[ubuntu/jammy-proposed] linux-kvm 5.15.0-1094.99 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Feb 18 13:56:10 UTC 2026
linux-kvm (5.15.0-1094.99) jammy; urgency=medium
* jammy/linux-kvm: 5.15.0-1094.99 -proposed tracker (LP: #2141044)
[ Ubuntu: 5.15.0-172.182 ]
* jammy/linux: 5.15.0-172.182 -proposed tracker (LP: #2141059)
* Jammy update: v5.15.198 upstream stable release (LP: #2139704)
- Revert "xfrm: destroy xfrm_state synchronously on net exit path"
- xfrm: flush all states in xfrm_state_fini
- dpaa2-mac: bail if the dpmacs fwnode is not found
- drm/i915/selftests: Fix inconsistent IS_ERR and PTR_ERR
- leds: Replace all non-returning strlcpy with strscpy
- leds: spi-byte: Use devm_led_classdev_register_ext()
- Documentation: process: Also mention Sasha Levin as stable tree
maintainer
- USB: serial: option: add Foxconn T99W760
- USB: serial: option: add Telit Cinterion FE910C04 new compositions
- USB: serial: option: move Telit 0x10c7 composition in the right place
- USB: serial: ftdi_sio: match on interface number for jtag
- serial: add support of CPCI cards
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC
- spi: xilinx: increase number of retries before declaring stall
- spi: imx: keep dma request disabled before dma transfer setup
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration
- platform/x86: acer-wmi: Ignore backlight event
- platform/x86: huawei-wmi: add keys for HONOR models
- HID: elecom: Add support for ELECOM M-XT3URBK (018F)
- drm/panel: visionox-rm69299: Don't clear all mode flags
- USB: Fix descriptor count when handling invalid MBIM extended descriptor
- irqchip/qcom-irq-combiner: Fix section mismatch
- rculist: Add hlist_nulls_replace_rcu() and
hlist_nulls_replace_init_rcu()
- inet: Avoid ehash lookup race in inet_ehash_insert()
- iio: imu: st_lsm6dsx: introduce st_lsm6dsx_device_set_enable routine
- iio: imu: st_lsm6dsx: discard samples during filters settling time
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member
- arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to
uio_fsl_elbc_gpcm_probe
- crypto: hisilicon/qm - restore original qos values
- s390/smp: Fix fallback CPU detection
- s390/ap: Don't leak debug feature files if AP instructions are not
available
- firmware: imx: scu-irq: fix OF node leak in
- phy: mscc: Fix PTP for VSC8574 and VSC8572
- sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock().
- compiler-gcc.h: Define __SANITIZE_ADDRESS__ under hwaddress sanitizer
- kmsan: introduce __no_sanitize_memory and __no_kmsan_checks
- x86: kmsan: don't instrument stack walking functions
- x86/dumpstack: Prevent KASAN false positive warnings in __show_regs()
- pinctrl: stm32: fix hwspinlock resource leak in probe function
- i3c: fix refcount inconsistency in i3c_master_register
- i3c: master: svc: Prevent incomplete IBI transaction
- power: supply: wm831x: Check wm831x_set_bits() return value
- power: supply: apm_power: only unset own apm_get_power_status
- scsi: target: Do not write NUL characters into ASCII configfs output
- spi: tegra210-quad: use device_reset method
- spi: tegra210-quad: add new chips to compatible
- spi: tegra210-quad: combined sequence mode
- spi: tegra210-quad: modify chip select (CS) deactivation
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path
- ext4: minor defrag code improvements
- ext4: correct the checking of quota files before moving extents
- perf/x86/intel: Correct large PEBS flag check
- regulator: core: disable supply if enabling main regulator fails
- nbd: clean up return value checking of sock_xmit()
- nbd: partition nbd_read_stat() into nbd_read_reply() and
nbd_handle_reply()
- scsi: stex: Fix reboot_notifier leak in probe error path
- dt-bindings: PCI: convert amlogic,meson-pcie.txt to dt-schema
- dt-bindings: PCI: amlogic: Fix the register name of the DBI region
- RDMA/rtrs: server: Fix error handling in get_or_create_srv
- ntfs3: init run lock for extend inode
- powerpc/32: Fix unpaired stwcx. on interrupt exit
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper()
- coresight: etm4x: Save restore TRFCR_EL1
- coresight: etm4x: Use Trace Filtering controls dynamically
- coresight-etm4x: add isb() before reading the TRCSTATR
- coresight: etm4x: Extract the trace unit controlling
- coresight: etm4x: Add context synchronization before enabling trace
- clk: renesas: r9a06g032: Fix memory leak in error path
- lib/vsprintf: Check pointer before dereferencing in time_and_date()
- ACPI: property: Fix fwnode refcount leak in
acpi_fwnode_graph_parse_endpoint()
- scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls
- leds: netxbig: Fix GPIO descriptor leak in error paths
- PCI: keystone: Exit ks_pcie_probe() for invalid mode
- ps3disk: use memcpy_{from,to}_bvec index
- selftests/bpf: Fix failure paths in send_signal test
- watchdog: wdat_wdt: Stop watchdog when uninstalling module
- watchdog: wdat_wdt: Fix ACPI table leak in probe function
- NFSD/blocklayout: Fix minlength check in proc_layoutget
- powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE
format
- fs/ntfs3: Remove unused mi_mark_free
- fs/ntfs3: Add new argument is_mft to ntfs_mark_rec_free
- fs/ntfs3: Make ni_ins_new_attr return error
- fs/ntfs3: out1 also needs to put mi
- fs/ntfs3: Prevent memory leaks in add sub record
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue
- pwm: bcm2835: Make sure the channel is enabled after pwm_request()
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path
- usb: chaoskey: fix locking for O_NONBLOCK
- usb: dwc2: disable platform lowlevel hw resources during shutdown
- usb: dwc2: fix hang during shutdown if set as peripheral
- usb: dwc2: fix hang during suspend if set as peripheral
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE
- selftests/bpf: skip test_perf_branches_hw() on unsupported platforms
- selftests/bpf: Improve reliability of test_perf_branches_no_hw()
- crypto: ccree - Correctly handle return of sg_nents_for_len
- staging: fbtft: core: fix potential memory leak in fbtft_probe_common()
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition
- wifi: ieee80211: correct FILS status codes
- backlight: led_bl: Take led_access lock when required
- backlight: lp855x: Fix lp855x.h kernel-doc warnings
- iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-
metal
- RDMA/irdma: Fix data race in irdma_sc_ccq_arm
- RDMA/irdma: Fix data race in irdma_free_pble
- ASoC: fsl_xcvr: Add Counter registers
