[ubuntu/noble-updates] linux-ibm 6.8.0-1055.56 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu May 14 17:11:55 UTC 2026
linux-ibm (6.8.0-1055.56) noble; urgency=medium
* noble/linux-ibm: 6.8.0-1055.56 -proposed tracker (LP: #2151041)
[ Ubuntu: 6.8.0-117.117 ]
* noble/linux: 6.8.0-117.117 -proposed tracker (LP: #2151070)
* CVE-2026-31419
- net: bonding: fix use-after-free in bond_xmit_broadcast()
* CVE-2026-31431
- crypto: scatterwalk - Backport memcpy_sglist()
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
- crypto: algif_aead - Revert to operating out-of-place
- crypto: algif_aead - snapshot IV for async AEAD requests
- crypto: authenc - use memcpy_sglist() instead of null skcipher
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place
decryption
- crypto: authencesn - Fix src offset when decrypting in-place
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
- crypto: algif_aead - Fix minimum RX size check for decryption
* CVE-2026-31533
- net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
* CVE-2026-31504
- net: fix fanout UAF in packet_release() via NETDEV_UP race
linux-ibm (6.8.0-1054.55) noble; urgency=medium
* noble/linux-ibm: 6.8.0-1054.55 -proposed tracker (LP: #2150020)
[ Ubuntu: 6.8.0-116.116 ]
* noble/linux: 6.8.0-116.116 -proposed tracker (LP: #2150048)
* Linux kernel 6.17.0-22.22 breaks amdxdna (LP: #2149766)
- Revert "iommu: disable SVA when CONFIG_X86 is set"
* Revert "netfilter: conntrack: fix erronous removal of offload bit"
(LP: #2149762)
- Revert "netfilter: conntrack: fix erronous removal of offload bit"
linux-ibm (6.8.0-1053.53) noble; urgency=medium
* noble/linux-ibm: 6.8.0-1053.53 -proposed tracker (LP: #2147954)
[ Ubuntu: 6.8.0-114.114 ]
* noble/linux: 6.8.0-114.114 -proposed tracker (LP: #2148397)
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465)
- SAUCE: Fix skb_vlan_inet_prepare() usage
[ Ubuntu: 6.8.0-112.112 ]
* noble/linux: 6.8.0-112.112 -proposed tracker (LP: #2147982)
* Canonical Kmod 2025 key rotation (LP: #2147447)
- [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing
extensible
- [Packaging] ubuntu-compatible-signing -- allow consumption of positive
certs
- [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key
- [Config] prepare for Canonical Kmod key rotation
- [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key
* Remount ext4 to readonly with data=journal mode may dump call trace
(LP: #2147400)
- ext4: fix stale xarray tags after writeback
* Compile error due to nonexistent struct member with CONFIG_PCI_EPF_TEST
(LP: #2147065)
- SAUCE: Revert "PCI: endpoint: pci-epf-test: Limit PCIe BAR size for
fixed BARs"
* BUG: kernel NULL pointer dereference in amdgpu (LP: #2144577)
- drm/amdgpu: validate the flush_gpu_tlb_pasid()
- drm/amdgpu: Fix validating flush_gpu_tlb_pasid()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841)
- x86/kfence: fix booting on 32bit non-PAE systems
- platform/x86: intel_telemetry: Fix swapped arrays in PSS output
- pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest
state
- pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup
- pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset
- pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system
wakeup
- rbd: check for EOD after exclusive lock is ensured to be held
- ARM: 9468/1: fix memset64() on big-endian
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
- binder: fix BR_FROZEN_REPLY error log
- binderfs: fix ida_alloc_max() upper bound
- KVM: selftests: Add -U_FORTIFY_SOURCE to avoid some unpredictable test
failures
- tracing: Fix ftrace event field alignments
- net: usb: sr9700: support devices with virtual driver CD
- block,bfq: fix aux stat accumulation destination
- LoongArch: Set correct protection_map[] for VM_NONE/VM_SHARED
- HID: intel-ish-hid: Update ishtp bus match to support device ID table
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
- HID: intel-ish-hid: Reset enum_devices_done before enumeration
- HID: playstation: Center initial joystick axes to prevent spurious
events
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
- netfilter: replace -EEXIST with -EBUSY
- HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101)
- ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free
- wifi: mac80211: collect station statistics earlier when disconnect
- ASoC: davinci-evm: Fix reference leak in davinci_evm_probe
- ASoC: amd: yc: Fix microphone on ASUS M6500RE
- ASoC: tlv320adcx140: Propagate error codes during probe
- spi: hisi-kunpeng: Fixed the wrong debugfs node name in hisi_spi debugfs
initialization
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
- wifi: mac80211: correctly check if CSA is active
- wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice
- platform/x86: intel_telemetry: Fix PSS event register mask
- platform/x86: hp-bioscfg: Skip empty attribute names
- net: add skb_header_pointer_careful() helper
- net: don't touch dev->stats in BPF redirect paths
- tipc: use kfree_sensitive() for session key material
- net: ethernet: adi: adin1110: Check return value of
devm_gpiod_get_optional() in adin1110_check_spi()
- drm/mgag200: fix mgag200_bmc_stop_scanout()
- hwmon: (occ) Mark occ_init_attribute() as __printf
- ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF
- gve: Correct ethtool rx_dropped calculation
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed
transfer
- spi: tegra210-quad: Move curr_xfer read inside spinlock
- spi: tegra210-quad: Protect curr_xfer assignment in
tegra_qspi_setup_transfer_one
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
- spi: tegra210-quad: Protect curr_xfer clearing in
tegra_qspi_non_combined_seq_xfer
- spi: tegra114: Preserve SPI mode bits in def_command1_reg
- ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU.
