[ubuntu/jammy-security] linux-xilinx-zynqmp 5.15.0-1050.54 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu Jun 26 07:55:35 UTC 2025
linux-xilinx-zynqmp (5.15.0-1050.54) jammy; urgency=medium
* jammy/linux-xilinx-zynqmp: 5.15.0-1050.54 -proposed tracker (LP: #2110826)
[ Ubuntu: 5.15.0-142.152 ]
* jammy/linux: 5.15.0-142.152 -proposed tracker (LP: #2110829)
* Rotate the Canonical Livepatch key (LP: #2111244)
- [Config] Prepare for Canonical Livepatch key rotation
* Jammy generic-64k fails to initialize gVNIC devices (LP: #2109537)
- gve: Perform adminq allocations through a dma_pool.
- gve: Deprecate adminq_pfn for pci revision 0x1.
- gve: Remove obsolete checks that rely on page size.
- gve: Add page size register to the register_page_list command.
- gve: Remove dependency on 4k page size.
* CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
(LP: #2099914) // CVE-2025-2312
- CIFS: New mount option for cifs.upcall namespace resolution
* [UBUNTU 22.04] net/smc: fix neighbour and rtable leak in smc_ib_find_route()
(LP: #2109601) // CVE-2024-36945
- net/smc: fix neighbour and rtable leak in smc_ib_find_route()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355)
- clockevents/drivers/i8253: Fix stop sequence for timer 0
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full
- fbdev: hyperv_fb: iounmap() the correct memory when removing a device
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
- netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
- net: dsa: mv88e6xxx: Verify after ATU Load ops
- netpoll: hold rcu read lock in __netpoll_send_skb()
- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
- ipvs: prevent integer overflow in do_ip_vs_get_ctl()
- netfilter: nft_exthdr: fix offset with ipv4_find_option()
- gre: Fix IPv6 link-local address generation.
- slab: clean up function prototypes
- slab: Introduce kmalloc_size_roundup()
- openvswitch: Use kmalloc_size_roundup() to match ksize() usage
- net: openvswitch: remove misbehaving actions length check
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
- nvme-fc: go straight to connecting state when initializing
- hrtimers: Mark is_migration_base() with __always_inline
- powercap: call put_device() on an error path in
powercap_register_control_type()
- scsi: core: Use GFP_NOIO to avoid circular locking dependency
- ACPI: resource: IRQ override for Eluktronics MECH-17
- alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
- vboxsf: fix building with GCC 15
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
- sched: Clarify wake_up_q()'s write to task->wake_q.next
- s390/cio: Fix CHPID "configure" attribute caching
- thermal/cpufreq_cooling: Remove structure member documentation
- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done
- sctp: Fix undefined behavior in left shift operation
- nvme: only allow entering LIVE from CONNECTING state
- ASoC: tas2770: Fix volume scale
- ASoC: tas2764: Fix power control mask
- ASoC: tas2764: Set the SDOUT polarity correctly
- fuse: don't truncate cached, mutated symlink
- x86/irq: Define trace events conditionally
- mptcp: safety check before fallback
- drm/nouveau: Do not override forced connector status
- block: fix 'kmem_cache of name 'bio-108' already exists'
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
- USB: serial: option: add Telit Cinterion FE990B compositions
- USB: serial: option: fix Telit Cinterion FE990A name
- USB: serial: option: match on interface class for Telit FN990B
- drm/atomic: Filter out redundant DPMS calls
- drm/amd/display: Restore correct backlight brightness after a GPU reset
- qlcnic: fix memory leak issues in qlcnic_sriov_common.c
- lib/buildid: Handle memfd_secret() files in build_id_parse()
- tcp: fix races in tcp_abort()
- ASoC: ops: Consistently treat platform_max as control value
- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
- cifs: Fix integer overflow while processing actimeo mount option
- i2c: ali1535: Fix an error handling path in ali1535_probe()
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
- i2c: sis630: Fix an error handling path in sis630_probe()
- drm/amd/display: Check for invalid input params when building scaling params
- smb: client: Fix match_session bug preventing session reuse
- Revert "smb: client: fix potential UAF in cifs_debug_files_proc_show()"
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
- firmware: imx-scu: fix OF node leak in .probe()
- xfrm_output: Force software GSO only in tunnel mode
- ARM: dts: bcm2711: PL011 UARTs are actually r1p5
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
- ARM: dts: bcm2711: Don't mark timer regs unconfigured
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
- RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt()
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
- RDMA/hns: Fix a missing rollback in error path of
hns_roce_create_qp_common()
- RDMA/hns: Fix wrong value of max_sge_rd
- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
- Revert "gre: Fix IPv6 link-local address generation."
- i2c: omap: fix IRQ storms
- drm/v3d: Don't run jobs that have errors flagged in its fence
- mmc: atmel-mci: Add missing clk_disable_unprepare()
- ARM: shmobile: smp: Enforce shmobile_smp_* alignment
- batman-adv: Ignore own maximum aggregation size during RX
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
- mptcp: Fix data stream corruption in the address announcement
- arm64: dts: rockchip: fix u2phy1_host status for NanoPi R4S
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
- ARM: Remove address checking for MMUless devices
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
- counter: stm32-lptimer-cnt: fix error handling when enabling
- counter: microchip-tcb-capture: Fix undefined counter channel state on probe
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
- net: usb: usbnet: restore usb%d name exception for local mac addresses
- serial: 8250_dma: terminate correct DMA in tx_dma_flush()
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
- cpufreq: scpi: compare kHz instead of Hz
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
- x86/fpu: Avoid copying dynamic FP state from init_task in
arch_dup_task_struct()
- x86/platform: Only allow CONFIG_EISA for 32-bit
- [Config] updateconfigs for HAVE_EISA
- PM: sleep: Adjust check before setting power.must_resume
- selinux: Chain up tool resolving errors in install_policy.sh
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
- EDAC/ie31200: Fix the DIMM size mask for several SoCs
- EDAC/ie31200: Fix the error path order of ie31200_init()
- PM: sleep: Fix handling devices with direct_complete set on errors
- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
- media: platform: allgro-dvt: unregister v4l2_device on the error path
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
- ALSA: hda/realtek: Always honor no_shutup_pins
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
compatible
- drm/bridge: ti-sn65dsi86: Fix multiple instances
- drm/dp_mst: Fix drm RAD print
- drm: xlnx: zynqmp: Fix max dma segment size
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
payload
- PCI: brcmstb: Use internal register to change link capability
- PCI/portdrv: Only disable pciehp interrupts early when needed
- PCI: Avoid reset when disabled via sysfs
- drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters()
- PCI: Remove stray put_device() in pci_register_host_bridge()
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
- fbdev: au1100fb: Move a variable assignment behind a null pointer check
- mdacon: rework dependency list
- fbdev: sm501fb: Add some geometry checks.