- ASoC: fsl_xcvr: Add support for i.MX93 platform
- ASoC: fsl_xcvr: clear the channel status control memory
- drm/amd/display: Fix logical vs bitwise bug in
get_embedded_panel_info_v2_1()
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4
- ext4: remove unused return value of __mb_check_buddy
- ext4: improve integrity checking in __mb_check_buddy by enhancing
order-0 validation
- vdpa: Introduce and use vdpa device get, set config helpers
- vdpa: Introduce query of device config layout
- vdpa: Sync calls set/get config/status with cf_mutex
- virtio_vdpa: fix misleading return in void function
- virtio: fix virtqueue_set_affinity() docs
- ASoC: Intel: catpt: Fix error path in hw_params()
- netfilter: flowtable: check for maximum number of encapsulations in
bridge vlan
- netfilter: nf_conncount: reduce unnecessary GC
- netfilter: nf_conncount: rework API to use sk_buff directly
- netfilter: nft_connlimit: update the count if add was skipped
- net: stmmac: fix rx limit check in stmmac_rx_zc()
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds
- remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs
- perf tools: Fix split kallsyms DSO counting
- pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling
- pinctrl: single: Fix incorrect type for error return variable
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe()
- NFS: Label the dentry with a verifier in nfs_rmdir() and nfs_unlink()
- NFS: don't unhash dentry during unlink/rename
- NFS: Avoid changing nlink when file removes and attribute updates race
- fs/nls: Fix utf16 to utf8 conversion
- NFSv4: Add some support for case insensitive filesystems
- NFS: Fix the verifier for case sensitive filesystem in nfs_atomic_open()
- NFS: Initialise verifiers for visible dentries in nfs_atomic_open()
- Revert "nfs: ignore SB_RDONLY when remounting nfs"
- Revert "nfs: clear SB_RDONLY before getting superblock"
- Revert "nfs: ignore SB_RDONLY when mounting nfs"
- fs_context: drop the unused lsm_flags member
- fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8()
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure()
- ASoC: ak4458: Disable regulator when error happens
- ASoC: ak5558: Disable regulator when error happens
- blk-mq: Abort suspend when wakeup events are pending
- block: fix comment for op_is_zone_mgmt() to include RESET_ALL
- dma/pool: eliminate alloc_pages warning in atomic_pool_expand
- ALSA: uapi: Fix typo in asound.h comment
- ARM: 9464/1: fix input-only operand modification in
load_unaligned_zeropad()
- dm-raid: fix possible NULL dereference with undefined raid type
- dm log-writes: Add missing set_freezable() for freezable kthread
- efi/cper: Add a new helper function to print bitmasks
- efi/cper: Adjust infopfx size to accept an extra space
- efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs
- ocfs2: fix memory leak in ocfs2_merge_rec_left()
- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt
- usb: phy: Initialize struct usb_phy list_head
- ASoC: fsl_xcvr: get channel status data when PHY is not exists
- NFS: Fix missing unlock in nfs_unlink()
- netfilter: nf_conncount: garbage collection is not skipped when jiffies
wrap around
- coresight: etm4x: Correct polling IDLE bit
- spi: tegra210-quad: Fix validate combined sequence
- spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers
- bpf, arm64: Do not audit capability check in do_jit()
- btrfs: fix memory leak of fs_devices in degraded seed device path
- x86/ptrace: Always inline trivial accessors
- ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint()
only
- cpufreq: s5pv210: fix refcount leak
- livepatch: Match old_sympos 0 and 1 in klp_find_func()
- fs/ntfs3: Support timestamps prior to epoch
- hfsplus: fix volume corruption issue for generic/070
- hfsplus: fix volume corruption issue for generic/073
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
- ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2()
- broadcom: b44: prevent uninitialized value usage
- netfilter: nf_conncount: fix leaked ct in error paths
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr()
- ethtool: use phydev variable
- net/ethtool/ioctl: remove if n_stats checks from ethtool_get_phy_stats
- net/ethtool/ioctl: split ethtool_get_phy_stats into multiple helpers
- net/mlx5: fw_tracer, Add support for unrecognized string
- net/mlx5: fw_tracer, Handle escaped percent properly
- net: hns3: Align type of some variables with their print type
- net: hns3: using the num_tqps to check whether tqp_index is out of range
when vf get ring info from mbx
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk
table
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf
- spi: fsl-cpm: Check length parity before switching to 16 bit mode
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path
- ipmi: Fix the race between __scan_channels() and deliver_response()
- ipmi: Fix __scan_channels() failing to rescan channels
- firmware: imx: scu-irq: Init workqueue before request mbox channel
- ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4
- powerpc/addnote: Fix overflow on 32-bit builds
- scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled
- scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive
- scsi: qla2xxx: Use reinit_completion on mbx_intr_comp
- exfat: fix remount failure in different process environments
- usbip: Fix locking bug in RT-enabled kernels
- usb: xhci: limit run_graceperiod for only usb 3.0 devices
- usb: usb-storage: No additional quirks need to be added to the EL-R12
optical drive.
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
- nvme-fc: don't hold rport lock when putting ctrl
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI
quirks
- vhost/vsock: improve RCU read sections around vhost_vsock_get()
- mmc: sdhci-msm: Avoid early clock doubling during HS400 transition
- lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit
- block: rate-limit capacity change info log
- floppy: fix for PAGE_SIZE != 4KB
- fs/ntfs3: fix mount failure for sparse runs in run_unpack()
- ktest.pl: Fix uninitialized var in config-bisect.pl
- ext4: clear i_state_flags when alloc inode
- ext4: fix incorrect group number assertion in mb_check_buddy
- ext4: align max orphan file size with e2fsprogs limit
- jbd2: use a weaker annotation in journal handling
- media: v4l2-mem2mem: Fix outdated documentation
- usb: usb-storage: Maintain minimal modifications to the bcdDevice range.
