[ubuntu/noble-proposed] linux 6.8.0-103.103 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed Feb 11 16:51:42 UTC 2026
linux (6.8.0-103.103) noble; urgency=medium
* noble/linux: 6.8.0-103.103 -proposed tracker (LP: #2141411)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2026.02.09)
* xhci_find_slot_id_by_port kernel panic on boot on arm64 (LP: #2141314)
- Revert "xhci: fix stale flag preventig URBs after link state error is
cleared"
* Boot up hang with ucsi call trace while plug power cord or device on tbt5
port (LP: #2127764)
- SAUCE: usb: typec: ucsi: Fix workqueue destruction race during connector
cleanup
* TBT call trace while connecting TBT4 monitor on TBT5 port (LP: #2137613)
- thunderbolt: Show path name in debug log when path is deactivated
- thunderbolt: Log path activation failures without WARN backtraces
* x86: tsc: Fix TSC clock source being disabled when SNC is enabled causing
fall back to less precise HPET (LP: #2138120)
- x86/tsc: Use topology_max_packages() to get package number
* Random flickering with Intel i915 (CoffeeLake and WhiskeyLake) on Linux
6.8 (LP: #2136958)
- SAUCE: iommu/intel: disable DMAR for CFL and WHL integrated gfx
* CXL: Fix slab-out-of-bounds in cxl_setup_parent_dport (LP: #2130240)
- cxl/pci: Get AER capability address from RCRB only for RCH dport
- cxl/test: Skip cxl_setup_parent_dport() for emulated dports
* net:tap in ubuntu_kselftests_net fails on Noble (buffer overflow detected)
(LP: #2067642)
- SAUCE: selftests: net: fix "buffer overflow detected" for tap.c
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633)
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY
- net: aquantia: Add missing descriptor cache invalidation on ATL2
- net: lan966x: Fix the initialization of taprio
- net/mlx5e: Fix validation logic in rate limiting
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
- net: dsa: sja1105: simplify static configuration reload
- net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing
traffic
- net: fec: cancel perout_timer when PEROUT is disabled
- net: fec: do not update PEROUT if it is enabled
- net: fec: do not allow enabling PPS and PEROUT simultaneously
- net: fec: do not register PPS event for PEROUT
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors
- mailbox: mailbox-test: Fix debugfs_create_dir error checking
- mailbox: pcc: Refactor error handling in irq handler into separate
function
- mailbox: pcc: don't zero error register
- spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors
- spi: spi-mem: Allow specifying the byte order in Octal DTR mode
- spi: spi-mem: Extend spi-mem operations with a per-operation maximum
frequency
- spi: spi-mem: Add a new controller capability
- spi: nxp-fspi: Support per spi-mem operation frequency switches
- spi: nxp-fspi: Propagate fwnode in ACPI case as well
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()"
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields
- iio:common:ssp_sensors: Fix an error handling path ssp_probe()
- iio: accel: fix ADXL355 startup race condition
- iio: adc: ad7280a: fix ad7280_store_balance_timer()
- MIPS: mm: Prevent a TLB shutdown on initial uniquification
- MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
- ARM: dts: nxp: imx6ul: correct SAI3 interrupt line
- can: sja1000: fix max irq loop handling
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
- dm-verity: fix unreliable memory allocation
- drivers/usb/dwc3: fix PCI parent check
- thunderbolt: Add support for Intel Wildcat Lake
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves
- mptcp: clear scheduled subflows on retransmit
- serial: amba-pl011: prefer dma_mapping_error() over explicit address
checking
- usb: cdns3: Fix double resource release in cdns3_pci_probe
- USB: storage: Remove subclass and protocol overrides from Novatek quirk
- usb: dwc3: pci: add support for the Intel Nova Lake -S
- usb: dwc3: pci: Sort out the Intel device IDs
- xhci: dbgtty: Fix data corruption when transmitting data form DbC to
host
- xhci: dbgtty: fix device unregister
- USB: serial: ftdi_sio: add support for u-blox EVK-M101
- USB: serial: option: add support for Rolling RW101R-GL
- drm: sti: fix device leaks at component probe
- net: dsa: microchip: common: Fix checks on irq_find_mapping()
- net: dsa: microchip: ptp: Fix checks on irq_find_mapping()
- nfsd: Replace clamp_t in nfsd4_get_drc_mem()
- usb: udc: Add trace event for usb_gadget_set_state
- usb: typec: ucsi: psy: Set max current to zero when disconnected
- can: rcar_canfd: Fix CAN-FD mode as default
- iio: adc: rtq6056: Correct the sign bit index
- net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}()
- net: dsa: microchip: Free previously initialized ports on init failures
- mailbox: mtk-cmdq: Refine DMA address handling for the command buffer
- iio: humditiy: hdc3020: fix units for temperature and humidity
measurement
- arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos
- nvmem: layouts: fix nvmem_layout_bus_uevent
- xhci: fix stale flag preventig URBs after link state error is cleared
- drm/amd/display: Don't change brightness for disabled connectors
- KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts()
- KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv()
- KVM: nSVM: Fix and simplify LBR virtualization handling with nested
- KVM: SVM: Fix redundant updates of LBR MSR intercepts
- wifi: ath12k: correctly handle mcast packets for clients
- drm/i915/dp: Initialize the source OUI write timestamp always
- SAUCE: bpf: introduce __MAX_BPF_PROG_TYPE delimiter
- Upstream stable to v6.6.119, v6.12.61
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68340
- team: Move team device type change at the end of team_port_add
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68282
- usb: gadget: udc: fix use-after-free in usb_gadget_state_work
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68283
- libceph: replace BUG_ON with bounds check for map->max_osd
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68284
- libceph: prevent potential out-of-bounds writes in
handle_auth_session_key()
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68285
- libceph: fix potential use-after-free in have_mon_and_osd_map()
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68286
- drm/amd/display: Check NULL before accessing
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68287
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests()
call paths
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68331
- usb: uas: fix urb unmapping issue when the uas device is remove during
ongoing data transfer
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-40345
- usb: storage: sddr55: Reject out-of-bound new_pba
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68288
- usb: storage: Fix memory leak in USB bulk transport
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68327
- usb: renesas_usbhs: Fix synchronous external abort on unbind
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68289
- usb: gadget: f_eem: Fix memory leak in eem_unwrap
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68290
- most: usb: fix double free on late probe failure
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68328
- firmware: stratix10-svc: fix bug in saving controller data
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68295
- smb: client: fix memory leak in cifs_construct_tcon()
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68297
- ceph: fix crash in process_v2_sparse_read() for encrypted directories
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68339
- atm/fore200e: Fix possible data race in fore200e_open()
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68330
- iio: accel: bmc150: Fix irq assumption regression
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68301
- net: atlantic: fix fragment overflow handling in RX path
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68302
- net: sxgbe: fix potential NULL dereference in sxgbe_rx()
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68303
- platform/x86: intel: punit_ipc: fix memory corruption
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68305
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68342
- can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before
accessing data
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68343
- can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before
accessing header
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68307
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted
URBs
* Noble update: upstream stable patchset 2026-02-03 (LP: #2139633) //
CVE-2025-68308
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
- shmem: fix tmpfs reconfiguration (remount) when noswap is set
- exfat: check return value of sb_min_blocksize in exfat_read_boot_sector
- mptcp: Disallow MPTCP subflows from sockmap
- ata: libata-scsi: Fix system suspend for a security locked drive
- smb: client: introduce close_cached_dir_locked()
- ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan()
- net: dsa: microchip: lan937x: Fix RGMII delay tuning
- Revert "drm/tegra: dsi: Clear enable register if powered by bootloader"
- Input: goodix - add support for ACPI ID GDIX1003
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl()
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO
- dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups
- LoongArch: Don't panic if no valid cache info for PCI
- mptcp: fix ack generation for fallback msk
- mptcp: fix premature close in case of fallback
- mptcp: avoid unneeded subflow-level drops
- mptcp: decouple mptcp fastclose from tcp close
- mptcp: do not fallback when OoO is present
- drm/tegra: dc: Fix reference leak in tegra_dc_couple()
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
- drm/amd/display: Increase DPCD read retries
- drm/amd/display: Move sleep into each retry for retrieve_link_cap()
- xfrm: Determine inner GSO type from packet inner protocol
- xfrm: Prevent locally generated packets from direct output in tunnel
mode
- pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe()
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()
- net: dsa: hellcreek: fix missing error handling in LED registration
- net: mlxsw: linecards: fix missing error check in
mlxsw_linecard_devlink_info_get()
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to
errnos
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc()
- LoongArch: Use UAPI types in ptrace UAPI header
- bcma: don't register devices disabled in OF
- cifs: fix typo in enable_gcm_256 module parameter
- scsi: core: Fix a regression triggered by scsi_host_busy()
- x86/microcode/AMD: Limit Entrysign signature checking to known
generations
- selftests: net: use BASH for bareudp testing
- net: tls: Cancel RX async resync request on rcd_delta overflow
- kconfig/mconf: Initialize the default locale at startup
- kconfig/nconf: Initialize the default locale at startup
- f2fs: compress: change the first parameter of page_array_{alloc,free} to
sbi
- s390/mm: Fix __ptep_rdp() inline assembly
- ALSA: usb-audio: fix uac2 clock source at terminal parser
- tracing/tools: Fix incorrcet short option in usage text for --threads
- smb: client: fix incomplete backport in cfids_invalidation_worker()
- uio_hv_generic: Set event for all channels on the device
- maple_tree: fix tracepoint string pointers
- selftests: mptcp: join: endpoints: longer transfer
- HID: amd_sfh: Stop sensor before starting
- arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5
- mptcp: fix duplicate reset on fastclose
- selftests: mptcp: join: endpoints: longer timeout
- selftests: mptcp: join: userspace: longer timeout
- drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5
- xfrm: set err and extack on failure to create pcpu SA
- pinctrl: realtek: Select REGMAP_MMIO for RTD driver
- selftests: net: lib: Do not overwrite error messages
- af_unix: Cache state->msg in unix_stream_read_generic().
- af_unix: Read sk_peek_offset() again after sleeping in
unix_stream_read_generic().
