[ubuntu/jammy-proposed] linux-nvidia-tegra 5.15.0-1057.57 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Mar 31 06:39:03 UTC 2026
linux-nvidia-tegra (5.15.0-1057.57) jammy; urgency=medium
* jammy/linux-nvidia-tegra: 5.15.0-1057.57 -proposed tracker (LP: #2143508)
[ Ubuntu-realtime: 5.15.0-1104.113 ]
* jammy/linux-realtime: 5.15.0-1104.113 -proposed tracker (LP: #2143512)
* Jammy real-time patch set update: v5.15.201-rt93 (LP: #2146026)
- rcu/tree: Protect rcu_rdp_is_offloaded() invocations on RT
- sched: Introduce migratable()
- arm64: mm: Make arch_faults_on_old_pte() check for migratability
- printk: rename printk cpulock API and always disable interrupts
- console: add write_atomic interface
- kdb: only use atomic consoles for output mirroring
- serial: 8250: implement write_atomic
- printk: relocate printk_delay()
- printk: call boot_delay_msec() in printk_delay()
- printk: use seqcount_latch for console_seq
- printk: introduce kernel sync mode
- printk: move console printing to kthreads
- printk: add console handover
- printk: add pr_flush()
- printk: Enhance the condition check of msleep in pr_flush()
- sched: Switch wait_task_inactive to HRTIMER_MODE_REL_HARD
- kthread: Move prio/affinite change into the newly created thread
- genirq: Move prio assignment into the newly created thread
- genirq: Disable irqfixup/poll on PREEMPT_RT.
- efi: Allow efi=runtime
- mm: Disable zsmalloc on PREEMPT_RT
- net/core: disable NET_RX_BUSY_POLL on PREEMPT_RT
- samples/kfifo: Rename read_lock/write_lock
- crypto: testmgr - Only disable migration in
crypto_disable_simd_for_test()
- mm: Allow only SLUB on PREEMPT_RT
- mm: page_alloc: Use migrate_disable() in drain_local_pages_wq()
- mm/scatterlist: Replace the !preemptible warning in sg_miter_stop()
- mm: Disable NUMA_BALANCING_DEFAULT_ENABLED and TRANSPARENT_HUGEPAGE on
PREEMPT_RT
- x86/softirq: Disable softirq stacks on PREEMPT_RT
- Documentation/kcov: Include types.h in the example.
- Documentation/kcov: Define `ip' in the example.
- kcov: Allocate per-CPU memory on the relevant node.
- kcov: Avoid enable+disable interrupts if !in_task().
- kcov: Replace local_irq_save() with a local_lock_t.
- gen_stats: Add instead Set the value in __gnet_stats_copy_basic().
- gen_stats: Add gnet_stats_add_queue().
- mq, mqprio: Use gnet_stats_add_queue().
- gen_stats: Move remaining users to gnet_stats_add_queue().
- u64_stats: Introduce u64_stats_set()
- net: sched: Protect Qdisc::bstats with u64_stats
- net: sched: Use _bstats_update/set() instead of raw writes
- net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types
- net: sched: Remove Qdisc::running sequence counter
- net: sched: Allow statistics reads from softirq.
- net: sched: fix logic error in qdisc_run_begin()
- net: sched: remove one pair of atomic operations
- net: stats: Read the statistics in ___gnet_stats_copy_basic() instead of
adding.
- net: sched: gred: dynamically allocate tc_gred_qopt_offload
- sched/rt: Annotate the RT balancing logic irqwork as IRQ_WORK_HARD_IRQ
- irq_work: Allow irq_work_sync() to sleep if irq_work() no IRQ support.
- irq_work: Handle some irq_work in a per-CPU thread on PREEMPT_RT
- irq_work: Also rcuwait for !IRQ_WORK_HARD_IRQ on PREEMPT_RT
- irq_poll: Use raise_softirq_irqoff() in cpu_dead notifier
- smp: Wake ksoftirqd on PREEMPT_RT instead do_softirq().