- clk: amlogic: gxbb: drop incorrect flag on 32k clock
- crypto: hisilicon/sec2 - fix for aead authsize alignment
- of: property: Increase NR_FWNODE_REFERENCE_ARGS
- remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
- libbpf: Fix hypothetical STT_SECTION extern NULL deref case
- clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
- bpf: Use preempt_count() directly in bpf_send_signal_common()
- lib: 842: Improve error handling in sw842_compress()
- pinctrl: renesas: rza2: Fix missing of_node_put() call
- pinctrl: renesas: rzg2l: Fix missing of_node_put() call
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
- remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
- IB/mad: Check available slots before posting receive WRs
- pinctrl: tegra: Set SFIO mode to Mux Register
- clk: amlogic: g12b: fix cluster A parent data
- clk: amlogic: gxbb: drop non existing 32k clock parent
- clk: amlogic: g12a: fix mmc A peripheral clock
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
- power: supply: max77693: Fix wrong conversion of charge input threshold
value
- crypto: nx - Fix uninitialised hv_nxc on error
- mfd: sm501: Switch to BIT() to mitigate integer overflows
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to
misplaced assignment
- crypto: hisilicon/sec2 - fix for aead auth key length
- clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
- soundwire: slave: fix an OF node reference leak in soundwire slave device
- coresight: catu: Fix number of pages while using 64k pages
- iio: accel: mma8452: Ensure error return on failure to matching oversampling
ratio
- iio: adc: ad7124: Fix comparison of channel configs
- perf units: Fix insufficient array space
- kexec: initialize ELF lowest address to ULONG_MAX
- NFSv4: Don't trigger uneccessary scans for return-on-close delegations
- fuse: fix dax truncate/punch_hole fault path
- i3c: master: svc: Fix missing the IBI rules
- perf python: Fixup description of sample.id event member
- perf python: Decrement the refcount of just created event on failure
- perf python: Don't keep a raw_data pointer to consumed ring buffer space
- perf python: Check if there is space to copy all the event
- fs/procfs: fix the comment above proc_pid_wchan()
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
- exfat: fix the infinite loop in exfat_find_last_cluster()
- ksmbd: fix multichannel connection failure
- ring-buffer: Fix bytes_dropped calculation issue
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are
invalid
- octeontx2-af: Fix mbox INTR handler when num VFs > 64
- octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
- sched/smt: Always inline sched_smt_active()
- wifi: iwlwifi: fw: allocate chained SG tables for dump
- nvme-tcp: fix possible UAF in nvme_tcp_poll
- nvme-pci: clean up CMBMSC when registering CMB fails
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
- affs: generate OFS sequence numbers starting at 1
- affs: don't write overlarge OFS data block size fields
- sched/deadline: Use online cpus for validating runtime
- locking/semaphore: Use wake_q to wake up processes outside lock critical
section
- x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
- drm/amd: Keep display off while going into S4
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
- can: statistics: use atomic access in hot path
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
- riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and
make_call_ra
- ntb: intel: Fix using link status DB's
- netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets
only
- vsock: avoid timeout during connect() if the socket is closing
- tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
- can: flexcan: only change CAN state when link up in system PM
- can: flexcan: disable transceiver during system PM
- mmc: sdhci-brcmstb: Add ability to increase max clock rate for 72116b0
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
- tty: serial: fsl_lpuart: use UARTMODIR register bits for lpuart32 platform
- tty: serial: fsl_lpuart: disable transmitter before changing RS485 related
registers
- platform/x86: ISST: Correct command storage data length
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
- tracing: Ensure module defining synth event cannot be unloaded while tracing
- tracing: Fix synth event printk format for str fields
- tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
- ext4: don't over-report free space or inodes in statvfs
- jfs: add index corruption check to DT_GETPAGE()
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
- mmc: sdhci-brcmstb: use clk_get_rate(base_clk) in PM resume
- mm, slab: remove duplicate kernel-doc comment for ksize()
- tracing: Do not use PERF enums when perf is not defined
- mmc: sdhci-brcmstb: Initialize base_clk to NULL in sdhci_brcmstb_probe()
- Linux 5.15.180
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22025
- nfsd: put dl_stid if fail to queue dl_recall
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-39735
- jfs: fix slab-out-of-bounds read in ea_get()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-37785
- ext4: fix OOB read when checking dotdot dir
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22035
- tracing: Fix use-after-free in print_graph_function_flags during tracer
switching
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22044
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22045
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46753
- btrfs: handle errors from btrfs_dec_ref() properly
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22050
- usbnet:fix NPE during rx_complete
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46812
- drm/amd/display: Skip inactive planes within
ModeSupportAndSystemConfiguration
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-46821
- drm/amd/pm: Fix negative array index read
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22054
- arcnet: Add NULL check in com20020pci_probe()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22055
- net: fix geneve_opt length integer overflow
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22056
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22060
- net: mvpp2: Prevent parser TCAM memory corruption
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38637
- net_sched: skbprio: Remove overly strict queue assertions
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22063
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22066
- ASoC: imx-card: Add NULL check in imx_card_probe()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2023-53034
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22071
- spufs: fix a leak in spufs_create_context()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22073
- spufs: fix a leak on spufs_new_file() failure
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21994
- ksmbd: fix incorrect validation for num_aces field of smb_acl
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38575
- ksmbd: use aead_request_free to match aead_request_alloc
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22075
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22079
- ocfs2: validate l_tree_depth to avoid out-of-bounds access
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22081
- fs/ntfs3: Fix a couple integer overflows on 32bit systems
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22086
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22089
- RDMA/core: Don't expose hw_counters outside of init net namespace
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-39728