- PCI/ERR: Ensure error recoverability at all times
- ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55
- PCI: qcom: Remove ASPM L0s support for MSM8996 SoC
- HID: logitech: add HID++ support for Logitech MX Anywhere 3S
- ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio
- net: phy: add phy_interface_weight()
- net: phy: add phy_interface_copy()
- net: sfp: pre-parse the module support
- net: sfp: enhance quirk for Fibrestore 2.5G copper SFP module
- net: sfp: convert sfp quirks to modify struct sfp_module_support
- net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module
- drm/amd/display: fix wrong color value mapping on MCM shaper LUT
- drm/xe/query: Fix topology query pointer advance
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update()
- gpiolib-acpi: Update file references in the Documentation and
MAINTAINERS
- Upstream stable to v6.6.124, v6.12.70
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23214
- btrfs: reject new transactions if the fs is fully read-only
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23213
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2025-71225
- md: suspend array while updating raid_disks via sysfs
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2025-68823
- ublk: fix deadlock when reading partition table
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23191
- ALSA: aloop: Fix racy access at PCM trigger
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23215
- x86/vmware: Fix hypercall clobbers
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23182
- spi: tegra: Fix a memory leak in tegra_slink_probe()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23190
- ASoC: amd: fix memory leak in acp3x pdm dma ops
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23254
- net: gro: fix outer network offset
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23180
- dpaa2-switch: add bounds check for if_id in IRQ handler
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23256
- net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23257
- net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23258
- net: liquidio: Initialize netdev pointer before queue setup
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23206
- dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23204
- net/sched: cls_u32: use skb_header_pointer_careful()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23205
- smb/client: fix memory leak in smb2_open_file()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23176
- platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23216
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23193
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23260
- regmap: maple: free entry on mas_store_gfp() failure
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23179
- nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23261
- nvme-fc: release admin tagset if init fails
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23178
- HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2025-71268
- btrfs: fix reservation leak in some error paths when inserting inline
extent
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2025-71270
- LoongArch: Enable exception fixup for specific ADE subcode
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2025-71220
- smb/server: call ksmbd_session_rpc_close() on error path in
create_smb2_pipe()
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2025-71222
- wifi: wlcore: ensure skb headroom before skb_push
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2025-71224
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23262
- gve: Fix stats report corruption on queue count change
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2025-38201
- netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23198
- KVM: Don't clobber irqfd routing type when deassigning irqfd
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23264
- Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
* Noble update: upstream stable patchset 2026-04-10 (LP: #2147841) //
CVE-2026-23187
- pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543)
- net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup()
- can: gs_usb: gs_usb_receive_bulk_callback(): fix error message
- net: bcmasp: fix early exit leak with fixed phy
- net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins()
- ipv6: use the right ifindex when replying to icmpv6 from localhost
- ice: stop counting UDP csum mismatch as rx_errors
- net/mlx5e: Report rx_discards_phy via rx_dropped
- net/mlx5e: Account for netdev stats in ndo_get_stats64
- net: bridge: fix static key check
- net/mlx5e: Skip ESN replay window setup for IPsec crypto offload
- scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg()
- ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion
- gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler
- dma/pool: distinguish between missing and exhausted atomic pools
- pinctrl: meson: mark the GPIO controller as sleeping
- riscv: compat: fix COMPAT_UTS_MACHINE definition
- rust: kbuild: give `--config-path` to `rustfmt` in `.rsi` target
- ASoC: fsl: imx-card: Do not force slot width to sample width
- scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo()
- ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO
- gpio: pca953x: mask interrupts in irq shutdown
- scsi: qla2xxx: edif: Fix dma_free_coherent() size
- mptcp: only reset subflow errors when propagated
- selftests: mptcp: check no dup close events after error
- selftests: mptcp: check subflow errors in close events
- selftests: mptcp: join: fix local endp not being tracked
- scripts: generate_rust_analyzer: Add compiler_builtins -> core dep
- drm/amdgpu/soc21: fix xclk for APUs
- drm/amdgpu/gfx10: fix wptr reset in KGQ init
- drm/amdgpu/gfx11: fix wptr reset in KGQ init
- mm/kfence: randomize the freelist on initialization
- arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state
- arm64/fpsimd: signal: Consistently read FPSIMD context
- btrfs: prevent use-after-free on page private data in
btrfs_subpage_clear_uptodate()
- net/sched: act_ife: convert comma to semicolon
- pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver
- drm/msm/a6xx: fix bogus hwcg register updates
- writeback: fix 100% CPU usage when dirtytime_expire_interval is 0
- mptcp: avoid dup SUB_CLOSED events after disconnect
- ksmbd: fix recursive locking in RPC handle list access
- bpf/selftests: test_select_reuseport_kern: Remove unused header
- can: at91_can: Fix memory leak in at91_can_probe()
- net: phy: micrel: fix clk warning when removing the driver
- net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect
- net/mlx5: Initialize events outside devlink lock
- net/mlx5: Fix vhca_id access call trace use before alloc
- bcache: fix improper use of bi_end_io
- bcache: use bio cloning for detached device requests
- bcache: fix I/O accounting leak in detached_dev_do_request
- gpio: rockchip: Stop calling pinctrl for set_direction
- mm/memory-failure: improve memory failure action_result messages
- mm/memory-failure: fix redundant updates for already poisoned pages
- mm/memory-failure: fix missing ->mf_stats count in hugetlb poison
- mm/memory-failure: teach kill_accessing_process to accept hugetlb tail
page pfn
- gpiolib: acpi: Fix potential out-of-boundary left shift
- rust: kbuild: support `-Cjump-tables=n` for Rust 1.93.0
- pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR
TX pins
- [Config] remove PINCTRL_SM8350_LPASS_LPI
- Upstream stable to v6.6.123, v6.12.69
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23148
- nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23166
- ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23151
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23163
- drm/amdgpu: fix NULL pointer dereference in
amdgpu_gmc_filter_faults_remove
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23159
- perf: sched: Fix perf crash with new is_user_task() helper
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2024-58096
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2025-40039
- ksmbd: Fix race condition in RPC handle list access
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23093
- ksmbd: smbd: fix dma_unmap_sg() nents
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23102
- arm64/fpsimd: signal: Fix restoration of SVE context
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23170
- drm/imx/tve: fix probe device leak
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23168
- flex_proportions: make fprop_new_period() hardirq safe
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23156
- efivarfs: fix error propagation in efivar_entry_get()
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23167
- nfc: nci: Fix race between rfkill and nci_unregister_device().
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23173
- net/mlx5e: TC, delete flows only for existing peers
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23150
- nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23164
- rocker: fix memory leak in rocker_world_port_post_fini()
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23172
- net: wwan: t7xx: fix potential skb->frags overflow in RX path
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23212
- bonding: annotate data-races around slave->last_rx
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23160
- octeon_ep: Fix memory leak in octep_device_setup()
* Noble update: upstream stable patchset 2026-04-08 (LP: #2147543) //
CVE-2026-23146
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
* CVE-2026-23394
- af_unix: Give up GC if MSG_PEEK intervened.
