[ubuntu/noble-proposed] linux 6.8.0-91.92 (Accepted)
Andy Whitcroft
apw at canonical.com
Mon Dec 1 17:46:00 UTC 2025
linux (6.8.0-91.92) noble; urgency=medium
* noble/linux: 6.8.0-91.92 -proposed tracker (LP: #2132306)
* cifs: Fix memory leak of a folio every call to cifs_writepages_begin()
(LP: #2131213)
- cifs: fix pagecache leak when do writepages
* CAP_PERFMON insufficient to get perf data (LP: #2131046)
- SAUCE: perf/core: Allow CAP_PERFMON for paranoid level 4
* i40e driver is triggering VF resets on every link state change
(LP: #2130552)
- i40e: avoid redundant VF link state updates
* Dell AIO backlight is not working, dell_uart_backlight module is missing
(LP: #2083800)
- SAUCE: Removed sauce dell-uart-backlight driver
- Revert "UBUNTU: SAUCE: ACPI: video: Dell AIO UART backlight detection"
- platform/x86: Add new Dell UART backlight driver
- ACPI: video: Add Dell UART backlight controller detection
- SAUCE: dell_uart_backlight: size_t -> ssize_t
- ACPI: video: Add backlight=native quirk for Dell OptiPlex 7760 AIO
- ACPI: video: Add backlight=native quirk for Dell OptiPlex 5480 AIO
- [Config] enable CONFIG_DELL_UART_BACKLIGHT
* Ubuntu x86_64 6.8 kernels won't build if CONFIG_FB_HYPERV config option is
enabled (LP: #2127971)
- fbdev: Introduce devm_register_framebuffer()
* Run iio_info will be stucked forever (HID-
SENSOR-200011.5.auto/iio:device1) (LP: #2102077)
- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
* kernel: sysfs: cannot create duplicate filename
'/bus/platform/devices/iTCO_wdt' (LP: #2121997)
- i2c: i801: Hide Intel Birch Stream SoC TCO WDT
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344)
- fs/xattr.c: fix simple_xattr_list to always include security.* xattrs
- selftests/exec: load_address: conform test to TAP format output
- binfmt_elf: Leave a gap between .bss and brk
- selftests/exec: Build both static and non-static load_address tests
- binfmt_elf: Calculate total_size earlier
- binfmt_elf: Honor PT_LOAD alignment for static PIE
- binfmt_elf: Move brk for static PIE even if ASLR disabled
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie
14XA (GX4HRXL)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all
PF_NO_SETAFFINITY tasks
- tracing: probes: Fix a possible race in trace_probe_log APIs
- tpm: tis: Double the timeout B to 4s
- firmware: arm_scmi: Add helper to trace bad messages
- firmware: arm_scmi: Add message dump traces for bad and unexpected
replies
- firmware: arm_scmi: Add support for debug metrics at the interface
- [Config] do not enable new support for SCMI debug metrics
- firmware: arm_scmi: Track basic SCMI communication debug metrics
- iio: adc: ad7266: Fix potential timestamp alignment issue.
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: chemical: sps30: use aligned_s64 for timestamp
- HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
- spi: loopback-test: Do not split 1024-byte hexdumps
- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags
- tools: ynl: ethtool.py: Output timestamping statistics from tsinfo-get
operation
- tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing
- mctp: no longer rely on net->dev_index_head[]
- net: mctp: Ensure keys maintain only one ref to corresponding dev
- ALSA: seq: Fix delivery of UMP events to group ports
- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- nvme-pci: make nvme_pci_npages_prp() __always_inline
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy
- net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW
capability
- octeontx2-af: Fix CGX Receive counters
- tsnep: fix timestamping with a stacked DSA driver
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- udf: Make sure i_lenExtents is uptodate on inode eviction
- LoongArch: Prevent cond_resched() occurring within kernel-fpu
- LoongArch: Save and restore CSR.CNTC for hibernation
- LoongArch: Fix MAX_REG_OFFSET calculation
- LoongArch: uprobes: Remove user_{en,dis}able_single_step()
- LoongArch: uprobes: Remove redundant code about resume_era
- drm/amd/display: Correct the reply value when AUX write incomplete
- drm/amd/display: Avoid flooding unnecessary info messages
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
- hv_netvsc: Remove rmsg_pgcnt
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
- Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
- smb: client: fix memory leak during error handling for POSIX mkdir
- spi: tegra114: Use value to check for invalid delays
- net: qede: Initialize qede_ll_ops with designated initializer
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_wqs
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- dmaengine: idxd: Add missing cleanup for early error out in
idxd_setup_internals
- dmaengine: idxd: Add missing cleanups in cleanup internals
- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove
call
- dmaengine: idxd: fix memory leak in error handling path of
idxd_pci_probe
- LoongArch: Explicitly specify code model in Makefile
- SAUCE: Revert "memblock: Accept allocated memory before use in
memblock_double_array()"
- phy: tegra: xusb: remove a stray unlock
- drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC
Policies
- drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies
- uio_hv_generic: Fix sysfs creation path for ring buffer
- KVM: Add member to struct kvm_gfn_range to indicate private/shared
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are
changing
- iio: chemical: pms7003: use aligned_s64 for timestamp
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp
- net: dsa: b53: prevent standalone from trying to forward to other ports
- netlink: specs: tc: fix a couple of attribute names
- LoongArch: Move __arch_cpu_idle() to .cpuidle.text section
- btrfs: fix discard worker infinite loop after disabling discard
- btrfs: fix folio leak in submit_one_async_extent()
- btrfs: add back warning for mount option commit values exceeding 300
- drm/amdgpu: fix incorrect MALL size for GFX1151
- gpio: pca953x: fix IRQ storm on system wake up
- kbuild: Disable -Wdefault-const-init-unsafe
- mm: userfaultfd: correct dirty flags set for both present and swap pte
- accel/ivpu: Rename ivpu_log_level to fw_log_level
- accel/ivpu: Reset fw log on cold boot
- accel/ivpu: Refactor functions in ivpu_fw_log.c
- drm/fbdev-dma: Support struct drm_driver.fbdev_probe
- Upstream stable to v6.6.92, v6.12.30
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-37968
- iio: light: opt3001: fix deadlock due to concurrent flag access
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38011
- drm/amdgpu: csa unmap use uninterruptible lock
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-21931
- hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-37960
- memblock: Accept allocated memory before use in memblock_double_array()
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-22102
- Bluetooth: btnxpuart: Fix kernel panic during FW release
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38008
- mm/page_alloc: fix race condition in unaccepted memory handling
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38014
- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38015
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38005
- dmaengine: ti: k3-udma: Add missing locking
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38009
- wifi: mt76: disable napi on driver removal
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38010
- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38095
- dma-buf: insert memory barrier before updating num_fences
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38018
- net/tls: fix kernel panic when alloc_page failed
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38019
- mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38013
- wifi: mac80211: Set n_channels after allocating struct
cfg80211_scan_request
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38027
- regulator: max20086: fix invalid memory access
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38020
- net/mlx5e: Disable MACsec offload for uplink representor profile
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38094
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38006
- net: mctp: Don't access ifa_index when missing
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38023
- nfs: handle failure of nfs_get_lock_context in unlock path
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38007
- HID: uclogic: Add NULL check in uclogic_input_configured()
* Noble update: upstream stable patchset 2025-10-30 (LP: #2130344) //
CVE-2025-38024
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277)
- dm: add missing unlock on in dm_keyslot_evict()
- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- ksmbd: fix memory leak in parse_lease_state()
- SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
- sch_htb: make htb_deactivate() idempotent
- gre: Fix again IPv6 link-local address generation.