- clk: samsung: Fix UBSAN panic in samsung_clk_init()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-38152
- remoteproc: core: Clear table_sz when rproc_shutdown
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-58093
- PCI/ASPM: Fix link state exit during switch upstream function removal
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22097
- drm/vkms: Fix use after free and double free on init error
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-23136
- thermal: int340x: Add NULL check for adev
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-23138
- watch_queue: fix pipe accounting mismatch
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22020
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22021
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22018
- atm: Fix NULL pointer dereference
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-56664
- bpf, sockmap: Fix race between element replace and close()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2024-53144 // CVE-2024-8805
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21996
- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22014
- soc: qcom: pdr: Fix the potential deadlock
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21999
- proc: fix UAF in proc_get_inode()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22008
- regulator: check that dummy regulator has been probed before using it
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22004
- net: atm: fix use after free in lec_send()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22005
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22007
- Bluetooth: Fix error code in chan_alloc_skb_cb()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-22010
- RDMA/hns: Fix soft lockup during bt pages loop
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21941
- drm/amd/display: Fix null check for pipe_ctx->plane_state in
resource_build_scaling_params
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21962
- cifs: Fix integer overflow while processing closetimeo mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21963
- cifs: Fix integer overflow while processing acdirmax mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21964
- cifs: Fix integer overflow while processing acregmax mount option
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21968
- drm/amd/display: Fix slab-use-after-free on hdcp_work
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21956
- drm/amd/display: Assign normalized_pix_clk when color depth = 14
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21991
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21992
- HID: ignore non-functional sensor in HP 5MP Camera
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21957
- scsi: qla1280: Fix kernel oops when debug level > 2
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21970
- net/mlx5: Bridge, fix the crash caused by LAG state check
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21959
- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in
insert_tree()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21975
- net/mlx5: handle errors in mlx5_chains_create_table()
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2025-21981
- ice: fix memory leak in aRFS after reset
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2022-49728
- ipv6: Fix signed integer overflow in __ip6_append_data
* Jammy update: v5.15.180 upstream stable release (LP: #2109355) //
CVE-2022-49636
- vlan: fix memory leak in vlan_newlink()
* VM boots slowly with large-BAR GPU Passthrough due to pci/probe.c redundancy
(LP: #2097389)
- PCI: Batch BAR sizing operations
* kexec fails in LPAR when some cpus are disabled (LP: #2075575)
- powerpc/pseries: Fix scv instruction crash with kexec
* CVE-2024-56608
- drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
* CVE-2024-53168
- net: make sock_inuse_add() available
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
* CVE-2024-56551
- drm/amdgpu: fix usage slab after free
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
linux-xilinx-zynqmp (5.15.0-1049.53) jammy; urgency=medium
* jammy/linux-xilinx-zynqmp: 5.15.0-1049.53 -proposed tracker (LP: #2111049)
[ Ubuntu: 5.15.0-141.151 ]
* jammy/linux: 5.15.0-141.151 -proposed tracker (LP: #2111052)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
* CVE-2024-56608
- drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
* CVE-2024-53168
- net: make sock_inuse_add() available
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
* CVE-2024-56551
- drm/amdgpu: fix usage slab after free
linux-xilinx-zynqmp (5.15.0-1048.52) jammy; urgency=medium
* jammy/linux-xilinx-zynqmp: 5.15.0-1048.52 -proposed tracker (LP: #2106990)
[ Ubuntu: 5.15.0-140.150 ]
* jammy/linux: 5.15.0-140.150 -proposed tracker (LP: #2106996)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.04.14)
* NFS, overlay, fstab issue after update to kernel 5.15.0-133-generic and -134
(LP: #2103598)
- udf: Fix directory iteration for longer tail extents
* Remove floppy kernel module causes null pointer deference (LP: #2104326)
- floppy: fix add_disk() assumption on exit due to new developments
* CVE-2025-21971
- net_sched: Prevent creation of classes with TC_H_ROOT
* CVE-2024-56599
- wifi: ath10k: avoid NULL pointer error during sdio remove
* CVE-2024-56721
- x86/CPU/AMD: Terminate the erratum_1386_microcode array
* Jammy update: v5.15.179 upstream stable release (LP: #2106026)
- afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
- afs: Fix directory format encoding struct
- hung_task: move hung_task sysctl interface to hung_task.c
- sysctl: use const for typically used max/min proc sysctls
- sysctl: share unsigned long const values
- fs: move inode sysctls to its own file
- fs: move fs stat sysctls to file_table.c
- fs: fix proc_handler for sysctl_nr_open
- block: deprecate autoloading based on dev_t
- block: retry call probe after request_module in blk_request_module
- pstore/blk: trivial typo fixes
- nvme: Add error check for xa_store in nvme_get_effects_log
- partitions: ldm: remove the initial kernel-doc notation
- select: Fix unbalanced user_access_end()
- afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
- sched/psi: Use task->psi_flags to clear in CPU migration
- sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
- drm/etnaviv: Fix page property being used for non writecombine buffers
- genirq: Make handle_enforce_irqctx() unconditionally available
- wifi: rtlwifi: do not complete firmware loading needlessly
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
- wifi: rtlwifi: wait for firmware loading before releasing memory
- wifi: rtlwifi: fix init_sw_vars leak when probe fails
- wifi: rtlwifi: usb: fix workqueue leak when probe fails
- spi: zynq-qspi: Add check for clk_enable()
- dt-bindings: mmc: controller: clarify the address-cells description
- spi: dt-bindings: add schema listing peripheral-specific properties
- dt-bindings: Another pass removing cases of 'allOf' containing a '$ref'
- dt-bindings: leds: Add Qualcomm Light Pulse Generator binding
- dt-bindings: leds: Optional multi-led unit address
- dt-bindings: leds: Add multicolor PWM LED bindings
- dt-bindings: leds: class-multicolor: reference class directly in multi-led
node
- dt-bindings: leds: class-multicolor: Fix path to color definitions
- rtlwifi: replace usage of found with dedicated list iterator variable
- wifi: rtlwifi: remove unused timer and related code
- wifi: rtlwifi: remove unused dualmac control leftovers
- wifi: rtlwifi: destroy workqueue at rtl_deinit_core
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory
- HID: multitouch: Add support for lenovo Y9000P Touchpad
- Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
- HID: multitouch: fix support for Goodix PID 0x01e9
- regulator: dt-bindings: mt6315: Drop regulator-compatible property
- ACPI: fan: cleanup resources in the error path of .probe()
- cpupower: fix TSC MHz calculation
- dt-bindings: mfd: bd71815: Fix rsense and typos
- leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
- cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
- clk: imx8mp: Fix clkout1/2 support
- regulator: of: Implement the unwind path of of_regulator_match()
- samples/landlock: Fix possible NULL dereference in parse_path()
- wifi: wlcore: fix unbalanced pm_runtime calls
- net/smc: fix data error when recvmsg with MSG_PEEK flag
- landlock: Move filesystem helpers and add a new one
- wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
- cpufreq: ACPI: Fix max-frequency computation
- selftests: harness: fix printing of mismatch values in __EXPECT()
- wifi: cfg80211: Handle specific BSSID in 6GHz scanning
- wifi: cfg80211: adjust allocation of colocated AP data
- clk: analogbits: Fix incorrect calculation of vco rate delta
- selftests/landlock: Fix error message
- net/mlxfw: Drop hard coded max FW flash image size
- netfilter: nft_flow_offload: update tcp state flags under lock
- tcp_cubic: fix incorrect HyStart round start detection
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
- libbpf: Fix segfault due to libelf functions not setting errno
- ASoC: sun4i-spdif: Add clock multiplier settings
- perf header: Fix one memory leakage in process_bpf_btf()
- perf header: Fix one memory leakage in process_bpf_prog_info()
- perf bpf: Fix two memory leakages when calling
perf_env__insert_bpf_prog_info()
- ASoC: renesas: rz-ssi: Use only the proper amount of dividers
- ktest.pl: Remove unused declarations in run_bisect_test function
- crypto: hisilicon/sec - add some comments for soft fallback
- crypto: hisilicon/sec - delete redundant blank lines
- crypto: hisilicon/sec2 - optimize the error return process
- crypto: hisilicon/sec2 - fix for aead icv error
- crypto: hisilicon/sec2 - fix for aead invalid authsize
- crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
- padata: fix sysfs store callback check
- perf top: Don't complain about lack of vmlinux when not resolving some
kernel samples
- perf report: Fix misleading help message about --demangle
- padata: add pd get/put refcnt helper
- ARM: at91: pm: change BU Power Switch to automatic mode
- arm64: dts: mt8183: set DMIC one-wire mode on Damu
- arm64: dts: mediatek: mt8516: fix GICv2 range
- arm64: dts: mediatek: mt8516: fix wdt irq type
- arm64: dts: mediatek: mt8516: remove 2 invalid i2c clocks
- arm64: dts: mediatek: mt8516: add i2c clock-div property
- arm64: dts: mediatek: mt8516: reserve 192 KiB for TF-A
- RDMA/mlx4: Avoid false error about access to uninitialized gids array
- arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
- arm64: dts: mediatek: mt8173-elm: Drop regulator-compatible property
- arm64: dts: mediatek: mt8173-elm: Fix MT6397 PMIC sub-node names
- arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
- arm64: dts: mediatek: mt8183: kenzo: Support second source touchscreen
- arm64: dts: mediatek: mt8183: willow: Support second source touchscreen
- memory: Add LPDDR2-info helpers
- memory: tegra20-emc: Support matching timings by LPDDR2 configuration
- arm64: dts: mediatek: mt8183-kukui-jacuzzi: Drop pp3300_panel voltage
settings
- arm64: dts: qcom: msm8996: Fix up USB3 interrupts
- arm64: dts: qcom: msm8994: Describe USB interrupts
- arm64: dts: qcom: msm8916: correct sleep clock frequency
- arm64: dts: qcom: msm8994: correct sleep clock frequency
- arm64: dts: qcom: sc7280: correct sleep clock frequency
- arm64: dts: qcom: sm6125: correct sleep clock frequency
- arm64: dts: qcom: sm8250: correct sleep clock frequency
- arm64: dts: qcom: sm8350: correct sleep clock frequency
- arm64: dts: qcom: sm8150-microsoft-surface-duo: fix typos in da7280
properties
- arm64: dts: qcom: sdm845: Fix interrupt types of camss interrupts
- ARM: dts: mediatek: mt7623: fix IR nodename
- fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device()
- RDMA/mlx5: Remove iova from struct mlx5_core_mkey
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults
- RDMA/mlx5: Fix indirect mkey ODP page count
- xen/x86: free_p2m_page: use memblock_free_ptr() to free a virtual pointer
- memblock: drop memblock_free_early_nid() and memblock_free_early()
- of: reserved-memory: Do not make kmemleak ignore freed address
- efi: sysfb_efi: fix W=1 warnings when EFI is not set
- media: rc: iguanair: handle timeouts
- media: lmedm04: Handle errors for lme2510_int_read
- PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy()
- media: marvell: Add check for clk_enable()
- media: i2c: imx412: Add missing newline to prints
- media: i2c: ov9282: Correct the exposure offset
- media: mipi-csis: Add check for clk_enable()
- media: camif-core: Add check for clk_enable()
- media: uvcvideo: Propagate buf->error to userspace
- mtd: hyperbus: Make hyperbus_unregister_device() return void
- mtd: hyperbus: hbmc-am654: Convert to platform remove callback returning
void
- mtd: hyperbus: hbmc-am654: fix an OF node reference leak
- staging: media: imx: fix OF node leak in imx_media_add_of_subdevs()
- scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
- module: Extend the preempt disabled section in
dereference_symbol_descriptor().
- NFSv4.2: fix COPY_NOTIFY xdr buf size calculation
- NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE
- tools/bootconfig: Fix the wrong format specifier
- xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver
- gpio: mxc: remove dead code after switch to DT-only
- net: fec: implement TSO descriptor cleanup
- PM: hibernate: Add error handling for syscore_suspend()
- net: netdevsim: try to close UDP port harness races
- ptp: Properly handle compat ioctls
- perf trace: Fix runtime error of index out of bounds
- vsock: Allow retrying on connect() failure
- bgmac: reduce max frame size to support just MTU 1500
- net: sh_eth: Fix missing rtnl lock in suspend/resume path
- net: hsr: fix fill_frame_info() regression vs VLAN packets
- genksyms: fix memory leak when the same symbol is added from source
- genksyms: fix memory leak when the same symbol is read from *.symref file
- kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST
- kconfig: add warn-unknown-symbols sanity check
- kconfig: require a space after '#' for valid input
- kconfig: remove unused code for S_DEF_AUTO in conf_read_simple()
- kconfig: deduplicate code in conf_read_simple()
- kconfig: WERROR unmet symbol dependency
- kconfig: fix memory leak in sym_warn_unmet_dep()
- hexagon: fix using plain integer as NULL pointer warning in cmpxchg
- hexagon: Fix unbalanced spinlock in die()
- f2fs: Introduce linear search for dentries
- ktest.pl: Check kernelrelease return in get_version
- ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro
- drivers/card_reader/rtsx_usb: Restore interrupt based detection
- usb: gadget: f_tcm: Fix Get/SetInterface return value
- usb: dwc3: core: Defer the probe until USB power supply ready
- usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE
- usb: typec: tcpci: Prevent Sink disconnection before vPpsShutdown in SPR PPS
- btrfs: output the reason for open_ctree() failure
- btrfs: fix data race when accessing the inode's disk_i_size at
btrfs_drop_extents()
- btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling
- sched: Don't try to catch up excess steal time.
