged: fix the address passed to notifier on testing young
- mtd: nand: raw: atmel: Fix comment in timings preparation
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
- mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk
table
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally
- dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
- tunnels: reset the GSO metadata before reusing the skb
- igb: fix link test skipping when interface is admin down
- genirq: Provide new interfaces for affinity hints
- i40e: Use irq_update_affinity_hint()
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
j1939_local_ecu_get() failed
- can: j1939: j1939_local_ecu_get(): undo increment when
j1939_local_ecu_get() fails
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted
SKB
- net: hsr: Disable promiscuous mode in offload mode
- net: hsr: Add support for MC filtering at the slave device
- net: hsr: Add VLAN CTAG filter support
- hsr: use rtnl lock when iterating over ports
- hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
- regulator: sy7636a: fix lifecycle of power good gpio
- hrtimer: Remove unused function
- hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
- hrtimers: Unconditionally update target CPU base after offline timer
migration
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
- phy: tegra: xusb: fix device and OF node leak at probe
- phy: ti-pipe3: fix device leak at unbind
- soc: qcom: mdt_loader: Deal with zero e_shentsize
- drm/amdgpu: fix a memory leak in fence cleanup when unloading
- drm/i915/power: fix size for for_each_set_bit() in abox iteration
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
memory
- net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is
not supported
- wifi: mac80211: fix incorrect type for ret
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section
mismatch
- cgroup: split cgroup_destroy_wq into 3 workqueues
- um: virtio_uml: Fix use-after-free after put_device in probe
- dpaa2-switch: fix buffer pool seeding for control traffic
- qed: Don't collect too many protection override GRC elements
- net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
- i40e: remove redundant memory barrier when cleaning Tx descs
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
- Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
- net: liquidio: fix overflow in octeon_init_instr_queue()
- cnic: Fix use-after-free bugs in cnic_delete_task
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq
battery
- power: supply: bq27xxx: restrict no-battery detection to bq27000
- btrfs: tree-checker: fix the incorrect inode ref size check
- mmc: mvsdio: Fix dma_unmap_sg() nents value
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
- rds: ib: Increment i_fastreg_wrs before bailing out
- ASoC: wm8940: Correct typo in control name
- ASoC: wm8974: Correct PLL rate rounding
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error
message
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
- serial: sc16is7xx: fix bug in flow control levels init
- xhci: dbc: decouple endpoint allocation from initialization
- xhci: dbc: Fix full DbC transfer ring after several reconnects
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
- phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning
- phy: Use device_get_match_data()
- phy: ti: omap-usb2: fix device leak at unbind
- mptcp: set remote_deny_join_id0 on SYN recv
- ksmbd: smbdirect: validate data_offset and data_length field of
smb_direct_data_transfer
- mptcp: propagate shutdown to subflows when possible
- net: rfkill: gpio: add DT support
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized
pointer
- ALSA: usb-audio: Fix block comments in mixer_quirks
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
- ALSA: usb-audio: Convert comma to semicolon
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n
- usb: core: Add 0x prefix to quirks debug output
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
- arm64: dts: imx8mp: Correct thermal sensor index
- cpufreq: Initialize cpufreq-based invariance before subsys
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
- bpf: Reject bpf_timer for PREEMPT_RT
- can: bittiming: allow TDC{V,O} to be zero and add
can_tdc_const::tdc{v,o,f}_min
- can: bittiming: replace CAN units with the generic ones from
linux/units.h
- can: dev: add generic function can_ethtool_op_get_ts_info_hwts()
- can: dev: add generic function can_eth_ioctl_hwts()
- can: etas_es58x: advertise timestamping capabilities and add ioctl
support
- can: etas_es58x: sort the includes by alphabetic order
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
- can: peak_usb: fix shift-out-of-bounds issue
- ethernet: rvu-af: Remove slash from the driver name
- bnxt_en: correct offset handling for IPv6 destination address
- nexthop: Forbid FDB status change while nexthop is in a group
- selftests: fib_nexthops: Fix creation of non-FDB nexthops
- net: dsa: lantiq_gswip: do also enable or disable cpu port
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to
port_setup()
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries
added to the CPU port
- drm/gma500: Fix null dereference in hdmi teardown
- i40e: fix idx validation in i40e_validate_queue_map
- i40e: fix input validation logic for action_meta
- i40e: add max boundary check for VF filters
- i40e: add mask to apply valid bits for itr_idx
- tracing: dynevent: Add a missing lockdown check on dynevent
- fbcon: fix integer overflow in fbcon_do_set_font
- fbcon: Fix OOB access in font allocation
- af_unix: Don't leave consecutive consumed OOB skbs.
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize()
- mm/hugetlb: fix folio is still mapped when deleted
- i40e: fix validation of VF state in get resources
- i40e: fix idx validation in config queues msg
- i40e: increase max descriptors for XL710
- i40e: add validation for ring_len param
- drm/i915/backlight: Return immediately when scale() finds invalid
parameters
- Linux 5.15.194
* CVE-2025-40019
- crypto: essiv - Check ssize for decryption and in-place encryption
* CVE-2024-56538
- drm: zynqmp_kms: Unplug DRM device before removal
* CVE-2025-39993
- media: rc: fix races with imon_disconnect()
* CVE-2024-53218
- f2fs: fix race in concurrent f2fs_stop_gc_thread
* CVE-2024-47691
- f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
* CVE-2025-40018
- ipvs: Defer ip_vs_ftp unregister during netns cleanup
* CVE-2024-53114
- tools headers cpufeatures: Sync with the kernel sources
- x86: Fix comment for X86_FEATURE_ZEN
- x86/CPU/AMD: Add ZenX generations flags
- x86/CPU/AMD: Carve out the erratum 1386 fix
- x86/CPU/AMD: Move the Zen3 BTC_NO detection to the Zen3 init function
- x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function
- x86/CPU/AMD: Call the spectral chicken in the Zen2 init function
- x86/CPU/AMD: Rename init_amd_zn() to init_amd_zen_common()
- x86/CPU/AMD: Move Zenbleed check to the Zen2 init function
- x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function
- x86/CPU/AMD: Get rid of amd_erratum_1054[]
- x86/CPU/AMD: Get rid of amd_erratum_383[]
- x86/CPU/AMD: Get rid of amd_erratum_400[]
- x86/CPU/AMD: Get rid of amd_erratum_1485[]
- x86/CPU/AMD: Drop now unused CPU erratum checking function
- x86/CPU/AMD: Add X86_FEATURE_ZEN1
- tools headers x86 cpufeatures: Sync with the kernel sources to pick TDX,
Zen, APIC MSR fence changes
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
- x86/cpu/amd: Fix workaround for erratum 1054
* CVE-2025-39964
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
* CVE-2022-49390
- macsec: fix UAF bug for real_dev
* CVE-2025-38584
- padata: Fix pd UAF once and for all
- padata: Remove comment for reorder_work
* CVE-2025-21855
- ibmvnic: Don't reference skb after sending to VIOS
* CVE-2024-53090
- afs: Fix lock recursion
* CVE-2024-50067
- uprobes: encapsulate preparation of uprobe args buffer
- uprobe: avoid out-of-bounds memory access of fetching args
Date: 2025-11-25 16:45:12.854740+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/5.15.0-165.175
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list