- fs/namespace: Boost the mount_lock.lock owner instead of spinning on
PREEMPT_RT.
- fscache: Use only one fscache_object_cong_wait.
- sched: Clean up the might_sleep() underscore zoo
- sched: Make cond_resched_*lock() variants consistent vs. might_sleep()
- sched: Remove preempt_offset argument from __might_sleep()
- sched: Cleanup might_sleep() printks
- sched: Make might_sleep() output less confusing
- sched: Make RCU nest depth distinct in __might_resched()
- sched: Make cond_resched_lock() variants RT aware
- locking/rt: Take RCU nesting into account for __might_resched()
- sched: Limit the number of task migrations per batch on RT
- sched: Disable TTWU_QUEUE on RT
- sched: Move kprobes cleanup out of finish_task_switch()
- sched: Delay task stack freeing on RT
- sched: Move mmdrop to RCU on RT
- cgroup: use irqsave in cgroup_rstat_flush_locked()
- mm: workingset: replace IRQ-off check with a lockdep assert.
- jump-label: disable if stop_machine() is used
- locking: Remove rt_rwlock_is_contended()
- lockdep/selftests: Avoid using local_lock_{acquire|release}().
- sched: Trigger warning if ->migration_disabled counter underflows.
- rtmutex: Add a special case for ww-mutex handling.
- rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable().
- lockdep: Make it RT aware
- lockdep/selftests: Add rtmutex to the last column
- lockdep/selftests: Unbalanced migrate_disable() & rcu_read_lock()
- lockdep/selftests: Skip the softirq related tests on PREEMPT_RT
- lockdep/selftests: Adapt ww-tests for PREEMPT_RT
- locking: Allow to include asm/spinlock_types.h from
linux/spinlock_types_raw.h
- sched: Make preempt_enable_no_resched() behave like preempt_enable() on
PREEMPT_RT
- kernel/sched: add {put|get}_cpu_light()
- block/mq: do not invoke preempt_disable()
- md: raid5: Make raid5_percpu handling RT aware
- scsi/fcoe: Make RT aware.
- mm/vmalloc: Another preempt disable region which sucks
- net: Remove preemption disabling in netif_rx()
- sunrpc: Make svc_xprt_do_enqueue() use get_cpu_light()
- softirq: Check preemption after reenabling interrupts
- mm/memcontrol: Disable on PREEMPT_RT
- signal: Revert ptrace preempt magic
- ptrace: fix ptrace vs tasklist_lock race
- fs/dcache: use swait_queue instead of waitqueue
- fs/dcache: disable preemption on i_dir_seq's write side
- rcu: Delay RCU-selftests
- net/core: use local_bh_disable() in netif_rx_ni()
- net: Use skbufhead with raw lock
- net: Dequeue in dev_cpu_dead() without the lock
- net: dev: always take qdisc's busylock in __dev_xmit_skb()
- panic: skip get_random_bytes for RT_FULL in init_oops_id
- x86: stackprotector: Avoid random pool on rt
- drm/i915: Don't disable interrupts and pretend a lock as been acquired
in __timeline_mark_lock().
- drm/i915: Use preempt_disable/enable_rt() where recommended
- drm/i915: Don't disable interrupts on PREEMPT_RT during atomic updates
- drm/i915: Don't check for atomic context on PREEMPT_RT
- drm/i915: Disable tracing points on PREEMPT_RT
- drm/i915: skip DRM_I915_LOW_LEVEL_TRACEPOINTS with NOTRACE
- drm/i915/gt: Use spin_lock_irq() instead of local_irq_disable() +
spin_lock()
- drm/i915: Drop the irqs_disabled() check
- signal/x86: Delay calling signals in atomic
- x86: kvm Require const tsc for RT
- x86: Allow to enable RT
- x86: Enable RT also on 32bit
- genirq: update irq_set_irqchip_state documentation
- ASoC: mediatek: mt8195: Remove unsued irqs_lock.