- lockdep: Fix upper limit for LOCKDEP_*_BITS configs
- x86/amd_nb: Restrict init function to AMD-based systems
- tun: fix group permission check
- mmc: core: Respect quirk_max_rate for non-UHS SDIO card
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
- HID: Wacom: Add PCI Wacom device support
- net/mlx5: use do_aux_work for PHC overflow checks
- wifi: iwlwifi: avoid memory leak
- i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
- APEI: GHES: Have GHES honor the panic= setting
- net: wwan: iosm: Fix hibernation by re-binding the driver around it
- mmc: sdhci-msm: Correctly set the load for the regulator
- tipc: re-order conditions in tipc_crypto_key_rcv()
- selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
- Input: allocate keycode for phone linking
- platform/x86: acer-wmi: Ignore AC events
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
- usb: chipidea: ci_hdrc_imx: use dev_err_probe()
- usb: chipidea/ci_hdrc_imx: Convert to platform remove callback returning
void
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in
the error path of .probe()
- net/ncsi: Add NC-SI 1.2 Get MC MAC Address command
- net/ncsi: fix locking in Get MAC Address handling
- xfs: report realtime block quota limits on realtime directories
- xfs: don't over-report free space or inodes in statvfs
- usb: xhci: Add timeout argument in address_device USB HCD callback
- nvme: handle connectivity loss in nvme_set_queue_count
- firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry
- gpu: drm_dp_cec: fix broken CEC adapter properties check
- tg3: Disable tg3 PCIe AER on system reboot
- udp: gso: do not drop small packets when PMTU reduces
- gpio: pca953x: Improve interrupt support
- net: atlantic: fix warning during hot unplug
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
- x86/xen: add FRAME_END to xen_hypercall_hvm()
- tun: revert fix group permission check
- cpufreq: s3c64xx: Fix compilation warning
- leds: lp8860: Write full EEPROM, not only half of it
- drm/modeset: Handle tiled displays in pan_display_atomic.
- s390/futex: Fix FUTEX_OP_ANDN implementation
- m68k: vga: Fix I/O defines
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
- drm/amd/pm: Mark MM activity as unsupported
- drm/komeda: Add check for komeda_get_layer_fourcc_list()
- drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes
- Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection
- clk: sunxi-ng: a100: enable MMC clock reparenting
- clk: qcom: clk-alpha-pll: fix alpha mode configuration
- clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
- efi: libstub: Use '-std=gnu11' to fix build with GCC 15
- perf bench: Fix undefined behavior in cmpworker()
- of: Correct child specifier used as input of the 2nd nexus node
- of: Fix of_find_node_opts_by_path() handling of alias+path+options
- of: reserved-memory: Fix using wrong number of cells to get property
'alignment'
- HID: hid-sensor-hub: don't use stale platform-data on remove
- wifi: rtlwifi: rtl8821ae: Fix media status report
- usb: gadget: f_tcm: Translate error to sense
- usb: gadget: f_tcm: Decrement command ref count on cleanup
- usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint
- usb: gadget: f_tcm: Don't prepare BOT write request twice
- serial: sh-sci: Drop __initdata macro for port_cfg
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is
in use
- MIPS: Loongson64: remove ROM Size unit in boardinfo
- powerpc/pseries/eeh: Fix get PE state translation
- dm-crypt: don't update io->sector after kcryptd_crypt_write_io_submit()
- dm-crypt: track tag_offset in convert_context
- mips/math-emu: fix emulation of the prefx instruction
- ALSA: hda/realtek: Enable headset mic on Positivo C6400
- PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf()
- nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk
- nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk
- scsi: qla2xxx: Move FCE Trace buffer allocation to user control
- scsi: storvsc: Set correct data length for sending SCSI command without
payload
- kbuild: Move -Wenum-enum-conversion to W=2
- x86/boot: Use '-std=gnu11' to fix build with GCC 15
- arm64: dts: qcom: sm8350: Fix MPSS memory length
- crypto: qce - fix priority to be less than ARMv8 CE
- xfs: Add error handling for xfs_reflink_cancel_cow_range
- media: ccs: Clean up parsed CCS static data on parse failure
- iio: light: as73211: fix channel handling in only-color triggered buffer
- soc: qcom: smem_state: fix missing of_node_put in error path
- media: mc: fix endpoint iteration
- media: ov5640: fix get_light_freq on auto
- media: ccs: Fix CCS static data parsing for large block sizes
- media: ccs: Fix cleanup order in ccs_probe()
- media: uvcvideo: Fix event flags in uvc_ctrl_send_events
- media: uvcvideo: Remove redundant NULL assignment
- crypto: qce - fix goto jump in error path
- crypto: qce - unregister previously registered algos in error path
- nvmem: qcom-spmi-sdam: Set size in struct nvmem_config
- nvmem: core: improve range check for nvmem_cell_write()
- vfio/platform: check the bounds of read/write syscalls
- pnfs/flexfiles: retry getting layout segment for reads
- ocfs2: fix incorrect CPU endianness conversion causing mount failure
- mtd: onenand: Fix uninitialized retlen in do_otp_read()
- misc: fastrpc: Fix registered buffer page address
- net/ncsi: wait for the last response to Deselect Package before configuring
channel
- net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset
- MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static