- net: tls: Change async resync helpers argument
- ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check
- drm/xe: Prevent BIT() overflow when handling invalid prefetch region
- tty/vt: fix up incorrect backport to stable releases
- Upstream stable to v6.6.118, v6.12.60
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68213
- idpf: fix possible vport_config NULL pointer deref in remove
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68223
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40257
- mptcp: fix a race in mptcp_pm_del_add_timer()
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68231
- mm/mempool: fix poisoning order>0 pages with HIGHMEM
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68198
- crash: fix crashkernel resource shrink
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40266
- KVM: arm64: Check the untrusted offset in FF-A memory share
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68220
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return
NULL on error
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-38627
- f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40248
- vsock: Ignore signal/timeout on connect() if already established
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68219
- cifs: fix memory leak in smb3_fs_context_parse_param error path
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40250
- net/mlx5: Clean up only new IRQ glue on request_irq() failure
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40251
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68222
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40252
- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont()
and qede_tpa_end()
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40253
- s390/ctcm: Fix double-kfree
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68218
- nvme-multipath: fix lockdep WARN due to partition scan work
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40254
- net: openvswitch: remove never-working support for setting nsh fields
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68233
- drm/tegra: Add call to put_pid()
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40258
- mptcp: fix race condition in mptcp_schedule_work()
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68229
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40259
- scsi: sg: Do not sleep in atomic context
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40261
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68235
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68217
- Input: pegasus-notetaker - fix potential out-of-bounds access
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40262
- Input: imx_sc_key - fix memory corruption on unload
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40263
- Input: cros_ec_keyb - fix an invalid memory access
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-40264
- be2net: pass wrb_params in case of OS2BMC
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68227
- mptcp: Fix proto fallback detection with BPF
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68237
- mtdchar: fix integer overflow in read/write ioctls
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68238
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference
* Noble update: upstream stable patchset 2026-02-02 (LP: #2139624) //
CVE-2025-68214
- timers: Fix NULL function pointer race in timer_shutdown_sync()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints
- fbdev: atyfb: Check if pll_ops->init_pll failed
- ACPI: button: Call input_free_device() on failing input device
registration
- Bluetooth: rfcomm: fix modem control handling
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
- mptcp: drop bogus optimization in __mptcp_check_push()
- mptcp: restore window probe
- ASoC: qdsp6: q6asm: do not sleep while atomic
- wifi: ath10k: Fix memory leak on unsupported WMI command
- wifi: ath11k: Add missing platform IDs for quirk table
- wifi: ath12k: free skb during idr cleanup callback
- drm/msm/a6xx: Fix GMU firmware parser
- ALSA: usb-audio: fix control pipe direction
- scsi: ufs: core: Initialize value of an attribute returned by uic cmd
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs
- ASoC: fsl_sai: fix bit order for DSD format
- libbpf: Fix powerpc's stack register definition in bpf_tracing.h
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during
reset
- Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
- Bluetooth: ISO: Fix another instance of dst_type handling
- Bluetooth: hci_core: Fix tracking of periodic advertisement
- drm/etnaviv: fix flush sequence logic
- net: hns3: return error code when function fails
- sfc: fix potential memory leak in efx_mae_process_mport()
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table()
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland
- block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL
- block: make REQ_OP_ZONE_OPEN a write operation
- drm/mediatek: Fix device use-after-free on unbind
- mptcp: fix MSG_PEEK stream corruption
- cpuidle: governors: menu: Rearrange main loop in menu_select()
- cpuidle: governors: menu: Select polling state in some more cases
- net: phy: dp83867: Disable EEE support as not implemented
- [Config] disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP for s390x
- drm/sched: Fix race in drm_sched_entity_select_rq()
- soc: aspeed: socinfo: Add AST27xx silicon IDs
- soc: qcom: smem: Fix endian-unaware access of num_entries
- spi: loopback-test: Don't use %pK through printk
- bpf: Don't use %pK through printk
- pinctrl: single: fix bias pull up/down handling in pin_config_set
- mmc: host: renesas_sdhi: Fix the actual clock
- memstick: Add timeout to prevent indefinite waiting
- irqchip/sifive-plic: Respect mask state when setting affinity
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2
- arc: Fix __fls() const-foldability via __builtin_clzl()
- selftests/bpf: Upon failures, exit with code 1 in test_xsk.sh
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[]
- power: supply: qcom_battmgr: add OOI chemistry
- hwmon: (k10temp) Add device ID for Strix Halo
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support
- pinctrl: keembay: release allocated memory in detach path
- power: supply: sbs-charger: Support multiple devices
- hwmon: sy7636a: add alias
- irqchip/loongson-pch-lpc: Use legacy domain for PCH-LPC IRQ controller
- arm64: zynqmp: Revert usb node drive strength and slew rate for zcu106
- soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups
- ARM: tegra: transformer-20: add missing magnetometer interrupt
- ARM: tegra: transformer-20: fix audio-codec interrupt
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in
acpi_ds_call_control_method()
- tee: allow a driver to allocate a tee_device without a pool
- bpf: Do not limit bpf_cgroup_from_id to current's namespace
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556
- tools/cpupower: fix error return value in cpupower_write_sysfs()
- pmdomain: apple: Add "apple,t8103-pmgr-pwrstate"
- power: supply: qcom_battmgr: handle charging state change notifications
- bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21
- cpuidle: Fail cpuidle device registration if there is one already
- spi: rpc-if: Add resume support for RZ/G3E
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel
- riscv: bpf: Fix uninitialized symbol 'retval_off'
- bpf: Clear pfmemalloc flag when freeing all fragments
- nvme: Use non zero KATO for persistent discovery connections
- uprobe: Do not emulate/sstep original instruction when ip is changed
- hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040
- tools/cpupower: Fix incorrect size in cpuidle_state_disable()
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage
- tools/power x86_energy_perf_policy: Enhance HWP enable
- tools/power x86_energy_perf_policy: Prefer driver HWP limits
- mfd: stmpe: Remove IRQ domain upon removal
- mfd: stmpe-i2c: Add missing MODULE_LICENSE
- mfd: madera: Work around false-positive -Wininitialized warning
- mfd: da9063: Split chip variant reading in two bus transactions
- drm/amd/display: ensure committing streams is seamless
- drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration
- drm/amd/display: add more cyan skillfish devices
- drm/amd/display: update dpp/disp clock from smu clock table
- drm/amd/pm: Use cached metrics data on aldebaran
- drm/amd/pm: Use cached metrics data on arcturus
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
- PCI: Disable MSI on RDC PCI to PCIe bridges
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8
- selftests/net: Ensure assert() triggers in psock_tpacket.c
- wifi: rtw88: sdio: use indirect IO for device registers before power-on
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs
- media: pci: ivtv: Don't create fake v4l2_fh
- media: amphion: Delete v4l2_fh synchronously in .release()
- drm/tidss: Use the crtc_* timings when programming the HW
- drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value
- drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST
- drm/tidss: Set crtc modesetting parameters with adjusted mode
- media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for
VIDEO_CAMERA_SENSOR
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall
- net: stmmac: Check stmmac_hw_setup() in stmmac_resume()
- ice: Don't use %pK through printk or tracepoints
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge
- powerpc/eeh: Use result of error_detected() in uevent
- s390/pci: Use pci_uevent_ers() in PCI recovery
- bridge: Redirect to backup port when port is administratively down
- scsi: ufs: host: mediatek: Fix auto-hibern8 timer configuration
- scsi: ufs: host: mediatek: Assign power mode userdata before FASTAUTO
mode change
- scsi: ufs: host: mediatek: Change reset sequence for improved stability
- scsi: ufs: host: mediatek: Fix invalid access in vccqx handling
- drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts
- drm/amdkfd: Handle lack of READ permissions in SVM mapping
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before
setting register
- iio: adc: imx93_adc: load calibrated values even calibration failed
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
- char: misc: Make misc_register() reentry for miscdevice who wants
dynamic minor
- char: misc: Does not request module for miscdevice with dynamic minor
- net: When removing nexthops, don't call synchronize_net if it is not
necessary
- net: Call trace_sock_exceed_buf_limit() for memcg failure with
SK_MEM_RECV.
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
- rds: Fix endianness annotation for RDS_MPATH_HASH
- scsi: mpi3mr: Fix controller init failure on fault during queue creation
- scsi: pm80xx: Fix race condition caused by static variables
- extcon: adc-jack: Fix wakeup source leaks on device unbind
- remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper
- net: phy: fixed_phy: let fixed_phy_unregister free the phy_device
- fuse: zero initialize inode private data
- drm/amdkfd: fix vram allocation failure for a special case
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
- media: fix uninitialized symbol warnings
- drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2)
- mips: lantiq: danube: add missing properties to cpu node
- mips: lantiq: danube: add model to EASY50712 dts
- mips: lantiq: danube: add missing device_type in pci node
- mips: lantiq: xway: sysctrl: rename stp clock
- mips: lantiq: danube: rename stp node on EASY50712 reference board
- crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof()
- scsi: pm8001: Use int instead of u32 to store error codes
- ptp: Limit time setting of PTP clocks
- dmaengine: sh: setup_xref error handling
- dmaengine: mv_xor: match alloc_wc and free_wc
- dmaengine: dw-edma: Set status for callback_result
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
- drm/amdgpu: Allow kfd CRIU with no buffer objects
- ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
- media: adv7180: Add missing lock in suspend callback
- media: adv7180: Do not write format to device in set_fmt
- media: adv7180: Only validate format in querystd
- media: verisilicon: Explicitly disable selection api ioctls for decoders
- ALSA: usb-audio: apply quirk for MOONDROP Quark2
- net: call cond_resched() less often in __release_sock()
- smsc911x: add second read of EEPROM mac when possible corruption seen
- iommu/apple-dart: Clear stream error indicator bits for T8110 DARTs
- drm/amd: add more cyan skillfish PCI ids
- drm/amdgpu: don't enable SMU on cyan skillfish
- drm/amdgpu: add support for cyan skillfish gpu_info
- usb: gadget: f_hid: Fix zero length packet transfer
- drm/msm: make sure to not queue up recovery more than once
- char: Use list_del_init() in misc_deregister() to reinitialize list
pointer
- media: ov08x40: Fix the horizontal flip control
- media: i2c: og01a1b: Specify monochrome media bus format instead of
Bayer
- scsi: ufs: host: mediatek: Enhance recovery on resume failure
- scsi: ufs: host: mediatek: Enhance recovery on hibernation exit failure
- net: phy: marvell: Fix 88e1510 downshift counter errata
- scsi: ufs: host: mediatek: Disable auto-hibern8 during power mode
changes
- wifi: mac80211: Fix HE capabilities element check
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy
- phy: renesas: r8a779f0-ether-serdes: add new step added to latest
datasheet
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0
- net: sh_eth: Disable WoL if system can not suspend
- selftests: net: replace sleeps in fcnal-test with waits
- media: redrat3: use int type to store negative error codes
- selftests: traceroute: Use require_command()
- netfilter: nf_reject: don't reply to icmp error messages
- x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of
PV_UNHALT
- selftests: Disable dad for ipv6 in fcnal-test.sh
- eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP
- [Config] disable 8139TOO_PIO for armhf
- selftests: Replace sleep with slowwait
- HID: asus: add Z13 folio to generic group for multitouch to work
- watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
- crypto: sun8i-ce - remove channel timeout field
- PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify()
- crypto: caam - double the entropy delay interval for retry
- net/cls_cgroup: Fix task_get_classid() during qdisc run
- wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device
- wifi: mt76: mt7996: Temporarily disable EPCS
- ALSA: serial-generic: remove shared static buffer
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
- drm/amd: Avoid evicting resources at S5
- drm/amd/display: Fix DVI-D/HDMI adapters
- drm/amd/display: Disable VRR on DCE 6
- ethernet: Extend device_get_mac_address() to use NVMEM
- HID: i2c-hid: Resolve touchpad issues on Dell systems during S4
- drm/amdgpu: reject gang submissions under SRIOV
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to
clean net/lib dependency
- scsi: ufs: core: Disable timestamp functionality if not supported
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during
TGT_RESET
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in
lpfc_cleanup
- scsi: lpfc: Define size of debugfs entry for xri rebalancing
- allow finish_no_open(file, ERR_PTR(-E...))
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices
- ipv6: np->rxpmtu race annotation
- ASoC: qcom: sc8280xp: explicitly set S16LE format in
sc8280xp_be_hw_params_fixup()
- net: phy: clear link parameters on admin link down
- net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X
- iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot()
- wifi: ath10k: Fix connection after GTK rekeying
- net: intel: fm10k: Fix parameter idx set but not used
- sparc/module: Add R_SPARC_UA64 relocation handling
- sparc64: fix prototypes of reads[bwl]()
- vfio: return -ENOTTY for unsupported device feature
- PCI/PM: Skip resuming to D0 if device is disconnected
- remoteproc: qcom: q6v5: Avoid handling handover twice
- wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
- drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream
- NFSv4: handle ERR_GRACE on delegation recalls
- NFSv4.1: fix mount hang after CREATE_SESSION failure
- net: bridge: Install FDB for bridge MAC on VLAN 0
- scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
- accel/habanalabs/gaudi2: fix BMON disable configuration
- scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate
- accel/habanalabs: return ENOMEM if less than requested pages were pinned
- accel/habanalabs/gaudi2: read preboot status after recovering from dirty
state
- fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
- ext4: increase IO priority of fastcommit
- ASoC: stm32: sai: manage context in set_sysclk callback
- ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007
- net/mlx5e: Don't query FEC statistics when FEC is disabled
- net: macb: avoid dealing with endianness in macb_set_hwaddr()
- Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI
frames
- ALSA: usb-audio: add mono main switch to Presonus S1824c
- exfat: limit log print for IO error
- 6pack: drop redundant locking and refcounting
- page_pool: Clamp pool size to max 16K pages
- ksmbd: use sock_create_kern interface to create kernel socket
- smb: client: transport: avoid reconnects triggered by pending task work
- char: misc: restrict the dynamic range to exclude reserved minors
- ACPICA: Update dsmethod.c to get rid of unused variable warning
- RDMA/irdma: Fix SD index calculation
- RDMA/irdma: Remove unused struct irdma_cq fields
- RDMA/irdma: Set irdma_cq cq_num field during CQ create
- RDMA/hns: Fix the modification of max_send_sge
- RDMA/hns: Fix wrong WQE data when QP wraps around
- btrfs: mark dirty extent range for out of bound prealloc extents
- fs/hpfs: Fix error code for new_inode() failure in
mkdir/create/mknod/symlink
- um: Fix help message for ssl-non-raw
- clk: sunxi-ng: sun6i-rtc: Add A523 specifics
- rtc: pcf2127: clear minute/second interrupt
- ARM: at91: pm: save and restore ACR during PLL disable/enable
- clk: at91: clk-master: Add check for divide by 3
- clk: at91: clk-sam9x60-pll: force write to PLL_UPDT register
- clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled
- NTB: epf: Allow arbitrary BAR mapping
- 9p: fix /sys/fs/9p/caches overwriting itself
- cpufreq: tegra186: Initialize all cores to max frequencies
- 9p: sysfs_init: don't hardcode error to ENOMEM
- scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS
- ACPI: property: Return present device nodes only on fwnode interface
- tools bitmap: Add missing asm-generic/bitsperlong.h include
- tools: lib: thermal: don't preserve owner in install
- tools: lib: thermal: use pkg-config to locate libnl3
- rtc: pcf2127: fix watchdog interrupt mask on pcf2131
- kbuild: uapi: Strip comments before size type check
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
- ceph: add checking of wait_for_completion_killable() return value