- netdevice: add netdev_tx_reset_subqueue() shorthand
- net: ethernet: mtk_eth_soc: reset all TX queues on DMA free
- can: mcp251xfd: fix TDC setting for low data bit rates
- can: gw: fix RCU/BH usage in cgw_create_job()
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: fix learning on VLAN unaware bridges
- Input: cyttsp5 - ensure minimum reset pulse width
- Input: cyttsp5 - fix power control issue on wakeup
- Input: xpad - fix Share button on Xbox One controllers
- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- drm/amd/display: Shift DMUB AUX reply command if necessary
- iio: adc: ad7606: fix serial register access
- iio: adc: rockchip: Fix clock initialization sequence
- iio: adis16201: Correct inclinometer channel resolution
- drm/amd/display: Fix the checking condition in dmub aux handling
- drm/amd/display: Remove incorrect checking in dmub aux handler
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- drm/amd/display: Copy AUX read reply data whenever length > 0
- usb: uhci-platform: Make the clock really optional
- xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- x86/microcode: Consolidate the loader enablement checking
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: f_ecm: Add get_status callback
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: gadget: Use get_status callback to set remote wakeup capability
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- iio: accel: adxl367: fix setting odr for activity time update
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
- types: Complement the aligned types with signed 64-bit one
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64
- iio: adc: dln2: Use aligned_s64 for timestamp
- MIPS: Fix MAX_REG_OFFSET
- drm/panel: simple: Update timings for AUO G101EVN010
- do_umount(): add missing barrier before refcount checks in sync case
- io_uring: always arm linked timeouts prior to issue
- arm64: insn: Add support for encoding DSB
- arm64: proton-pack: Expose whether the platform is mitigated by firmware
- arm64: proton-pack: Expose whether the branchy loop k value
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- x86/speculation: Simplify and make CALL_NOSPEC consistent
- x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
- x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- [Config] enable Indirect Target Selection mitigation
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Add support for RSB stuffing mitigation
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/ibt: Keep IBT disabled during alternative patching
- x86/its: Use dynamic thunks for indirect branches
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- x86/its: Fix build error for its_static_thunk()
- firmware: arm_scmi: Fix timeout checks on polling path
- s390/entry: Fix last breaking event handling in case of stack corruption
- erofs: ensure the extra temporary copy is valid for shortened bvecs
- net: dsa: b53: keep CPU port always tagged again
- net: dsa: b53: do not allow to configure VLAN 0
- net: dsa: b53: do not program vlans when vlan filtering is off
- net: dsa: b53: fix toggling vlan_filtering
- net: dsa: b53: do not set learning and unicast/multicast on up
- rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros`
configuration
- mm/userfaultfd: fix uninitialized output field for -EAGAIN race
- selftests/mm: compaction_test: support platform with huge mount of
memory
- selftests/mm: fix a build failure on powerpc
- io_uring: ensure deferred completions are flushed for multishot
- iio: imu: inv_mpu6050: align buffer for timestamp
- drm/xe: Add page queue multiplier
- usb: dwc3: gadget: Make gadget_wakeup asynchronous
- riscv: misaligned: Add handling for ZCB instructions
- riscv: misaligned: factorize trap handling
- riscv: misaligned: enable IRQs while handling misaligned accesses
- selftest/x86/bugs: Add selftests for ITS
- Upstream stable to v6.6.91, v6.12.29
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37960
- memblock: Accept allocated memory before use in memblock_double_array()
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37957
- KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37963
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37948
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37994
- usb: typec: ucsi: displayport: Fix NULL pointer access
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37995
- module: ensure that kobject_put() is safe for module type kobjects
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37954
- smb: client: Avoid race in open_cached_dir with lease breaks
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37951
- drm/v3d: Add job to pending list if the reset was skipped
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37972
- Input: mtk-pmic-keys - fix possible null pointer dereference
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37959
- bpf: Scrub packet on bpf_redirect_peer
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37961
- ipvs: fix uninit-value for saddr in do_output_route4
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37998
- openvswitch: Fix unsafe attribute parsing in output_userspace()
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37952
- ksmbd: Fix UAF in __close_file_table_ids
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37947
- ksmbd: prevent out-of-bounds stream writes by validating *pos
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37956
- ksmbd: prevent rename with empty string
* Noble update: upstream stable patchset 2025-10-29 (LP: #2130277) //
CVE-2025-37973
- wifi: cfg80211: fix out-of-bounds access during multi-link element
defragmentation
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559)
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- btrfs: fix COW handling in run_delalloc_nocow()
- drm/fdinfo: Protect against driver unbind
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mm/memblock: pass size instead of end to memblock_set_node()
- mm/memblock: repeat setting reserved region nid if array is doubled
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- spi: tegra114: Don't fail set_cs_timing when delays are zero
- tracing: Do not take trace_event_sem in print_event_fields()
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep
cycles
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
hotplug
- smb: client: fix zero length for mkdir POSIX create context
- cpufreq: Avoid using inconsistent policy->min and policy->max
- cpufreq: Fix setting policy limits when frequency tables are used
- PCI: imx6: Skip controller_id generation logic for i.MX7D
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
- powerpc/boot: Check for ld-option support
- drm/i915/pxp: fix undefined reference to
`intel_pxp_gsccs_is_ready_for_sessions'
- powerpc/boot: Fix dash warning
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5: E-switch, Fix error handling for enabling roce
- net: Rename mono_delivery_time to tstamp_type for scalabilty
- Bluetooth: L2CAP: copy RX timestamp to new fragments
- net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged
- net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- pds_core: delete VF dev on reset
- pds_core: make pdsc_auxbus_dev_del() void
- pds_core: specify auxiliary_device to be created
