[ubuntu/noble-proposed] linux-hwe-6.17 6.17.0-22.22~24.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Fri Mar 27 10:06:14 UTC 2026
linux-hwe-6.17 (6.17.0-22.22~24.04.1) noble; urgency=medium
* noble/linux-hwe-6.17: 6.17.0-22.22~24.04.1 -proposed tracker (LP: #2143426)
[ Ubuntu: 6.17.0-22.22 ]
* questing/linux: 6.17.0-22.22 -proposed tracker (LP: #2143428)
* Questing preinstalled server fails to boot on QCS8300 based boards
(LP: #2134400)
- [Config] move qcom interconnect/pinctrl/gcc as built-in for QCS8300
* TBT call trace while connecting TBT4 monitor on TBT5 port (LP: #2137613)
- SAUCE: thunderbolt: log path activation failures without WARN backtraces
* efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE patch
(LP: #2141276)
- SAUCE efi: Fix swapped arguments to bsearch() in efi_status_to_*()
* [SRU]Fix xe GPU suspend/resume crash on Battlemage (LP: #2141377)
- drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally
* Accumulative updates for Intel PTL-H component enabling PV rev3.0
(LP: #2137272)
- drm/i915/display: Optimize panel power-on wait time
- HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume
blocking
- drm/xe/guc: Recommend GUC v70.49.4 for PTL, BMG
- HID: Intel-thc-hid: Intel-thc: Use str_true_false() helper
- HID: intel-thc-hid: intel-quicki2c: support ACPI config for advanced
features
- usb: typec: ucsi: Add SET_POWER_LEVEL UCSI command to debugfs
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250)
- bpf: Fix sleepable context for async callbacks
- bpf: extract generic helper from process_timer_func()
- bpf: Fix handling maps with no BTF and non-constant offsets for the
bpf_wq
- irqchip: Drop leftover brackets
- irqchip: Pass platform device to platform drivers
- arm64: dts: exynos: gs101: fix clock module unit reg sizes
- ice: move service task start out of ice_init_pf()
- ice: move ice_init_interrupt_scheme() prior ice_init_pf()
- ice: ice_init_pf: destroy mutexes and xarrays on memory alloc failure
- ice: move udp_tunnel_nic and misc IRQ setup into ice_init_pf()
- ice: move ice_init_pf() out of ice_init_dev()
- ice: extract ice_init_dev() from ice_init()
- ice: move ice_deinit_dev() to the end of deinit paths
- ice: remove duplicate call to ice_deinit_hw() on error paths
- arm64: dts: qcom: lemans: Add missing quirk for HS only USB controller
- tools/nolibc: x86: fix section mismatch caused by asm "mem*" functions
- arm64: dts: ti: k3-j784s4: Fix I2C pinmux pull configuration
- wifi: ath12k: enforce vdev limit in ath12k_mac_vdev_create()
- ARM: dts: am33xx: Add missing serial console speed
- arm64: tegra: Add pinctrl definitions for pcie-ep nodes
- arm64: mm: Move KPTI helpers to mmu.c
- arm64/mm: Allow __create_pgd_mapping() to propagate pgtable_alloc()
errors
- pwm: Simplify printf to emit chip->npwm in $debugfs/pwm
- pwm: Use %u to printf unsigned int pwm_chip::npwm and pwm_chip::id
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs
- iio: core: add missing mutex_destroy in iio_dev_release()
- iio: core: Clean up device correctly on iio_device_alloc() failure
- iommu/vt-d: Set INTEL_IOMMU_FLOPPY_WA depend on BLK_DEV_FD
- of/fdt: Fix the len check in early_init_dt_check_for_elfcorehdr()
- of/fdt: Fix the len check in early_init_dt_check_for_usable_mem_range()
- rtla/tests: Extend action tests to 5s
- rtla: Fix -a overriding -t argument
- btrfs: make sure extent and csum paths are always released in
scrub_raid56_parity_stripe()
- iomap: allocate s_dio_done_wq for async reads as well
- RDMA/irdma: Remove doorbell elision logic
- selftests/landlock: Fix makefile header list
- io_uring/kbuf: use READ_ONCE() for userspace-mapped memory
- ALSA: wavefront: Clear substream pointers on close
- btrfs: do not skip logging new dentries when logging a new name
- btrfs: fix a potential path leak in print_data_reloc_error()
- bpf, arm64: Do not audit capability check in do_jit()
- btrfs: fix memory leak of fs_devices in degraded seed device path
- iomap: account for unaligned end offsets when truncating read range
- scripts/faddr2line: Fix "Argument list too long" error
- sched/fair: Revert max_newidle_lb_cost bump
- x86/ptrace: Always inline trivial accessors
- ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint()
only
- cpufreq: dt-platdev: Add JH7110S SOC to the allowlist
- ACPI: fan: Workaround for 64-bit firmware bug
- cpufreq: s5pv210: fix refcount leak
- cpuidle: menu: Use residency threshold in polling state override
decisions
- livepatch: Match old_sympos 0 and 1 in klp_find_func()
- fs/ntfs3: Support timestamps prior to epoch
- kbuild: Use objtree for module signing key path
- hfsplus: fix volume corruption issue for generic/070
- hfsplus: fix volume corruption issue for generic/073
- fs/ntfs3: check for shutdown in fsync
- wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU
- wifi: cfg80211: stop radar detection in cfg80211_leave()
- wifi: cfg80211: use cfg80211_leave() in iftype change
- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC
load
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
- gfs2: fix remote evict for read-only filesystems
- gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad"
- smb/server: fix return value of smb2_ioctl()
- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV
- Bluetooth: btusb: MT7922: Add VID/PID 0489/e170
- Bluetooth: btusb: MT7920: Add VID/PID 0489/e135
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
- Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT
- net: fec: ERR007885 Workaround for XDP TX path
- ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2()
- mlxsw: spectrum_router: Fix possible neighbour reference count leak
- broadcom: b44: prevent uninitialized value usage
- netfilter: nf_conncount: fix leaked ct in error paths
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr()
- netfilter: nf_nat: remove bogus direction check
- netfilter: nf_tables: remove redundant chain validation on register
store
- selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel
- iommufd/selftest: Make it clearer to gcc that the access is not out of
bounds
- net/mlx5: fw reset, clear reset requested on drain_fw_reset
- net/mlx5: Drain firmware reset in shutdown callback
- net/mlx5: fw_tracer, Handle escaped percent properly
- net/mlx5: Serialize firmware reset with devlink
- net: enetc: do not transmit redirected XDP frames when the link is down
- net: hns3: using the num_tqps to check whether tqp_index is out of range
when vf get ring info from mbx
- hwmon: (dell-smm) Limit fan multiplier to avoid overflow
- hwmon: (tmp401) fix overflow caused by default conversion rate value
- drm/me/gsc: mei interrupt top half should be in irq disabled context
- drm/xe: Restore engine registers before restarting schedulers after GT
reset
- MIPS: Fix a reference leak bug in ip22_check_gio()
- drm/panel: sony-td4353-jdi: Enable prepare_prev_first
- x86/xen: Fix sparse warning in enlighten_pv.c
- arm64: kdump: Fix elfcorehdr overlap caused by reserved memory
processing reorder
- spi: cadence-quadspi: Fix clock disable on probe failure path
- block: rnbd-clt: Fix leaked ID in init_dev()
- hwmon: (ltc4282): Fix reset_history file permissions
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk
table
- xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails
- can: gs_usb: gs_can_open(): fix error handling
- soc/tegra: fuse: Do not register SoC device on ACPI boot
- ACPI: PCC: Fix race condition by removing static qualifier
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig
- mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds
- dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml
- x86/fpu: Fix FPU state core dump truncation on CPUs with no extended
xfeatures
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path
- ASoC: ak4458: remove the reset operation in probe and remove
- nfsd: fix memory leak in nfsd_create_serv error paths
- ipmi: Fix the race between __scan_channels() and deliver_response()
- ipmi: Fix __scan_channels() failing to rescan channels
- scsi: ufs: host: mediatek: Fix shutdown/suspend race condition
- firmware: imx: scu-irq: Init workqueue before request mbox channel
- ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx
- scsi: smartpqi: Add support for Hurray Data new controller PCI device
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4
- powerpc/addnote: Fix overflow on 32-bit builds
- scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled
- scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive
- scsi: qla2xxx: Use reinit_completion on mbx_intr_comp
- fuse: Always flush the page cache before FOPEN_DIRECT_IO write
- fuse: Invalidate the page cache after FOPEN_DIRECT_IO write
- reset: fix BIT macro reference
- exfat: fix remount failure in different process environments
- exfat: zero out post-EOF page cache on file extension
- usbip: Fix locking bug in RT-enabled kernels
- iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains
- usb: xhci: limit run_graceperiod for only usb 3.0 devices
- usb: usb-storage: No additional quirks need to be added to the EL-R12
optical drive.
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
- libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map
- clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src
- i2c: designware: Disable SMBus interrupts to prevent storms from mis-
configured firmware
- nvme-fc: don't hold rport lock when putting ctrl
- nvme-fabrics: add ENOKEY to no retry criteria for authentication
failures
- scsi: scsi_debug: Fix atomic write enable module param description
- block: rnbd-clt: Fix signedness bug in init_dev()
- vhost/vsock: improve RCU read sections around vhost_vsock_get()
- x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA
systems
- mmc: sdhci-msm: Avoid early clock doubling during HS400 transition
- perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister()
- lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit
- s390/dasd: Fix gendisk parent after copy pair swap
- wifi: mt76: Fix DTS power-limits on little endian systems
- block: rate-limit capacity change info log
- floppy: fix for PAGE_SIZE != 4KB
- kallsyms: Fix wrong "big" kernel symbol type read from procfs
- fs/ntfs3: fix mount failure for sparse runs in run_unpack()
- ktest.pl: Fix uninitialized var in config-bisect.pl
- ext4: clear i_state_flags when alloc inode
- ext4: fix incorrect group number assertion in mb_check_buddy
- ext4: align max orphan file size with e2fsprogs limit
- jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key
- jbd2: use a weaker annotation in journal handling
- media: v4l2-mem2mem: Fix outdated documentation
- selftests: mptcp: pm: ensure unknown flags are ignored
- mptcp: schedule rtx timer only after pushing data
- usb: usb-storage: Maintain minimal modifications to the bcdDevice range.