- ceph: refactor wake_up_bit() pattern of calling
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again
- media: uvcvideo: Use heuristic to find stream entity
- net: libwx: fix device bus LAN ID
- riscv: Improve exception and system call latency
- riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro
- Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2()
- net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for
bcm63xx
- selftests/net: fix out-of-order delivery of FIN in gro:tcp test
- selftests/net: use destination options instead of hop-by-hop
- netdevsim: add Makefile for selftests
- selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing
ethtool-common.sh
- net: vlan: sync VLAN features with lower device
- net: dsa: b53: fix resetting speed and pause on forced link
- net: dsa: b53: fix enabling ip multicast
- net: dsa: b53: stop reading ARL entries if search is done
- sctp: Hold RCU read lock while iterating over address list
- sctp: Hold sock lock while iterating over address list
- bnxt_en: Fix a possible memory leak in bnxt_ptp_init
- wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup
- net/mlx5e: Use extack in get module eeprom by page callback
- net/mlx5e: Fix return value in case of module EEPROM read error
- net/mlx5e: SHAMPO, Fix skb size check for 64K pages
- net: dsa: microchip: Fix reserved multicast address table programming
- net: bridge: fix MST static key usage
- tracing: Fix memory leaks in create_field_var()
- drm/amd/display: Enable mst when it's detected but yet to be initialized
- rtc: rx8025: fix incorrect register reference
- x86/microcode/AMD: Add more known models to entry sign checking
- smb: client: validate change notify buffer before copy
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC
- scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers
- extcon: adc-jack: Cleanup wakeup source only if it was enabled
- drm/amdgpu: Fix function header names in amdgpu_connectors.c
- drm/amd/display: Fix black screen with HDMI outputs
- riscv: stacktrace: fix backtracing through exceptions
- selftests: netdevsim: set test timeout to 10 minutes
- drm/i915: Fix conversion between clock ticks and nanoseconds
- smb: client: fix refcount leak in smb2_set_path_attr
- iommufd: Make vfio_compat's unmap succeed if the range is already empty
- drm/amd: Fix suspend failure with secure display TA
- compiler_types: Move unused static inline functions warning to W=2
- RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid
rfence errors
- riscv: acpi: avoid errors caused by probing DT devices when ACPI is used
- drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
- NFS4: Fix state renewals missing after boot
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
- NFS: check if suid/sgid was cleared after a write as needed
- HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
- wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp()
- selftests: net: local_termination: Wait for interfaces to come up
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
- net/smc: fix mismatch between CLC header and proposal
- net/handshake: Fix memory leak in tls_handshake_accept()
- net: mdio: fix resource leak in mdiobus_register_device()
- wifi: mac80211: skip rate verification for not captured PSDUs
- net_sched: act_connmark: use RCU in tcf_connmark_dump()
- net/mlx5e: Fix maxrate wraparound in threshold between units
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
- net/mlx5e: Fix potentially misleading debug message
- net_sched: limit try_bulk_dequeue_skb() batches
- virtio-net: fix incorrect flags recording in big mode
- hsr: Fix supervision frame sending on HSRv0
- ACPI: CPPC: Check _CPC validity for only the online CPUs
- ACPI: CPPC: Perform fast check switch only for online CPUs
- ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
- Bluetooth: L2CAP: export l2cap_chan_hold for modules
- cifs: stop writeback extension when change of size is detected
- cifs: Fix uncached read into ITER_KVEC iterator
- acpi,srat: Fix incorrect device handle check for Generic Initiator
- regulator: fixed: fix GPIO descriptor leak on register failure
- ASoC: cs4271: Fix regulator leak on probe failure
- ASoC: codecs: va-macro: fix resource leak in probe error path
- ASoC: tas2781: fix getting the wrong device number
- pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
- NFS: enable nconnect for RDMA
- pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS
- NFS: sysfs: fix leak when nfs_client kobject add fails
- NFSv4: Fix an incorrect parameter when calling nfs4_call_sync()
- acpi/hmat: Fix lockdep warning for hmem_register_resource()
- irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops
- lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN
- mtd: onenand: Pass correct pointer to IRQ handler
- arm64: dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1
- ARM: dts: imx51-zii-rdu1: Fix audmux node names
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
- ARM: dts: BCM53573: Fix address of Luxul XAP-1440's Ethernet PHY
- HID: uclogic: Fix potential memory leak in error path
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated
- gcov: add support for GCC 15
- strparser: Fix signed/unsigned mismatch bug
- dma-mapping: benchmark: Restore padding to ensure uABI remained
consistent
- LoongArch: Use correct accessor to read FWPC/MWPC
- LoongArch: Let {pte,pmd}_modify() record the status of _PAGE_DIRTY
- selftests/tracing: Run sample events to clear page cache events
- wifi: mac80211: reject address change while connecting
- mm/mm_init: fix hash table order logging in alloc_large_system_hash()
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
- crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value
- smb: client: fix cifs_pick_channel when channel needs reconnect
- spi: Try to get ACPI GPIO IRQ earlier
- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
- selftests/user_events: fix type cast for write_index packed member in
perf_test
- LoongArch: Use physical addresses for CSR_MERRENTRY/CSR_TLBRENTRY
- EDAC/altera: Handle OCRAM ECC enable after warm reset
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
- btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe()
- btrfs: do not update last_log_commit when logging inode due to a new
name
- pmdomain: samsung: plug potential memleak during probe
- selftests: mptcp: connect: fix fallback note due to OoO
- selftests: mptcp: join: rm: set backup flag
- selftests: mptcp: connect: trunc: read all recv data
- Revert "perf dso: Add missed dso__put to dso__load_kcore"
- mm, percpu: do not consider sleepable allocations atomic
- netpoll: remove netpoll_srcu
- net: netpoll: Individualize the skb pool
- net: netpoll: flush skb pool during cleanup
- scsi: ufs: core: Add UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE
- scsi: ufs: core: fold ufshcd_clear_keyslot() into its caller
- scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE
- scsi: ufs: core: Add fill_crypto_prdt variant op
- scsi: ufs: core: Add UFSHCD_QUIRK_KEYS_IN_PRDT
- scsi: ufs: core: Add a quirk for handling broken LSDBS field in
controller capabilities register
- scsi: ufs: core: Add a quirk to suppress link_startup_again
- scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel
ADL
- filemap: cap PTE range to be created to allowed zero fill in
folio_map_range()
- mm/memory: do not populate page table entries beyond i_size
- mm/truncate: unmap large folio on split failure
- net: netpoll: ensure skb_pool list is always initialized
- memory tiers: use default_dram_perf_ref_source in log message
- memcg: fix data-race KCSAN bug in rstats
- s390/pci: Restore IRQ unconditionally for the zPCI device
- wifi: ath11k: add support for MU EDCA
- wifi: ath11k: avoid bit operation on key flags
- wifi: mac80211: don't mark keys for inactive links as uploaded
- wifi: mac80211: fix key tailroom accounting leak
- kunit: test_dev_action: Correctly cast 'priv' pointer to long*
- bpf: Find eligible subprogs for private stack support
- bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth
- bpf: Do not audit capability check in do_jit()
- Bluetooth: ISO: Update hci_conn_hash_lookup_big for Broadcast slave
- Bluetooth: ISO: Fix BIS connection dst_type handling
- dpll: spec: add missing module-name and clock-id to pin-get reply
- ASoC: fsl_sai: Fix sync error in consumer mode
- ACPI: fan: Use ACPI handle when retrieving _FST
- drm/sched: avoid killing parent entity on child SIGKILL
- drm/nouveau: Fix race in nouveau_sched_fini()
- drm/ast: Clear preserved bits from register output value
- drm/amd: Check that VPE has reached DPM0 in idle handler
- drm/amd/display: Fix incorrect return of vblank enable on unconfigured
crtc
- firmware: qcom: scm: preserve assign_mem() error return value
- soc: ti: pruss: don't use %pK through printk
- bpf: Use tnums for JEQ/JNE is_branch_taken logic
- ACPI: video: force native for Lenovo 82K8
- libbpf: Fix USDT SIB argument handling causing unrecognized register
error
- ACPI: resource: Skip IRQ override on ASUS Vivobook Pro N6506CU
- thermal: gov_step_wise: Allow cooling level to be reduced earlier
- thermal: intel: selftests: workload_hint: Mask unsupported types
- cpufreq: ondemand: Update the efficient idle check for Intel extended
Families
- pwm: pca9685: Use bulk write to atomicially update registers
- i3c: mipi-i3c-hci-pci: Add support for Intel Wildcat Lake-U I3C
- hwmon: (dell-smm) Remove Dell Precision 490 custom config data
- selftests/bpf: Fix flaky bpf_cookie selftest
- mfd: core: Increment of_node's refcount before linking it to the
platform device
- mfd: intel-lpss: Add Intel Wildcat Lake LPSS PCI IDs
- drm/amdgpu: add range check for RAS bad page address
- drm/amdgpu: Check vcn sram load return value
- ASoC: mediatek: Use SND_JACK_AVOUT for HDMI/DP jacks
- drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off
- wifi: rtw89: print just once for unknown C2H events
- PCI/ERR: Update device error_state already after reset
- scsi: ufs: host: mediatek: Fix PWM mode switch issue
- HID: pidff: Use direction fix only for conditional effects
- HID: pidff: PERMISSIVE_CONTROL quirk autodetection
- wifi: rtw89: fix BSSID comparison for non-transmitted BSSID
- dm error: mark as DM_TARGET_PASSES_INTEGRITY
- bnxt_en: Add Hyper-V VF ID
- idpf: do not linearize big TSO packets
- net: wangxun: limit tx_max_coalesced_frames_irq
- rpmsg: char: Export alias for RPMSG ID rpmsg-raw from table
- net: ipv4: allow directed broadcast routes to use dst hint
- scsi: mpi3mr: Fix I/O failures during controller reset
- drm/amd/display: Support HW cursor 180 rot for any number of pipe splits
- media: pci: mgb4: Fix timings comparison in VIDIOC_S_DV_TIMINGS
- ASoC: SOF: ipc4-pcm: Add fixup for channels
- drm/amdgpu: Avoid vcn v5.0.1 poison irq call trace on sriov guest
- inet_diag: annotate data-races in inet_diag_bc_sk()
- scsi: ufs: exynos: fsd: Gate ref_clk and put UFS device in reset on
suspend
- drm/xe/guc: Increase GuC crash dump buffer size
- drm: panel-backlight-quirks: Make EDID match optional
- PCI: imx6: Enable the Vaux supply if available
- drm/xe/guc: Set upper limit of H2G retries over CTB
- crypto: ccp: Skip SEV and SNP INIT for kdump boot
- drm/amd/display: Fix pbn_div Calculation Error
- tty/vt: Add missing return value for VT_RESIZE in vt_ioctl()
- PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs
- selftests: mptcp: join: allow more time to send ADD_ADDR
- scsi: ufs: host: mediatek: Correct system PM flow
- selftests: traceroute: Return correct value on failure
- openrisc: Add R_OR1K_32_PCREL relocation type module support
- wifi: mt76: mt76_eeprom_override to int
- wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error
- drm/amd/display: Set up pixel encoding for YCBCR422
- drm/amd/display: fix dml ms order of operations
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands
fail
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point
topology
- wifi: rtw89: renew a completion for each H2C command waiting C2H event
- usb: xhci-pci: add support for hosts with zero USB3 ports
- RDMA/ipoib: Remove NULL check before dev_{put, hold}
- IB/ipoib: Ignore L3 master device
- bus: mhi: core: Improve mhi_sync_power_up handling for SYS_ERR state
- wifi: mac80211: Track NAN interface start/stop
- crypto: hisilicon/qm - invalidate queues in use
- crypto: hisilicon/qm - adjust the internal processing sequence of the vf
enable and disable
- crypto: hisilicon/qm - clear all VF configurations in the hardware
- selftests: forwarding: Reorder (ar)ping arguments to obey POSIX getopt
- net: dsa: microchip: Set SPI as bus interface during reset for KSZ8463
- drm/amd/display: Init dispclk from bootup clock for DCN314
- drm/amd/display: Fix for test crash due to power gating
- drm/amd/display: change dc stream color settings only in atomic commit
- ACPI: scan: Update honor list for RPMI System MSI
- vfio/pci: Fix INTx handling on legacy non-PCI 2.3 devices
- Bluetooth: btusb: Add new VID/PID 13d3/3633 for MT7922
- net: stmmac: est: Drop frames causing HLBS error
- usb: xhci-pci: Fix USB2-only root hub registration
- drm/amd/display: Add fallback path for YCBCR422
- RDMA/hns: Fix recv CQ and QP cache affinity
- clk: clocking-wizard: Fix output clock register offset for Versal
platforms
- LoongArch: Handle new atomic instructions for probes
- net: wwan: t7xx: add support for HP DRMR-H01
- ceph: fix potential race condition in ceph_ioctl_lazyio()
- net: ionic: add dma_wmb() before ringing TX doorbell
- net: ionic: map SKB after pseudo-header checksum prep
- bnxt_en: Add mem_valid bit to struct bnxt_ctx_mem_type
- bnxt_en: Refactor bnxt_free_ctx_mem()
- bnxt_en: Add a 'force' parameter to bnxt_free_ctx_mem()
- net: wan: framer: pef2256: Switch to devm_mfd_add_devices()
- drm/amdgpu/smu: Handle S0ix for vangogh
- drm/amd/display: update color on atomic commit time
- drm/mediatek: Add pm_runtime support for GCE power control
- arm64: kprobes: check the return value of set_memory_rox()
- NFS4: Apply delay_retrans to async operations
- HID: nintendo: Wait longer for initial probe
- HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL
- NFSD: Skip close replay processing if XDR encoding fails
- net: ethernet: ti: am65-cpsw-qos: fix IET verify/response timeout
- net: ethernet: ti: am65-cpsw-qos: fix IET verify retry mechanism
- proc: fix the issue of proc_mem_open returning NULL
- ext4: introduce ITAIL helper
- LoongArch: KVM: Add delay until timer interrupt injected
- nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes
- ftrace: Fix BPF fexit with livepatch
- btrfs: zoned: fix conventional zone capacity calculation
- btrfs: release root after error in data_reloc_print_warning_inode()
- pmdomain: imx: Fix reference count leak in imx_gpc_remove
- selftests: mptcp: join: userspace: longer transfer
- selftests: mptcp: join: properly kill background tasks
- wifi: cfg80211: add an hrtimer based delayed work item
- proc: proc_maps_open allow proc_mem_open to return NULL
- Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete
- Upstream stable to v6.6.117, v6.12.58, v6.12.59
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68204
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-22107
- net: dsa: sja1105: fix kasan out-of-bounds warning in
sja1105_table_delete_entry()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-39981
- Bluetooth: MGMT: Fix possible UAFs
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-22121
- ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-23129
- wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq()
in error path
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40287
- exfat: fix improper check of dentry.stream.valid_size
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40289
- drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68201
- drm/amdgpu: remove two invalid BUG_ON()s
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68180
- drm/amd/display: Fix NULL deref in debugfs odm_combine_segments
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68322
- parisc: Avoid crash due to unaligned access in unwinder
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40305
- 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40307
- exfat: validate cluster allocation bits of the allocation bitmap
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68190
- drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68315
- f2fs: fix to detect potential corrupted nid in free_nid_list
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40339
- drm/amdgpu: fix nullptr err of vm_handle_moved
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68311
- tty: serial: ip22zilog: Use platform device for probing
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68313
- x86/CPU/AMD: Add RDSEED fix for Zen5
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40360
- drm/sysfb: Do not dereference NULL pointer in plane reset
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68734
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40272
- mm/secretmem: fix use-after-free race in fault handler
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40077
- f2fs: fix to avoid overflow while left shift operation
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68245
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40293
- iommufd: Don't overflow during division for dirty tracking
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40303
- btrfs: ensure no dirty metadata is written back for an fs with errors
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68184
- drm/mediatek: Disable AFBC support on Mediatek DRM driver
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40268
- cifs: client: fix memory leak in smb3_fs_context_parse_param
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40269
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40271
- fs/proc: fix uaf in proc_readdir_de()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68241
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68246
- ksmbd: close accepted socket when per-IP limit rejects connection
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40273
- NFSD: free copynotify stateid in nfs4_free_ol_stateid()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68208
- bpf: account for current allocated stack depth in
widen_imprecise_scalars()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68200
- bpf: Add bpf_prog_run_data_pointers()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40275
- ALSA: usb-audio: Fix NULL pointer dereference in
snd_usb_mixer_controls_badd
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40277
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40278
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-
infoleak
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40279
- net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40280
- tipc: Fix use-after-free in tipc_mon_reinit_self().