* [SRU] MIPI camera is not working after upgrading to 6.17-oem
(LP: #2145171)
- SAUCE: ACPI: respect items already in honor_dep before skipping
* ADATA SU680 causes repeated SATA resets and I/O errors on Ubuntu unless
link power management is forced to max_performance (LP: #2144060)
- ata: libata-core: disable LPM on ADATA SU680 SSD
* intel_idle: add Clearwater Forest SoC support (LP: #2144006)
- intel_idle: add Clearwater Forest SoC support
* Noble kernel 6.8.0-108 does not compile when KASAN enabled (LP: #2144914)
- mm/kasan: fix incorrect unpoisoning in vrealloc for KASAN
* Generic noble linux throws warning from file tegra-i2c.c (LP: #2143152)
- i2c: tegra: Use internal reset when reset property is not available
* [SRU] Duplicated entries in /proc/<pid>/mountinfo (LP: #2143083)
- namespace: fix proc mount iteration
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465)
- firmware: imx: scu-irq: Set mu_resource_id before get handle
- efi/cper: Fix cper_bits_to_str buffer handling and return value
- ASoC: codecs: wsa884x: fix codec initialisation
- xfrm: Fix inner mode lookup in tunnel mode GSO segmentation
- net: bridge: annotate data-races around fdb->{updated,used}
- net: update netdev_lock_{type,name}
- vsock/test: add a final full barrier after run all tests
- net/mlx5e: Restore destroying state bit after profile cleanup
- btrfs: store fs_info in space_info
- btrfs: factor out init_space_info() from create_space_info()
- btrfs: factor out check_removing_space_info() from
btrfs_free_block_groups()
- btrfs: introduce btrfs_space_info sub-group
- btrfs: fix memory leaks in create_space_info() error paths
- selftests: drv-net: fix RPS mask handling for high CPU numbers
- ASoC: tlv320adcx140: fix word length
- textsearch: describe @list member in ts_ops search
- mm, kfence: describe @slab parameter in __kfence_obj_info()
- dmaengine: xilinx_dma: Fix uninitialized addr_width when
"xlnx,addrwidth" property is missing
- phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it
- phy: phy-snps-eusb2: refactor constructs names
- phy: drop probe registration printks
- phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again)
- i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA
- HID: usbhid: paper over wrong bNumDescriptor field
- scsi: core: Fix error handler encryption support
- ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer
- can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit.
- x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers
- phy: rockchip: inno-usb2: fix communication disruption in gadget mode
- phy: freescale: imx8m-pcie: assert phy reset during power on
- phy: rockchip: inno-usb2: fix disconnection in gadget mode
- phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
- usb: dwc3: Check for USB4 IP_NAME
- usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor
- USB: OHCI/UHCI: Add soft dependencies on ehci_platform
- USB: serial: option: add Telit LE910 MBIM composition
- USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
- nvme-pci: disable secondary temp for Wodposit WPBSNM8
- hrtimer: Fix softirq base check in update_needs_ipi()
- EDAC/x38: Fix a resource leak in x38_probe1()
- EDAC/i3200: Fix a resource leak in i3200_probe1()
- tcpm: allow looking for role_sw device in the main node
- x86/resctrl: Add missing resctrl initialization for Hygon
- x86/resctrl: Fix memory bandwidth counter width for Hygon
- mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free
- LoongArch: Fix PMU counter allocation for mixed-type event groups
- drm/amd/display: Bump the HDMI clock to 340MHz
- drm/amd: Clean up kfd node on surprise disconnect
- drm/amdkfd: fix a memory leak in device_queue_manager_init()
- drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
- drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
- dmaengine: apple-admac: Add "apple,t8103-admac" compatible
- dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all()
- dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation
- dmaengine: ti: k3-udma: fix device leak on udma lookup
- io_uring: move local task_work in exit cancel loop
- posix-clock: Store file pointer in struct posix_clock_context
- ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE.
- selftest/ptp: update ptp selftest to exercise the gettimex options
- testptp: Add option to open PHC in readonly mode
- arm64: dts: qcom: sc8280xp: Add missing VDD_MXC links
- hyperv-tlfs: Change prefix of generic HV_REGISTER_* MSRs to HV_MSR_*
- Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump()
- btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE
- dt-bindings: power: qcom,rpmpd: document the SM8750 RPMh Power Domains
- dt-bindings: power: qcom,rpmpd: add Turbo L5 corner
- dt-bindings: power: qcom-rpmpd: split RPMh domains definitions
- dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO
- pmdomain: qcom: rpmhpd: Add MXC to SC8280XP
- ata: libata: Add cpr_log to ata_dev_print_features() early return
- ata: libata-core: Introduce ata_dev_config_lpm()
- ata: libata: Call ata_dev_config_lpm() for ATAPI devices
- ata: libata: Print features also for ATAPI devices
- ice: initialize ring_stats->syncp
- ice: Avoid detrimental cleanup for bond during interface stop
- igc: fix race condition in TX timestamp read for register 0
- net: usb: dm9601: remove broken SR9700 support
- selftests: net: fib-onlink-tests: Convert to use namespaces by default
- can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on
usb_submit_urb() error
- amd-xgbe: avoid misleading per-packet error log
- tools: ynl: Specify --no-line-number in ynl-regen.sh.