- media: pvrusb2: Fix incorrect variable used in trace message
- phy: broadcom: bcm63xx-usbh: fix section mismatches
- usb: ohci-nxp: fix device leak on probe failure
- usb: typec: altmodes/displayport: Drop the device reference in
dp_altmode_probe()
- USB: lpc32xx_udc: Fix error handling in probe
- usb: phy: isp1301: fix non-OF device reference imbalance
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path
- usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe
- usb: dwc3: keep susphy enabled during exit to avoid controller faults
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
- intel_th: Fix error handling in intel_th_output_open
- mei: gsc: add dependency on Xe driver
- serial: sh-sci: Check that the DMA cookie is valid
- cpuidle: governors: teo: Drop misguided target residency check
- cpufreq: nforce2: fix reference count leak in nforce2
- NFSD: use correct reservation type in nfsd4_scsi_fence_client
- scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow
- scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error
- f2fs: fix age extent cache insertion skip on counter overflow
- f2fs: fix uninitialized one_time_gc in victim_sel_policy
- tools/testing/nvdimm: Use per-DIMM device handle
- KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on
#SMI)
- powerpc: Add reloc_offset() to font bitmap pointer used for
bootx_printf()
- KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with
period=0
- KVM: x86: Explicitly set new periodic hrtimer expiration in
apic_timer_fn()
- KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN
- KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation
- KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN
- KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-
Exit
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed
VMRUN)
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits
- xfs: fix a memory leak in xfs_buf_item_init()
- xfs: fix stupid compiler warning
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM
- r8169: fix RTL8117 Wake-on-Lan in DASH mode
- net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write
- NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap
- nfsd: Mark variable __maybe_unused to avoid W=1 build break
- svcrdma: return 0 on success from svc_rdma_copy_inline_range
- s390/ipl: Clear SBP flag when bootprog is set
- gpio: regmap: Fix memleak in error path in gpio_regmap_register()
- io_uring: fix min_wait wakeups for SQPOLL
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
- drm/amd/display: Fix scratch registers offsets for DCN35
- drm/amd/display: Fix scratch registers offsets for DCN351
- drm/displayid: pass iter to drm_find_displayid_extension()
- ALSA: wavefront: Use guard() for spin locks
- pinctrl: renesas: rzg2l: Fix ISEL restore on resume
- arm64: Revamp HCR_EL2.E2H RES1 detection
- dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains
and resets
- dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains
and resets
- dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains
and resets
- dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains
and resets
- dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains
and resets
- dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains
and resets
- dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains
and resets
- crypto: caam - Add check for kcalloc() in test_len()
- amba: tegra-ahb: Fix device leak on SMMU enable
- virtio: vdpa: Fix reference count leak in octep_sriov_enable()
- tracing: Fix fixed array of synthetic event
- soc: samsung: exynos-pmu: fix device leak on regmap lookup
- soc: qcom: pbs: fix device leak on lookup
- soc: qcom: ocmem: fix device leak on lookup
- soc: apple: mailbox: fix device leak on lookup
- soc: amlogic: canvas: fix device leak on lookup
- rpmsg: glink: fix rpmsg device leak
- platform/x86: intel: chtwc_int33fe: don't dereference swnode args
- i2c: amd-mp2: fix reference leak in MP2 PCI device
- interconnect: qcom: sdx75: Drop QPIC interconnect and BCM nodes
- hwmon: (max16065) Use local variable to avoid TOCTOU
- hwmon: (max6697) fix regmap leak on probe failure
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU
- ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32
- x86/msi: Make irq_retrigger() functional for posted MSI
- wifi: rtw88: limit indirect IO under powered off for RTL8822CS
- wifi: cfg80211: sme: store capped length in __cfg80211_connect_result()
- wifi: mac80211: do not use old MBSSID elements
- i40e: fix scheduling in set_rx_mode
- i40e: validate ring_len parameter against hardware-specific values
- idpf: reduce mbx_task schedule delay to 300us
- net: mdio: aspeed: add dummy read to avoid read-after-write issue
- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy
- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event
names
- platform/x86: msi-laptop: add missing sysfs_remove_group()
- platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic
- net: dsa: fix missing put_device() in dsa_tree_find_first_conduit()
- amd-xgbe: reset retries and mode on RX adapt failures
- Revert "UBUNTU: SAUCE: selftests: net: fix "buffer overflow detected"
for tap.c"
- selftests: net: fix "buffer overflow detected" for tap.c
- genalloc.h: fix htmldocs warning
- firewire: nosy: Fix dma_free_coherent() size
- net: dsa: b53: skip multicast entries for fdb_dump()
- kbuild: fix compilation of dtb specified on command-line without make
rule
- net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group
struct
- vfio/pds: Fix memory leak in pds_vfio_dirty_enable()
- RDMA/efa: Remove possible negative shift
- RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr()
- RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db()
- RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send
- RDMA/bnxt_re: Fix to use correct page size for PDE table
- md: Fix static checker warning in analyze_sbs
- RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation
- RDMA/bnxt_re: fix dma_free_coherent() pointer
- blk-mq: skip CPU offline notify on unmapped hctx
- selftests/ftrace: traceonoff_triggers: strip off names
- ntfs: Do not overwrite uptodate pages
- ASoC: codecs: wcd939x: fix regmap leak on probe failure
- ASoC: stm32: sai: fix device leak on probe
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure
- ASoC: codecs: lpass-tx-macro: fix SM6115 support
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation of
appl_ptr
- ASoC: qcom: q6asm-dai: perform correct state check before closing
- ASoC: qcom: q6adm: the the copp device only during last instance
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment.