- media: pvrusb2: Fix incorrect variable used in trace message
- phy: broadcom: bcm63xx-usbh: fix section mismatches
- USB: lpc32xx_udc: Fix error handling in probe
- usb: phy: isp1301: fix non-OF device reference imbalance
- usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
- intel_th: Fix error handling in intel_th_output_open
- cpufreq: nforce2: fix reference count leak in nforce2
- NFSD: use correct reservation type in nfsd4_scsi_fence_client
- tools/testing/nvdimm: Use per-DIMM device handle
- KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with
period=0
- KVM: x86: Explicitly set new periodic hrtimer expiration in
apic_timer_fn()
- KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed
VMRUN)
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM
- nfsd: Mark variable __maybe_unused to avoid W=1 build break
- svcrdma: return 0 on success from svc_rdma_copy_inline_range
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
- amba: tegra-ahb: Fix device leak on SMMU enable
- soc: qcom: ocmem: fix device leak on lookup
- soc: amlogic: canvas: fix device leak on lookup
- rpmsg: glink: fix rpmsg device leak
- i2c: amd-mp2: fix reference leak in MP2 PCI device
- hwmon: (max16065) Use local variable to avoid TOCTOU
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU
- i40e: fix scheduling in set_rx_mode
- i40e: Refactor argument of several client notification functions
- i40e: Refactor argument of i40e_detect_recover_hung()
- i40e: validate ring_len parameter against hardware-specific values
- net: mdio: aspeed: move reg accessing part into separate functions
- net: mdio: aspeed: add dummy read to avoid read-after-write issue
- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy
- platform/x86: msi-laptop: add missing sysfs_remove_group()
- platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic
- genalloc.h: fix htmldocs warning
- firewire: nosy: Fix dma_free_coherent() size
- net: dsa: b53: skip multicast entries for fdb_dump()
- net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group
struct
- RDMA/efa: Remove possible negative shift
- RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr()
- RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db()
- RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send
- RDMA/bnxt_re: Fix to use correct page size for PDE table
- RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation
- RDMA/bnxt_re: fix dma_free_coherent() pointer
- selftests/ftrace: traceonoff_triggers: strip off names
- ASoC: stm32: sai: fix device leak on probe
- ASoC: qcom: q6asm-dai: perform correct state check before closing
- ASoC: qcom: q6adm: the the copp device only during last instance
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment.
- iommu/apple-dart: fix device leak on of_xlate()
- iommu/exynos: fix device leak on of_xlate()
- iommu/ipmmu-vmsa: fix device leak on of_xlate()
- iommu/mediatek-v1: fix device leak on probe_device()
- iommu/mediatek: fix device leak on of_xlate()
- iommu/omap: fix device leaks on probe_device()
- iommu/sun50i: fix device leak on of_xlate()
- iommu/tegra: fix device leak on probe_device()
- HID: logitech-dj: Remove duplicate error logging
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths
- leds: leds-lp50xx: Allow LED 0 to be added to module bank
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices
- media: rc: st_rc: Fix reset control resource leak
- parisc: entry.S: fix space adjustment on interruption for 64-bit
userspace
- parisc: entry: set W bit for !compat tasks in syscall_restore_rfi()
- dm-ebs: Mark full buffer dirty even on partial write
- fbdev: gbefb: fix to use physical address instead of dma address
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing
- fbdev: tcx.c fix mem_map to correct smem_start offset
- media: cec: Fix debugfs leak on bus_register() failure
- media: msp3400: Avoid possible out-of-bounds array accesses in
msp3400c_thread()
- media: TDA1997x: Remove redundant cancel_delayed_work in probe
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe
- idr: fix idr_alloc() returning an ID out of range
- fjes: Add missing iounmap in fjes_hw_init()
- nfsd: Drop the client reference in client_states_open()
- net: usb: sr9700: fix incorrect command used to write single register
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in
prepare_fb
- mm/damon/tests/vaddr-kunit: handle alloc failures in
damon_test_split_evenly_fail()
- mm/damon/tests/vaddr-kunit: handle alloc failures on
damon_do_test_apply_three_regions()
- mm/damon/tests/vaddr-kunit: handle alloc failures on
damon_test_split_evenly_succ()
- mm/damon/tests/core-kunit: handle allocation failures in
damon_test_regions()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_split_at()
- mm/damon/tests/core-kunit: handle alloc failures on
dasmon_test_merge_regions_of()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_merge_two()
- mm/damon/tests/core-kunit: handle memory failure from
damon_test_target()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_split_regions_of()
- mm/damon/tests/core-kunit: handle memory alloc failure from
damon_test_aggregate()
- kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules
- virtio_console: fix order of fields cols and rows
- usb: xhci: move link chain bit quirk checks into one helper function.
- xhci: dbgtty: use IDR to support several dbc instances.