- smack: Guard smack_ipv6_lock definition within a
SMACK_IPV6_PORT_LABELING block
- virt: acrn: Remove unsued acrn_irqfds_mutex.
- tpm_tis: fix stall after iowrite*()s
- mm/zsmalloc: Replace bit spinlock and get_cpu_var() usage.
- drivers/block/zram: Replace bit spinlocks with rtmutex for -rt
- leds: trigger: Disable CPU trigger on PREEMPT_RT
- generic/softirq: Disable softirq stacks on PREEMPT_RT
- */softirq: Disable softirq stacks on PREEMPT_RT
- sched: Add support for lazy preemption
- x86/entry: Use should_resched() in idtentry_exit_cond_resched()
- x86: Support for lazy preemption
- entry: Fix the preempt lazy fallout
- arm: Add support for lazy preemption
- powerpc: Add support for lazy preemption
- arch/arm64: Add lazy preempt support
- ARM: enable irq in translation/section permission fault handlers
- KVM: arm/arm64: downgrade preempt_disable()d region to migrate_disable()
- arm64/sve: Delay freeing memory in fpsimd_flush_thread()
- arm64/sve: Make kernel FPU protection RT friendly
- arm64: signal: Use ARCH_RT_DELAYS_SIGNAL_SEND.
- tty/serial/omap: Make the locking RT aware
- tty/serial/pl011: Make the locking work on RT
- ARM: Allow to enable RT
- ARM64: Allow to enable RT
- powerpc: traps: Use PREEMPT_RT
- powerpc/pseries/iommu: Use a locallock instead local_irq_save()
- powerpc/kvm: Disable in-kernel MPIC emulation for PREEMPT_RT
- powerpc/stackprotector: work around stack-guard init from atomic
- POWERPC: Allow to enable RT
- sysfs: Add /sys/kernel/realtime entry
- genirq: Provide generic_handle_irq_safe().
- i2c: core: Use generic_handle_irq_safe() in
i2c_handle_smbus_host_notify().
- i2c: cht-wc: Use generic_handle_irq_safe().
- misc: hi6421-spmi-pmic: Use generic_handle_irq_safe().
- mfd: ezx-pcap: Use generic_handle_irq_safe().
- net: usb: lan78xx: Use generic_handle_irq_safe().
- staging: greybus: gpio: Use generic_handle_irq_safe().
- mm/memcg: Revert ("mm/memcg: optimize user context object stock access")
- mm/memcg: Disable threshold event handlers on PREEMPT_RT
- mm/memcg: Protect per-CPU counter by disabling preemption on PREEMPT_RT
where needed.
- mm/memcg: Opencode the inner part of obj_cgroup_uncharge_pages() in
drain_obj_stock()
- mm/memcg: Protect memcg_stock with a local_lock_t
- mm/memcg: Disable migration instead of preemption in drain_all_stock().
- mm/memcg: Add missing counter index which are not update in interrupt.
- mm/memcg: Add a comment regarding the release `obj'.
- mm/memcg: Only perform the debug checks on !PREEMPT_RT
- io-mapping: don't disable preempt on RT in io_mapping_map_atomic_wc().
- locking/rwbase: Mitigate indefinite writer starvation
- Revert "softirq: Let ksoftirqd do its job"
- debugobject: Ensure pool refill (again)
- debugobjects,locking: Annotate debug_object_fill_pool() wait type
violation
- sched: avoid false lockdep splat in put_task_struct()
- mm/page_alloc: Use write_seqlock_irqsave() instead write_seqlock() +
local_irq_save().
- bpf: Remove in_atomic() from bpf_link_put().
- drm/i915: Do not disable preemption for resets
- netfilter: nft_counter: Use u64_stats_t for statistic.