- iommu/amd: Fix pci_segment memleak in alloc_pci_segment()
- iommu/amd: Propagate the error code returned by __modify_irte_ga() in
modify_irte_ga()
- iommu/apple-dart: fix device leak on of_xlate()
- iommu/exynos: fix device leak on of_xlate()
- iommu/ipmmu-vmsa: fix device leak on of_xlate()
- iommu/mediatek-v1: fix device leak on probe_device()
- iommu/mediatek-v1: fix device leaks on probe()
- iommu/mediatek: fix device leak on of_xlate()
- iommu/omap: fix device leaks on probe_device()
- iommu/qcom: fix device leak on of_xlate()
- iommu/sun50i: fix device leak on of_xlate()
- iommu/tegra: fix device leak on probe_device()
- HID: logitech-dj: Remove duplicate error logging
- fgraph: Initialize ftrace_ops->private for function graph ops
- fgraph: Check ftrace_pids_enabled on registration for early filtering
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths
- arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power
regulator
- powerpc, mm: Fix mprotect on book3s 32-bit
- leds: leds-cros_ec: Skip LEDs without color components
- leds: leds-lp50xx: Allow LED 0 to be added to module bank
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs
- leds: leds-lp50xx: Enable chip before any communication
- block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices
- media: rc: st_rc: Fix reset control resource leak
- media: verisilicon: Fix CPU stalls on G2 bus error
- mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions
- mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips
- mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips
- mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips
- mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips
- mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips
- mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips
- parisc: entry.S: fix space adjustment on interruption for 64-bit
userspace
- parisc: entry: set W bit for !compat tasks in syscall_restore_rfi()
- perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init()
on error
- powerpc/pseries/cmm: call balloon_devinfo_init() also without
CONFIG_BALLOON_COMPACTION
- firmware: stratix10-svc: Add mutex in stratix10 memory management
- dm-ebs: Mark full buffer dirty even on partial write
- dm-bufio: align write boundary on physical block size
- fbdev: gbefb: fix to use physical address instead of dma address
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing
- fbdev: tcx.c fix mem_map to correct smem_start offset
- media: cec: Fix debugfs leak on bus_register() failure
- media: msp3400: Avoid possible out-of-bounds array accesses in
msp3400c_thread()
- media: platform: mtk-mdp3: fix device leaks at probe
- media: renesas: rcar_drif: fix device node reference leak in
rcar_drif_bond_enabled
- media: samsung: exynos4-is: fix potential ABBA deadlock on init
- media: TDA1997x: Remove redundant cancel_delayed_work in probe
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index
- media: videobuf2: Fix device reference leak in vb2_dc_alloc error path
- media: vpif_capture: fix section mismatch
- media: vpif_display: fix section mismatch
- media: amphion: Cancel message work before releasing the VPU core
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe
- media: mediatek: vcodec: Fix a reference leak in
mtk_vcodec_fw_vpu_init()
- LoongArch: Add new PCI ID for pci_fixup_vgadev()
- LoongArch: Correct the calculation logic of thread_count
- LoongArch: Fix build errors for CONFIG_RANDSTRUCT
- LoongArch: Use __pmd()/__pte() for swap entry conversions
- LoongArch: Use unsigned long for _end and _text
- mm/damon/tests/sysfs-kunit: handle alloc failures on
damon_sysfs_test_add_targets()
- mm/damon/tests/vaddr-kunit: handle alloc failures in
damon_test_split_evenly_fail()
- mm/damon/tests/vaddr-kunit: handle alloc failures on
damon_test_split_evenly_succ()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_split_at()
- mm/damon/tests/core-kunit: handle allocation failures in
damon_test_regions()
- mm/damon/tests/core-kunit: handle memory failure from
damon_test_target()
- mm/damon/tests/core-kunit: handle memory alloc failure from
damon_test_aggregate()
- mm/damon/tests/core-kunit: handle alloc failures on
dasmon_test_merge_regions_of()
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_merge_two()
- mm/damon/tests/core-kunit: handle alloc failures in
damon_test_set_regions()
- mm/damon/tests/core-kunit: handle alloc failures in
damon_test_update_monitoring_result()
- mm/damon/tests/core-kunit: handle alloc failures in
damon_test_ops_registration()
- mm/damon/tests/core-kunit: handle alloc failure on
damon_test_set_attrs()
- pmdomain: imx: Fix reference count leak in imx_gpc_probe()
- compiler_types.h: add "auto" as a macro for "__auto_type"
- mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN
- kasan: refactor pcpu kasan vmalloc unpoison
- kasan: unpoison vms[area] addresses with a common tag
- lockd: fix vfs_test_lock() calls
- idr: fix idr_alloc() returning an ID out of range
- mm/page_owner: fix memory leak in page_owner_stack_fops->release()
- tools/mm/page_owner_sort: fix timestamp comparison for stable sorting
- samples/ftrace: Adjust LoongArch register restore order in direct calls
- fjes: Add missing iounmap in fjes_hw_init()
- LoongArch: Refactor register restoration in ftrace_common_return
- LoongArch: BPF: Zero-extend bpf_tail_call() index
- nfsd: Drop the client reference in client_states_open()
- net: usb: sr9700: fix incorrect command used to write single register
- net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to
macb_open()
- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma
- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers
- drm/buddy: Optimize free block management with RB tree
- drm/buddy: Separate clear and dirty free block trees
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg()
- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident
- drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse()
- drm/mediatek: Fix probe resource leaks
- drm/mediatek: Fix probe memory leak
- drm/mediatek: Fix probe device leaks
- drm/amdkfd: Trap handler support for expert scheduling mode