- net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling
- gpio: xilinx: remove excess kernel doc
- memory: tegra20-emc: Correct memory device mask
- ocfs2: check dir i_size in ocfs2_find_entry
- mptcp: prevent excessive coalescing on receive
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
- drm/i915/selftests: avoid using uninitialized context
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
- gpio: bcm-kona: Add missing newline to dev_err format string
- xen: remove a confusing comment on auto-translated guest I/O
- x86/xen: allow larger contiguous memory regions in PV guests
- media: cxd2841er: fix 64-bit division on gcc-9
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci
- Grab mm lock before grabbing pt lock
- x86/mm/tlb: Only trim the mm_cpumask once a second
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
- batman-adv: Ignore neighbor throughput metrics in error case
- perf/x86/intel: Ensure LBRs are disabled when a CPU is starting
- usb: roles: set switch registered flag early on
- usb: gadget: udc: renesas_usb3: Fix compiler warning
- usb: dwc2: gadget: remove of_node reference upon udc_stop
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
- usb: core: fix pipe creation for get_bMaxPacketSize0
- USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist
- USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
- usb: cdc-acm: Fix handling of oversized fragments
- USB: serial: option: add MeiG Smart SLM828
- USB: serial: option: add Telit Cinterion FN990B compositions
- USB: serial: option: fix Telit Cinterion FN990A name
- USB: serial: option: drop MeiG Smart defines
- can: c_can: fix unbalanced runtime PM disable in error path
- can: j1939: j1939_sk_send_loop(): fix unable to send messages with data
length zero
- alpha: make stack 16-byte aligned (most cases)
- efi: Avoid cold plugged memory for placing the kernel
- cgroup: fix race between fork and cgroup.kill
- serial: 8250: Fix fifo underflow on flush
- alpha: align stack for page fault and user unaligned trap handlers
- gpio: stmpe: Check return value of stmpe_reg_read in
stmpe_gpio_irq_sync_unlock
- regmap-irq: Add missing kfree()
- arm64: Handle .ARM.attributes section in linker scripts
- mlxsw: Add return value check for mlxsw_sp_port_get_stats_raw()
- btrfs: fix hole expansion when writing at an offset beyond EOF
- clocksource: Replace cpumask_weight() with cpumask_empty()
- clocksource: Use pr_info() for "Checking clocksource synchronization"
message
- ipv4: add RCU protection to ip4_dst_hoplimit()
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu()
- net: add dev_net_rcu() helper
- ipv4: use RCU protection in rt_is_expired()
- ipv4: use RCU protection in inet_select_addr()
- Namespaceify min_pmtu sysctl
- Namespaceify mtu_expires sysctl
- selftest: net: Test IPv4 PMTU exceptions with DSCP and ECN
- net: ipv4: Cache pmtu for all packet paths if multipath enabled
- neighbour: delete redundant judgment statements
- drm/tidss: Fix issue in irq handling causing irq-flood issue
- drm/tidss: Clear the interrupt status for interrupts being disabled
- kdb: Do not assume write() callback available
- alpha: replace hardcoded stack offsets with autogenerated ones
- nilfs2: do not output warnings when clearing dirty buffers
- can: ems_pci: move ASIX AX99100 ids to pci_ids.h
- serial: 8250_pci: add support for ASIX AX99100
- parport_pc: add support for ASIX AX99100
- netdevsim: print human readable IP address
- selftests: rtnetlink: update netdevsim ipsec output format
- ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus
- x86/i8253: Disable PIT timer 0 when not in use
- Revert "btrfs: avoid monopolizing a core when activating a swap file"
- btrfs: avoid monopolizing a core when activating a swap file
- arm64: mte: Do not allow PROT_MTE on MAP_HUGETLB user mappings
- crypto: testmgr - fix wrong key length for pkcs1pad
- crypto: testmgr - Fix wrong test case of RSA
- crypto: testmgr - fix version number of RSA tests
- crypto: testmgr - populate RSA CRT parameters in RSA test vectors
- crypto: testmgr - some more fixes to RSA test vectors
- mm: update mark_victim tracepoints fields
- drm/probe-helper: Create a HPD IRQ event helper for a single connector
- drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event()
- ASoC: renesas: rz-ssi: Add a check for negative sample_space
- arm64: dts: mediatek: mt8183: Disable DSI display output by default
- tpm: Use managed allocation for bios event log
- kfence: allow use of a deferrable timer
- [Config] updateconfigs to disable new KFENCE_DEFERRABLE
- kfence: enable check kfence canary on panic via boot param
- kfence: skip __GFP_THISNODE allocations on NUMA systems
- soc: mediatek: mtk-devapc: Switch to devm_clk_get_enabled()
- soc: mediatek: mtk-devapc: Fix leaking IO map on error paths
- soc/mediatek: mtk-devapc: Convert to platform remove callback returning void
- soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove
- media: uvcvideo: Set error_idx during ctrl_commit errors
- media: uvcvideo: Refactor iterators
- media: uvcvideo: Only save async fh if success
- batman-adv: Drop initialization of flexible ethtool_link_ksettings
- usb: dwc3: Increase DWC3 controller halt timeout
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state
- powerpc/64s/mm: Move __real_pte stubs into hash-4k.h
- powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline
- ALSA: hda/realtek: Fixup ALC225 depop procedure
- geneve: Suppress list corruption splat in geneve_destroy_tunnels().