- nvme-pci: fix queue unquiesce check on slot_reset
- net: dlink: Correct endianness handling of led_mode
- net: mdio: mux-meson-gxl: set reversed bit when using internal phy
- igc: fix lock order in igc_ptp_reset
- net: dsa: felix: fix broken taprio gate states after clock jump
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- net: vertexcom: mse102x: Fix possible stuck of SPI interrupt
- net: vertexcom: mse102x: Fix LEN_MASK
- net: vertexcom: mse102x: Add range check for CMD_RTS
- net: vertexcom: mse102x: Fix RX error handling
- ASoC: Use of_property_read_bool()
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
properties
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired
- ARM: dts: opos6ul: add ksz8081 phy properties
- arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs
- arm64: dts: st: Use 128kB size for aliased GIC400 register access on
stm32mp25 SoCs
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
- xhci: Add helper to set an interrupters interrupt moderation interval
- xhci: support setting interrupt moderation IMOD for secondary
interrupters
- xhci: Limit time spent with xHC interrupts disabled during bus resume
- kernel: param: rename locate_module_kobject
- kernel: globalize lookup_or_create_module_kobject()
- drivers: base: handle module_kobject creation
- iommu/arm-smmu-v3: Use the new rb tree helpers
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
- dm: fix copying after src array boundaries
- bpf: Fix BPF_INTERNAL namespace import
- binder: fix offset calculation in debug log
- perf/x86/intel: Only check the group flag for X86 leader
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
- pinctrl: imx: Return NULL if no group is matched and found
- Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync
- idpf: fix offloads support for encapsulated packets
- drm/tests: shmem: Fix memleak
- idpf: fix potential memory leak on kcalloc() failure
- idpf: protect shutdown from reset
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan()
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS
- accel/ivpu: Fix a typo
- drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change
- Upstream stable to v6.6.90, v6.12.27, v6.12.28
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37920
- xsk: Fix race condition in AF_XDP generic RX path
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37900
- iommu: Fix two issues in iommu_copy_struct_from_user()
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37931
- btrfs: adjust subpage bit start based on sectorsize
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37903
- drm/amd/display: Fix slab-use-after-free in hdcp
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37933
- octeon_ep: Fix host hang issue during device reboot
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37935
- net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37891
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37916
- pds_core: remove write-after-free of client_id
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37917
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37918
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37921
- vxlan: vnifilter: Fix unlocked deletion of default FDB entry
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37897
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37922
- book3s64/radix : Align section vmemmap start address to PAGE_SIZE
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37924
- ksmbd: fix use-after-free in kerberos authentication
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37928
- dm-bufio: don't schedule in atomic context
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37901
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37936
- perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
value.
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Noble update: upstream stable patchset 2025-10-22 (LP: #2129559) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307)
- module: sign with sha512 instead of sha1 by default
- x86/extable: Remove unused fixup type EX_TYPE_COPY
- tracing: Add __string_len() example
- tracing: Add __print_dynamic_array() helper
- soc: qcom: ice: introduce devm_of_qcom_ice_get
- mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get
- auxdisplay: hd44780: Convert to platform remove callback returning void
- auxdisplay: hd44780: Fix an API misuse in hd44780.c
- net: dsa: mv88e6xxx: fix internal PHYs for 6320 family
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family
- ASoC: qcom: q6apm-dai: drop unused 'q6apm_dai_rtd' fields
- ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs
- ASoC: q6apm-dai: make use of q6apm_get_hw_pointer
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
return value check
- iio: adc: ad7768-1: Fix conversion result sign
- arm64: tegra: Remove the Orin NX/Nano suspend key
- clk: renesas: r9a07g04[34]: Fix typo for sel_shdi variable
- clk: renesas: r9a07g043: Fix HP clock source for RZ/Five
- of: resolver: Simplify of_resolve_phandles() using __free()
- of: resolver: Fix device node refcount leakage in of_resolve_phandles()
- scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get
- cpufreq/sched: Explicitly synchronize limits_changed flag handling
- ceph: Fix incorrect flush end position calculation
- dma/contiguous: avoid warning about unused size_bytes
- cpufreq: cppc: Fix invalid return value in .get() callback
- btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range()
- scsi: core: Clear flags for scsi_cmnd that did not complete
- net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration
- net: dsa: mt7530: sync driver-specific behavior of MT7531 variants
- pds_core: Remove unnecessary check in pds_client_adminq_cmd()
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
- splice: remove duplicate noinline from pipe_clear_nowait
- perf/x86: Fix non-sampling (counting) events on certain x86 platforms
- LoongArch: Select ARCH_USE_MEMTEST
- LoongArch: Make regs_irqs_disabled() more clear
- LoongArch: Make do_xyz() exception handlers more robust
- virtio_console: fix missing byte order handling for cols and rows
- crypto: atmel-sha204a - Set hwrng quality to lowest possible
- net: selftests: initialize TCP header and skb payload with zero
- net: phy: microchip: force IRQ polling mode for lan88xx
- drm/amd/display: Fix gpu reset in multidisplay config
- LoongArch: Return NULL from huge_pte_offset() for invalid PMD
- LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()
- LoongArch: Remove a bogus reference to ZONE_DMA
- io_uring: fix 'sync' handling of io_fallback_tw()
- KVM: SVM: Allocate IR data using atomic allocation
- cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports
- ata: libata-scsi: Improve CDL control
- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type
- ata: libata-scsi: Fix ata_msense_control_ata_feature()
- USB: storage: quirk for ADATA Portable HDD CH94
- scsi: Improve CDL control
- mei: me: add panther lake H DID
- KVM: x86: Explicitly treat routing entry type changes as changes
- char: misc: register chrdev region with all possible minors
- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack
- serial: msm: Configure correct working mode before starting earlycon