- veth: fix data race in veth_get_ethtool_stats
- octeontx2: cn10k: fix RX flowid TCAM mask handling
- serial: 8250_pci: Fix broken RS485 for F81504/508/512
- comedi: dmm32at: serialize use of paged registers
- w1: fix redundant counter decrement in w1_attach_slave_device()
- Revert "nfc/nci: Add the inconsistency check between the input data
length and count"
- Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
- Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
- scsi: storvsc: Process unsupported MODE_SENSE_10
- arm64: dts: rockchip: remove dangerous max-link-speed from helios64
- arm64: dts: rockchip: Fix voltage threshold for volume keys for
Pinephone Pro
- x86/kfence: avoid writing L1TF-vulnerable PTEs
- comedi: Fix getting range information for subdevices 16 to 255
- iio: adc: ad7280a: handle spi_setup() errors in probe()
- kconfig: fix static linking of nconf
- riscv: clocksource: Fix stimecmp update hazard on RV32
- ALSA: usb: Increase volume range that triggers a warning
- net: hns3: fix data race in hns3_fetch_stats
- be2net: fix data race in be_get_new_eqd
- net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M
- net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue
- usbnet: limit max_mtu based on device's hard_mtu
- drm/amd/pm: Don't clear SI SMC table when setting power limit
- drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
- selftests: net: amt: wait longer for connection before sending packets
- net: dsa: fix off-by-one in maximum bridge ID determination
- octeontx2-af: Fix error handling
- net: openvswitch: fix data race in ovs_vport_get_upcall_stats
- vsock/test: fix seqpacket message bounds test
- x86: make page fault handling disable interrupts properly
- of: fix reference count leak in of_alias_scan()
- of: platform: Use default match table for /firmware
- iio: accel: iis328dq: fix gain values
- iio: adc: ad9467: fix ad9434 vref mask
- iio: chemical: scd4x: fix reported channel endianness
- iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
- mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
- octeontx2: Fix otx2_dma_map_page() error return code
- slimbus: core: fix runtime PM imbalance on report present
- platform/x86: hp-bioscfg: Fix automatic module loading
- perf/x86/intel: Do not enable BTS for guests
- selftests/bpf: Check for timeout in perf_link test
- mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup
failure
- iio: core: add missing mutex_destroy in iio_dev_release()
- iio: core: add separate lockdep class for info_exist_lock
- mm/rmap: fix two comments related to huge_pmd_unshare()
- arm64: dts: rockchip: remove redundant max-link-speed from nanopi-r4s
- iio: adc: exynos_adc: fix OF populate on driver rebind
- dmaengine: stm32: dmamux: fix OF node leak on route allocation failure
- mm: kmsan: fix poisoning of high-order non-compound pages
- phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path
- ASoC: codecs: wsa881x: Drop unused version readout
- ASoC: codecs: wsa881x: fix unnecessary initialisation
- ASoC: codecs: wsa883x: fix unnecessary initialisation
- nvme-fc: rename free_ctrl callback to match name pattern
- nvme-pci: do not directly handle subsys reset fallout
- nvme: fix PCIe subsystem reset controller state transition
- net: phy: fix phy_uses_state_machine()
- pnfs/blocklayout: Fix memory leak in bl_parse_scsi()
- drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions
- ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip
- ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type
- selftests/landlock: Fix TCP bind(AF_UNSPEC) test case
- xfs: Fix the return value of xfs_rtcopy_summary()
- phy: ti: gmii-sel: fix regmap leak on probe failure
- LoongArch: dts: loongson-2k0500: Add default interrupt controller
address cells
- LoongArch: dts: loongson-2k1000: Add default interrupt controller
address cells
- LoongArch: dts: loongson-2k1000: Fix i2c-gpio node names
- LoongArch: dts: loongson-2k2000: Add default interrupt controller
address cells
- HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume
blocking
- HID: intel-ish-hid: Fix -Wcast-function-type-strict in
devm_ishtp_alloc_workqueue()
- xfs: set max_agbno to allow sparse alloc of last full inode chunk
- selftests/bpf: Test invalid narrower ctx load
- mm/page_alloc/vmstat: simplify refresh_cpu_vm_stats change detection
- mm/page_alloc: batch page freeing in decay_pcp_high
- ata: libata-sata: Improve link_power_management_supported sysfs
attribute
- igc: Restore default Qbv schedule when changing channels
- vsock/virtio: Coalesce only linear skb
- platform/x86/amd: Fix memory leak in wbrf_record()
- drm/imagination: Wait for FW trace update command completion
- ice: Fix persistent failure in ice_get_rxfh
- sched/fair: Fix pelt clock sync when entering idle
- drm/nouveau: add missing DCB connector types
- drm/nouveau: implement missing DCB connector types; gracefully handle
unknown connectors
- dpll: Prevent duplicate registrations
- mei: trace: treat reg parameter as string
- s390/ap: Fix wrong APQN fill calculation
- net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick
- gpio: cdev: Correct return code on memory allocation failure
- dmaengine: ti: k3-udma: Enable second resource range for BCDMA and
PKTDMA
- exfat: fix refcount leak in exfat_find
- accel/ivpu: Fix race condition when unbinding BOs
- btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
- vsock/virtio: Move length check to callers of virtio_vsock_skb_rx_put()
- vsock/virtio: Rename virtio_vsock_alloc_skb()
- vsock/virtio: Move SKB allocation lower-bound check to callers
- vsock/virtio: Rename virtio_vsock_skb_rx_put()
- vhost/vsock: Allocate nonlinear SKBs for handling large receive buffers
- vsock/virtio: Allocate nonlinear SKBs for handling large transmit
buffers
- net: Introduce skb_copy_datagram_from_iter_full()
- vsock/virtio: Fix message iterator handling on transmit path
- Upstream stable to v6.6.122, v6.12.67, v6.12.68
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-38591
- bpf: Reject narrower access to pointer ctx fields
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23035
- net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-22996
- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23000
- net/mlx5e: Fix crash on profile change rollback failure
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23053