- xhci: dbgtty: fix device unregister
- jbd2: fix the inconsistency between checksum and data in memory for
journal sb
- btrfs: don't rewrite ret from inode_permission
- wifi: mt76: Fix DTS power-limits on little endian systems
- ALSA: wavefront: Clear substream pointers on close
- ALSA: wavefront: Use standard print API
- NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap
- KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-
Exit
- xfs: fix a memory leak in xfs_buf_item_init()
- f2fs: fix to detect recoverable inode during dryrun of
find_fsync_dnodes()
- f2fs: fix to propagate error from f2fs_enable_checkpoint()
- usb: dwc3: keep susphy enabled during exit to avoid controller faults
- mptcp: pm: ignore unknown endpoint flags
- usb: ohci-nxp: Use helper function devm_clk_get_enabled()
- usb: ohci-nxp: fix device leak on probe failure
- ARM: dts: microchip: sama7g5: fix uart fifo size to 32
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN
- media: mediatek: vcodec: Fix a reference leak in
mtk_vcodec_fw_vpu_init()
- media: vpif_capture: fix section mismatch
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index
- media: samsung: exynos4-is: fix potential ABBA deadlock on init
- media: renesas: rcar_drif: fix device node reference leak in
rcar_drif_bond_enabled
- powerpc/pseries/cmm: call balloon_devinfo_init() also without
CONFIG_BALLOON_COMPACTION
- PCI: brcmstb: Fix disabling L0s capability
- iommu/qcom: fix device leak on of_xlate()
- r8169: fix RTL8117 Wake-on-Lan in DASH mode
- ASoC: stm: Use dev_err_probe() helper
- ASoC: stm32: sai: Use the devm_clk_get_optional() helper
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure
- mm/balloon_compaction: make balloon page compaction callbacks static
- mm/balloon_compaction: we cannot have isolated pages in the balloon list
- mm/balloon_compaction: convert balloon_page_delete() to
balloon_page_finalize()
- powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages
- lockd: fix vfs_test_lock() calls
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg()
- KVM: arm64: sys_regs: disable -Wuninitialized-const-pointer warning
- x86: remove __range_not_ok()
- pwm: stm32: Always program polarity
- ext4: factor out ext4_hash_info_init()
- ext4: fix error message when rejecting the default hash
- firmware: arm_scmi: Fix unused notifier-block in unregister
- Revert "iommu/amd: Skip enabling command/event buffers for kdump"
- net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path
- atm: Fix dma_free_coherent() size
- mei: me: add nova lake point S DID
- lib/crypto: aes: Fix missing MMU protection for AES S-box
- drm/pl111: Fix error handling in pl111_amba_probe
- libceph: make calc_target() set t->paused, not just clear it
- ext4: introduce ITAIL helper
- csky: fix csky_cmpxchg_fixup not working
- ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels
- alpha: don't reference obsolete termio struct for TC* constants
- NFSv4: ensure the open stateid seqid doesn't go backwards
- NFS: Fix up the automount fs_context to use the correct cred
- scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset
- scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe
failure scanned in again after probe failed"
- arm64: dts: add off-on-delay-us for usdhc2 regulator
- ARM: dts: imx6q-ba16: fix RTC interrupt level
- netfilter: nft_synproxy: avoid possible data-race on update operation
- netfilter: nf_tables: fix memory leak in nf_tables_newrule()
- netfilter: nf_conncount: update last_gc only when GC has been performed
- bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress
- inet: ping: Fix icmp out counting
- netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates
- net/mlx5e: Don't print error message due to invalid module
- eth: bnxt: move and rename reset helpers
- bnxt_en: Fix potential data corruption with HW GRO/LRO
- HID: quirks: work around VID/PID conflict for appledisplay
- net: enetc: fix build warning when PAGE_SIZE is greater than 128K
- arp: do not assume dev_hard_header() does not change skb->head
- NFS: trace: show TIMEDOUT instead of 0x6e
- nfs_common: factor out nfs_errtbl and nfs_stat_to_errno
- NFSD: Remove NFSERR_EAGAIN
- pinctrl: qcom: lpass-lpi: Remove duplicate assignment of of_gpio_n_cells
- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
- powercap: fix race condition in register_control_type()
- powercap: fix sscanf() error return value handling
- ASoC: fsl_sai: Add missing registers to cache default
- scsi: sg: Fix occasional bogus elapsed time that exceeds timeout
- firmware: imx: scu-irq: Set mu_resource_id before get handle
- efi/cper: Fix cper_bits_to_str buffer handling and return value
- NFS: unlink/rmdir shouldn't call d_delete() twice on ENOENT
- NFS: add barriers when testing for NFS_FSDATA_BLOCKED
- Linux 5.15.198
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71182
- can: j1939: make j1939_session_activate() fail if device is no longer
registered
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2022-49465
- blk-throttle: Set BIO_THROTTLED when bio has been throttled
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71180
- counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22980
- nfsd: provide locking for v4_end_grace
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-23021
- net: usb: pegasus: fix memory leak in update_eth_regs_async()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22976
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate
in qfq_reset
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22977
- net: sock: fix hardened usercopy panic in sock_recv_errqueue
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22982
- net: mscc: ocelot: Fix crash when adding interface under a lag
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-23019
- net: marvell: prestera: fix NULL dereference on devlink_alloc() failure
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-22121
- ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22992
- libceph: return the handler error from mon_handle_auth_done()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22991
- libceph: make free_choose_arg_map() resilient to partial allocation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22990
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22984
- libceph: prevent potential out-of-bounds reads in handle_auth_done()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-22978
- wifi: avoid kernel-infoleak from struct iw_point
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2026-23020
- net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2024-49968
- ext4: filesystems without casefold feature cannot be mounted with
siphash
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2024-36927
- ipv4: Fix uninit-value access in __ip_make_skb()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2024-36903
- ipv6: Fix potential uninit-value access in __ip6_make_skb()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-38556
- HID: core: Harden s32ton() against conversion to 0 bits
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2024-46830
- KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-38129
- page_pool: Fix use-after-free in page_pool_recycle_in_ring
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2022-49635
- drm/i915/selftests: fix subtraction overflow bug
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-22111
- net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71127
- wifi: mac80211: Discard Beacon frames to non-broadcast address
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71081
- ASoC: stm32: sai: fix OF node leak on probe
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71078
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68803
- NFSD: NFSv4 file creation neglects setting ACL
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71120
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in
gss_read_proxy_verf
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71113
- crypto: af_alg - zero initialize memory allocated via sock_kmalloc
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71068
- svcrdma: bound check rq_pages index in inline path
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68821
- fuse: fix readahead reclaim deadlock
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68796
- f2fs: fix to avoid updating zero-sized extent in extent cache
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71105
- f2fs: use global inline_xattr_slab instead of per-sb slab cache
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68344
- ALSA: wavefront: Fix integer overflow in sample size validation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71077
- tpm: Cap the number of PCR banks
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68282
- usb: gadget: udc: fix use-after-free in usb_gadget_state_work
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-22022
- usb: xhci: Apply the link chain quirk on NEC isoc endpoints
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-40110
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-38022
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device"
problem
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71083
- drm/ttm: Avoid NULL pointer deref for evicted BOs
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71079
- net: nfc: fix deadlock between nfc_unregister_device and
rfkill_fop_write
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71093
- e1000: fix OOB in e1000_tbi_should_accept()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71084
- RDMA/cm: Fix leaking the multicast GID table reference
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71096
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71136
- media: adv7842: Avoid possible out-of-bounds array accesses in
adv7842_cp_log_status()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71133
- RDMA/irdma: avoid invalid read in irdma_net_event
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71086
- net: rose: fix invalid array index in rose_kill_by_device()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71097
- ipv4: Fix reference count leak when using error routes with nexthop