- serial: sifive: lock port in startup()/shutdown() callbacks
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
- USB: serial: option: add Sierra Wireless EM9291
- USB: serial: simple: add OWON HDS200 series oscilloscope support
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
- usb: dwc3: xilinx: Prevent spike in reset signal
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
- USB: VLI disk crashes if LPM is used
- USB: wdm: handle IO errors in wdm_wwan_port_start
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
- USB: wdm: add annotation
- pinctrl: renesas: rza2: Fix potential NULL pointer dereference
- MIPS: cm: Detect CM quirks from device tree
- crypto: ccp - Add support for PCI device 0x1134
- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
- parisc: PDT: Fix missing prototype warning
- s390/tty: Fix a potential memory leak bug
- bpf: bpftool: Setting error code in do_loader()
- bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it
creates storage
- bpf: Reject attaching fexit/fmod_ret to __noreturn functions
- mailbox: pcc: Fix the possible race in updation of chan_in_use flag
- mailbox: pcc: Always clear the platform ack interrupt first
- usb: host: max3421-hcd: Add missing spi_device_id table
- fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
- usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func
- thunderbolt: Scan retimers after device router has been enumerated
- objtool: Silence more KCOV warnings
- objtool, panic: Disable SMAP in __stack_chk_fail()
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
wcd934x_slim_irq_handler()
- objtool, regulator: rk808: Remove potential undefined behavior in
rk806_set_mode_dcdc()
- objtool, lkdtm: Obfuscate the do_nothing() pointer
- ntb: reduce stack usage in idt_scan_mws
- ntb_hw_amd: Add NTB PCI ID for new gen CPU
- rtc: pcf85063: do a SW reset if POR failed
- io_uring: always do atomic put from iowq
- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
- KVM: s390: Don't use %pK through tracepoints
- KVM: s390: Don't use %pK through debug printing
- selftests: ublk: fix test_stripe_04
- xen: Change xen-acpi-processor dom0 dependency
- ACPI: EC: Set ec_no_wakeup for Lenovo Go S
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
- nvme: multipath: fix return value of nvme_available_path
- objtool: Stop UNRET validation on UD2
- gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment
- selftests/mincore: Allow read-ahead pages to reach the end of the file
- x86/bugs: Use SBPB in write_ibpb() if applicable
- x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
- x86/bugs: Don't fill RSB on context switch with eIBRS
- nvmet-fc: take tgtport reference only once
- cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE
mode
- timekeeping: Add a lockdep override in tick_freeze()
- ext4: make block validity check resistent to sb bh corruption
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
- scsi: ufs: exynos: Ensure pre_link() executes before
exynos_ufs_phy_init()
- scsi: pm80xx: Set phy_attached to zero when device is gone
- x86/i8253: Call clockevent_i8253_disable() with interrupts disabled
- iomap: skip unnecessary ifs_block_is_uptodate check
- riscv: Provide all alternative macros all the time
- loop: aio inherit the ioprio of original request
- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts
- spi: tegra210-quad: add rate limiting and simplify timeout error message
- ubsan: Fix panic from test_ubsan_out_of_bounds
- x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove
cores
- x86/pvh: Call C code via the kernel virtual mapping
- Revert "drivers: core: synchronize really_probe() and dev_uevent()"
- driver core: introduce device_set_driver() helper
- comedi: jr3_pci: Fix synchronous deletion of timer
- net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
- net: dsa: mv88e6xxx: enable PVT for 6321 switch
- net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
- net: dsa: mv88e6xxx: enable STU methods for 6320 family
- MIPS: cm: Fix warning if MIPS_CM is disabled
- objtool: Ignore end-of-section jumps for KCOV/GCOV
- objtool: Silence more KCOV warnings, part 2
- ALSA: hda/cirrus_scodec_test: Don't select dependencies
- ALSA: hda: improve bass speaker support for ASUS Zenbook UM5606WA
- ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
- net: ethernet: mtk_eth_soc: reapply mdc divider on reset
- riscv: Use kvmalloc_array on relocation_hashtable
- riscv: module: Allocate PLT entries for R_RISCV_PLT32
- ASoC: fsl: fsl_qmc_audio: Reset audio data pointers on TRIGGER_START
event
- dma-buf/sw_sync: Decrement refcount on error in
sw_sync_ioctl_get_deadline()
- mm/compaction: fix bug in hugetlb handling pathway
- platform/x86: amd: pmf: Fix STT limits
- drm/amd/display: Add HP Elitebook 645 to the quirk list for eDP on DP1
- drm/amd/display: Add HP Probook 445 and 465 to the quirk list for eDP on
DP1
- drm/xe/dma_buf: stop relying on placement in unmap
- drm/amdgpu: fix warning of drm_mm_clean
- arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1
- arm64/sysreg: Add register fields for HDFGRTR2_EL2
- arm64/sysreg: Add register fields for HDFGWTR2_EL2
- arm64/sysreg: Add register fields for HFGITR2_EL2
- arm64/sysreg: Add register fields for HFGRTR2_EL2
- arm64/sysreg: Add register fields for HFGWTR2_EL2
- kbuild: Add '-fno-builtin-wcslen'
- drm/amd/display: Temporarily disable hostvm on DCN31
- block: remove rq_list_move
- bpf: add find_containing_subprog() utility function
- selftests/bpf: test for changing packet data from global functions
- selftests/bpf: freplace tests for tracking of changes_packet_data
- selftests/bpf: validate that tail call invalidates packet pointers
- selftests/bpf: extend changes_pkt_data with cases w/o subprograms
- media: i2c: imx214: Use subdev active state
- media: i2c: imx214: Simplify with dev_err_probe()
- media: i2c: imx214: Convert to CCI register access helpers
- media: i2c: imx214: Replace register addresses with macros
- media: i2c: imx214: Check number of lanes from device tree
- media: i2c: imx214: Fix link frequency validation
- scsi: ufs: exynos: Move UFS shareability value to drvdata
- cgroup/cpuset: Expose cpuset filesystem with cpuset v1 only
- cgroup/cpuset-v1: Add missing support for cpuset_v2_mode
- vhost-scsi: Add better resource allocation failure handling
- vhost-scsi: Fix vhost_scsi_send_bad_target()
- vhost-scsi: Fix vhost_scsi_send_status()
- scsi: ufs: mcq: Use ufshcd_mcq_req_to_hwq() to simplify updating hwq
- riscv: Replace function-like macro by static inline function
- bpf: Add namespace to BPF internal symbols
- netfilter: fib: avoid lookup if socket is available
- drm: panel: jd9365da: fix reset signal polarity in unprepare
- drm/amd/display: Force full update in gpu reset
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
- firmware: stratix10-svc: Add of_platform_default_populate()
- i3c: master: svc: Add support for Nuvoton npcm845 i3c
- 9p/trans_fd: mark concurrent read and writes to p9_conn->err
- x86/xen: disable CPU idle and frequency drivers for PVH dom0
- nvmet-fc: put ref when assoc->del_work is already scheduled
- scsi: ufs: exynos: Move phy calls to .exit() callback
- ASoC: fsl_asrc_dma: get codec or cpu dai from backend
- xfs: do not check NEEDSREPAIR if ro,norecovery mount.