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40281
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40282
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40283
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40284
- Bluetooth: MGMT: cancel mesh send timer when hdev removed
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40285
- smb/server: fix possible refcount leak in smb2_sess_setup()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40286
- smb/server: fix possible memory leak in smb2_read()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40288
- drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68244
- drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40292
- virtio-net: fix received length check in big packets
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40328
- smb: client: fix potential UAF in smb2_close_cached_fid()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40294
- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40329
- drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68320
- lan966x: Fix sleeping in atomic context
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68192
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40331
- sctp: Prevent TOCTOU out-of-bounds write
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40301
- Bluetooth: hci_event: validate skb length for unknown CC opcode
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40358
- riscv: stacktrace: Disable KASAN checks for non-current tasks
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40304
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68183
- ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68173
- ftrace: Fix softlockup in ftrace_module_enable
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40306
- orangefs: fix xattr related buffer overflow...
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40308
- Bluetooth: bcsp: receive data only if registered
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40309
- Bluetooth: SCO: Fix UAF on sco_conn_free
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40310
- amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40311
- accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68185
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode
dereferencing
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68176
- PCI: cadence: Check for the existence of cdns_pcie::ops before using it
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68168
- jfs: fix uninitialized waitqueue in transaction manager
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40312
- jfs: Verify inode mode when loading from disk
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40333
- f2fs: fix infinite loop in __insert_extent_tree()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68321
- page_pool: always add GFP_NOWARN for ATOMIC allocations
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68191
- udp_tunnel: use netdev_warn() instead of netdev_WARN()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40313
- ntfs3: pretend $Extend records as regular files
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40314
- usb: cdns3: gadget: Use-after-free during failed initialization and exit
of cdnsp gadget
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40337
- net: stmmac: Correctly handle Rx checksum offload errors
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68194
- media: imon: make send_packet() more robust
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40363
- net: ipv6: fix field-spanning memcpy warning in AH output
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68178
- blk-cgroup: fix possible deadlock while configuring policy
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40341
- futex: Don't leak robust_list pointer on exec race
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40342
- nvme-fc: use lock accessing port_state and rport state
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40343
- nvmet-fc: avoid scheduling association deletion twice
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68177
- cpufreq/longhaul: handle NULL policy in longhaul_exit
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40315
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68310
- s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68179
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40317
- regmap: slimbus: fix bus_context pointer in regmap init calls
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40318
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68312
- usbnet: Prevents free active kevent
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68172
- crypto: aspeed - fix double free caused by devm
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40319
- bpf: Sync pending IRQ work before freeing ring buffer
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-68171
- x86/fpu: Ensure XFD state on signal delivery
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40320
- smb: client: fix potential cfid UAF in smb2_query_info_compound
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40321
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP
Mode
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40322
- fbdev: bitblit: bound-check glyph index in bit_putcs*
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40211
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness()
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40323
- fbcon: Set fb_display[i]->mode to NULL when the mode is released
* Noble update: upstream stable patchset 2026-01-30 (LP: #2139460) //
CVE-2025-40324
- NFSD: Fix crash in nfsd4_read_release()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282)
- exec: Fix incorrect type for ret
- hfs: clear offset and space out of valid records in b-tree node
- hfs: make proper initalization of struct hfs_find_data
- dlm: check for defined force value in dlm_lockspace_release
- hfsplus: return EIO when type of hidden directory mismatch in
hfsplus_fill_super()
- lkdtm: fortify: Fix potential NULL dereference on kmalloc failure
- m68k: bitops: Fix find_*_bit() signatures
- powerpc/32: Remove PAGE_KERNEL_TEXT to fix startup failure
- drivers/perf: hisi: Relax the event ID check in the framework
- smb: server: let smb_direct_flush_send_list() invalidate a remote key
first
- Unbreak 'make tools/*' for user-space targets
- net/mlx5e: Return 1 instead of 0 in invalid case in
mlx5e_mpwrq_umr_entry_size()
- rtnetlink: Allow deleting FDB entries in user namespace
- net: enetc: correct the value of ENETC_RXB_TRUESIZE
- dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of
can_dropped_invalid_skb()
- selftests: net: fix server bind failure in sctp_vrf.sh
- net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead
- net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ
- arm64, mm: avoid always making PTE dirty in pte_mkwrite()
- net: bonding: fix possible peer notify event loss or dup issue
- dma-debug: don't report false positives with
DMA_BOUNCE_UNALIGNED_KMALLOC
- gpio: pci-idio-16: Define maximum valid register address offset
- gpio: 104-idio-16: Define maximum valid register address offset
- Revert "cpuidle: menu: Avoid discarding useful information"
- ACPICA: Work around bogus -Wstringop-overread warning since GCC 11
- can: netlink: can_changelink(): allow disabling of automatic restart
- cifs: Fix TCP_Server_Info::credits to be signed
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from
registering
- net: stmmac: dwmac-rk: Fix disabling set_clock_selection
- net: usb: rtl8150: Fix frame padding
- net: ravb: Enforce descriptor type ordering
- net: ravb: Ensure memory write completes before ringing TX doorbell
- selftests: mptcp: join: mark 'flush re-add' as skipped if not supported
- selftests: mptcp: join: mark implicit tests as skipped if not supported
- spi: spi-nxp-fspi: add extra delay after dll locked
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw
mode
- RISC-V: Define pgprot_dmacoherent() for non-coherent devices
- RISC-V: Don't print details of CPUs disabled in DT
- hwmon: (sht3x) Fix error handling
- gpio: ljca: Fix duplicated IRQ mapping
- io_uring: correct __must_hold annotation in io_install_fixed_file
- sched: Remove never used code in mm_cid_get()
- USB: serial: option: add UNISOC UIS7720
- USB: serial: option: add Quectel RG255C
- USB: serial: option: add Telit FN920C04 ECM compositions
- usb/core/quirks: Add Huawei ME906S to wakeup quirk
- usb: raw-gadget: do not limit transfer length
- xhci: dbc: enable back DbC in resume if it was enabled before suspend
- x86/microcode: Fix Entrysign revision check for Zen1/Naples
- binder: remove "invalid inc weak" check
- mei: me: add wildcat lake P DID
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup
- tcpm: switch check for role_sw device with fw_node
- dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp
- serial: 8250_dw: handle reset control deassert error
- serial: 8250_exar: add support for Advantech 2 port card with Device ID
0x0018
- serial: 8250_mtk: Enable baud clock and manage in runtime PM
- devcoredump: Fix circular locking dependency with devcd->mutex.
- xfs: always warn about deprecated mount options
- fuse: allocate ff->release_args only if release is needed
- audit: record fanotify event regardless of presence of rules
- perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of
current->mm == NULL
- perf: Have get_perf_callchain() return NULL if crosstask and user are
set
- perf: Skip user unwind if the task is a kernel thread
- x86/bugs: Report correct retbleed mitigation status
- x86/bugs: Fix reporting of LFENCE retpoline
- EDAC/mc_sysfs: Increase legacy channel support to 16
- btrfs: zoned: return error from btrfs_zone_finish_endio()
- btrfs: zoned: refine extent allocator hint selection
- btrfs: scrub: replace max_t()/min_t() with clamp() in
scrub_throttle_dev_io()
- btrfs: always drop log root tree reference in btrfs_replay_log()
- btrfs: use level argument in log tree walk callback replay_one_buffer()
- btrfs: use smp_mb__after_atomic() when forcing COW in
create_pending_snapshot()
- arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c
- mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR
- selftests: mptcp: disable add_addr retrans in endpoint_tests
- selftests: mptcp: join: mark 'delete re-add signal' as skipped if not
supported
- serial: sc16is7xx: remove useless enable of enhanced features
- xhci: dbc: poll at different rate depending on data transfer activity
- xhci: dbc: Allow users to modify DbC poll interval via sysfs
- xhci: dbc: Improve performance by removing delay in transfer event
polling.
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are
inactive.
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall
event
- bits: add comments and newlines to #if, #else and #endif directives
- bits: introduce fixed-type GENMASK_U*()
- gpio: regmap: Allow to allocate regmap-irq device
- gpio: regmap: add the .fixed_direction_output configuration parameter
- gpio: idio-16: Define fixed direction of the GPIO lines
- PCI: Test for bit underflow in pcie_set_readrq()
- arm64: sysreg: Correct sign definitions for EIESB and DoubleLock
- s390/mm: Use __GFP_ACCOUNT for user page table allocations
- ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop
- riscv: hwprobe: avoid uninitialized variable use in hwprobe_arch_id()
- perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK
- cpuset: Use new excpus for nocpu error check when enabling root
partition
- btrfs: abort transaction on specific error places when walking log tree
- btrfs: abort transaction in the process_one_buffer() log tree walk
callback
- btrfs: abort transaction if we fail to update inode in log replay dir
fixup
- btrfs: tree-checker: add inode extref checks
- docs: kdoc: handle the obsolescensce of docutils.ErrorString()
- bonding: return detailed error when loading native XDP fails
- btrfs: tree-checker: fix bounds check in check_inode_extref()
- Upstream stable to v6.6.115, v6.6.116, v6.12.56, v6.12.57
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-37860
- sfc: fix NULL dereferences in ef100_process_design_param()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-21833
- iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-22105
- bonding: check xdp prog when set bond mode
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-38643
- wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-23130
- f2fs: fix to avoid panic once fallocation fails for pinfile
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40353
- arm64: mte: Do not warn if the page is already tagged in copy_highpage()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-39678
- platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40235
- btrfs: directly free partially initialized fs_info in
btrfs_check_leaked_roots()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40238
- net/mlx5: Fix IPsec cleanup over MPV device
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40242
- gfs2: Fix unlikely race in gdlm_put_lock
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40083
- net/sched: sch_qfq: Fix null-deref in agg_dequeue
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40084
- ksmbd: transport_ipc: validate payload size before reading handle
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40220
- fuse: fix livelock in synchronous file put from fuseblk workers
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40237
- fs/notify: call exportfs_encode_fid with s_umount
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-68249
- most: usb: hdm_probe: Fix calling put_device() before device
initialization
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40223
- most: usb: Fix use-after-free in hdm_disconnect
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40106
- comedi: fix divide-by-zero in comedi_buf_munge()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40226
- firmware: arm_scmi: Account for failed debug initialization
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40231
- vsock: fix lock inversion in vsock_assign_transport()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40233
- ocfs2: clear extent cache after moving/defragmenting extents
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40346
- arch_topology: Fix incorrect error check in
topology_parse_cpu_capacity()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40240
- sctp: avoid NULL dereference when chunk data buffer is missing
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40350
- net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding
RQ
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40347
- net: enetc: fix the deadlock of enetc_mdio_lock
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40243
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40351
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40349
- hfs: validate record offset in hfsplus_bmap_alloc
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40244
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
* Noble update: upstream stable patchset 2026-01-29 (LP: #2139282) //
CVE-2025-40245
- nios2: ensure that memblock.current_limit is set when setting pfn limits
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267)
- r8152: add error handling in rtl8152_driver_init
- f2fs: fix wrong block mapping for multi-devices
- jbd2: ensure that all ongoing I/O complete before freeing blocks
- ext4: wait for ongoing I/O to complete before freeing blocks
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already
running
- btrfs: fix incorrect readahead expansion length
- can: gs_usb: gs_make_candev(): populate net_device->dev_port
- can: gs_usb: increase max interface to U8_MAX
- drm/amdgpu: use atomic functions with memory barriers for vm fault info
- drm/amd: Check whether secure display TA loaded successfully
- cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay
- epoll: Remove ep_scan_ready_list() in comments
- eventpoll: Replace rwlock with spinlock
- drm/msm/adreno: De-spaghettify the use of memory barriers
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in
functions
- drm/exynos: exynos7_drm_decon: properly clear channels during bind
- drm/exynos: exynos7_drm_decon: remove ctx->suspended
- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain()
- usb: gadget: Store endpoint pointer in usb_request
- usb: gadget: Introduce free_usb_request helper
- HID: multitouch: fix sticky fingers
- dax: skip read lock assertion for read-only filesystems
- can: m_can: m_can_plat_remove(): add missing pm_runtime_disable()
- net: dlink: handle dma_map_single() failure properly
- doc: fix seg6_flowlabel path
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H
- amd-xgbe: Avoid spurious link down messages during interface toggle
- tcp: fix tcp_tso_should_defer() vs large RTT
- tg3: prevent use of uninitialized remote_adv and local_adv variables
- tls: trim encrypted message to match the plaintext on short splice
- net: tls: wait for async completion on last message
- tls: wait for async encrypt in case of error during latter iterations of
sendmsg
- tls: always set record_type in tls_process_cmsg
- tls: don't rely on tx_work during send()
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in
lan78xx_reset
- nvme-multipath: Skip nr_active increments in RETRY disposition
- riscv: kprobes: Fix probe address validation
- drm/bridge: lt9211: Drop check for last nibble of version register
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec
- ASoC: nau8821: Cancel jdet_work before handling jack ejection
- ASoC: nau8821: Generalize helper to clear IRQ status
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit
- drm/i915/guc: Skip communication warning on reset in progress
- drm/amd/powerplay: Fix CIK shutdown temperature
- drm/rockchip: vop2: use correct destination rectangle height check
- sched/balancing: Rename newidle_balance() => sched_balance_newidle()
- sched/fair: Fix pelt lost idle time detection
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
- selftests/bpf: make arg_parsing.c more robust to crashes
- HID: hid-input: only ignore 0 battery events for digitizers
- HID: multitouch: fix name of Stylus input devices
- selftests: arg_parsing: Ensure data is flushed to disk before reading.