objects
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71085
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71137
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71094
- net: usb: asix: validate PHY address before use
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71132
- smc91x: fix broken irq-context in PREEMPT_RT
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71154
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71091
- team: fix check for port enabled in
team_queue_override_port_prio_changed()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71098
- ip6_gre: make ip6gre_header() robust
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71082
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71131
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71087
- iavf: fix off-by-one issues in iavf_config_rss_reg()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71111
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68814
- io_uring: fix filename leak in __io_openat_prep()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68788
- fsnotify: do not generate ACCESS/MODIFY events on child for special
files
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71125
- tracing: Do not register unsupported perf events
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71104
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV
timer
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71116
- libceph: make decode_pool() more resilient against corrupted osdmaps
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71121
- parisc: Do not reprogram affinitiy on ASP chip
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71102
- scs: fix a wrong parameter in __scs_magic
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68804
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68771
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68808
- media: vidtv: initialize local pointers upon transfer of memory
ownership
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68769
- f2fs: fix return value of f2fs_recover_fsync_data()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71069
- f2fs: invalidate dentry cache on failed whiteout creation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68782
- scsi: target: Reset t_task_cdb pointer in error case
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71075
- scsi: aic94xx: fix use-after-free in device removal path
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68818
- scsi: Revert "scsi: qla2xxx: Perform lockless command completion in
abort path"
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68797
- char: applicom: fix NULL pointer dereference in ac_ioctl
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68819
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68820
- ext4: xattr: fix null pointer deref in ext4_raw_inode()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71147
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71108
- usb: typec: ucsi: Handle incorrect num_connectors capability
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71114
- via_wdt: fix critical boot hang due to unnamed resource allocation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68783
- ALSA: usb-mixer: us16x08: validate meter packet indices
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68776
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68777
- Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71112
- net: hns3: add VLAN id validation before using
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71064
- net: hns3: using the num_tqps in the vf driver to apply for resources
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68816
- net/mlx5: fw_tracer, Validate format string parameters
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68795
- ethtool: Avoid overflowing userspace buffer on stats query
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68815
- net/sched: ets: Remove drr class from the active list if it changes to
strict
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68799
- caif: fix integer underflow in cffrml_receive()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68813
- ipvs: fix ipv4 null-ptr-deref in route error path
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68785
- net: openvswitch: fix middle attribute validation in push_nsh() action
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68800
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route
stats
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68801
- mlxsw: spectrum_router: Fix neighbour use-after-free
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71066
- net/sched: ets: Always remove class from active list before deleting in
ets_qdisc_change
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68787
- netrom: Fix memory leak in nr_sendmsg()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68767
- hfsplus: Verify inode mode when loading from disk
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68774
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-71118
- ACPICA: Avoid walking the Namespace if start_node is NULL
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68780
- sched/deadline: only set free_cpus for online runqueues
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68346
- ALSA: dice: fix buffer overflow in detect_stream_formats()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68764
- NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68349
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68325
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68354
- regulator: core: Protect regulator_supply_alias_list with
regulator_list_mutex
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68758
- backlight: led-bl: Add devlink to supplier LEDs
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68765
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68740
- ima: Handle error code returned by ima_filter_rule_match()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68362
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68759
- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68364
- ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68366
- nbd: defer config unlock in nbd_genl_connect
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68367
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68372
- nbd: defer config put in recv_work
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68746
- spi: tegra210-quad: Fix timeout handling
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68724
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68727
- ntfs3: Fix uninit buffer allocated by __getname()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68728
- ntfs3: fix uninit memory after failed mi_read in mi_format_new
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68757
- drm/vgem-fence: Fix potential deadlock on release
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68732
- gpu: host1x: Fix race in syncpt alloc/free
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68733
- smack: fix bug: unprivileged task can create labels
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68254
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68255
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68257
- comedi: check device's attached status in compat ioctls
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68258
- comedi: multiq3: sanitize config options in multiq3_attach()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68332
- comedi: c6xdigio: Fix invalid PNP driver unregistration
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68266
- bfs: Reconstruct file type when loading from disk
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68335
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68261
- ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68336
- locking/spinlock/debug: Fix data-race in do_raw_write_lock
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68264
- ext4: refresh inline data size before write operations
* Jammy update: v5.15.198 upstream stable release (LP: #2139704) //
CVE-2025-68337
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system
corrupted
* Jammy update: v5.15.197 upstream stable release (LP: #2138662)
- x86/bugs: Fix reporting of LFENCE retpoline
- btrfs: scrub: replace max_t()/min_t() with clamp() in
scrub_throttle_dev_io()
- btrfs: always drop log root tree reference in btrfs_replay_log()
- btrfs: use smp_mb__after_atomic() when forcing COW in
create_pending_snapshot()
- net: usb: asix_devices: Check return value of usbnet_get_endpoints
- fbdev: atyfb: Check if pll_ops->init_pll failed
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
- mptcp: restore window probe
- ASoC: qdsp6: q6asm: do not sleep while atomic
- wifi: ath10k: Fix memory leak on unsupported WMI command
- drm/msm/a6xx: Fix GMU firmware parser
- ALSA: usb-audio: fix control pipe direction
- bpf: Do not audit capability check in do_jit()
- riscv, libbpf: Add RISC-V (RV64) support to bpf_tracing.h
- libbpf: Normalize PT_REGS_xxx() macro definitions
- libbpf: Fix powerpc's stack register definition in bpf_tracing.h
- drm/etnaviv: fix flush sequence logic
- net: hns3: return error code when function fails
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
- block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
- serial: 8250_dw: Use devm_add_action_or_reset()
- serial: 8250_dw: handle reset control deassert error
- dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp
- ravb: Exclude gPTP feature support for RZ/G2L
- net: ravb: Enforce descriptor type ordering
- can: gs_usb: increase max interface to U8_MAX
- net: phy: dp83867: Disable EEE support as not implemented
- x86/resctrl: Fix miscount of bandwidth event when reactivating
previously unavailable RMID
- xhci: dbc: Provide sysfs option to configure dbc descriptors
- xhci: dbc: poll at different rate depending on data transfer activity
- xhci: dbc: Allow users to modify DbC poll interval via sysfs
- xhci: dbc: Improve performance by removing delay in transfer event
polling.