- NFS: Fix a deadlock involving nfs_release_folio()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23050
- pNFS: Fix a deadlock when returning a delegation during open()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23005
- x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2024-58097
- wifi: ath11k: fix RCU stall while reaping monitor destination ring
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-68365
- fs/ntfs3: Initialize allocated memory before use
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-37926
- ksmbd: fix use-after-free in ksmbd_session_rpc_open
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23030
- phy: rockchip: inno-usb2: Fix a double free bug in
rockchip_usb2phy_probe()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23025
- mm/page_alloc: prevent pcp corruption with SMP=n
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71186
- dmaengine: stm32: dmamux: fix device leak on route allocation
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23078
- ALSA: scarlett2: Fix buffer overflow in config retrieval
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23142
- mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir
setup failure
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23075
- can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-68725
- bpf: Do not let BPF test infra emit invalid GSO types to stack
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23097
- migrate: correct lock ordering for hugetlb file folios
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23108
- can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23080
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23061
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23058
- can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23085
- irqchip/gic-v3-its: Avoid truncating memory addresses
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23116
- pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23098
- netrom: fix double-free in nr_route_frame()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23063
- uacce: ensure safe queue release with state management
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23056
- uacce: implement mremap in uacce_vm_ops to return -EPERM
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23094
- uacce: fix isolate sysfs check condition
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23096
- uacce: fix cdev handling in the cleanup path
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23091
- intel_th: fix device leak on output open()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23088
- tracing: Fix crash on synthetic stacktrace field usage
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23090
- slimbus: core: fix device reference leak on report present
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23128
- arm64: Set __nocfi on swsusp_arch_resume()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23107
- arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23073
- wifi: rsi: Fix memory corruption due to not set vif driver data size
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23135
- wifi: ath12k: fix dma_free_coherent() pointer
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23133
- wifi: ath10k: fix dma_free_coherent() pointer
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71200
- mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400
mode
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23089
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23076
- ALSA: ctxfi: Fix potential OOB access in audio mixer handling
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71199
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc
driver
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23101
- leds: led-class: Only Add LED to leds_list when it is fully ready
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23064
- net/sched: act_ife: avoid possible NULL deref
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23086
- vsock/virtio: cap TX credit to local buffer size
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23069
- vsock/virtio: fix potential underflow in virtio_transport_get_credit()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23119
- bonding: provide a net pointer to __skb_flow_dissect()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23084
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23124
- ipv6: annotate data-race in ndisc_router_discovery()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23121
- mISDN: annotate data-race around dev->work
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23126
- netdevsim: fix a race issue related to the operation on bpf_bound_progs
list
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23059
- scsi: qla2xxx: Sanitize payload size to prevent member overflow
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23110
- scsi: core: Wake up the error handler when final completions race
against each other
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23071
- regmap: Fix race condition in hwspinlock irqsave routine
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23068
- spi: spi-sprd-adi: Fix double free in probe error path
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23123
- interconnect: debugfs: initialize src_node and dst_node to empty strings
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71198
- iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event
detection
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23113
- io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23062
- platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23131
- platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23087
- scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71197
- w1: therm: Fix off-by-one buffer overflow in alarms_store
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23105
- net/sched: qfq: Use cl_is_active to determine whether class is active in
qfq_rm_from_ag
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23103
- ipvlan: Make the addrs_lock be per port
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23120
- l2tp: avoid one data-race in l2tp_tunnel_del_work()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23083
- fou: Don't allow 0 for FOU_ATTR_IPPROTO.