- drm/i915: Fix format string truncation warning
- drm/mgag200: Fix big-endian support
- drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table
- drm/xe/oa: Disallow 0 OA property values
- drm/xe: Adjust long-running workload timeslices to reasonable values
- drm/xe: Use usleep_range for accurate long-running workload timeslicing
- drm/xe: Drop preempt-fences when destroying imported dma-bufs.
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in
prepare_fb
- drm/imagination: Disallow exporting of PM/FW protected objects
- lib/crypto: riscv/chacha: Avoid s0/fp register
- gfs2: fix freeze error handling
- btrfs: don't rewrite ret from inode_permission
- sched/eevdf: Fix min_vruntime vs avg_vruntime
- erofs: fix unexpected EIO under memory pressure
- sched_ext: Fix incorrect sched_class settings for per-cpu migration
tasks
- jbd2: fix the inconsistency between checksum and data in memory for
journal sb
- xhci: dbgtty: fix device unregister: fixup
- f2fs: fix to detect recoverable inode during dryrun of
find_fsync_dnodes()
- serial: core: Restore sysfs fwnode information
- mptcp: pm: ignore unknown endpoint flags
- mm/ksm: fix exec/fork inheritance support for prctl
- ARM: dts: microchip: sama7g5: fix uart fifo size to 32
- tpm2-sessions: Fix out of range indexing in name_size
- tpm2-sessions: Fix tpm2_read_public range checks
- sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue()
- sched_ext: Fix missing post-enqueue handling in
move_local_task_to_local_dsq()
- drm/displayid: add quirk to ignore DisplayID checksum errors
- serial: xilinx_uartps: fix rs485 delay_rts_after_send
- f2fs: add timeout in f2fs_enable_checkpoint()
- f2fs: dump more information for f2fs_{enable,disable}_checkpoint()
- f2fs: fix to propagate error from f2fs_enable_checkpoint()
- gpiolib: acpi: Add quirk for Dell Precision 7780
- serial: core: Fix serial device initialization
- media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio
- ASoC: renesas: rz-ssi: Fix channel swap issue in full duplex mode
- block: handle zone management operations completions
- ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime
- ASoC: renesas: rz-ssi: Fix rz_ssi_priv::hw_params_cache::sample_width
- PCI: brcmstb: Fix disabling L0s capability
- powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages
- media: amphion: Make some vpu_v4l2 functions static
- media: amphion: Remove vpu_vb_is_codecconfig
- vfio/pci: Disable qword access to the PCI ROM bar
- mm/damon/tests/core-kunit: handle alloc failures on
damon_test_split_regions_of()
- mm/damon/tests/core-kunit: handle alloc failres in
damon_test_new_filter()
- mm/damon/tests/vaddr-kunit: handle alloc failures on
damon_do_test_apply_three_regions()
- block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio()
- bpf: Fix truncated dmabuf iterator reads
- bpf: Fix verifier assumptions of bpf_d_path's output buffer
- btrfs: fix changeset leak on mmap write after failure to reserve
metadata
- scripts: kdoc_parser.py: warn about Python version only once
- crypto: ccp - Add support for PCI device 0x115A
- hfsplus: fix volume corruption issue for generic/101
- Bluetooth: btusb: add new custom firmwares
- net/mlx5: make enable_mpesw idempotent
- net: phy: realtek: eliminate priv->phycr2 variable
- net: phy: realtek: eliminate has_phycr2 variable
- net: phy: realtek: allow CLKOUT to be disabled on RTL8211F(D)(I)-VD-CG
- net: phy: realtek: eliminate priv->phycr1 variable
- net: phy: realtek: create rtl8211f_config_phy_eee() helper
- net: phy: RTL8211FVD: Restore disabling of PHY-mode EEE
- net: ti: icssg-prueth: add PTP_1588_CLOCK_OPTIONAL dependency
- selftests: net: Fix build warnings
- selftests: net: tfo: Fix build warning
- inet: frags: avoid theoretical race in ip_frag_reinit()
- inet: frags: add inet_frag_queue_flush()
- selftests: netfilter: prefer xfail in case race wasn't triggered
- can: j1939: make j1939_sk_bind() fail if device is no longer registered
- net/mlx5e: Use ip6_dst_lookup instead of ipv6_dst_lookup_flow for MAC
init
- net/mlx5e: Trigger neighbor resolution for unresolved destinations
- drm/tests: hdmi: Handle drm_kunit_helper_enable_crtc_connector()
returning EDEADLK
- drm/tests: Handle EDEADLK in drm_test_check_valid_clones()
- drm/tests: Handle EDEADLK in set_up_atomic_state()
- selftests: ublk: fix overflow in ublk_queue_auto_zc_fallback()
- block: unify elevator tags and type xarrays into struct elv_change_ctx
- block: move elevator tags into struct elevator_resources
- block: introduce alloc_sched_data and free_sched_data elevator methods
- block: use {alloc|free}_sched data methods
- spi: microchip: rename driver file and internal identifiers
- [Config] Remove CONFIG_SPI_MICROCHIP_CORE
- spi: mpfs: Fix an error handling path in mpfs_spi_probe()
- drm/xe: Fix freq kobject leak on sysfs_create_files failure
- drm/xe: Apply Wa_14020316580 in xe_gt_idle_enable_pg()
- drm/xe: Increase TDF timeout
- io_uring: fix nr_segs calculation in io_import_kbuf
- ublk: add parameter `struct io_uring_cmd *` to ublk_prep_auto_buf_reg()
- ublk: add `union ublk_io_buf` with improved naming
- ublk: refactor auto buffer register in ublk_dispatch_req()
- drm/xe/oa: Always set OAG_OAGLBCTXCTRL_COUNTER_RESUME
- amd/iommu: Preserve domain ids inside the kdump kernel
- arm64: dts: mediatek: Apply mt8395-radxa DT overlay at build time
- Input: apple_z2 - fix reading incorrect reports after exiting sleep
- Input: xpad - add support for CRKD Guitars
- platform/x86: intel_pmc_ipc: fix ACPI buffer memory leak
- x86/mm/tlb/trace: Export the TLB_REMOTE_WRONG_CPU enum in
<trace/events/tlb.h>
- ASoC: fsl_sai: Constrain sample rates from audio PLLs only in master
mode
- ASoC: SDCA: support Q7.8 volume format
- ASoC: ops: fix snd_soc_get_volsw for sx controls
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI
- usb: xhci: Don't unchain link TRBs on quirky HCs
- platform/x86: wmi-gamezone: Add Legion Go 2 Quirks
- hwmon: (emc2305) fix device node refcount leak in error path
- hwmon: (emc2305) fix double put in emc2305_probe_childs_from_dt
- ublk: add helpers to check ublk_device flags
- rust/drm/gem: Fix missing header in `Object` rustdoc
- rust: dma: add helpers for architectures without CONFIG_HAS_DMA