- arm64: cputype: Add Neoverse-V3AE definitions
- arm64: errata: Apply workarounds for Neoverse-V3AE
- NFSD: Rework encoding and decoding of nfsd4_deviceid
- NFSD: Minor cleanup in layoutcommit processing
- xfs: rename the old_crc variable in xlog_recover_process
- xfs: fix log CRC mismatches between i386 and other architectures
- PM: runtime: Add new devm functions
- iio: imu: inv_icm42600: Simplify pm_runtime setup
- phy: cdns-dphy: Store hs_clk_rate and return it
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling
- iio: imu: inv_icm42600: reorganize DMA aligned buffers in structure
- iio: imu: inv_icm42600: Avoid configuring if already pm_runtime
suspended
- quota: remove unneeded return value of register_quota_format
- phy: cadence: cdns-dphy: Update calibration wait time for startup state
machine
- PCI: Add PCI_VDEVICE_SUB helper macro
- ixgbevf: Add support for Intel(R) E610 device
- ixgbevf: fix getting link speed data for E610 devices
- nfsd: decouple the xprtsec policy check from check_nfsd_access()
- PCI/sysfs: Ensure devices are powered for config reads (part 2)
- ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl"
exists
- PCI: j721e: Fix programming sequence of "strap" settings
- perf/core: Fix address filter match with backing files
- perf/core: Fix MMAP event path names with backing files
- perf/core: Fix MMAP2 event device with backing files
- drm/msm/a6xx: Fix PDC sleep sequence
- can: m_can: m_can_handle_state_errors(): fix CAN state transition to
Error Active
- can: m_can: m_can_chip_config(): bring up interface in correct state
- drm/amdgpu: add ip offset support for cyan skillfish
- drm/amdgpu: add support for cyan skillfish without IP discovery
- drm/amdgpu: fix handling of harvesting for ip_discovery firmware
- nvme/tcp: handle tls partially sent records in write_space()
- nfsd: Use correct error code when decoding extents
- nfsd: Drop dprintk in blocklayout xdr functions
- NFSD: Implement large extent array support in pNFS
- NFSD: Fix last write offset handling in layoutcommit
- wifi: rtw89: avoid possible TX wait initialization race
- xfs: use deferred intent items for reaping crosslinked blocks
- md/raid0: Handle bio_split() errors
- md/raid1: Handle bio_split() errors
- md/raid10: Handle bio_split() errors
- md: fix mssing blktrace bio split events
- x86/resctrl: Refactor resctrl_arch_rmid_read()
- x86/resctrl: Fix miscount of bandwidth event when reactivating
previously unavailable RMID
- d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier
- dmaengine: Add missing cleanup on module unload
- Upstream stable to v6.6.114, v6.12.55
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40105
- vfs: Don't leak disconnected dentries on umount
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40092
- usb: gadget: f_ncm: Refactor bind path to use __free()
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40101
- btrfs: fix memory leaks when rejecting a non SINGLE data profile without
an RST
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40166
- drm/xe/guc: Check GuC running state before deregistering exec queue
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40104
- ixgbevf: fix mailbox API compatibility by negotiating supported features
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40087
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40196
- fs: quota: create dedicated workqueue for quota_release_work
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40088
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40085
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40172
- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages()
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40176
- tls: wait for pending async decryptions if tls_strp_msg_hold fails
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40173
- net/ip6_tunnel: Prevent perpetual tunnel growth
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40095
- usb: gadget: f_rndis: Refactor bind path to use __free()
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40094
- usb: gadget: f_acm: Refactor bind path to use __free()
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40093
- usb: gadget: f_ecm: Refactor bind path to use __free()
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40165
- media: nxp: imx8-isi: m2m: Fix streaming cleanup on release
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40096
- drm/sched: Fix potential double free in
drm_sched_job_add_resv_dependencies
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40099
- cifs: parse_dfs_referrals: prevent oob on malformed input
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40100
- btrfs: do not assert we found block group item when creating free space
tree
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40167
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
* Noble update: upstream stable patchset 2026-01-28 (LP: #2139267) //
CVE-2025-40103
- smb: client: Fix refcount leak for cifs_sb_tlink
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158)
- fs: always return zero on success from replace_fd()
- fscontext: do not consume log entries when returning -EMSGSIZE
- clocksource/drivers/clps711x: Fix resource leaks in error paths
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE
- asm-generic/io.h: Skip trace helpers if rwmmio events are disabled
- perf evsel: Avoid container_of on a NULL leader
- libperf event: Ensure tracing data is multiple of 8 sized
- clk: at91: peripheral: fix return value
- perf util: Fix compression checks returning -1 as bool
- rtc: x1205: Fix Xicor X1205 vendor prefix
- rtc: optee: fix memory leak on driver removal
- perf arm_spe: Correct setting remote access
- perf arm-spe: Rename the common data source encoding
- perf arm_spe: Correct memory level for remote access
- perf session: Fix handling when buffer exceeds 2 GiB
- perf test: Don't leak workload gopipe in PERF_RECORD_*
- perf test: Add a test for default perf stat command
- perf tools: Add fallback for exclude_guest
- perf evsel: Ensure the fallback message is always written to
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m
- clk: mediatek: clk-mux: Do not pass flags to
clk_mux_determine_rate_flags()
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate()
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver
- clk: tegra: do not overallocate memory for bpmp clocks
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size
- LoongArch: Remove CONFIG_ACPI_TABLE_UPGRADE in platform_init()
- LoongArch: Init acpi_gbl_use_global_lock to false
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()
- drm/vmwgfx: Fix copy-paste typo in validation
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe
- tools build: Align warning options with perf
- perf python: split Clang options when invoking Popen
- tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat()
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes
- drm/amdgpu: Add additional DCE6 SCL registers
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
- drm/amd/display: Properly disable scaling on DCE6
- netfilter: nf_tables: drop unused 3rd argument from validate callback
ops
- bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
- smb: client: fix missing timestamp updates after utime(2)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
- gpio: wcd934x: mark the GPIO controller as sleeping
- bpf: Avoid RCU context warning when unpinning htab with internal structs
- ACPI: property: Fix buffer properties extraction for subnodes
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT
- ACPI: debug: fix signedness issues in read/write helpers
- arm64: dts: qcom: msm8916: Add missing MDSS reset
- arm64: dts: qcom: msm8939: Add missing MDSS reset
- arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees
- arm64: dts: ti: k3-am62a-main: Fix main padcfg length
- ARM: OMAP2+: pm33xx-core: ix device node reference leaks in
amx3_idle_init
- dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-
required
- xen/events: Cleanup find_virq() return codes
- xen/manage: Fix suspend error path
- xen/events: Update virq_to_irq on migration
- firmware: meson_sm: fix device leak at probe
- media: cx18: Add missing check after DMA map
- media: i2c: mt9v111: fix incorrect type for ret
- media: mc: Fix MUST_CONNECT handling for pads with no links
- media: pci: ivtv: Add missing check after DMA map
- media: venus: firmware: Use correct reset sequence for IRIS2
- media: lirc: Fix error handling in lirc_register()
- drm/rcar-du: dsi: Fix 1/2/3 lane support
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep
- blk-crypto: fix missing blktrace bio split events
- bus: mhi: ep: Fix chained transfer handling in read path
- bus: mhi: host: Do not use uninitialized 'dev' pointer in
mhi_init_irq_setup()
- copy_sighand: Handle architectures where sizeof(unsigned long) <
sizeof(u64)
- crypto: aspeed - Fix dma_unmap_sg() direction
- crypto: atmel - Fix dma_unmap_sg() direction
- crypto: rockchip - Fix dma_unmap_sg() nents value
- fbdev: Fix logic error in "offb" name match
- fs/ntfs3: Fix a resource leak bug in wnd_extend()
- iio: dac: ad5360: use int type to store negative error codes
- iio: dac: ad5421: use int type to store negative error codes
- iio: frequency: adf4350: Fix prescaler usage.
- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK
- iio: xilinx-ams: Unmask interrupts after updating alarms
- init: handle bootloader identifier in kernel parameters
- iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in
resume
- iommu/vt-d: PRS isn't usable if PDS isn't supported
- KEYS: trusted_tpm1: Compare HMAC values in constant time
- lib/genalloc: fix device leak in of_gen_pool_get()
- of: unittest: Fix device reference count leak in
of_unittest_pci_node_verify
- openat2: don't trigger automounts with RESOLVE_NO_XDEV
- parisc: don't reference obsolete termio struct for TC* constants
- parisc: Remove spurious if statement from raw_copy_from_user()
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
- pinctrl: samsung: Drop unused S3C24xx driver data
- power: supply: max77976_charger: fix constant current reporting
- powerpc/powernv/pci: Fix underflow and leak issue
- powerpc/pseries/msi: Fix potential underflow and leak issue
- sched/deadline: Fix race in push_dl_task()
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()
- sparc64: fix hugetlb for sun4u
- sparc: fix error handling in scan_one_device()
- mtd: rawnand: fsmc: Default to autodetect buswidth
- mmc: core: SPI mode remove cmd7
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled
- rtc: interface: Fix long-standing race when setting alarm
- rseq/selftests: Use weak symbol reference, not definition, to link with
glibc
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock
- PCI/sysfs: Ensure devices are powered for config reads
- PCI/ERR: Fix uevent on failure to recover
- PCI/AER: Fix missing uevent on recovery when a reset is requested
- PCI/AER: Support errors introduced by PCIe r6.0
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on
exit
- PCI: rcar-host: Drop PMSR spinlock
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq()
- PCI: tegra194: Handle errors in BPMP response
- spi: cadence-quadspi: Flush posted register writes before INDAC access
- spi: cadence-quadspi: Flush posted register writes before DAC access
- x86/umip: Check that the instruction opcode is at least two bytes
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT
aliases)
- selftests: mptcp: join: validate C-flag + def limit
- wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500
- mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
- mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when
max_huge_pages=0
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
- ext4: increase i_disksize to offset + len in
ext4_update_disksize_before_punch()
- ext4: correctly handle queries for metadata mappings
- ext4: fix an off-by-one issue during moving extents
- ext4: guard against EA inode refcount underflow in xattr update
- ext4: validate ea_ino and size in check_xattrs
- ACPICA: Allow to skip Global Lock initialization
- ext4: free orphan info with kvfree
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older
- Squashfs: add additional inode sanity checking
- media: mc: Clear minor number before put device
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register
value
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag
- ksmbd: add max ip connections parameter
- misc: fastrpc: Add missing dev_err newlines
- misc: fastrpc: Save actual DMA size in fastrpc_map structure
- PCI: endpoint: Remove surplus return statement from
pci_epf_test_clean_dma_chan()
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range()
- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2
- ipmi: Fix handling of messages with provided receive message pointer
- arm64: kprobes: call set_memory_rox() for kprobe page
- arm64: mte: Do not flag the zero page as PG_mte_tagged
- ACPI: battery: allocate driver data through devm_ APIs
- ACPI: battery: initialize mutexes through devm_ APIs
- ACPI: battery: Check for error code from devm_mutex_init() call
- ACPI: battery: Add synchronization between interface updates
- ACPI: property: Disregard references in data-only subnode lists
- ACPI: property: Add code comments explaining what is going on
- ACPI: property: Do not pass NULL handles to acpi_attach_data()
- s390/bpf: Change seen_reg to a mask
- s390/bpf: Centralize frame offset calculations
- s390/bpf: Describe the frame using a struct instead of constants
- s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL
- s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG
- selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is
disabled
- mptcp: pm: in-kernel: usable client side with C-flag
- irqchip/sifive-plic: Make use of __assign_bit()
- irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume
- minixfs: Verify inode mode when loading from disk
- fs: Add 'initramfs_options' to set initramfs mount options
- cramfs: Verify inode mode when loading from disk
- writeback: Avoid softlockup when switching many inodes
- writeback: Avoid excessively long inode switching times
- perf test stat: Avoid hybrid assumption when virtualized
- rseq: Protect event mask against membarrier IPI
- perf vendor events arm64 AmpereOneX: Fix typo - should be
l1d_cache_access_prefetches
- ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer
size
- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead
of buffer time
- ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel
- s390/cio: Update purge function to unregister the unused subchannels
- mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend()
- mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend()
- mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data()
- cifs: Fix copy_to_iter return value check
- ARM: AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on
reset)
- media: s5p-mfc: remove an unused/uninitialized variable
- media: ti: j721e-csi2rx: Use devm_of_platform_populate
- media: ti: j721e-csi2rx: Fix source subdev link creation
- drm/xe/uapi: loosen used tracking restriction
- PCI: xilinx-nwl: Fix ECAM programming
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode
- s390: Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR
- wifi: mt76: mt7925u: Add VID/PID for Netgear A9000
- ext4: add ext4_sb_bread_nofail() helper function for
ext4_free_branches()
- mm/ksm: fix incorrect KSM counter handling in mm_struct during fork
- KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace
- copy_file_range: limit size if in compat mode
- Upstream stable to v6.6.113, v6.12.54
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40198
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40159
- xsk: Harden userspace-supplied xdp_desc validation
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40221
- media: pci: mg4b: fix uninitialized iio scan data
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40180
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40178
- pid: Add a judgment for ns null in pid_nr_ns
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40202
- ipmi: Rework user message limit handling
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40032
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before
release
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40038
- KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40042
- tracing: Fix race condition in kprobe initialization causing NULL
pointer dereference
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40200
- Squashfs: reject negative file sizes in squashfs_read_inode()
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40179
- ext4: verify orphan file size is not too big
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40218
- mm/damon/vaddr: do not repeat pte_offset_map_lock() until success
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40219
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40193
- xtensa: simdisk: add input size check in proc_write_simdisk
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40204
- sctp: Fix MAC comparison to be constant-time
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40192
- Revert "ipmi: fix msg stack when IPMI is disconnected"
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40188
- pwm: berlin: Fix wrong register in suspend/resume
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40201
- kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in
sys_prlimit64() paths
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40194
- cpufreq: intel_pstate: Fix object lifecycle issue in
update_qos_request()
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40205
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40160
- xen/events: Return -EEXIST for bound VIRQs