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are
inactive.
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall
event
- x86/boot: Compile boot code with -std=gnu11 too
- arch: back to -std=gnu89 in < v5.18
- Revert "docs/process/howto: Replace C89 with C11"
- drm/sched: Fix race in drm_sched_entity_select_rq()
- block: make REQ_OP_ZONE_OPEN a write operation
- soc: aspeed: socinfo: Add AST27xx silicon IDs
- soc: qcom: smem: Fix endian-unaware access of num_entries
- spi: loopback-test: Don't use %pK through printk
- soc: ti: pruss: don't use %pK through printk
- bpf: Don't use %pK through printk
- pinctrl: single: fix bias pull up/down handling in pin_config_set
- mmc: host: renesas_sdhi: Fix the actual clock
- memstick: Add timeout to prevent indefinite waiting
- ACPI: video: force native for Lenovo 82K8
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2
- arc: Fix __fls() const-foldability via __builtin_clzl()
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support
- power: supply: sbs-charger: Support multiple devices
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in
acpi_ds_call_control_method()
- tee: allow a driver to allocate a tee_device without a pool
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556
- tools/cpupower: fix error return value in cpupower_write_sysfs()
- cpuidle: Fail cpuidle device registration if there is one already
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel
- uprobe: Do not emulate/sstep original instruction when ip is changed
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040
- tools/cpupower: Fix incorrect size in cpuidle_state_disable()
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
- tools/power x86_energy_perf_policy: Enhance HWP enable
- tools/power x86_energy_perf_policy: Prefer driver HWP limits
- mfd: stmpe: Remove IRQ domain upon removal
- mfd: stmpe-i2c: Add missing MODULE_LICENSE
- mfd: madera: Work around false-positive -Wininitialized warning
- mfd: da9063: Split chip variant reading in two bus transactions
- drm/amd/pm: Use cached metrics data on aldebaran
- drm/amd/pm: Use cached metrics data on arcturus
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
- PCI: Disable MSI on RDC PCI to PCIe bridges
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8
- selftests/net: Ensure assert() triggers in psock_tpacket.c
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs
- media: pci: ivtv: Don't create fake v4l2_fh
- drm/tidss: Use the crtc_* timings when programming the HW
- drm/tidss: Set crtc modesetting parameters with adjusted mode
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
- net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge
- powerpc/eeh: Use result of error_detected() in uevent
- bridge: Redirect to backup port when port is administratively down
- drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before
setting register
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
- char: misc: Does not request module for miscdevice with dynamic minor
- net: When removing nexthops, don't call synchronize_net if it is not
necessary
- net: Call trace_sock_exceed_buf_limit() for memcg failure with
SK_MEM_RECV.
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
- rds: Fix endianness annotation for RDS_MPATH_HASH
- scsi: mpi3mr: Fix controller init failure on fault during queue creation
- scsi: pm80xx: Fix race condition caused by static variables
- extcon: adc-jack: Fix wakeup source leaks on device unbind
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
- media: fix uninitialized symbol warnings
- mips: lantiq: danube: add missing properties to cpu node
- mips: lantiq: danube: add missing device_type in pci node
- mips: lantiq: xway: sysctrl: rename stp clock
- scsi: pm8001: Use int instead of u32 to store error codes
- ptp: Limit time setting of PTP clocks
- dmaengine: sh: setup_xref error handling
- dmaengine: mv_xor: match alloc_wc and free_wc
- dmaengine: dw-edma: Set status for callback_result
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
- ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
- net: call cond_resched() less often in __release_sock()
- iommu/amd: Skip enabling command/event buffers for kdump
- usb: gadget: f_hid: Fix zero length packet transfer
- drm/msm: make sure to not queue up recovery more than once
- net: phy: marvell: Fix 88e1510 downshift counter errata
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0
- net: sh_eth: Disable WoL if system can not suspend
- media: redrat3: use int type to store negative error codes
- selftests: traceroute: Use require_command()
- netfilter: nf_reject: don't reply to icmp error messages
- x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of
PV_UNHALT
- selftests: Disable dad for ipv6 in fcnal-test.sh
- eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP
- [Config] Disable CONFIG_8139TOO_PIO for armhf
- selftests: Replace sleep with slowwait
- net/cls_cgroup: Fix task_get_classid() during qdisc run
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to
clean net/lib dependency
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during
TGT_RESET
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in
lpfc_cleanup
- scsi: lpfc: Define size of debugfs entry for xri rebalancing
- allow finish_no_open(file, ERR_PTR(-E...))