- samples: rust: fix endianness issue in rust_driver_pci
- rust: io: define ResourceSize as resource_size_t
- rust: io: move ResourceSize to top-level io module
- rust: io: add typedef for phys_addr_t
- clk: keystone: syscon-clk: fix regmap leak on probe failure
- printk: Avoid scheduling irq_work on suspend
- sched_ext: Fix the memleak for sch->helper objects
- sched_ext: Fix bypass depth leak on scx_enable() failure
- dt-bindings: clock: mmcc-sdm660: Add missing MDSS reset
- phy: exynos5-usbdrd: fix clock prepare imbalance
- efi: Add missing static initializer for efi_mm::cpus_allowed_lock
- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
- printk: Allow printk_trigger_flush() to flush all types
- printk: Avoid irq_work for printk_deferred() on suspend
- mm/huge_memory: add pmd folio to ds_queue in do_huge_zero_wp_pmd()
- crash: let architecture decide crash memory export to iomem_resource
- usb: typec: ucsi: huawei-gaokin: add DRM dependency
- f2fs: clean up w/ get_left_section_blocks()
- f2fs: fix to not account invalid blocks in get_left_section_blocks()
- KVM: selftests: Forcefully override ARCH from x86_64 to x86
- KVM: Fix last_boosted_vcpu index assignment bug
- KVM: TDX: Explicitly set user-return MSRs that *may* be clobbered by the
TDX-Module
- KVM: x86: Apply runtime updates to current CPUID during
KVM_SET_CPUID{,2}
- KVM: selftests: Add missing "break" in rseq_test's param parsing
- xfs: fix the zoned RT growfs check for zone alignment
- xfs: validate that zoned RT devices are zone aligned
- arm64/gcs: Flush the GCS locking state on exec
- ALSA: hda/realtek: Add Asus quirk for TAS amplifiers
- NFSD: Clear TIME_DELEG in the suppattr_exclcreat bitmap
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated
- gpio: loongson: Switch 2K2000/3000 GPIO to BYTE_CTRL_MODE
- crypto: arm64/ghash - Fix incorrect output from ghash-neon
- zloop: fail zone append operations that are targeting full zones
- zloop: make the write pointer of full zones invalid
- vfio: Fix ksize arg while copying user struct in
vfio_df_ioctl_bind_iommufd()
- rtla/timerlat_bpf: Stop tracing on user latency
- pwm: rzg2l-gpt: Allow checking period_tick cache value only if sibling
channel is enabled
- lib/crypto: riscv: Depend on RISCV_EFFICIENT_VECTOR_UNALIGNED_ACCESS
- [Config] Disable accelerated crypto for riscv64 by default
- io_uring/rsrc: fix lost entries after cloned range
- ARM: dts: microchip: sama7d65: fix uart fifo size to 32
- ice: add missing ice_deinit_hw() in devlink reinit path
- arp: do not assume dev_hard_header() does not change skb->head
- firmware: imx: scu-irq: Set mu_resource_id before get handle
- tpm: Compare HMAC values in constant time
- keys/trusted_keys: fix handle passed to tpm_buf_append_name during
unseal
- intel_th: fix device leak on output open()
- Upstream stable to v6.18.2, v6.12.64, v6.18.3
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68791
- fuse: missing copy_finish in fuse-over-io-uring argument copies
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68805
- fuse: fix io-uring list corruption for terminated non-committed requests
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68812
- media: iris: Add sanity check for stop streaming
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71117
- block: Remove queue freezing from several sysfs store callbacks
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71070
- ublk: clean up user copy references on ublk server exit
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71124
- drm/msm/a6xx: move preempt_prepare_postamble after error check
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71115
- um: init cpu_tasks[] earlier
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68823
- ublk: fix deadlock when reading partition table
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68793
- drm/amdgpu: fix a job->pasid access race in gpu recovery
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68807
- block: fix race between wbt_enable_default and IO submission
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68768
- inet: frags: flush pending skbs in fqdir_pre_exit()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71140
- media: mediatek: vcodec: Use spinlock for context list protection lock
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71156
- gve: defer interrupt enabling until NAPI registration
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2024-36347
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo
- x86/microcode/AMD: Select which microcode patch to load
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71068
- svcrdma: bound check rq_pages index in inline path
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68772
- f2fs: fix to avoid updating compression context during writeback
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71105
- f2fs: use global inline_xattr_slab instead of per-sb slab cache
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71130
- drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71138
- drm/msm/dpu: Add missing NULL pointer check for pingpong interface
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71083
- drm/ttm: Avoid NULL pointer deref for evicted BOs
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71099
- drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71079
- net: nfc: fix deadlock between nfc_unregister_device and
rfkill_fop_write
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71129
- LoongArch: BPF: Sign extend kfunc call arguments
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71093
- e1000: fix OOB in e1000_tbi_should_accept()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71084
- RDMA/cm: Fix leaking the multicast GID table reference
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71096
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71136
- media: adv7842: Avoid possible out-of-bounds array accesses in
adv7842_cp_log_status()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71143
- clk: samsung: exynos-clkout: Assign .num before accessing .hws
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71078