- xfs: Do not allow norecovery mount with quotacheck
- xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate
- xfs: flush inodegc before swapon
- selftests/bpf: fix bpf_map_redirect call for cpu map test
- selftests/bpf: make xdp_cpumap_attach keep redirect prog attached
- selftests/bpf: check program redirect in xdp_cpumap_attach
- selftests/bpf: Adjust data size to have ETH_HLEN
- Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family"
- iommu: Handle race with default domain setup
- media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl()
- usb: typec: class: Unlocked on error in typec_register_partner()
- Upstream stable to v6.6.89, v6.12.25, v6.12.26
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37986
- usb: typec: class: Invalidate USB device pointers on partner
unregistration
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37809
- usb: typec: class: Fix NULL pointer access
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37816
- mei: vsc: Fix fortify-panic caused by invalid counted_by() use
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37822
- riscv: uprobes: Add missing fence.i after building the XOL buffer
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37987
- pds_core: Prevent possible adminq overflow/stuck condition
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37826
- scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37827
- btrfs: zoned: return EIO on RAID1 block group write pointer mismatch
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37977
- scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37944
- wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37761
- drm/xe: Fix an out-of-bounds shift when invalidating TLB
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37763
- drm/imagination: take paired job reference
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37764
- drm/imagination: fix firmware memory leaks
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37869
- drm/xe: Use local fence in error path of xe_migrate_clear
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37978
- block: integrity: Do not call set_page_dirty_lock()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37975
- riscv: module: Fix out-of-bounds relocation access
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37872
- net: txgbe: fix memory leak in txgbe_probe() error path
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37873
- eth: bnxt: fix missing ring index trim on error path
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-22120
- ext4: goto right label 'out_mmap_sem' in ext4_setattr()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37799
- vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37800
- driver core: fix potential NULL pointer dereference in dev_uevent()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37878
- perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37803
- udmabuf: fix a buf size overflow issue during udmabuf creation
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37879
- 9p/net: fix improper handling of bogus negative read/write replies
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37983
- qibfs: fix _another_ leak
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37881
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37805
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37883
- s390/sclp: Add check for get_zeroed_page()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37884
- bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37808
- crypto: null - Use spin lock instead of mutex
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37985
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37810
- usb: dwc3: gadget: check that event count does not exceed event buffer
length
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37811
- usb: chipidea: ci_hdrc_imx: fix usbmisc handling
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37812
- usb: cdns3: Fix deadlock when using NCM gadget
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37813
- usb: xhci: Fix invalid pointer dereference in Etron workaround
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37815
- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler
registration
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37885
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37817
- mcb: fix a double free bug in chameleon_parse_gdd()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37819
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37820
- xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37886
- pds_core: make wait_context part of q_info
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37887
- pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37823
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37988
- fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37824
- tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37989
- net: phy: leds: fix memory leak
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37828
- scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37829
- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37830
- cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37831
- cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate()
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-37938
- tracing: Verify event formats that have "%*p.."
* Noble update: upstream stable patchset 2025-10-21 (LP: #2129307) //
CVE-2025-39989
- x86/mce: use is_copy_from_user() to determine copy-from-user context
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722)
- selftests/futex: futex_waitv wouldblock test should fail
- drm/i915/dg2: wait for HuC load completion before running selftests
- drm/i915: Disable RPG during live selftest
- objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret()
- octeontx2-pf: qos: fix VF root node parent queue index
- tc: Ensure we have enough buffer space when sending filter netlink
notifications
- net: ethtool: Don't call .cleanup_data when prepare_data fails
- drm/tests: modeset: Fix drm_display_mode memory leak
- drm/tests: helpers: Add atomic helpers
- drm/tests: Add helper to create mock plane
- drm/tests: Add helper to create mock crtc
- drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic()
- drm/tests: helpers: Fix compiler warning
- drm/tests: helpers: Create kunit helper to destroy a drm_display_mode
- drm/tests: cmdline: Fix drm_display_mode memory leak
- drm/tests: modes: Fix drm_display_mode memory leak
- drm/tests: probe-helper: Fix drm_display_mode memory leak
- ata: sata_sx4: Add error handling in pdc20621_i2c_read()
- nvmet-fcloop: swap list_add_tail arguments
- net_sched: sch_sfq: use a temporary work area for validating
configuration
- Revert "net_sched: sch_sfq: move the limit validation"
- net_sched: sch_sfq: move the limit validation
- ipv6: Align behavior across nexthops during path selection
- nft_set_pipapo: fix incorrect avx2 match of 5th field octet
- fs: consistently deref the files table with rcu_dereference_raw()
- umount: Allow superblock owners to force umount
- x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW
- x86/ia32: Leave NULL selector values 0~3 unchanged
- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
when running in a virtual machine
- perf: arm_pmu: Don't disable counter in armpmu_add()
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
- xen/mcelog: Add __nonstring annotations for unterminated strings
- zstd: Increase DYNAMIC_BMI2 GCC version cutoff from 4.8 to 11.0 to work
around compiler segfault
- ASoC: SOF: topology: Use krealloc_array() to replace krealloc()
- HID: pidff: Convert infinite length from Linux API to PID standard
- HID: pidff: Do not send effect envelope if it's empty
- HID: pidff: Add MISSING_DELAY quirk and its detection
- HID: pidff: Add MISSING_PBO quirk and its detection
- HID: pidff: Add PERMISSIVE_CONTROL quirk
- HID: pidff: Add hid_pidff_init_with_quirks and export as GPL symbol
- HID: pidff: Add FIX_WHEEL_DIRECTION quirk
- HID: Add hid-universal-pidff driver and supported device ids
- [Config] enable hid-universal-pidff driver
- HID: pidff: Add PERIODIC_SINE_ONLY quirk
- ALSA: hda: intel: Fix Optimus when GPU has no sound
- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
- ASoC: fsl_audmix: register card device depends on 'dais' property
- media: uvcvideo: Add quirk for Actions UVC05
- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves
- ALSA: usb-audio: Fix CME quirk for UF series keyboards
- ASoC: amd: Add DMI quirk for ACP6X mic support
- ASoC: amd: yc: update quirk data for new Lenovo model
- f2fs: don't retry IO for corrupted data scenario
- scsi: target: spc: Fix RSOC parameter data header size
- net: usb: asix_devices: add FiberGecko DeviceID
- fs/jfs: cast inactags to s64 to prevent potential overflow
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
- net: sfp: add quirk for 2.5G OEM BX SFP
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller
- ext4: protect ext4_release_dquot against freezing
- Revert "f2fs: rebuild nat_bits during umount"
- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
- tracing: fix return value in __ftrace_event_enable_disable for
TRACE_REG_UNREGISTER
- Bluetooth: hci_uart: fix race during initialization
- Bluetooth: qca: simplify WCN399x NVM loading
- drm: allow encoder mode_set even when connectors change for crtc
- drm/amd/display: Update Cursor request mode to the beginning prefetch
always
- drm/amd/display: add workaround flag to link to force FFE preset
- drm: panel-orientation-quirks: Add support for AYANEO 2S
- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2
- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
- drm/bridge: panel: forbid initializing a panel with unknown connector
type
- drivers: base: devres: Allow to release group on device release
- drm/amdkfd: clamp queue size to minimum
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
- drm/amdgpu: grab an additional reference on the gang fence v2
- tracing: probe-events: Add comments about entry data storing code
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories
- tpm, tpm_tis: Workaround failed command reception on Infineon devices
- pwm: rcar: Improve register calculation
- pwm: fsl-ftm: Handle clk_get_rate() returning 0
- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
- ext4: don't treat fhandle lookup of ea_inode as FS corruption
- dt-bindings: media: st,stmipid02: correct lane-polarities maxItems
- media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
- media: i2c: adv748x: Fix test pattern selection mask
- media: vim2m: print device name after registering device
- media: siano: Fix error handling in smsdvb_module_init()
- xenfs/xensyms: respect hypervisor's "next" indication
- arm64: cputype: Add MIDR_CORTEX_A76AE
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe
list
- spi: cadence-qspi: Fix probe on AM62A LP SK
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status
- media: streamzap: prevent processing IR data on URB failure
- media: visl: Fix ERANGE error when setting enum controls
- media: platform: stm32: Add check for clk_enable()
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
- media: i2c: ccs: Set the device's runtime PM status correctly in remove
- media: i2c: ccs: Set the device's runtime PM status correctly in probe
- media: i2c: ov7251: Set enable GPIO low in probe
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
- media: i2c: imx219: Rectify runtime PM handling in probe and remove
- mptcp: sockopt: fix getting IPV6_V6ONLY
- mtd: Add check for devm_kcalloc()
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320
family
- mtd: Replace kcalloc() with devm_kcalloc()
- clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init
wakeup
- wifi: mt76: Add check for devm_kstrdup()
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
- io_uring/kbuf: reject zero sized provided buffers
- ASoC: q6apm: add q6apm_get_hw_pointer helper
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
- f2fs: fix to avoid atomicity corruption of atomic file
- vdpa/mlx5: Fix oversized null mkey longer than 32bit
- udf: Fix inode_getblk() return value
- smb311 client: fix missing tcon check when mounting with linux/posix
extensions
- i3c: master: svc: Use readsb helper for reading MDB
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs
- mailbox: tegra-hsp: Define dimensioning masks in SoC data
- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist
offsets
- mptcp: only inc MPJoinAckHMacFailure for HMAC failures
- mtd: rawnand: Add status chack in r852_ready()
- arm64: mm: Correct the update of max_pfn
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
- btrfs: fix non-empty delayed iputs list on unmount due to compressed
write workers
- btrfs: zoned: fix zone activation with missing devices
- btrfs: zoned: fix zone finishing with missing devices
- iommufd: Fix uninitialized rc in iommufd_access_rw()
- sparc/mm: disable preemption in lazy mmu mode
- sparc/mm: avoid calling arch_enter/leave_lazy_mmu() in set_ptes
- mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
- mm: make page_mapped_in_vma() hugetlb walk aware
- mm: fix lazy mmu docs and usage
- mm/mremap: correctly handle partial mremap() of VMA starting at 0
- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
- mm/userfaultfd: fix release hang over concurrent GUP
- mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
- mm/hugetlb: move hugetlb_sysctl_init() to the __init section
- x86/xen: fix balloon target initialization for PVH dom0
- tracing: Do not add length to print format in synthetic events
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
- cifs: fix integer overflow in match_server()
- clk: qcom: clk-branch: Fix invert halt status bit check for votable
clocks
- clk: qcom: gdsc: Release pm subdomains in reverse add order
- clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
- clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
- crypto: ccp - Fix check for the primary ASP device
- dm-ebs: fix prefetch-vs-suspend race
- dm-integrity: set ti->error on memory allocation failure
- dm-verity: fix prefetch-vs-suspend race
- dt-bindings: coresight: qcom,coresight-tpda: Fix too many 'reg'
- dt-bindings: coresight: qcom,coresight-tpdm: Fix too many 'reg'
- gpio: tegra186: fix resource handling in ACPI probe path
- gpio: zynq: Fix wakeup source leaks on device unbind
- gve: handle overflow when reporting TX consumed descriptors
- KVM: x86: Explicitly zero-initialize on-stack CPUID unions
- ntb: use 64-bit arithmetic for the MSI doorbell mask
- of/irq: Fix device node refcount leakage in API of_irq_parse_one()
- of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
- of/irq: Fix device node refcount leakages in of_irq_count()
- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
- of/irq: Fix device node refcount leakages in of_irq_init()
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
- PCI: Fix reference leak in pci_alloc_child_bus()
- phy: freescale: imx8m-pcie: assert phy reset and perst in power off
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type
- selftests: mptcp: close fd_in before returning in main_loop
- selftests: mptcp: fix incorrect fd checks in main_loop
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected()
lists
- ACPI: platform-profile: Fix CFI violation when accessing sysfs files
- iommufd: Fail replace if device has not been attached
- x86/e820: Fix handling of subpage regions when calculating nosave ranges
in e820__register_nosave_regions()
- media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef
noinline
- Bluetooth: hci_uart: Fix another race during initialization
- scsi: hisi_sas: Enable force phy when SATA disk directly connected
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
- scsi: iscsi: Fix missing scsi_host_put() in error path
- md/raid10: fix missing discard IO accounting
- md/md-bitmap: fix stats collection for external bitmaps
- ASoC: dwc: always enable/disable i2s irqs
- ovl: remove unused forward declaration
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
- RDMA/hns: Fix wrong maximum DMA segment size
- ASoC: cs42l43: Reset clamp override on jack removal
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid
address
- Bluetooth: l2cap: Check encryption key size on incoming connection
- Revert "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()"
- igc: increase wait time before retrying PTM
- igc: move ktime snapshot into PTM retry loop
- igc: handle the IGC_PTP_ENABLED flag correctly
- igc: cleanup PTP module if probe fails
- igc: add lock preventing multiple simultaneous PTM transactions
- test suite: use %zu to print size_t
- pds_core: fix memory leak in pdsc_debugfs_add_qcq()
- net: ethernet: ti: am65-cpsw-nuss: rename phy_node -> port_np