- printk: ignore consoles without write() callback
- ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT
* Miscellaneous upstream changes
- Realtime patchset v5.15-rt93
[ Ubuntu: 5.15.0-176.186 ]
* jammy/linux: 5.15.0-176.186 -proposed tracker (LP: #2143539)
* Jammy update: v5.15.199 upstream stable release (LP: #2143343)
- nvmet-tcp: remove boilerplate code
- SAUCE: Fix skb_vlan_inet_prepare() usage
- net: update netdev_lock_{type,name}
- vsock/test: add a final full barrier after run all tests
- net/mlx5e: Restore destroying state bit after profile cleanup
- selftests: drv-net: fix RPS mask handling for high CPU numbers
- ASoC: tlv320adcx140: fix word length
- textsearch: describe @list member in ts_ops search
- mm, kfence: describe @slab parameter in __kfence_obj_info()
- dmaengine: xilinx_dma: Fix uninitialized addr_width when
"xlnx,addrwidth" property is missing
- phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again)
- HID: usbhid: paper over wrong bNumDescriptor field
- ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer
- x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers
- phy: rockchip: inno-usb2: fix disconnection in gadget mode
- phy: rockchip: inno-usb2: fix communication disruption in gadget mode
- phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
- usb: dwc3: Check for USB4 IP_NAME
- USB: OHCI/UHCI: Add soft dependencies on ehci_platform
- USB: serial: option: add Telit LE910 MBIM composition
- USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
- nvme-pci: disable secondary temp for Wodposit WPBSNM8
- hrtimer: Fix softirq base check in update_needs_ipi()
- EDAC/x38: Fix a resource leak in x38_probe1()
- EDAC/i3200: Fix a resource leak in i3200_probe1()
- x86/resctrl: Add missing resctrl initialization for Hygon
- x86/resctrl: Fix memory bandwidth counter width for Hygon
- mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free
- drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
- drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
- dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all()
- dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation
- dmaengine: ti: k3-udma: fix device leak on udma lookup
- posix-clock: introduce posix_clock_context concept
- Fix memory leak in posix_clock_open()
- posix-clock: Store file pointer in struct posix_clock_context
- ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE.
- testptp: add option to shift clock by nanoseconds
- testptp: Add support for testing ptp_clock_info .adjphase callback
- selftests/ptp: Add -x option for testing PTP_SYS_OFFSET_EXTENDED
- selftests/ptp: Add -X option for testing PTP_SYS_OFFSET_PRECISE
- ptp: add testptp mask test
- selftest/ptp: update ptp selftest to exercise the gettimex options
- testptp: Add option to open PHC in readonly mode
- net: usb: dm9601: remove broken SR9700 support
- amd-xgbe: avoid misleading per-packet error log
- netlink: add a proto specification for FOU
- net: fou: rename the source for linking
- net: fou: use policy and operation tables generated from the spec
- comedi: dmm32at: serialize use of paged registers
- w1: fix redundant counter decrement in w1_attach_slave_device()
- Revert "nfc/nci: Add the inconsistency check between the input data
length and count"
- Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
- Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
- scsi: storvsc: Process unsupported MODE_SENSE_10
- x86/kfence: avoid writing L1TF-vulnerable PTEs
- staging:iio:adc:ad7280a: Register define cleanup.