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71089
- iommu: disable SVA when CONFIG_X86 is set
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71081
- ASoC: stm32: sai: fix OF node leak on probe
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71153
- ksmbd: Fix memory leak in get_file_all_info()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71135
- md/raid5: fix possible null-pointer dereferences in
raid5_store_group_thread_cnt()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71157
- RDMA/core: always drop device refcount in ib_del_sub_device_and_put()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71133
- RDMA/irdma: avoid invalid read in irdma_net_event
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71080
- ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71086
- net: rose: fix invalid array index in rose_kill_by_device()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71097
- ipv4: Fix reference count leak when using error routes with nexthop
objects
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71085
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71095
- net: stmmac: fix the crash issue for zero copy XDP_TX action
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71137
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71101
- platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package
parsing
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71094
- net: usb: asix: validate PHY address before use
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71132
- smc91x: fix broken irq-context in PREEMPT_RT
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71154
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71091
- team: fix check for port enabled in
team_queue_override_port_prio_changed()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71098
- ip6_gre: make ip6gre_header() robust
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71082
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71131
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71087
- iavf: fix off-by-one issues in iavf_config_rss_reg()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71100
- wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68821
- fuse: fix readahead reclaim deadlock
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71071
- iommu/mediatek: fix use-after-free on probe deferral
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71111
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71113
- crypto: af_alg - zero initialize memory allocated via sock_kmalloc
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71149
- io_uring/poll: correctly handle io_poll_add() return value on update
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68778
- btrfs: don't log conflicting inode if it's a dir moved in the current
transaction
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71119
- powerpc/kexec: Enable SMT before waking offline CPUs
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71120
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in
gss_read_proxy_verf
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68811
- svcrdma: use rc_pageoff for memcpy byte offset
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68803
- NFSD: NFSv4 file creation neglects setting ACL
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71148
- net/handshake: restore destructor on submit failure
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68788
- fsnotify: do not generate ACCESS/MODIFY events on child for special
files
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71125
- tracing: Do not register unsupported perf events
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68784
- xfs: fix a UAF problem in xattr repair
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71104
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV
timer
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71116
- libceph: make decode_pool() more resilient against corrupted osdmaps
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71121
- parisc: Do not reprogram affinitiy on ASP chip
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71102
- scs: fix a wrong parameter in __scs_magic
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68804
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68771
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68808
- media: vidtv: initialize local pointers upon transfer of memory
ownership
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68810
- KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68769
- f2fs: fix return value of f2fs_recover_fsync_data()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71069
- f2fs: invalidate dentry cache on failed whiteout creation
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68796
- f2fs: fix to avoid updating zero-sized extent in extent cache
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71065
- f2fs: fix to avoid potential deadlock
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71107
- f2fs: ensure node page reads complete before f2fs_put_super() finishes
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68782
- scsi: target: Reset t_task_cdb pointer in error case
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71075
- scsi: aic94xx: fix use-after-free in device removal path
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68818
- scsi: Revert "scsi: qla2xxx: Perform lockless command completion in
abort path"
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68797
- char: applicom: fix NULL pointer dereference in ac_ioctl
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68781
- usb: phy: fsl-usb: Fix use-after-free in delayed work during device
removal
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68819
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71126
- mptcp: avoid deadlock on fallback while reinjecting
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68820
- ext4: xattr: fix null pointer deref in ext4_raw_inode()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71123
- ext4: fix string copying in parse_apply_sb_mount_options()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71077