- net: extract port range fields from fl_flow_key
- flow_dissector: Fix handling of mixed port and port-range keys
- flow_dissector: Fix port range key handling in BPF conversion
- net: Add non-RCU dev_getbyhwaddr() helper
- arp: switch to dev_getbyhwaddr() in arp_req_set_public()
- power: supply: da9150-fg: fix potential overflow
- nvme/ioctl: add missing space in err message
- bpf: skip non exist keys in generic_map_lookup_batch
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
- acct: block access to kernel internal filesystems
- mtd: rawnand: cadence: fix error code in cadence_nand_init()
- mtd: rawnand: cadence: use dma_map_resource for sdma address
- mtd: rawnand: cadence: fix incorrect device in dma_unmap_single
- x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit
- IB/mlx5: Set and get correct qp_num for a DCT QP
- ovl: use wrappers to all vfs_*xattr() calls
- ovl: pass ofs to creation operations
- scsi: core: Don't memset() the entire scsi_cmnd in scsi_init_command()
- scsi: core: Clear driver private data when retrying request
- RDMA/mlx5: Fix bind QP error cleanup flow
- sunrpc: suppress warnings for unused procfs functions
- ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports
- Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response
- afs: remove variable nr_servers
- afs: Make it possible to find the volumes that are using a server
- afs: Fix the server_list to unuse a displaced server rather than putting it
- net: loopback: Avoid sending IP packets without an Ethernet header
- net: cadence: macb: Synchronize stats calculations
- ASoC: es8328: fix route from DAC to output
- ipvs: Always clear ipvs_property flag in skb_scrub_packet()
- tcp: Defer ts_recent changes until req is owned
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
- net/mlx5: IRQ, Fix null string in debug print
- seg6: add support for SRv6 H.Encaps.Red behavior
- seg6: add support for SRv6 H.L2Encaps.Red behavior
- include: net: add static inline dst_dev_overhead() to dst.h
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loop on input in seg6 lwt
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue
- net: ipv6: fix dst ref loop on input in rpl lwt
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
- ftrace: Avoid potential division by zero in function_stat_show()
- ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2
- perf/core: Fix low freq setting via IOC_PERIOD
- drm/amd/display: Fix HPD after gpu reset
- net: enetc: fix the off-by-one issue in enetc_map_tx_buffs()
- net: enetc: update UDP checksum when updating originTimestamp field
- net: enetc: correct the xdp_tx statistics
- phy: tegra: xusb: reset VBUS & ID OVERRIDE
- phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk
- vmlinux.lds: Ensure that const vars with relocations are mapped R/O
- intel_idle: Handle older CPUs, which stop the TSC in deeper C states,
correctly
- drm/amdgpu: Check extended configuration space register when system uses
large bar
- drm/amdgpu: disable BAR resize on Dell G5 SE
- Revert "of: reserved-memory: Fix using wrong number of cells to get property
'alignment'"
- HID: appleir: Fix potential NULL dereference at raw event handle
- gpio: rcar: Use raw_spinlock to protect register access
- gpio: aggregator: protect driver attr handlers against module unload
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
- ALSA: hda/realtek: update ALC222 depop optimize
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Validate CPUID leaf 0x2 EDX output
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
- wifi: cfg80211: regulatory: improve invalid hints checking
- wifi: nl80211: reject cooked mode if it is set along with other flags
- rapidio: add check for rio_add_net() in rio_scan_alloc_net()
- rapidio: fix an API misues when rio_add_net() fails
- s390/traps: Fix test_monitor_call() inline assembly
- block: fix conversion of GPT partition name to 7-bit
- mm/page_alloc: fix uninitialized variable
- mm: don't skip arch_sync_kernel_mappings() in error paths
- wifi: iwlwifi: limit printed string from FW file
- HID: google: fix unused variable warning under !CONFIG_ACPI
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
- nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch
- net: gso: fix ownership in __udp_gso_segment
- caif_virtio: fix wrong pointer check in cfv_probe()
- hwmon: (pmbus) Initialise page count in pmbus_identify()
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
- hwmon: (ad7314) Validate leading zero bits and return error
- ALSA: usx2y: validate nrpacks module parameter on probe
- llc: do not use skb_get() before dev_queue_xmit()
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe()
- drm/sched: Fix preprocessor guard
- be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink
- net: hns3: make sure ptp clock is unregister and freed if
hclge_ptp_get_cycle returns an error
- ppp: Fix KMSAN uninit-value warning with bpf
- vlan: enforce underlying device type
- x86/sgx: Support loading enclave page without VMA permissions check
- x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes()
- x86/sgx: Export sgx_encl_{grow,shrink}()
- x86/sgx: Support VA page allocation without reclaiming
- x86/sgx: Fix size overflows in sgx_encl_create()
- exfat: fix soft lockup in exfat_clear_bitmap
- net-timestamp: support TCP GSO case for a few missing flags
- sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
- net: ipv6: fix dst ref loop in ila lwtunnel
- net: ipv6: fix missing dst ref drop in ila lwtunnel
- gpio: rcar: Fix missing of_node_put() call
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection"
- usb: renesas_usbhs: Call clk_put()
- usb: renesas_usbhs: Use devm_usb_get_phy()
- usb: hub: lack of clearing xHC resources
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader
- usb: renesas_usbhs: Flush the notify_hotplug_work
- usb: atm: cxacru: fix a flaw in existing endpoint checks
- usb: dwc3: Set SUSPENDENABLE soon after phy init
- usb: dwc3: gadget: Prevent irq storm when TH re-executes
- usb: typec: ucsi: increase timeout for PPM reset operations
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
- usb: gadget: Fix setting self-powered state on suspend
- usb: gadget: Check bmAttributes only if configuration is valid
- xhci: pci: Fix indentation in the PCI device ID definitions
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805
- mei: me: add panther lake P DID
- intel_th: pci: Add Arrow Lake support
- intel_th: pci: Add Panther Lake-H support
- intel_th: pci: Add Panther Lake-P/U support
- slimbus: messaging: Free transaction ID in delayed interrupt scenario
- bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
- eeprom: digsy_mtc: Make GPIO lookup table match the device
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl
- media: uvcvideo: Avoid invalid memory access
- media: uvcvideo: Avoid returning invalid controls
- md: select BLOCK_LEGACY_AUTOLOAD
- [Config] updateconfigs to select BLOCK_LEGACY_AUTOLOAD
- mtd: rawnand: cadence: fix unchecked dereference
- spi-mxs: Fix chipselect glitch
- nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link
- nilfs2: eliminate staggered calls to kunmap in nilfs_rename
- bpf, vsock: Invoke proto::close on close()
- kbuild: userprogs: use correct lld when linking through clang
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
- Linux 5.15.179
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21647
- sched: sch_cake: add bounds checks to host bulk flow fairness counts
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58002
- media: uvcvideo: Remove dangling pointers
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58079
- media: uvcvideo: Fix crash during unbind if gpio unit is in use
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21721
- nilfs2: handle errors that nilfs_prepare_chunk() may return
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-26982
- Squashfs: check the inode number is not the invalid value of zero
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21844
- smb: client: Add check for next_buffer in receive_encrypted_standard()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58090
- sched/core: Prevent rescheduling when interrupts are disabled
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21875
- mptcp: always handle address removal under msk socket lock
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21877
- usbnet: gl620a: fix endpoint checking in genelink_bind()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21878
- i2c: npcm: disable interrupt enable bit before devm_request_irq
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21887
- ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21846
- acct: perform last write from workqueue
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21848
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21862
- drop_monitor: fix incorrect initialization order
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21871
- tee: optee: Fix supplicant wait loop
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21865
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21858
- geneve: Fix use-after-free in geneve_find_dev().