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40206
- netfilter: nft_objref: validate objref and objrefmap expressions
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40183
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40187
- net/sctp: fix a null dereference in sctp_disposition
sctp_sf_do_5_1D_ce()
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40111
- drm/vmwgfx: Fix Use-after-free in validation
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40110
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40001
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
* Noble update: upstream stable patchset 2026-01-27 (LP: #2139158) //
CVE-2025-40207
- media: v4l2-subdev: Fix alloc failure check in
v4l2_subdev_call_state_try()
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072)
- media: tunner: xc5000: Refactor firmware load
- USB: serial: option: add SIMCom 8230C compositions
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
- ASoC: amd: acp: Adjust pdm gain value
- dm-integrity: limit MAX_TAG_SIZE to 255
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list
- perf subcmd: avoid crash in exclude_cmds when excludes is empty
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
- btrfs: ref-verify: handle damaged extent root tree
- can: rcar_canfd: Fix controller mode setting
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042
quirks list
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
- hid: fix I2C read buffer overflow in raw_event() for mcp2221
- serial: stm32: allow selecting console when the driver is module
- [Config] enable SERIAL_STM32_CONSOLE
- staging: axis-fifo: fix maximum TX packet length check
- staging: axis-fifo: fix TX handling on copy_from_user() failure
- staging: axis-fifo: flush RX FIFO on read errors
- driver core/PM: Set power.no_callbacks along with power.no_pm
- riscv: mm: Use hint address in mmap if available
- riscv: mm: Do not restrict mmap address based on hint
- filelock: add FL_RECLAIM to show_fl_flags() macro
- init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD
- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too
fast
- selftests: arm64: Check fread return value in exec_target
- gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote
- coresight: trbe: Prevent overflow in PERF_IDX2OFF()
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
- smb: server: fix IRD/ORD negotiation with the client
- x86/vdso: Fix output operand size of RDPID
- arm64: dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0
- regmap: Remove superfluous check for !config in __regmap_init()
- bpf/selftests: Fix test_tcpnotify_user
- bpf: Remove migrate_disable in kprobe_multi_link_prog_run
- libbpf: Fix reuse of DEVMAP
- ARM: dts: renesas: porter: Fix CAN pin group
- leds: flash: leds-qcom-flash: Update torch current clamp setting
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus()
- ACPI: processor: idle: Fix memory leak when register cpuidle device
failed
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
- pinctrl: meson-gxl: add missing i2c_d pinmux
- blk-mq: check kobject state_in_sysfs before deleting in
blk_mq_unregister_hctx
- ARM: at91: pm: fix MCKx restore routine
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map
- regulator: scmi: Use int type to store negative error codes
- selftests/nolibc: fix EXPECT_NZ macro
- block: use int to store blk_stack_limits() return value
- PM: sleep: core: Clear power.must_resume in noirq suspend error path
- ARM: dts: ti: omap: am335x-baltos: Fix ti,en-ck32k-xtal property in DTS
to use correct boolean syntax
- ARM: dts: ti: omap: omap3-devkit8000-lcd: Fix ti,keep-vref-on property
to use correct boolean syntax in DTS
- ARM: dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer
property
- PM / devfreq: mtk-cci: Fix potential error pointer dereference in
probe()
- power: supply: cw2015: Fix a alignment coding style issue
- pinctrl: renesas: Use int type to store negative error codes
- null_blk: Fix the description of the cache_size module argument
- arm64: dts: mediatek: mt8195: Remove suspend-breaking reset from pcie0
- nbd: restrict sockets to TCP and UDP
- firmware: firmware: meson-sm: fix compile-test default
- cpuidle: qcom-spm: fix device and OF node leaks at probe
- arm64: dts: mediatek: mt6331: Fix pmic, regulators, rtc, keys node names
- arm64: dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value
- arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible
- pwm: tiehrpwm: Fix corner case in clock divisor calculation
- ACPICA: Fix largest possible resource descriptor index
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op
- i3c: master: svc: Use manual response for IBI events
- i3c: master: svc: Recycle unused IBI slot
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported
- bpf: Explicitly check accesses to bpf_sock_addr
- smp: Fix up and expand the smp_call_function_many() kerneldoc
- tools/nolibc: make time_t robust if __kernel_old_time_t is missing in
host headers
- once: fix race by moving DO_ONCE to separate section
- hwmon: (mlxreg-fan) Separate methods of fan setting coming from
different subsystems
- thermal/drivers/qcom: Make LMH select QCOM_SCM
- thermal/drivers/qcom/lmh: Add missing IRQ includes
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD
- i2c: designware: Fix clock issue when PM is disabled
- i2c: designware: Add disabling clocks when probe fails
- bpf: Enforce expected_attach_type for tailcall compatibility
- drm/panel: novatek-nt35560: Fix invalid return value
- drm/radeon/r600_cs: clean up of dead code in r600_cs
- f2fs: fix condition in __allow_reserved_blocks()
- drm/bridge: it6505: select REGMAP_I2C
- media: zoran: Remove zoran_fh structure
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup
- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls
- serial: max310x: Add error checking in probe()
- drm/amd/display: Remove redundant semicolons
- crypto: keembay - Add missing check after sg_nents_for_len()
- hwrng: nomadik - add ARM_AMBA dependency
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
- scsi: myrs: Fix dma_alloc_coherent() error check
- media: rj54n1cb0c: Fix memleak in rj54n1_probe()
- RDMA/mlx5: Fix vport loopback forcing for MPV device
- ALSA: lx_core: use int type to store negative error codes
- media: st-delta: avoid excessive stack usage
- crypto: hisilicon/zip - remove unnecessary validation for high-
performance mode configurations
- crypto: hisilicon - re-enable address prefetch after device resuming
- crypto: hisilicon/qm - check whether the input function and PF are on
the same device
- inet: ping: check sock_net() in ping_get_port() and ping_lookup()
- coresight: Only register perf symlink for sinks with alloc_buffer
- drm/amdgpu: Power up UVD 3 for FW validation (v2)
- drm/amd/pm: Disable ULV even if unsupported (v3)
- drm/amd/pm: Fix si_upload_smc_data (v3)
- drm/amd/pm: Adjust si_upload_smc_data register programming (v3)
- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3)
- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2)
- drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3)
- wifi: mwifiex: send world regulatory domain to driver
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation
- tcp: fix __tcp_close() to only send RST when required
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl()
- usb: phy: twl6030: Fix incorrect type for ret
- usb: gadget: configfs: Correctly set use_os_string at bind
- tty: n_gsm: Don't block input queue by waiting MSC
- misc: genwqe: Fix incorrect cmd field being reported in error
- pps: fix warning in pps_register_cdev when register device fail
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
- drm/msm/dpu: fix incorrect type for ret
- fs: ntfs3: Fix integer overflow in run_unpack()
- fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist
- iio: consumers: Fix handling of negative channel scale in
iio_convert_raw_to_processed()
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed()
- netfilter: ipset: Remove unused htable_bits in macro ahash_region
- ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the
watchdog
- drivers/base/node: handle error properly in register_one_node()
- RDMA/cm: Rate limit destroy CM ID timeout error message
- wifi: mt76: fix potential memory leak in mt76_wmac_probe()
- f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks()
- f2fs: fix to truncate first page in error path of f2fs_truncate()
- f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page()
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message
- scsi: qla2xxx: edif: Fix incorrect sign of error code
- scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES()
- scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp()
- f2fs: fix zero-sized extent for precache extents
- RDMA/core: Resolve MAC of next-hop device without ARP support
- IB/sa: Fix sa_local_svc_timeout_ms read race
- Documentation: trace: historgram-design: Separate sched_waking histogram
section heading and the following diagram
- wifi: mac80211: fix Rx packet handling when pubsta information is not
available
- sparc: fix accurate exception reporting in copy_{from_to}_user for
UltraSPARC
- sparc: fix accurate exception reporting in copy_{from_to}_user for
UltraSPARC III
- sparc: fix accurate exception reporting in copy_{from_to}_user for
Niagara
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7
- vfio/pds: replace bitmap_free with vfree
- crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs
- RDMA/rxe: Fix race in do_task() when draining
- wifi: rtw89: avoid circular locking dependency in ser_state_run()
- PCI: tegra194: Fix duplicate PLL disable in
pex_ep_event_pex_rst_assert()
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice
- coresight-etm4x: Conditionally access register TRCEXTINSELR
- coresight: etm4x: Support atclk
- coresight: trbe: Return NULL pointer for allocation failures
- NFSv4.1: fix backchannel max_resp_sz verification check
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
- usb: vhci-hcd: Prevent suspending virtually attached devices
- RDMA/siw: Always report immediate post SQ errors
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast
- vhost: vringh: Fix copy_to_iter return value check
- Bluetooth: MGMT: Fix not exposing debug UUID on
MGMT_OP_READ_EXP_FEATURES_INFO
- Bluetooth: ISO: Fix possible UAF on iso_conn_free
- Bluetooth: ISO: don't leak skb in ISO_CONT RX
- Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements
- KEYS: X.509: Fix Basic Constraints CA flag parsing
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init
- ocfs2: fix double free in user_cluster_connect()
- drivers/base/node: fix double free in register_one_node()
- mtd: rawnand: atmel: Fix error handling path in
atmel_nand_controller_add_nands
- nfp: fix RSS hash key size when RSS is not supported
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not
configurable
- net: dlink: handle copy_thresh allocation failure
- net/mlx5: Stop polling for command response if interface goes down
- net/mlx5: pagealloc: Fix reclaim race during command interface teardown
- net/mlx5: fw reset, add reset timeout work
- smb: client: fix crypto buffers in non-linear memory
- vhost: vringh: Modify the return value check
- bpf: Reject negative offsets for ALU ops
- Squashfs: fix uninit-value in squashfs_get_parent
- uio_hv_generic: Let userspace take care of interrupt mask
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data()
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down
- fs: udf: fix OOB read in lengthAllocDescs handling
- net: nfc: nci: Add parameter validation for packet data
- mfd: rz-mtu3: Fix MTU5 NFCR register offset
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data()
- dm: fix queue start/stop imbalance under suspend/load/resume races
- dm: fix NULL pointer dereference in __dm_suspend()
- LoongArch: Automatically disable kaslr if boot from kexec_file
- ksmbd: fix error code overwriting in smb2_get_info_filesystem()
- ext4: fix checks for orphan inodes
- mm: hugetlb: avoid soft lockup when mprotect to large memory area
- nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe()
- misc: fastrpc: Fix fastrpc_map_lookup operation
- misc: fastrpc: fix possible map leak in fastrpc_put_args
- misc: fastrpc: Skip reference for DMA handles
- Input: atmel_mxt_ts - allow reset GPIO to sleep
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info
leak
- sunrpc: fix null pointer dereference on zero-length checksum
- remoteproc: pru: Fix potential NULL pointer dereference in
pru_rproc_set_ctable()
- pinctrl: check the return value of pinmux_ops::get_function_name()
- bus: fsl-mc: Check return value of platform_get_resource()
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock
- usb: typec: tipd: Clear interrupts first
- arm64: dts: qcom: qcm2290: Disable USB SS bus instances in park mode
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1
- wifi: rtl8xxxu: Don't claim USB ID 07b8:8188
- netfs: Prevent duplicate unlocking
- nvmem: layouts: fix automatic module loading
- uprobes: uprobe_warn should use passed task
- lsm: CONFIG_LSM can depend on CONFIG_SECURITY
- vdso: Add struct __kernel_old_timeval forward declaration to gettime.h
- selftests: vDSO: vdso_test_abi: Correctly skip whole test with missing
vDSO
- PM / devfreq: rockchip-dfi: double count on RK3588
- soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure
- soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure
- pwm: tiehrpwm: Don't drop runtime PM reference in .free()
- pwm: tiehrpwm: Make code comment in .free() more useful
- pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation
- spi: fix return code when spi device has too many chipselects
- bpf: Mark kfuncs as __noclone
- crypto: octeontx2 - Call strscpy() with correct size argument
- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count
- idpf: fix Rx descriptor ready check barrier in splitq
- wifi: mt76: mt7996: Fix RX packets configuration for primary WED device
- wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE
- HID: hidraw: tighten ioctl command parsing
- wifi: ath12k: fix wrong logging ID used for CE
- coresight: tmc: Move ACPI support from AMBA driver to platform driver
- coresight: tmc: Support atclk
- coresight: catu: Move ACPI support from AMBA driver to platform driver
- coresight: catu: Support atclk
- PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion
- PCI: rcar-gen4: Assure reset occurs before DBI access
- Bluetooth: ISO: free rx_skb if not consumed
- PCI: j721e: Fix incorrect error message in probe()
- Upstream stable to v6.6.111, v6.6.112, v6.12.52, v6.12.53
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40031
- tee: fix register_shm_helper()
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40037
- fbdev: simplefb: Fix use after free in simplefb_detach_genpds()
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40047
- io_uring/waitid: always prune wait queue entry in io_waitid_wait()
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40057
- ptp: Add a upper bound on max_vclocks
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40058
- iommu/vt-d: Disallow dirty tracking if incoherent page walk
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40059
- coresight: Fix incorrect handling for return value of devm_kzalloc
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40155
- iommu/vt-d: debugfs: Fix legacy mode page table dump logic
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40079
- riscv, bpf: Sign extend struct ops return values properly
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40000
- wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40026
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40027
- net/9p: fix double req put in p9_fd_cancelled
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40109
- crypto: rng - Ensure set_ent is always present
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-38105
- ALSA: usb-audio: Kill timer properly at removal
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-40107
- can: hi311x: fix null pointer dereference when resuming from sleep
before interface was enabled
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-39995
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in
probe
* Noble update: upstream stable patchset 2026-01-26 (LP: #2139072) //
CVE-2025-39994
- media: tuner: xc5000: Fix use-after-free in xc5000_release
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938)
- scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE
- firewire: core: fix overlooked update of subsystem ABI version
- ALSA: usb-audio: Fix block comments in mixer_quirks
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
- ALSA: usb-audio: Convert comma to semicolon
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n
- usb: core: Add 0x prefix to quirks debug output
- mmc: sdhci-cadence: add Mobileye eyeQ support
- i2c: designware: Add quirk for Intel Xe
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
- ALSA: usb-audio: Add mute TLV for playback volumes on more devices
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
- mm: add folio_expected_ref_count() for reference count calculation
- mm/gup: check ref_count instead of lru before migration
- mm/gup: local lru_add_drain() to avoid lru_add_drain_all()
- mm: folio_may_be_lru_cached() unless folio_test_large()
- arm64: dts: imx8mp: Correct thermal sensor index
- ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients
- cpufreq: Initialize cpufreq-based invariance before subsys
- smb: server: don't use delayed_work for post_recv_credits_work
- wifi: virt_wifi: Fix page fault on connect
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
- bpf: Reject bpf_timer for PREEMPT_RT
- xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
- ethernet: rvu-af: Remove slash from the driver name