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices
- ipv6: np->rxpmtu race annotation
- net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X
- iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot()
- wifi: ath10k: Fix connection after GTK rekeying
- net: intel: fm10k: Fix parameter idx set but not used
- r8169: set EEE speed down ratio to 1
- sparc/module: Add R_SPARC_UA64 relocation handling
- remoteproc: qcom: q6v5: Avoid handling handover twice
- NFSv4: handle ERR_GRACE on delegation recalls
- NFSv4.1: fix mount hang after CREATE_SESSION failure
- scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
- net: macb: avoid dealing with endianness in macb_set_hwaddr()
- ALSA: usb-audio: add mono main switch to Presonus S1824c
- exfat: limit log print for IO error
- page_pool: Clamp pool size to max 16K pages
- ACPICA: Update dsmethod.c to get rid of unused variable warning
- RDMA/irdma: Fix SD index calculation
- RDMA/irdma: Remove unused struct irdma_cq fields
- RDMA/irdma: Set irdma_cq cq_num field during CQ create
- RDMA/hns: Fix wrong WQE data when QP wraps around
- btrfs: mark dirty extent range for out of bound prealloc extents
- fs/hpfs: Fix error code for new_inode() failure in
mkdir/create/mknod/symlink
- um: Fix help message for ssl-non-raw
- rtc: pcf2127: clear minute/second interrupt
- ARM: at91: pm: save and restore ACR during PLL disable/enable
- clk: at91: clk-master: Add check for divide by 3
- clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
- 9p: fix /sys/fs/9p/caches overwriting itself
- cpufreq: tegra186: Initialize all cores to max frequencies
- 9p: sysfs_init: don't hardcode error to ENOMEM
- ACPI: property: Return present device nodes only on fwnode interface
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
- ceph: add checking of wait_for_completion_killable() return value
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
- Revert "wifi: ath10k: avoid unnecessary wait for service ready message"
- riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro
- net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for
bcm63xx
- selftests/net: fix out-of-order delivery of FIN in gro:tcp test
- selftests/net: fix GRO coalesce test and add ext header coalesce tests
- selftests/net: use destination options instead of hop-by-hop
- netdevsim: add Makefile for selftests
- selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing
ethtool-common.sh
- net: vlan: sync VLAN features with lower device
- net: dsa: b53: fix resetting speed and pause on forced link
- net: dsa: b53: fix enabling ip multicast
- net: dsa: b53: stop reading ARL entries if search is done
- sctp: Hold RCU read lock while iterating over address list
- sctp: Hold sock lock while iterating over address list
- bnxt_en: PTP: Refactor PTP initialization functions
- bnxt_en: Fix a possible memory leak in bnxt_ptp_init
- tracing: Fix memory leaks in create_field_var()
- rtc: rx8025: fix incorrect register reference
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
- extcon: adc-jack: Cleanup wakeup source only if it was enabled
- selftests: netdevsim: set test timeout to 10 minutes
- compiler_types: Move unused static inline functions warning to W=2
- RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid
rfence errors
- NFS4: Fix state renewals missing after boot
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
- NFS: check if suid/sgid was cleared after a write as needed
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
- net/smc: fix mismatch between CLC header and proposal
- net: mdio: fix resource leak in mdiobus_register_device()
- wifi: mac80211: skip rate verification for not captured PSDUs
- net: sched: act: move global static variable net_id to tc_action_ops
- net: sched: act_connmark: get rid of tcf_connmark_walker and
tcf_connmark_search
- net/sched: act_connmark: transition to percpu stats and rcu
- net_sched: act_connmark: use RCU in tcf_connmark_dump()
- net/mlx5e: Fix maxrate wraparound in threshold between units
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
- net_sched: limit try_bulk_dequeue_skb() batches
- hsr: Fix supervision frame sending on HSRv0
- Bluetooth: L2CAP: export l2cap_chan_hold for modules
- acpi,srat: Fix incorrect device handle check for Generic Initiator
- regulator: fixed: fix GPIO descriptor leak on register failure
- ASoC: cs4271: Fix regulator leak on probe failure
- NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
- mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR
- lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
- mtd: onenand: Pass correct pointer to IRQ handler
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
- gcov: add support for GCC 15
- strparser: Fix signed/unsigned mismatch bug
- ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
- spi: Try to get ACPI GPIO IRQ earlier
- EDAC/altera: Handle OCRAM ECC enable after warm reset
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
- net/sched: act_connmark: handle errno on tcf_idr_check_alloc
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
- exfat: check return value of sb_min_blocksize in exfat_read_boot_sector
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO
- drm/tegra: dc: Fix reference leak in tegra_dc_couple()
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()
- net: dsa: hellcreek: fix missing error handling in LED registration
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to
errnos
- kernel.h: Move ARRAY_SIZE() to a separate header
- scsi: core: Fix a regression triggered by scsi_host_busy()
- selftests: net: use BASH for bareudp testing
- net: tls: Cancel RX async resync request on rcd_delta overflow
- kconfig/mconf: Initialize the default locale at startup
- kconfig/nconf: Initialize the default locale at startup
- mm/mm_init: fix hash table order logging in alloc_large_system_hash()
- ALSA: usb-audio: fix uac2 clock source at terminal parser
- tracing/tools: Fix incorrcet short option in usage text for --threads
- uio_hv_generic: Set event for all channels on the device
- Makefile.compiler: replace cc-ifversion with compiler-specific macros
- btrfs: add helper to truncate inode items when logging inode
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
- pmdomain: imx: Fix reference count leak in imx_gpc_remove
- pmdomain: samsung: plug potential memleak during probe
- selftests: mptcp: connect: fix fallback note due to OoO
- mptcp: Disallow MPTCP subflows from sockmap
- usb: deprecate the third argument of usb_maxpacket()
- Input: remove third argument of usb_maxpacket()
- ata: libata-scsi: Fix system suspend for a security locked drive
- dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups
- mptcp: fix ack generation for fallback msk
- mptcp: fix premature close in case of fallback
- mptcp: do not fallback when OoO is present
- Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()"
- Revert "block: don't add or resize partition on the disk with
GENHD_FL_NO_PART"
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing
- net: aquantia: Add missing descriptor cache invalidation on ATL2
- net/mlx5e: Fix validation logic in rate limiting
- net: dsa: sja1105: Convert to mdiobus_c45_read
- net: dsa: sja1105: simplify static configuration reload
- net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing
traffic
- mailbox: mailbox-test: Fix debugfs_create_dir error checking
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields
- iio:common:ssp_sensors: Fix an error handling path ssp_probe()
- MIPS: mm: Prevent a TLB shutdown on initial uniquification
- can: sja1000: fix max irq loop handling
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
- dm-verity: fix unreliable memory allocation
- drivers/usb/dwc3: fix PCI parent check
- thunderbolt: Add support for Intel Wildcat Lake
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves
- serial: amba-pl011: prefer dma_mapping_error() over explicit address
checking
- usb: cdns3: Fix double resource release in cdns3_pci_probe
- USB: storage: Remove subclass and protocol overrides from Novatek quirk
- xhci: dbgtty: Fix data corruption when transmitting data form DbC to
host
- USB: serial: ftdi_sio: add support for u-blox EVK-M101
- USB: serial: option: add support for Rolling RW101R-GL
- drm: sti: fix device leaks at component probe
- staging: rtl8712: Remove driver using deprecated API wext
- [Config] Remove config option for CONFIG_R8712U
- selftests: mptcp: join: rm: set backup flag
- mptcp: avoid unneeded subflow-level drops
- usb: renesas_usbhs: Convert to platform remove callback returning void
- usb: typec: ucsi: psy: Set max current to zero when disconnected
- selftests/bpf: Don't rely on preserving volatile in PT_REGS macros in
loop3
- libbpf: Fix riscv register names
- libbpf, riscv: Use a0 for RC register
- libbpf: Fix invalid return address register in s390
- Linux 5.15.197
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2024-47666
- scsi: pm80xx: Set phy->enable_completion only when we