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21866
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as
VM_ALLOC
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21859
- USB: gadget: f_midi: f_midi_complete to call queue_work
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21823
- batman-adv: Drop unmanaged ELP metric worker
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58005
- tpm: Change to kvalloc() in eventlog/acpi.c
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21748
- ksmbd: fix integer overflows on 32 bit systems
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57977
- memcg: fix soft lockup in the OOM process
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57978
- media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57979
- pps: Fix a use-after-free
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-47726
- f2fs: fix to wait dio completion
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21811
- nilfs2: protect access to buffers with no active references
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21722
- nilfs2: do not force clear folio if buffer is referenced
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58086
- drm/v3d: Stop active perfmon if it is being destroyed
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21758
- ipv6: mcast: add RCU protection to mld_newpack()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21760
- ndisc: extend RCU protection in ndisc_send_skb()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21761
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21762
- arp: use RCU protection in arp_xmit()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21763
- neighbour: use RCU protection in __neigh_notify()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21764
- ndisc: use RCU protection in ndisc_alloc_skb()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21765
- ipv6: use RCU protection in ip6_default_advmss()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21766
- ipv4: use RCU protection in __ip_rt_update_pmtu()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21767
- clocksource: Use migrate_disable() to avoid calling get_random_u32() in
atomic context
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21772
- partitions: mac: fix handling of bogus partition table
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21704
- usb: cdc-acm: Check control transfer buffer size before access
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21776
- USB: hub: Ignore non-compliant devices with too many configs or interfaces
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21835
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21779
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21781
- batman-adv: fix panic during interface removal
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21782
- orangefs: fix a oob in orangefs_debug_write
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57834
- media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21785
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21787
- team: better TEAM_OPTION_TYPE_STRING validation
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21791
- vrf: use RCU protection in l3mdev_l3_out()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58020
- HID: multitouch: Add NULL check in mt_input_configured
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21795
- NFSD: fix hang in nfsd4_shutdown_callback
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21796
- nfsd: clear acl_access/acl_default after releasing them
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21820
- tty: xilinx_uartps: split sysrq handling
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21814
- ptp: Ensure info->enable callback is always set
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21735
- NFC: nci: Add bounds checking in nci_hci_create_pipe()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21736
- nilfs2: fix possible int overflows in nilfs_fiemap()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58001
- ocfs2: handle a symlink read error correctly
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58007
- soc: qcom: socinfo: Avoid out of bounds read of serial number
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21744
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21745
- blk-cgroup: Fix class @block_class's subsystem refcount leakage
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58076
- clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58083
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58010
- binfmt_flat: Fix integer overflow bug on 32 bit systems
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21749
- net: rose: lock the socket in rose_bind()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57981
- usb: xhci: Fix NULL pointer dereference on certain command aborts
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21684
- gpio: xilinx: Convert gpio_lock to raw spinlock
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58085
- tomoyo: don't emit warning in tomoyo_write_control()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58014
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58016
- safesetid: check size of policy writes
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58017
- printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21753
- btrfs: fix use-after-free when attempting to join an aborted transaction
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58055
- usb: gadget: f_tcm: Don't free command immediately
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57980
- media: uvcvideo: Fix double free in error path
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21707
- mptcp: consolidate suboption status
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21708
- net: usb: rtl8150: enable basic endpoint checking
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21826
- netfilter: nf_tables: reject mismatching sum of field_len with set key
length
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21715
- net: davicom: fix UAF in dm9000_drv_remove
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21718
- net: rose: fix timer races against user threads
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21719
- ipmr: do not call mr_mfc_uses_dev() for unres entries
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21802
- net: hns3: fix oops when unload drivers paralleling
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58058
- ubifs: skip dumping tnc tree when zroot is null
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58069
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21804
- PCI: rcar-ep: Fix incorrect variable used when calling
devm_request_mem_region()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58034
- memory: tegra20-emc: fix an OF node reference bug in
tegra_emc_find_node_by_ram_code()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57973
- rdma/cxgb4: Prevent potential integer overflow on 32bit
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21726
- padata: avoid UAF for reorder_work
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21727
- padata: fix UAF in padata_reorder
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21728
- bpf: Send signals asynchronously if !preemptible
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21711
- net/rose: prevent integer overflows in rose_setsockopt()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21799
- net: ethernet: ti: am65-cpsw: fix freeing IRQ in
am65_cpsw_nuss_remove_tx_chns()
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21806
- net: let net.core.dev_weight always be non-zero
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21830
- landlock: Handle weird files
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58071
- team: prevent adding a device which is already a team device lower
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58063
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58072
- wifi: rtlwifi: remove unused check_buddy_priv
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58051
- ipmi: ipmb: Add check devm_kasprintf() returned value
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-58052
- drm/amdgpu: Fix potential NULL pointer dereference in
atomctrl_get_smc_sclk_range_table
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2024-57986
- HID: core: Fix assumption that Resolution Multipliers must be in Logical
Collections
* Jammy update: v5.15.179 upstream stable release (LP: #2106026) //
CVE-2025-21731
- nbd: don't allow reconnect after disconnect
* Fix bugs preventing boot on Intel TDX-enabled hosts (LP: #2097811)
- x86/mtrr: Remove physical address size calculation
* Build failure when CONFIG_NET_SWITCHDEV=n due to CVE-2024-26837 fix backport
(LP: #2104380)
- SAUCE: net: switchdev: fix compilation error for CONFIG_NET_SWITCHDEV=n
* nfsd hangs and never recovers after NFS4ERR_DELAY and a connection loss
(LP: #2103564)
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY
* kernel hard lockup in cgroups during eBPF workload (LP: #2089318)
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
- cgroup: Homogenize cgroup_get_from_id() return value
- cgroup: Make cgroup_get_from_id() prettier
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes
- cgroup: Reorganize css_set_lock and kernfs path processing
* CVE-2023-52664
- net: atlantic: eliminate double free in error handling logic
* CVE-2023-52927
- netfilter: allow exp not to be removed in nf_ct_find_expectation
Date: 2025-06-06 06:03:14.557368+00:00
Changed-By: Wei-Lin Chang <weilin.chang at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.15.0-1050.54
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list