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync
- bnxt_en: correct offset handling for IPv6 destination address
- net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS
- selftests: fib_nexthops: Fix creation of non-FDB nexthops
- net: dsa: lantiq_gswip: do also enable or disable cpu port
- net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to
port_setup()
- net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries
added to the CPU port
- HID: asus: add support for missing PX series fn keys
- i40e: add mask to apply valid bits for itr_idx
- i40e: improve VF MAC filters accounting
- ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address
- fbcon: Fix OOB access in font allocation
- s390/cpum_cf: Fix uninitialized warning after backport of ce971233242b
- ARM: bcm: Select ARM_GIC_V3 for ARCH_BRCMSTB
- gpiolib: Extend software-node support to support secondary software-
nodes
- drm/ast: Use msleep instead of mdelay for edid read
- minmax: make generic MIN() and MAX() macros available everywhere
- minmax: simplify min()/max()/clamp() implementation
- minmax: don't use max() in situations that want a C constant expression
- minmax: improve macro expansion and type checking
- minmax: fix up min3() and max3() too
- minmax.h: add whitespace around operators and after commas
- minmax.h: update some comments
- minmax.h: reduce the #define expansion of min(), max() and clamp()
- minmax.h: move all the clamp() definitions after the min/max() ones
- minmax.h: simplify the variants of clamp()
- minmax.h: remove some #defines that are only expanded once
- drm/i915/backlight: Return immediately when scale() finds invalid
parameters
- ALSA: usb-audio: Fix code alignment in mixer_quirks
- ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA
- net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info
- net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick
- net: sfp: add quirk for FLYPRO copper SFP+ module
- HID: amd_sfh: Add sync across amd sfh work functions
- platform/x86: lg-laptop: Fix WMAB call in fan_mode_store()
- crypto: sha256 - fix crash at kexec
- gcc-plugins: Remove TODO_verify_il for GCC >= 16
- Upstream stable to v6.6.109, v6.6.110, v6.12.50, v6.12.51
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39991
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39992
- mm: swap: check for stable address space before operating on the VMA
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40013
- ASoC: qcom: audioreach: fix potential null pointer dereference
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40016
- media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39996
- media: b2c2: Fix use-after-free causing by irq_check_work in
flexcop_pci_remove
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39998
- scsi: target: target_core_configfs: Add length check to avoid buffer
overflow
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40009
- fs/proc/task_mmu: check p->vec_buf for NULL
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39973
- i40e: add validation for ring_len param
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-38709
- loop: Avoid updating block size under exclusive owner
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39967
- fbcon: fix integer overflow in fbcon_do_set_font
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40006
- mm/hugetlb: fix folio is still mapped when deleted
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40008
- kmsan: fix out-of-bounds access to shadow memory
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40010
- afs: Fix potential null pointer dereference in afs_put_server
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40021
- tracing: dynevent: Add a missing lockdown check on dynevent
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39968
- i40e: add max boundary check for VF filters
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39969
- i40e: fix validation of VF state in get resources
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39970
- i40e: fix input validation logic for action_meta
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39971
- i40e: fix idx validation in config queues msg
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39972
- i40e: fix idx validation in i40e_validate_queue_map
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39977
- futex: Prevent use-after-free during requeue-PI
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40011
- drm/gma500: Fix null dereference in hdmi teardown
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39978
- octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39980
- nexthop: Forbid FDB status change while nexthop is in a group
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40024
- vhost: Take a reference on the task in struct vhost_task.
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39982
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-40020
- can: peak_usb: fix shift-out-of-bounds issue
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39985
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39986
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39987
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
* Noble update: upstream stable patchset 2026-01-23 (LP: #2138938) //
CVE-2025-39988
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is
not supported
- wifi: mac80211: fix incorrect type for ret
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section
mismatch
- bonding: set random address only when slaves already exist
- power: supply: bq27xxx: fix error return in case of no bq27000 hdq
battery
- power: supply: bq27xxx: restrict no-battery detection to bq27000
- LoongArch: Update help info of ARCH_STRICT_ALIGN
- LoongArch: Align ACPI structures if ARCH_STRICT_ALIGN enabled
- LoongArch: Check the return value when creating kobj
- iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page()
- btrfs: tree-checker: fix the incorrect inode ref size check
- ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S
interface
- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S
- rds: ib: Increment i_fastreg_wrs before bailing out
- selftests: mptcp: connect: catch IO errors on listen side
- selftests: mptcp: avoid spurious errors on TCP disconnect
- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx
- io_uring: backport io_should_terminate_tw()
- io_uring: include dying ring in task_work "should cancel" state
- ASoC: wm8940: Correct PLL rate rounding
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error
message
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path
- selftests: mptcp: userspace pm: validate deny-join-id0 flag
- xhci: dbc: decouple endpoint allocation from initialization
- xhci: dbc: Fix full DbC transfer ring after several reconnects
- rtc: pcf2127: fix SPI command byte for PCF2131 backport
- mptcp: propagate shutdown to subflows when possible
- minmax: avoid overly complicated constant expressions in VM code
- minmax: simplify and clarify min_t()/max_t() implementation
- minmax: add a few more MIN_T/MAX_T users
- nvme: fix PI insert on write
- btrfs: fix invalid extref key setup when replaying dentry
- dpaa2-switch: fix buffer pool seeding for control traffic
- mptcp: set remote_deny_join_id0 on SYN recv
- mptcp: tfo: record 'deny join id0' info
- selftests: mptcp: sockopt: fix error messages
- net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
- ice: store max_frame and rx_buf_len only in ice_rx_ring
- i40e: remove redundant memory barrier when cleaning Tx descs
- bonding: don't set oif to bond dev when getting NS target destination
- octeon_ep: fix VF MAC address lifecycle handling
- net: liquidio: fix overflow in octeon_init_instr_queue()
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
- dm-raid: don't set io_min and io_opt for raid1
- mm: revert "mm: vmscan.c: fix OOM on swap stress test"
- mmc: mvsdio: Fix dma_unmap_sg() nents value
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
- ASoC: wm8940: Correct typo in control name
- ASoC: wm8974: Correct PLL rate rounding
- ASoC: Intel: catpt: Expose correct bit depth to userspace
- drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue()
- smb: client: fix filename matching of deferred files
- platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG
Z13
- platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk
- x86/bugs: Add SRSO_USER_KERNEL_NO support
- x86/bugs: KVM: Add support for SRSO_MSR_FIX
- KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count
transitions
- mptcp: pm: nl: announce deny-join-id0 flag
- Upstream stable to v6.6.108, v6.12.49
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39932
- smb: client: let smbd_destroy() call
disable_work_sync(&info->post_send_credits_work)
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39940
- dm-stripe: fix a possible integer overflow
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39948
- ice: fix Rx page leak on multi-buffer frames
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39950
- net/tcp: Fix a NULL pointer dereference when using TCP-AO with
TCP_REPAIR
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39961
- iommu/amd/pgtbl: Fix possible race while increase page table level
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-22106
- vmxnet3: unregister xdp rxq info in the reset path
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39929
- smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39931
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39934
- drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39937
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized
pointer
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39938
- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source
graph failed
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39942
- ksmbd: smbdirect: verify remaining_data_length respects
max_fragmented_recv_size
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39943
- ksmbd: smbdirect: validate data_offset and data_length field of
smb_direct_data_transfer
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39944
- octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39945
- cnic: Fix use-after-free bugs in cnic_delete_task
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39955
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39947
- net/mlx5e: Harden uplink netdev access against device unbind
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39949
- qed: Don't collect too many protection override GRC elements
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39951
- um: virtio_uml: Fix use-after-free after put_device in probe
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39953
- cgroup: split cgroup_destroy_wq into 3 workqueues
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39957
- wifi: mac80211: increase scan_ies_len for S1G
* Noble update: upstream stable patchset 2026-01-22 (LP: #2138867) //
CVE-2025-39952
- wifi: wilc1000: avoid buffer overflow in WID string configuration
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681)
- mm: introduce and use {pgd,p4d}_populate_kernel()
- kasan: fix GCC mem-intrinsic prefix with sw tags
- ima: limit the number of ToMToU integrity violations
- flexfiles/pNFS: fix NULL checks on result of
ff_layout_choose_ds_for_read
- SUNRPC: call xs_sock_process_cmsg for all cmsg
- NFSv4: Don't clear capabilities that won't be reset
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
- tracing: Fix tracing_marker may trigger page fault during
preempt_disable
- ftrace/samples: Fix function size computation
- fs/nfs/io: make nfs_start_io_*() killable
- NFS: Serialise O_DIRECT i/o and truncate()
- NFSv4.2: Serialise O_DIRECT i/o and fallocate()
- NFSv4.2: Serialise O_DIRECT i/o and clone range
- NFSv4.2: Serialise O_DIRECT i/o and copy range
- NFSv4/flexfiles: Fix layout merge mirror check.
- s390/cpum_cf: Deny all sampling events by counter PMU
- proc: fix type confusion in pde_set_flags()
- EDAC/altera: Delete an inappropriate dma_free_coherent() call
- compiler-clang.h: define __SANITIZE_*__ macros only when undefined
- net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM
wakeups
- mtd: rawnand: stm32_fmc2: fix ECC overwrite
- fuse: check if copy_file_range() returns larger than requested size
- fuse: prevent overflow in copy_file_range return value
- mm/damon/core: set quota->charged_from to jiffies at first charge window
- drm/mediatek: fix potential OF node use-after-free
- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time
- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages
- mtd: nand: raw: atmel: Fix comment in timings preparation
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
- btrfs: use readahead_expand() on compressed extents
- btrfs: fix corruption reading compressed range when block size is
smaller than page size
- mm/khugepaged: fix the address passed to notifier on testing young
- Input: iqs7222 - avoid enabling unused interrupts
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk
table
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally
- serial: sc16is7xx: fix bug in flow control levels init
- dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
- net: bridge: Bounce invalid boolopts
- tunnels: reset the GSO metadata before reusing the skb
- docs: networking: can: change bcm_msg_head frames member to support
flexible array
- igb: fix link test skipping when interface is admin down
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
j1939_local_ecu_get() failed
- can: j1939: j1939_local_ecu_get(): undo increment when
j1939_local_ecu_get() fails
- net: hsr: Add VLAN CTAG filter support
- hsr: use rtnl lock when iterating over ports
- hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
- dmaengine: idxd: Remove improper idxd_free
- dmaengine: idxd: Fix refcount underflow on module unload
- dmaengine: idxd: Fix double free in idxd_setup_wqs()
- regulator: sy7636a: fix lifecycle of power good gpio
- hrtimer: Remove unused function
- hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
- hrtimers: Unconditionally update target CPU base after offline timer
migration
- RISC-V: Remove unnecessary include from compat.h
- xhci: fix memory leak regression when freeing xhci vdev devices depth
first
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
- usb: gadget: midi2: Fix missing UMP group attributes initialization
- usb: gadget: midi2: Fix MIDI2 IN EP max packet size
- dmaengine: dw: dmamux: Fix device reference leak in
rzn1_dmamux_route_allocate
- phy: tegra: xusb: fix device and OF node leak at probe
- phy: ti-pipe3: fix device leak at unbind
- net: mdiobus: release reset_gpio in mdiobus_unregister_device()
- drm/amdgpu: fix a memory leak in fence cleanup when unloading
- drm/i915/power: fix size for for_each_set_bit() in abox iteration
- nvme-pci: skip nvme_write_sq_db on empty rqlist
- ext4: introduce linear search for dentries
- drm/i915/pmu: Fix zero delta busyness issue
- drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed
- Revert "drm/amd/display: Optimize cursor position updates"
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA
- drm/amdgpu: Add back JPEG to video caps for carrizo and newer
- trace/fgraph: Fix error handling
- NFS: nfs_invalidate_folio() must observe the offset and size arguments
- s390/pai: Deny all events not handled by this PMU
- btrfs: fix squota compressed stats leak
- netlink: specs: mptcp: add missing 'server-side' attr
- netlink: specs: mptcp: clearly mention attributes
- netlink: specs: mptcp: replace underscores with dashes in names
- netlink: specs: mptcp: fix if-idx attribute type
- ceph: fix race condition where r_parent becomes stale before sending
message
- mtd: spinand: winbond: Fix oob_layout for W25N01JW
- Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO
runtime PM wakeups"
- drm/amd/display: use udelay rather than fsleep
- netfilter: nft_set_rbtree: continue traversal if element is inactive
- netfilter: nf_tables: place base_seq in struct net
- netfilter: nf_tables: make nft_set_do_lookup available unconditionally
- netfilter: nf_tables: restart set lookup on base_seq change
- phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties
- phy: ti: omap-usb2: fix device leak at unbind
- Upstream stable to v6.6.107, v6.12.48
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39927
- ceph: fix race condition validating r_parent before applying state
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39923
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39869
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39873
- can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted
SKB
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39911
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39876
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39881
- kernfs: Fix UAF in polling when open file is released
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39909
- mm/damon/lru_sort: avoid divide-by-zero in
damon_lru_sort_apply_parameters()
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39916
- mm/damon/reclaim: avoid divide-by-zero in
damon_reclaim_apply_parameters()
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39877
- mm/damon/sysfs: fix use-after-free in state_show()
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39880
- libceph: fix invalid accesses to ceph_connection_v1_info
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39883
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
memory
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39907
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39885
- ocfs2: fix recursive semaphore deadlock in fiemap call
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39913
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to
allocate psock->cork.