- iio: adc: ad7280a: handle spi_setup() errors in probe()
- ALSA: usb: Increase volume range that triggers a warning
- net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M
- net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue
- usbnet: limit max_mtu based on device's hard_mtu
- drm/amd/pm: Don't clear SI SMC table when setting power limit
- drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
- octeontx2-af: Fix error handling
- x86: make page fault handling disable interrupts properly
- of: fix reference count leak in of_alias_scan()
- iio: adc: ad9467: fix ad9434 vref mask
- iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
- mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
- octeontx2: Fix otx2_dma_map_page() error return code
- slimbus: core: fix runtime PM imbalance on report present
- perf/x86/intel: Do not enable BTS for guests
- net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup()
- net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins()
- ipv6: use the right ifindex when replying to icmpv6 from localhost
- ice: stop counting UDP csum mismatch as rx_errors
- net/mlx5: Add HW definitions of vport debug counters
- net/mlx5e: Expose rx_oversize_pkts_buffer counter
- net/mlx5e: Report rx_discards_phy via rx_dropped
- net/mlx5e: Account for netdev stats in ndo_get_stats64
- net: bridge: fix static key check
- scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg()
- gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler
- dma/pool: distinguish between missing and exhausted atomic pools
- ASoC: fsl: imx-card: Do not force slot width to sample width
- scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo()
- scsi: qla2xxx: edif: Fix dma_free_coherent() size
- mptcp: only reset subflow errors when propagated
- net: Add locking to protect skb->dev access in ip_output
- comedi: Fix getting range information for subdevices 16 to 255
- of: platform: Use default match table for /firmware
- iio: adc: exynos_adc: fix OF populate on driver rebind
- arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s
- w1: w1_therm: use swap() to make code cleaner
- dmaengine: stm32: dmamux: fix OF node leak on route allocation failure
- xfs: set max_agbno to allow sparse alloc of last full inode chunk
- nvme-fc: rename free_ctrl callback to match name pattern
- nvme-pci: do not directly handle subsys reset fallout
- nvme: fix PCIe subsystem reset controller state transition
- mei: trace: treat reg parameter as string
- mm/pagewalk: add walk_page_range_vma()
- wifi: cfg80211: add a work abstraction with special semantics
- wifi: mac80211: use wiphy work for sdata->work
- wifi: mac80211: move TDLS work to wiphy work
- HID: uclogic: Add NULL check in uclogic_input_configured()
- drm/amdkfd: fix a memory leak in device_queue_manager_init()
- btrfs: prevent use-after-free on page private data in
btrfs_subpage_clear_uptodate()
- net/sched: act_ife: convert comma to semicolon
- pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver
- writeback: fix 100% CPU usage when dirtytime_expire_interval is 0
- mptcp: avoid dup SUB_CLOSED events after disconnect
- pinctrl: meson: mark the GPIO controller as sleeping
- wifi: cfg80211: use system_unbound_wq for wiphy work
- wifi: cfg80211: fix wiphy delayed work queueing
- wifi: cfg80211: cancel wiphy_work before freeing wiphy
- wifi: cfg80211: fully move wiphy work to unbound workqueue
- wifi: cfg80211: init wiphy_work before allocating rfkill fails
- Linux 5.15.199
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68340
- team: Move team device type change at the end of team_port_add
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23170
- drm/imx/tve: fix probe device leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23075
- can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38408
- genirq/irq_sim: Initialize work context pointers properly
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2023-54207
- HID: uclogic: Correct devm device reference for hidinput input_dev name
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2023-53520
- Bluetooth: Fix hci_suspend_sync crash
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38125
- net: stmmac: make sure that ptp_rate is not 0 before configuring EST
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-40164
- usbnet: Fix using smp_processor_id() in preemptible code warnings
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38232
- NFSD: fix race between nfsd registration and exports_proc
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2023-53662
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38057
- espintcp: fix skb leaks
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2023-53421
- blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68365
- fs/ntfs3: Initialize allocated memory before use
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68817
- ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2022-50390
- drm/ttm: fix undefined behavior in bit shift for
TTM_TT_FLAG_PRIV_POPULATED
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68211
- ksm: use range-walk function to jump over holes in
scan_get_next_rmap_item
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23093
- ksmbd: smbd: fix dma_unmap_sg() nents
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23078
- ALSA: scarlett2: Fix buffer overflow in config retrieval
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71186
- dmaengine: stm32: dmamux: fix device leak on route allocation
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71197
- w1: therm: Fix off-by-one buffer overflow in alarms_store
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23087
- scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-40149
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23167
- nfc: nci: Fix race between rfkill and nci_unregister_device().