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68327
- usb: renesas_usbhs: Fix synchronous external abort on unbind
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68295
- smb: client: fix memory leak in cifs_construct_tcon()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68227
- mptcp: Fix proto fallback detection with BPF
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68284
- libceph: prevent potential out-of-bounds writes in
handle_auth_session_key()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68285
- libceph: fix potential use-after-free in have_mon_and_osd_map()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68286
- drm/amd/display: Check NULL before accessing
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68287
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests()
call paths
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68331
- usb: uas: fix urb unmapping issue when the uas device is remove during
ongoing data transfer
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40345
- usb: storage: sddr55: Reject out-of-bound new_pba
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68288
- usb: storage: Fix memory leak in USB bulk transport
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68289
- usb: gadget: f_eem: Fix memory leak in eem_unwrap
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68290
- most: usb: fix double free on late probe failure
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68328
- firmware: stratix10-svc: fix bug in saving controller data
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68339
- atm/fore200e: Fix possible data race in fore200e_open()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68330
- iio: accel: bmc150: Fix irq assumption regression
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68301
- net: atlantic: fix fragment overflow handling in RX path
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68302
- net: sxgbe: fix potential NULL dereference in sxgbe_rx()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68303
- platform/x86: intel: punit_ipc: fix memory corruption
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68308
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40257
- mptcp: fix a race in mptcp_pm_del_add_timer()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68217
- Input: pegasus-notetaker - fix potential out-of-bounds access
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68204
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68245
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2024-37354
- btrfs: fix crash on racing fsync and size-extending write into prealloc
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68220
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return
NULL on error
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40272
- mm/secretmem: fix use-after-free race in fault handler
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40248
- vsock: Ignore signal/timeout on connect() if already established
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40252
- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont()
and qede_tpa_end()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40253
- s390/ctcm: Fix double-kfree
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40254
- net: openvswitch: remove never-working support for setting nsh fields
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40258
- mptcp: fix race condition in mptcp_schedule_work()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68229
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40259
- scsi: sg: Do not sleep in atomic context
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40261
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40262
- Input: imx_sc_key - fix memory corruption on unload
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40263
- Input: cros_ec_keyb - fix an invalid memory access
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40264
- be2net: pass wrb_params in case of OS2BMC
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68238
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68734
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40269
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40271
- fs/proc: fix uaf in proc_readdir_de()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68241
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40273
- NFSD: free copynotify stateid in nfs4_free_ol_stateid()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40040
- mm/ksm: fix flag-dropping behavior in ksm_madvise
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68200
- bpf: Add bpf_prog_run_data_pointers()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40275
- ALSA: usb-audio: Fix NULL pointer dereference in
snd_usb_mixer_controls_badd
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40277
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40278
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-
infoleak
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40279
- net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40280
- tipc: Fix use-after-free in tipc_mon_reinit_self().
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40281
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40282
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40283
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68244
- drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68192
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40331
- sctp: Prevent TOCTOU out-of-bounds write
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40304
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40306
- orangefs: fix xattr related buffer overflow...
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40308
- Bluetooth: bcsp: receive data only if registered
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40309
- Bluetooth: SCO: Fix UAF on sco_conn_free
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40361
- fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68185
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
dereferencing
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68176
- PCI: cadence: Check for the existence of cdns_pcie::ops before using it
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68168
- jfs: fix uninitialized waitqueue in transaction manager
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40312
- jfs: Verify inode mode when loading from disk
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68321
- page_pool: always add GFP_NOWARN for ATOMIC allocations
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68191
- udp_tunnel: use netdev_warn() instead of netdev_WARN()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40313
- ntfs3: pretend $Extend records as regular files
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40314
- usb: cdns3: gadget: Use-after-free during failed initialization and exit
of cdnsp gadget
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68194
- media: imon: make send_packet() more robust
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40363
- net: ipv6: fix field-spanning memcpy warning in AH output
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40342
- nvme-fc: use lock accessing port_state and rport state
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40343
- nvmet-fc: avoid scheduling association deletion twice
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68177
- cpufreq/longhaul: handle NULL policy in longhaul_exit
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40360
- drm/sysfb: Do not dereference NULL pointer in plane reset
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40315
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40317
- regmap: slimbus: fix bus_context pointer in regmap init calls
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-68312
- usbnet: Prevents free active kevent
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40319
- bpf: Sync pending IRQ work before freeing ring buffer
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40321
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP
Mode
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40322
- fbdev: bitblit: bound-check glyph index in bit_putcs*
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40211
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40324
- NFSD: Fix crash in nfsd4_read_release()
* Jammy update: v5.15.197 upstream stable release (LP: #2138662) //
CVE-2025-40083
- net/sched: sch_qfq: Fix null-deref in agg_dequeue
* CVE-2024-41014
- xfs: add bounds checking to xlog_recover_process_data
* CVE-2022-49267
- mmc: core: use sysfs_emit() instead of sprintf()
* CVE-2025-21780
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
Date: 2026-02-17 16:55:10.604134+00:00
Changed-By: Edward Stewart Hore <stewart.hore at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1094.99
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list