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39886
- bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-39914
- tracing: Silence warning when chunk allocation fails in trace_pid_write
* Noble update: upstream stable patchset 2026-01-20 (LP: #2138681) //
CVE-2025-23143
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502)
- bpf: Add cookie object to bpf maps
- bpf: Move cgroup iterator helpers to bpf.h
- btrfs: fix race between logging inode and checking if it was logged
before
- btrfs: fix race between setting last_dir_index_offset and inode logging
- btrfs: avoid load/store tearing races when checking if an inode was
logged
- LoongArch: Save LBT before FPU in setup_sigcontext()
- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN
- drm/amd/display: Don't warn when missing DCE encoder caps
- cpupower: Fix a bug where the -t option of the set subcommand was not
working.
- Bluetooth: hci_sync: Avoid adding default advertising on startup
- arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
- tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible"
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics
i.MX8M Plus DHCOM
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M
Plus eDM SBC
- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
- xirc2ps_cs: fix register access when enabling FullDuplex
- mISDN: Fix memory leak in dsp_hwec_enable()
- icmp: fix icmp_ndo_send address translation for reply direction
- net: macb: Fix tx_ptr_lock locking
- macsec: read MACSEC_SA_ATTR_PN with nla_get_uint
- wifi: ath11k: rename ath11k_start_vdev_delay()
- wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay()
- wifi: ath11k: fix group data packet drops during rekey
- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
- wifi: cw1200: cap SSID length in cw1200_do_join()
- wifi: libertas: cap SSID len in lbs_associate()
- net: thunder_bgx: add a missing of_node_put
- net: thunder_bgx: decrement cleanup index before use
- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
- net/smc: Remove validation of reserved bits in CLC Decline message
- mctp: return -ENOPROTOOPT for unknown getsockopt options
- net: atm: fix memory leak in atm_register_sysfs when device_register
fail
- selftest: net: Fix weird setsockopt() in bind_bhash.c.
- phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
- ALSA: usb-audio: Add mute TLV for playback volumes on some devices
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module with
CONFIG_DYNAMIC_FTRACE
- proc: fix missing pde_set_flags() for net proc files
- soc: qcom: mdt_loader: Deal with zero e_shentsize
- wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data()
- drm/amdgpu: drop hw access in non-DC audio fini
- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042
quirks list
- e1000e: fix heap overflow in e1000_set_eeprom
- net: pcs: rzn1-miic: Correct MODCTRL register offset
- cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller
- cpufreq: intel_pstate: Do not update global.turbo_disabled after
initialization
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
- thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum
threshold
- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
- dmaengine: mediatek: Fix a possible deadlock error in
mtk_cqdma_tx_status()
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY
- pcmcia: omap: Add missing check for platform_get_resource
- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM
- spi: spi-fsl-lpspi: Fix transmissions when using CONT
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
- spi: spi-fsl-lpspi: Clear status register after disabling the module
- drm/bridge: ti-sn65dsi86: fix REFCLK setting
- perf bpf-event: Fix use-after-free in synthesis
- drm/amdgpu: Replace DRM_* with dev_* in amdgpu_psp.c
- drm/amd/amdgpu: Fix missing error return on kzalloc failure
- tools: gpio: rm .*.cmd on make clean
- tools: gpio: remove the include directory on make clean
- riscv: use lw when reading int cpu in asm_per_cpu
- cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo()
- cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE()
- cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo()
- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()
- bpf: Move bpf map owner out of common struct
- btrfs: zoned: skip ZONE FINISH of conventional zones
- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off
- HID: simplify snto32()
- HID: stop exporting hid_snto32()
- net: usb: qmi_wwan: fix Telit Cinterion FN990A name
- net: usb: qmi_wwan: fix Telit Cinterion FE990A name
- net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition
- LoongArch: vDSO: Remove --hash-style=sysv
- LoongArch: vDSO: Remove -nostdlib complier flag
- mmc: sdhci-of-arasan: Support for emmc hardware reset
- mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up
- bnxt_en: fix incorrect page count in RX aggr ring log
- net: mctp: mctp_fraq_queue should take ownership of passed skb
- idpf: set mac type when adding and removing MAC filters
- net: skb: add pskb_network_may_pull_reason() helper
- net: tunnel: add pskb_inet_may_pull_reason() helper
- net: vxlan: add skb drop reasons to vxlan_rcv()
- net: vxlan: make vxlan_snoop() return drop reasons
- net: vxlan: make vxlan_set_mac() return drop reasons
- net: vxlan: use kfree_skb_reason() in vxlan_xmit()
- net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit()
- net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE
- vxlan: Refresh FDB 'updated' time upon 'NTF_USE'
- vxlan: Avoid unnecessary updates to FDB 'used' time
- vxlan: Add RCU read-side critical sections in the Tx path
- vxlan: Rename FDB Tx lookup function
- mm: fix possible deadlock in kmemleak
- drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG
- net: dsa: add hook to determine whether EEE is supported
- net: dsa: provide implementation of .support_eee()
- md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT
- md/raid1,raid10: strip REQ_NOWAIT from member bios
- ext4: define ext4_journal_destroy wrapper
- wifi: ath11k: update channel list in worker when wait flag is set
- nouveau: fix disabling the nonstall irq due to storm code
- kunit: kasan_test: disable fortify string checker on kasan_strings()
test
- platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk
- perf bpf-utils: Constify bpil_array_desc
- perf bpf-utils: Harden get_bpf_prog_info_linear
- md/raid1: fix data lost for writemostly rdev
- Upstream stable to v6.6.105, v6.6.106, v6.12.46, v6.12.47
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-22124
- md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-22103
- net: fix NULL pointer dereference in l3mdev_l3_rcv
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-23133
- wifi: ath11k: update channel list in reg notifier instead reg worker
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-22113
- ext4: avoid journaling sb update on error if journal is destroying
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-22125
- md/raid1,raid10: don't ignore IO flags
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39899
- mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39897
- net: xilinx: axienet: Add error handling for RX metadata pointer
retrieval
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39850
- vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39851
- vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39852
- net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39901
- i40e: remove read access to debugfs files
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39854
- ice: fix NULL access of tx->in_use in ice_ll_ts_intr
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-38556
- HID: core: Harden s32ton() against conversion to 0 bits
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-38502
- bpf: Fix oob access in cgroup local storage
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39843
- mm: slub: avoid wake up kswapd in set_track_prepare
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39920
- pcmcia: Add error handling for add_interval() in do_validate_mem()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39902
- mm/slub: avoid accessing metadata when pointer is invalid in
object_err()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39838
- cifs: prevent NULL pointer dereference in UTF16 conversion
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39839
- batman-adv: fix OOB read/write in network-coding decode
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39841
- scsi: lpfc: Fix buffer free/clear order in deferred receive path
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39891
- wifi: mwifiex: Initialize the chan_stats array to zero
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39842
- ocfs2: prevent release journal inode after journal shutdown
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39895
- sched: Fix sched_numa_find_nth_cpu() if mask offline
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39844
- mm: move page table sync declarations to linux/pgtable.h
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39845
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
arch_sync_kernel_mappings()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39846
- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39847
- ppp: fix memory leak in pad_compress_skb
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39848
- ax25: properly unshare skbs in ax25_kiss_rcv()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39849
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39853
- i40e: Fix potential invalid access when MAC list is empty
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39857
- net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39860
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39861
- Bluetooth: vhci: Prevent use-after-free by removing debugfs files early
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39894
- netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
after confirm
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39863
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info
work
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39864
- wifi: cfg80211: fix use-after-free in cmp_bss()
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39865
- tee: fix NULL pointer dereference in tee_shm_put
* Noble update: upstream stable patchset 2026-01-16 (LP: #2138502) //
CVE-2025-39866
- fs: writeback: fix use-after-free in __mark_inode_dirty()
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664)
- of: dynamic: Fix memleak when of_pci_add_properties() failed
- pinctrl: STMFX: add missing HAS_IOMEM dependency
- mips: dts: lantiq: danube: add missing burst length property
- mips: lantiq: xway: sysctrl: rename the etop node
- of: Add a helper to free property struct
- of: dynamic: Fix use after free in of_changeset_add_prop_helper()
- scsi: core: sysfs: Correct sysfs attributes access rights
- smb: client: fix race with concurrent opens in unlink(2)
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name
- erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC
- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list
- nfs: fold nfs_page_group_lock_subrequests into
nfs_lock_and_join_requests
- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
- net: ipv4: fix regression in local-broadcast routes
- drm/msm: Defer fd_install in SUBMIT ioctl
- powerpc/kvm: Fix ifdef to remove build warning
- HID: input: rename hidinput_set_battery_charge_status()
- HID: input: report battery status changes immediately
- Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success
- Bluetooth: hci_event: Mark connection as closed during suspend
disconnect
- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced
- Bluetooth: hci_sync: fix set_local_name race condition
- drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr
- drm/nouveau: remove unused memory target test
- ice: fix incorrect counter for buffer allocation failures
- dt-bindings: display/msm: qcom,mdp5: drop lut clock
- net: dlink: fix multicast stats being counted incorrectly
- phy: mscc: Fix when PTP clock is register and unregister
- net/mlx5: Reload auxiliary drivers on fw_activate
- net/mlx5: Add device cap for supporting hot reset in sync reset flow
- net/mlx5: Add support for sync reset using hot reset
- net/mlx5: Nack sync reset when SFs are present
- net/mlx5e: Set local Xoff after FW update
- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
- net: stmmac: Rename phylink_get_caps() callback to update_caps()
- net: stmmac: xgmac: Correct supported speed modes
- net: stmmac: Set CIC bit only for TX queues with COE
- net: rose: split remove and free operations in rose_remove_neigh()
- x86/microcode/AMD: Handle the case of no BIOS microcode
- HID: quirks: add support for Legion Go dual dinput modes
- HID: logitech: Add ids for G PRO 2 LIGHTSPEED
- HID: wacom: Add a new Art Pen 2
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
- smb3 client: fix return code mapping of remap_file_range
- drm/nouveau/disp: Always accept linear modifier
- net: rose: fix a typo in rose_clear_routes()
- perf symbol-minimal: Fix ehdr reading in filename__read_build_id
- vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER
- drm/msm/kms: move snapshot init earlier in KMS init
- drm/mediatek: Add error handling for old state CRTC in atomic_disable
- drm/xe/xe_sync: avoid race during ufence signaling
- drm/xe: Don't trigger rebind on initial dma-buf validation
- bnxt_en: Adjust TX rings if reservation is less than requested
- hv_netvsc: Link queues to NAPIs
- net: hv_netvsc: fix loss of early receive events from host during
channel open.
- net: macb: Disable clocks once
- drm/nouveau: fix error path in nvkm_gsp_fwsec_v2
- drm/mediatek: Fix device/node reference count leaks in
mtk_drm_get_all_drm_priv
- drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode
- PCI: Add PCIE_RESET_CONFIG_DEVICE_WAIT_MS waiting time value
- PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to
PCIE_RESET_CONFIG_WAIT_MS
- PCI: dwc: Rename 'dw_pcie::link_gen' to 'dw_pcie::max_link_speed'
- PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up
- thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to
static const
- thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes
to driver data
- thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands
- Upstream stable to v6.6.104, v6.12.45
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39811
- drm/xe/vm: Clear the scratch_pt pointer on error
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39815
- RISC-V: KVM: fix stack overrun when loading vlenb
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39810
- bnxt_en: Fix memory corruption when FW resources change during ifdown
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39836
- efi: stmm: Fix incorrect buffer allocation method
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39805
- net: macb: fix unregister_netdev call order in macb_remove()
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39829
- trace/fgraph: Fix the warning caused by missing unregister notifier
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39835
- xfs: do not propagate ENODATA disk errors into xattr code
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39819
- fs/smb: Fix inconsistent refcnt update
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39808
- HID: hid-ntrig: fix unable to handle page fault in
ntrig_report_version()
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39806
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup()
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39824
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39823
- KVM: x86: use array_index_nospec with indices that come from guest
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39817
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39812
- sctp: initialize more fields in sctp_v6_from_sk()
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39827
- net: rose: include node references in rose_neigh refcount
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39826
- net: rose: convert 'use' field to refcount_t
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39832
- net/mlx5: Fix lockdep assertion on sync reset unload event
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39828
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39697
- NFS: Fix a race when updating an existing write
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39825
- smb: client: fix race with concurrent opens in rename(2)
* Noble update: upstream stable patchset 2026-01-07 (LP: #2137664) //
CVE-2025-39813
- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
* CVE-2025-37899
- ksmbd: fix use-after-free in session logoff
* CVE-2025-22037
- ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous
session
- ksmbd: fix race condition between destroy_previous_session() and smb2
operations()
- ksmbd: fix null pointer dereference in alloc_preauth_hash()
Date: 2026-02-10 12:06:10.066684+00:00
Changed-By: Edoardo Canepa <edoardo.canepa at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/6.8.0-103.103
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list