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23150
- nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23164
- rocker: fix memory leak in rocker_world_port_post_fini()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23146
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-38591
- bpf: Reject narrower access to pointer ctx fields
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-68725
- bpf: Do not let BPF test infra emit invalid GSO types to stack
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23097
- migrate: correct lock ordering for hugetlb file folios
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23108
- can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23080
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23061
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23058
- can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23085
- irqchip/gic-v3-its: Avoid truncating memory addresses
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23098
- netrom: fix double-free in nr_route_frame()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23063
- uacce: ensure safe queue release with state management
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23056
- uacce: implement mremap in uacce_vm_ops to return -EPERM
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23096
- uacce: fix cdev handling in the cleanup path
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23091
- intel_th: fix device leak on output open()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23090
- slimbus: core: fix device reference leak on report present
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23128
- arm64: Set __nocfi on swsusp_arch_resume()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23073
- wifi: rsi: Fix memory corruption due to not set vif driver data size
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23133
- wifi: ath10k: fix dma_free_coherent() pointer
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23089
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23076
- ALSA: ctxfi: Fix potential OOB access in audio mixer handling
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71199
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc
driver
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23101
- leds: led-class: Only Add LED to leds_list when it is fully ready
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23064
- net/sched: act_ife: avoid possible NULL deref
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23119
- bonding: provide a net pointer to __skb_flow_dissect()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23084
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23124
- ipv6: annotate data-race in ndisc_router_discovery()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23121
- mISDN: annotate data-race around dev->work
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23071
- regmap: Fix race condition in hwspinlock irqsave routine
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23105
- net/sched: qfq: Use cl_is_active to determine whether class is active in
qfq_rm_from_ag
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23103
- ipvlan: Make the addrs_lock be per port
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23120
- l2tp: avoid one data-race in l2tp_tunnel_del_work()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23083
- fou: Don't allow 0 for FOU_ATTR_IPPROTO.
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23095
- gue: Fix skb memleak with inner IP protocol 0.
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23125
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23099
- bonding: limit BOND_MODE_8023AD to Ethernet devices
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71194
- btrfs: fix deadlock in wait_current_trans() due to ignored transaction
type
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71185
- dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23026
- dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71188
- dmaengine: lpc18xx-dmamux: fix device leak on route allocation
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71163
- dmaengine: idxd: fix device leaks on compat bind and unbind
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71190
- dmaengine: bcm-sba-raid: fix device leak on probe
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71191
- dmaengine: at_hdmac: fix device leak on of_dma_xlate()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23049
- drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23145
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-22997
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session
upon receiving the second rts
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23033
- dmaengine: omap-dma: fix dma_pool resource leak in error paths
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71196
- phy: stm32-usphyc: Fix off by one in probe()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2025-71162
- dmaengine: tegra-adma: Fix use-after-free
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-22999
- net/sched: sch_qfq: do not free existing class in qfq_change_class()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23011
- ipv4: ip_gre: make ipgre_header() robust
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23001
- macvlan: fix possible UAF in macvlan_forward_source()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23003
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-22998
- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23037
- can: etas_es58x: allow partial RX URB allocation to succeed
* Jammy update: v5.15.199 upstream stable release (LP: #2143343) //
CVE-2026-23038
- pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
* ADT test for linux package failed with "fatal: unable to connect to
git.launchpad.net" (LP: #2143033)
- [Packaging] d/t/ubuntu-regression-suite: use https to clone
* efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE patch
(LP: #2141276)
- SAUCE efi: Fix swapped arguments to bsearch() in efi_status_to_*()
* CVE-2026-23111
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate()
* CVE-2026-23209
- macvlan: fix error recovery in macvlan_common_newlink()
* CVE-2025-37849
- KVM: arm64: vgic: Add a non-locking primitive for
kvm_vgic_vcpu_destroy()
- KVM: arm64: Tear down vGIC on failed vCPU creation
* CVE-2026-23074
- net/sched: Enforce that teql can only be used as root qdisc
* CVE-2026-23060
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
spec
Date: 2026-03-30 16:18:18.004165+00:00
Changed-By: Noah Wager <noah.wager at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/5.15.0-1057.57
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list