- tpm: Cap the number of PCR banks
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68814
- io_uring: fix filename leak in __io_openat_prep()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71147
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71151
- cifs: Fix memory and information leak in smb3_reconfigure()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71109
- MIPS: ftrace: Fix memory corruption when kernel is located beyond 32
bits
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71108
- usb: typec: ucsi: Handle incorrect num_connectors capability
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71114
- via_wdt: fix critical boot hang due to unnamed resource allocation
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68783
- ALSA: usb-mixer: us16x08: validate meter packet indices
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68776
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68773
- spi: fsl-cpm: Check length parity before switching to 16 bit mode
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68822
- Input: alps - fix use-after-free bugs caused by dev3_register_work
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71073
- Input: lkkbd - disable pending work before freeing device
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68777
- Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68806
- ksmbd: fix buffer validation by including null terminator size in EA
length
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71150
- ksmbd: Fix refcount leak when invalid session is found on session lookup
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68786
- ksmbd: skip lock-range check on equal size to avoid size==0 underflow
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71076
- drm/xe/oa: Limit num_syncs to prevent oversized allocations
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68802
- drm/xe: Limit num_syncs to prevent oversized allocations
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68789
- hwmon: (ibmpex) fix use-after-free in high/low store
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71112
- net: hns3: add VLAN id validation before using
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71064
- net: hns3: using the num_tqps in the vf driver to apply for resources
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68775
- net/handshake: duplicate handshake cancellations leak socket
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68816
- net/mlx5: fw_tracer, Validate format string parameters
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68795
- ethtool: Avoid overflowing userspace buffer on stats query
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71122
- iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68815
- net/sched: ets: Remove drr class from the active list if it changes to
strict
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68799
- caif: fix integer underflow in cffrml_receive()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68813
- ipvs: fix ipv4 null-ptr-deref in route error path
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68785
- net: openvswitch: fix middle attribute validation in push_nsh() action
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68770
- bnxt_en: Fix XDP_TX path
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68800
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route
stats
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68801
- mlxsw: spectrum_router: Fix neighbour use-after-free
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71066
- net/sched: ets: Always remove class from active list before deleting in
ets_qdisc_change
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68787
- netrom: Fix memory leak in nr_sendmsg()
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68809
- ksmbd: vfs: fix race on m_flags in vfs_cache
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68817
- ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68767
- hfsplus: Verify inode mode when loading from disk
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68774
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71067
- ntfs: set dummy blocksize to read boot_block when mounting
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71118
- ACPICA: Avoid walking the Namespace if start_node is NULL
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68780
- sched/deadline: only set free_cpus for online runqueues
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68798
- perf/x86/amd: Check event before enable to avoid GPF
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68794
- iomap: adjust read range correctly for non-block-aligned positions
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-71072
- shmem: fix recovery on rename failures
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68351
- exfat: fix refcount leak in exfat_find
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68736
- landlock: Fix handling of disconnected directories
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68353
- net: vxlan: prevent NULL deref in vxlan_xmit_one
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68745
- scsi: qla2xxx: Clear cmds after chip reset
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68365
- fs/ntfs3: Initialize allocated memory before use
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68368
- md: init bioset in mddev_init
* Questing update: upstream stable patchset 2026-03-04 (LP: #2142250) //
CVE-2025-68725
- bpf: Do not let BPF test infra emit invalid GSO types to stack
* CVE-2026-23111
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate()
* CVE-2026-23209
- macvlan: fix error recovery in macvlan_common_newlink()
* CVE-2026-23074
- net/sched: Enforce that teql can only be used as root qdisc
* CVE-2026-23060
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
spec
Date: 2026-03-26 14:01:11.338235+00:00
Changed-By: Edoardo Canepa <edoardo.canepa at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-hwe-6.17/6.17.0-22.22~24.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list