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23095
- gue: Fix skb memleak with inner IP protocol 0.
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23125
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23099
- bonding: limit BOND_MODE_8023AD to Ethernet devices
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71194
- btrfs: fix deadlock in wait_current_trans() due to ignored transaction
type
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71185
- dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23026
- dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71188
- dmaengine: lpc18xx-dmamux: fix device leak on route allocation
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71163
- dmaengine: idxd: fix device leaks on compat bind and unbind
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71189
- dmaengine: dw: dmamux: fix OF node leak on route allocation failure
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71190
- dmaengine: bcm-sba-raid: fix device leak on probe
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71191
- dmaengine: at_hdmac: fix device leak on of_dma_xlate()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23049
- drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23144
- mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23145
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-22997
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session
upon receiving the second rts
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23031
- can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23032
- null_blk: fix kmemleak by releasing references to fault configfs items
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23033
- dmaengine: omap-dma: fix dma_pool resource leak in error paths
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71196
- phy: stm32-usphyc: Fix off by one in probe()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71193
- phy: qcom-qusb2: Fix NULL pointer dereference on early suspend
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71162
- dmaengine: tegra-adma: Fix use-after-free
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2025-71195
- dmaengine: xilinx: xdma: Fix regmap max_register
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23006
- ASoC: tlv320adcx140: fix null pointer
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-22999
- net/sched: sch_qfq: do not free existing class in qfq_change_class()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23010
- ipv6: Fix use-after-free in inet6_addr_del().
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23054
- net: hv_netvsc: reject RSS hash key programming without RX indirection
table
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23011
- ipv4: ip_gre: make ipgre_header() robust
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23001
- macvlan: fix possible UAF in macvlan_forward_source()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23003
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23141
- btrfs: send: check for inline extents in range_is_hole_in_parent()
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-22998
- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23037
- can: etas_es58x: allow partial RX URB allocation to succeed
* Noble update: upstream stable patchset 2026-03-26 (LP: #2146465) //
CVE-2026-23038
- pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058)
- NFSD: Fix permission check for read access to executable-only files
- atm: Fix dma_free_coherent() size
- mei: me: add nova lake point S DID
- lib/crypto: aes: Fix missing MMU protection for AES S-box
- counter: 104-quad-8: Fix incorrect return value in IRQ handler
- drm/pl111: Fix error handling in pl111_amba_probe
- drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[]
- gpio: rockchip: mark the GPIO controller as sleeping
- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
- net: Add locking to protect skb->dev access in ip_output
- nfsd: Fix a regression in nfsd_setattr()
- nfsd: Fix NFSv3 atomicity bugs in nfsd_setattr()
- nfsd: set security label during create operations
- csky: fix csky_cmpxchg_fixup not working
- ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels
- alpha: don't reference obsolete termio struct for TC* constants
- dm-snapshot: fix 'scheduling while atomic' on real-time kernels
- NFSv4: ensure the open stateid seqid doesn't go backwards
- NFS: Fix up the automount fs_context to use the correct cred
- smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value
- smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value
- smb/client: fix NT_STATUS_NO_DATA_DETECTED value
- scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset
- scsi: ufs: core: Fix EH failure after W-LUN resume error
- scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe
failure scanned in again after probe failed"
- arm64: dts: add off-on-delay-us for usdhc2 regulator
- ARM: dts: imx6q-ba16: fix RTC interrupt level
- arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics
i.MX8M Plus DHCOM
- netfilter: nft_synproxy: avoid possible data-race on update operation
- gpio: pca953x: Add support for level-triggered interrupts
- gpio: pca953x: handle short interrupt pulses on PCAL devices
- netfilter: nf_tables: fix memory leak in nf_tables_newrule()
- bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress
- inet: ping: Fix icmp out counting
- netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates
- net/mlx5e: Don't print error message due to invalid module
- net: wwan: iosm: Fix memory leak in ipc_mux_deinit()
- bnxt_en: Fix potential data corruption with HW GRO/LRO