- net: ethernet: ti: am65-cpsw: fix port_np reference counting
- ata: libata-sata: Save all fields from sense data descriptor
- netlink: specs: rt-link: add an attr layer around alt-ifname
- netlink: specs: rt-link: adjust mctp attribute naming
- net: b53: enable BPDU reception for management port
- net: bridge: switchdev: do not notify new brentries as changed
- net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del()
fails
- ptp: ocp: fix start time alignment in ptp_ocp_signal_set
- net: ti: icss-iep: Add pwidth configuration for perout signal
- net: ti: icss-iep: Add phase offset configuration for perout signal
- net: ethernet: mtk_eth_soc: correct the max weight of the queue limit
for 100Mbps
- net: ethernet: mtk_eth_soc: revise QDMA packet scheduler settings
- riscv: Properly export reserved regions in /proc/iomem
- kunit: qemu_configs: SH: Respect kunit cmdline
- riscv: KGDB: Do not inline arch_kgdb_breakpoint()
- riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
- writeback: fix false warning in inode_to_wb()
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
- asus-laptop: Fix an uninitialized variable
- nfs: add missing selections of CONFIG_CRC32
- nfsd: decrease sc_count directly if fail to queue dl_recall
- i2c: atr: Fix wrong include
- ftrace: fix incorrect hash size in register_ftrace_direct()
- Bluetooth: l2cap: Process valid commands in too long frame
- Bluetooth: vhci: Avoid needless snprintf() calls
- btrfs: correctly escape subvol in btrfs_show_options()
- crypto: caam/qi - Fix drv_ctx refcount bug
- Revert "UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to
hfs_bnode_read_key"
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
- loop: properly send KOBJ_CHANGED uevent for disk device
- loop: LOOP_SET_FD: send uevents for partitions
- mm/gup: fix wrongly calculated returned value in
fault_in_safe_writeable()
- mm: fix filemap_get_folios_contig returning batches of identical folios
- mm: fix apply_to_existing_page_range()
- ksmbd: Prevent integer overflow in calculation of deadtime
- Revert "smb: client: fix TCP timers deadlock after rmmod"
- riscv: Avoid fortify warning in syscall_get_arguments()
- selftests/mm: generate a temporary mountpoint for cgroup filesystem
- smb3 client: fix open hardlink on deferred close file error
- string: Add load_unaligned_zeropad() code path to sized_strscpy()
- tracing: Fix filter string testing
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any
unreleased standalone Zen5 microcode patches
- x86/cpu/amd: Fix workaround for erratum 1054
- x86/boot/sev: Avoid shared GHCB page for early memory acceptance
- scsi: megaraid_sas: Block zero-length ATA VPD inquiry
- scsi: ufs: exynos: Ensure consistent phy reference counts
- perf/x86/intel: Allow to update user space GPRs from PEBS records
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
- drm/repaper: fix integer overflows in repeat functions
- drm/msm/a6xx: Fix stale rpmh votes from GPU
- drm/amd: Handle being compiled without SI or CIK support better
- drm/amdgpu/dma_buf: fix page_link check
- drm/sti: remove duplicate object names
- drm/i915/gvt: fix unterminated-string-initialization warning
- io_uring/net: fix accept multishot handling
- cpufreq: Reference count policy in cpufreq_update_limits()
- kbuild: Add '-fno-builtin-wcslen'
- mptcp: sockopt: fix getting freebind & transparent
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
- x86/xen: move xen_reserve_extra_memory()
- x86/xen: fix memblock_reserve() usage on PVH
- x86/split_lock: Fix the delayed detection logic
- LoongArch: Eliminate superfluous get_numa_distances_cnt()
- Revert "usb: typec: fix potential array underflow in
ucsi_ccg_sync_control()"
- usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
- landlock: Add the errata interface
- nvmet-fc: Remove unused functions
- xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
- sign-file,extract-cert: move common SSL helper functions to a header
- sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
- sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
- MIPS: dec: Declare which_prom() as static
- MIPS: cevt-ds1287: Add missing ds1287.h include
- MIPS: ds1287: Match ds1287_set_base_clock() function types
- drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled
- ASoC: Intel: adl: add 2xrt1316 audio configuration
- cgroup/cpuset: Fix incorrect isolated_cpus update in
update_parent_effective_cpumask()
- cgroup/cpuset: Correct invalid remote parition prs
- cgroup/cpuset: Fix error handling in remote_partition_disable()
- cgroup/cpuset: Revert "Allow suppression of sched domain rebuild in
update_cpumasks_hier()"
- cgroup/cpuset: Enforce at most one rebuild_sched_domains_locked() call
per operation
- cgroup/cpuset: Further optimize code if CONFIG_CPUSETS_V1 not set
- cgroup/cpuset: Fix race between newly created partition and dying one
- gpiolib: of: Fix the choice for Ingenic NAND quirk
- ublk: refactor recovery configuration flag helpers
- net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend()
- iommu/exynos: Fix suspend/resume with IDENTITY domain
- perf/dwc_pcie: fix some unreleased resources
- Flush console log from kernel_power_off()
- ASoC: amd: ps: use macro for ACP6.3 pci revision id
- media: s5p-mfc: Corrected NV12M/NV21M plane-sizes
- wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues
- wifi: ath11k: fix memory leak in ath11k_xxx_remove()
- wifi: mac80211: ensure sdata->work is canceled before initialized.
- can: flexcan: Add quirk to handle separate interrupt lines for mailboxes
- can: flexcan: add NXP S32G2/S32G3 SoC support
- Bluetooth: btusb: Add 2 HWIDs for MT7922
- Bluetooth: Add quirk for broken READ_VOICE_SETTING
- Bluetooth: Add quirk for broken READ_PAGE_SCAN_TYPE
- drm/debugfs: fix printk format for bridge index
- drm/amd/display: stop DML2 from removing pipes based on planes
- drm/xe/xelp: Move Wa_16011163337 from tunings to workarounds
- PCI: Add Rockchip Vendor ID
- HID: pidff: Clamp PERIODIC effect period to device's logical range
- HID: pidff: Stop all effects before enabling actuators
- HID: pidff: Completely rework and fix pidff_reset function
- HID: pidff: Simplify pidff_upload_effect function
- HID: pidff: Define values used in pidff_find_special_fields
- HID: pidff: Rescale time values to match field units
- HID: pidff: Factor out code for setting gain
- HID: pidff: Move all hid-pidff definitions to a dedicated header
- HID: pidff: Simplify pidff_rescale_signed
- HID: pidff: Use macros instead of hardcoded min/max values for shorts
- HID: pidff: Factor out pool report fetch and remove excess declaration
- HID: hid-universal-pidff: Add Asetek wheelbases support
- HID: pidff: Comment and code style update
- HID: pidff: Support device error response from PID_BLOCK_LOAD
- HID: pidff: Remove redundant call to pidff_find_special_keys
- HID: pidff: Rename two functions to align them with naming convention
- HID: pidff: Clamp effect playback LOOP_COUNT value
- HID: pidff: Compute INFINITE value instead of using hardcoded 0xffff
- HID: pidff: Fix 90 degrees direction name North -> East
- HID: pidff: Fix set_device_control()
- media: mgb4: Fix CMT registers update logic
- media: mgb4: Fix switched CMT frequency range "magic values" sets
- media: rockchip: rga: fix rga offset lookup
- media: v4l: Add a helper for setting up link-frequencies control
- media: v4l2-common.h: kerneldoc: correctly format return values
- media: imx219: Adjust PLL settings based on the number of MIPI lanes
- media: nuvoton: Fix reference handling of ece_node
- media: nuvoton: Fix reference handling of ece_pdev
- media: i2c: imx319: Rectify runtime PM handling probe and remove
- media: i2c: imx214: Rectify probe error handling related to runtime PM
- media: chips-media: wave5: Fix gray color on screen
- media: chips-media: wave5: Fix a hang after seeking
- wifi: mt76: mt7925: ensure wow pattern command align fw format
- wifi: mt76: mt7925: fix country count limitation for CLC
- ALSA: hda/realtek: Enable Mute LED on HP OMEN 16 Laptop xd000xx
- accel/ivpu: Fix warning in ivpu_ipc_send_receive_internal()
- ima: limit the number of open-writers integrity violations
- arm64: dts: exynos: gs101: disable pinctrl_gsacore node
- btrfs: tests: fix chunk map leak after failure to add it to the tree
- mm/damon/ops: have damon_get_folio return folio even for tail pages
- CIFS: Propagate min offload along with other parameters from primary to
secondary channels.
- dm-integrity: fix non-constant-time tag verification
- landlock: Move code to ease future backports
- landlock: Add erratum for TCP fix
- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq'
error
- net: mana: Switch to page pool for jumbo frames
- PCI: j721e: Fix the value of .linkdown_irq_regfield for J784S4
- pinctrl: samsung: add support for eint_fltcon_offset
- s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues
- thermal/drivers/mediatek/lvts_thermal: Allow early empty sensor slots
- thermal/drivers/mediatek/lvts_thermal: Fix wrong lvts_ctrl index
- thermal/drivers/mediatek/lvts: Disable monitor mode during suspend
- thermal/drivers/mediatek/lvts: Disable Stage 3 thermal threshold
- NFSD: fix decoding in nfs4_xdr_dec_cb_getattr
- libbpf: Prevent compiler warnings/errors
- Upstream stable to v6.6.88, v6.12.24
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-22026
- nfsd: don't ignore the return code of svc_proc_register()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37836
- PCI: Fix reference leak in pci_register_host_bridge()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37846
- arm64: mops: Do not dereference src reg for a set operation
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37942
- HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37856
- btrfs: harden block_group::bg_list against list_del() races
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37861
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37744
- wifi: ath12k: fix memory leak in ath12k_pci_remove()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37745
- PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37945
- net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-
controlled PHY
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37759
- ublk: fix handling recovery & reissue in ublk_abort_queue()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23140
- misc: pci_endpoint_test: Avoid issue of interrupts remaining after
request_irq error
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-22126
- md: fix mddev uaf while iterating all_mddevs list
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37765
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37766
- drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37767
- drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37768
- drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37769
- drm/amd/pm/smu11: Prevent division by zero
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37770
- drm/amd/pm/powerplay: Prevent division by zero
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37768 // CVE-2025-37771
- drm/amd/pm: Prevent division by zero
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37772
- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37773
- virtiofs: add filesystem context source name check
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37775
- ksmbd: fix the warning from __kernel_write_iter
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37778
- ksmbd: Fix dangling pointer in krb_authenticate
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37863
- ovl: don't allow datadir only
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37780
- isofs: Prevent the use of too small fid
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37781
- i2c: cros-ec-tunnel: defer probe if parent EC is not present
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37979
- ASoC: qcom: Fix sc7280 lpass potential buffer overflow
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37784
- net: ti: icss-iep: Fix possible NULL pointer dereference for perout
request
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37786
- net: dsa: free routing table on probe failure
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37864
- net: dsa: clean up FDB, MDB, VLAN entries on unbind
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37865
- net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is
unsupported
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37787
- net: dsa: mv88e6xxx: avoid unregistering devlink regions which were
never registered
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37788
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37874
- net: ngbe: fix memory leak in ngbe_probe() error path
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37789
- net: openvswitch: fix nested key length validation in the set() action
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37980
- block: fix resource leak in blk_register_queue() error path
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37790
- net: mctp: Set SOCK_RCU_FREE
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37875
- igc: fix PTM cycle trigger logic
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37792
- Bluetooth: btrtl: Prevent potential NULL dereference
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37867
- RDMA/core: Silence oversized kvmalloc() warning
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37793
- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37982
- wifi: wl1251: fix memory leak in wl1251_tx_work
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37794
- wifi: mac80211: Purge vif txq in ieee80211_do_stop()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37796
- wifi: at76c50x: fix use after free access in at76_disconnect
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23141
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory
accesses
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37940
- ftrace: Add cond_resched() to ftrace_graph_set_hash()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37844
- cifs: avoid NULL pointer dereference in dbg call
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23142
- sctp: detect and prevent references to a freed transport in sendmsg
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23144
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37892
- mtd: inftlcore: Add error check for inftl_read_oob()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23145
- mptcp: fix NULL pointer in can_accept_new_subflow
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23146
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37839
- jbd2: remove wrong sb->s_sequence check
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23147
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23148
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23149
- tpm: do not start chip while suspended
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23150
- ext4: fix off-by-one error in do_split
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23151
- bus: mhi: host: Fix race between unprepare and queue_buf
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23156
- media: venus: hfi_parser: refactor hfi packet parsing logic
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23157
- media: venus: hfi_parser: add check to avoid out of bound access
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37840
- mtd: rawnand: brcmnand: fix PM resume warning
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37849
- KVM: arm64: Tear down vGIC on failed vCPU creation
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23158
- media: venus: hfi: add check to handle incorrect queue size
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23159
- media: venus: hfi: add a check to handle OOB in sfr region
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23160
- media: mediatek: vcodec: Fix a resource leak related to the scp device
in FW initialization
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37850
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37851
- fbdev: omapfb: Add 'plane' value check
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23161
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37852
- drm/amdgpu: handle amdgpu_cgs_create_device() errors in
amd_powerplay_create()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37853
- drm/amdkfd: debugfs hang_hws skip GPU with MES
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37854
- drm/amdkfd: Fix mode1 reset crash issue
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-23163
- net: vlan: don't propagate flags on open
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37857
- scsi: st: Fix array overflow in st_setup()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37738
- ext4: ignore xattrs past end
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37739
- f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37943
- wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37740
- jfs: add sanity check for agwidth in dbMount
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37741
- jfs: Prevent copying of nlink with value 0 from disk inode
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37858
- fs/jfs: Prevent integer overflow in AG size calculation
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37742
- jfs: Fix uninit-value access of imap allocated in the diMount() function
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37859
- page_pool: avoid infinite loop to schedule delayed worker
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37862
- HID: pidff: Fix null pointer dereference in pidff_find_fields
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37841
- pm: cpupower: bench: Prevent NULL dereference on malloc failure
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37748
- iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37749
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37754
- drm/i915/huc: Fix fence not released on early probe errors
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37755
- net: libwx: handle page_pool_dev_alloc_pages error
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37757
- tipc: fix memory leak in tipc_link_xmit
* Noble update: upstream stable patchset 2025-10-17 (LP: #2128722) //
CVE-2025-37758
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
* CVE-2025-40019
- crypto: essiv - Check ssize for decryption and in-place encryption
* CVE-2025-39993
- media: rc: fix races with imon_disconnect()
* CVE-2025-40018
- ipvs: Defer ip_vs_ftp unregister during netns cleanup
* CVE-2025-38666
- net: appletalk: Fix use-after-free in AARP proxy probe
* CVE-2025-39964
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
* CVE-2025-37801
- spi: spi-imx: Add check for spi_imx_setupxfer()
* CVE-2025-39946
- tls: make sure to abort the stream if headers are bogus
* CVE-2025-37958
- mm/huge_memory: fix dereferencing invalid pmd migration entry
* CVE-2025-38584
- padata: Fix pd UAF once and for all
- padata: Remove comment for reorder_work
Date: 2025-11-28 15:07:12.098832+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/6.8.0-91.92
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list