- net: enetc: fix build warning when PAGE_SIZE is greater than 128K
- arp: do not assume dev_hard_header() does not change skb->head
- ALSA: ac97bus: Use guard() for mutex locks
- NFS: trace: show TIMEDOUT instead of 0x6e
- nfs_common: factor out nfs_errtbl and nfs_stat_to_errno
- NFSD: Remove NFSERR_EAGAIN
- bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than
4K
- bpf: Make variables in bpf_prog_test_run_xdp less confusing
- bpf: Support specifying linear xdp packet data size for
BPF_PROG_TEST_RUN
- powercap: fix race condition in register_control_type()
- powercap: fix sscanf() error return value handling
- ALSA: usb-audio: Update for native DSD support quirks
- ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025
- ASoC: fsl_sai: Add missing registers to cache default
- scsi: sg: Fix occasional bogus elapsed time that exceeds timeout
- bpf: test_run: Fix ctx leak in bpf_prog_test_run_xdp error path
- ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again)
- btrfs: tracepoints: use btrfs_root_id() to get the id of a root
- crypto: qat - fix duplicate restarting msg during AER error
- netfilter: nft_set_pipapo: fix range overlap detection
- vsock: Make accept()ed sockets use custom setsockopt()
- btrfs: only enforce free space tree if v1 cache is required for bs < ps
cases
- riscv: pgtable: Cleanup useless VA_USER_XXX definitions
- idpf: keep the netdev when a reset fails
- net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant
- ata: libata-core: Disable LPM on ST2000DM008-2FR102
- drm/amd/display: Fix DP no audio issue
- ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL
- spi: cadence-quadspi: Prevent lost complete() call during indirect read
- ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback
- Upstream stable to v6.6.121, v6.12.66
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2025-71184
- btrfs: fix NULL dereference on root when tracing inode eviction
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2025-71182
- can: j1939: make j1939_session_activate() fail if device is no longer
registered
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2025-71160
- netfilter: nf_tables: avoid chain re-validation if possible
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22994
- bpf: Fix reference count leak in bpf_prog_test_run_xdp()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-23140
- bpf, test_run: Subtract size of xdp_frame from allowed metadata size
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2025-71192
- ALSA: ac97: fix a double free in snd_ac97_controller_register()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-23021
- net: usb: pegasus: fix memory leak in update_eth_regs_async()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22976
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate
in qfq_reset
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22979
- net: fix memory leak in skb_segment_list for GRO packets
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22977
- net: sock: fix hardened usercopy panic in sock_recv_errqueue
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22982
- net: mscc: ocelot: Fix crash when adding interface under a lag
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-23019
- net: marvell: prestera: fix NULL dereference on devlink_alloc() failure
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-23139
- netfilter: nf_conncount: update last_gc only when GC has been performed
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2025-40149
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2025-68803
- NFSD: NFSv4 file creation neglects setting ACL
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-23047
- libceph: make calc_target() set t->paused, not just clear it
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-23136
- libceph: reset sparse-read state in osd_fault()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22992
- libceph: return the handler error from mon_handle_auth_done()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22991
- libceph: make free_choose_arg_map() resilient to partial allocation
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22990
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22984
- libceph: prevent potential out-of-bounds reads in handle_auth_done()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22978
- wifi: avoid kernel-infoleak from struct iw_point
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2025-71180
- counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2025-71183
- btrfs: always detect conflicting inodes when logging inode refs
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-23020
- net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
* Noble update: upstream stable patchset 2026-03-12 (LP: #2144058) //
CVE-2026-22980
- nfsd: provide locking for v4_end_grace
* CVE-2024-50004
- drm/amd/display: update DML2 policy
EnhancedPrefetchScheduleAccelerationFinal DCN35
* CVE-2026-23274
- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
* CVE-2026-23351
- netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
* CVE-2026-23231
- netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
* macvlan: observe an RCU grace period in macvlan_common_newlink() error
path (LP: #2144380) // CVE-2026-23209
- macvlan: observe an RCU grace period in macvlan_common_newlink() error
path
* CVE-2026-23112
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
Date: 2026-05-07 04:35:10.760117+00:00
Changed-By: John Cabaj <john-cabaj at ubuntu.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1055.56
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list