This bug was fixed in the package linux - 6.8.0-62.65
---------------
linux (6.8.0-62.65) noble; urgency=medium
* noble/linux: 6.8.0-62.65 -proposed tracker (LP: #2110737)
* Rotate the Canonical Livepatch key (LP: #2111244)
- [Config] Prepare for Canonical Livepatch key rotation
* KVM bug causes Firecracker crash when it runs the vCPU for the first time
(LP: #2109859)
- vhost: return task creation error instead of NULL
- kvm: retry nx_huge_page_recovery_thread creation
* CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
(LP: #2099914) // CVE-2025-2312
- CIFS: New mount option for cifs.upcall namespace resolution
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640)
- ASoC: wm8994: Add depends on MFD core
- ASoC: samsung: Add missing selects for MFD_WM8994
- seccomp: Stub for !CONFIG_SECCOMP
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
request
- of/unittest: Add test that of_address_to_resource() fails on non-
translatable address
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- hwmon: (drivetemp) Set scsi command timeout to 10s
- ASoC: samsung: Add missing depends on I2C
- ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf()
- Revert "libfs: fix infinite directory reads for offset dir"
- libfs: Replace simple_offset end-of-directory detection
- Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
- ALSA: usb-audio: Add delay quirk for USB Audio Device
- Input: xpad - add support for Nacon Pro Compact
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add QH Electronics VID/PID
- Input: xpad - improve name of 8BitDo controller 2dc8:3106
- Input: xpad - add support for Nacon Evol-X Xbox One Controller
- Input: xpad - add support for wooting two he (arm)
- ASoC: codecs: es8316: Fix HW rate calculation for 48Mhz MCLK
- ASoC: cs42l43: Add codec force suspend/resume ops
- ALSA: hda/realtek: Fix volume adjustment issue on Lenovo ThinkBook 16P
Gen5
- libfs: Return ENOSPC when the directory offset range is exhausted
- Revert "libfs: Add simple_offset_empty()"
- libfs: Use d_children list to iterate simple_offset directories
- wifi: rtl8xxxu: add more missing rtl8192cu USB IDs
- HID: wacom: Initialize brightness of LED trigger
- Upstream stable to v6.6.75, v6.12.12
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21689
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21690
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21691
- cachestat: fix page cache statistics permission checking
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21692
- net: sched: fix ets qdisc OOB Indexing
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21699
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2024-50157
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
* rtw89: Support hardware rfkill (LP: #2077384)
- wifi: rtw89: add support for hardware rfkill
* Introduce configfs-based interface for gpio-aggregator (LP: #2103496)
- gpio: introduce utilities for synchronous fake device creation
- bitmap: Define a cleanup function for bitmaps
- gpio: aggregator: simplify aggr_parse() with scoped bitmap
- gpio: aggregator: protect driver attr handlers against module unload
- gpio: aggregator: reorder functions to prepare for configfs introduction
- gpio: aggregator: unify function naming
- gpio: aggregator: add gpio_aggregator_{alloc, free}()
- gpio: aggregator: introduce basic configfs interface
- [Config] Enable DEV_SYNC_PROBE as module
- SAUCE: gpio: aggregator: Fix error code in gpio_aggregator_activate()
- gpio: aggregator: rename 'name' to 'key' in gpio_aggregator_parse()
- gpio: aggregator: expose aggregator created via legacy sysfs to configfs
- SAUCE: gpio: aggregator: fix "_sysfs" prefix check in
gpio_aggregator_make_group()
- SAUCE: gpio: aggregator: Fix gpio_aggregator_line_alloc() checking
- SAUCE: gpio: aggregator: Return an error if there are no GPIOs in
gpio_aggregator_parse()
- SAUCE: gpio: aggregator: Fix leak in gpio_aggregator_parse()
- gpio: aggregator: cancel deferred probe for devices created via configfs
- Documentation: gpio: document configfs interface for gpio-aggregator
- selftests: gpio: add test cases for gpio-aggregator
- SAUCE: selftests: gpio: gpio-aggregator: add a test case for _sysfs prefix
reservation
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449)
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow
- net/mlx5: Fix RDMA TX steering prio
- net/mlx5e: Rely on reqid in IPsec tunnel mode
- net/mlx5e: Always start IPsec sequence number from 1
- drm/vmwgfx: Add new keep_resv BO param
- drm/v3d: Assign job pointer to NULL before signaling the fence
- soc: ti: pruss: Fix pruss APIs
- hwmon: (tmp513) Fix division of negative numbers
- i2c: mux: demux-pinctrl: check initial mux selection, too
- i2c: rcar: fix NACK handling when being a target
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- cachefiles: Parse the "secctx" immediately
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller
drivers
- selftests: tc-testing: reduce rshift value
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
- RDMA/bnxt_re: Fix to export port num to ib_query_qp
- nvmet: propagate npwg topology
- ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
- i2c: atr: Fix client detach
- mptcp: be sure to send ack when mptcp-level window re-opens
- mptcp: fix spurious wake-up on under memory pressure
- selftests: mptcp: avoid spurious errors on disconnect
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- nouveau/fence: handle cross device fences properly
- irqchip: Plug a OF node reference leak in platform_irqchip_probe()
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- drm/i915/fb: Relax clear color alignment to 64 bytes
- drm/amdgpu: always sync the GFX pipe on ctx switch
- ocfs2: fix deadlock in ocfs2_get_system_file_inode
- nfsd: add list_head nf_gc to struct nfsd_file
- x86/xen: fix SLS mitigation in xen_hypercall_iret()
- efi/zboot: Limit compression options to GZIP and ZSTD
- [Config] updateconfigs for HAVE_KERNEL_(LZ4|LZMA|LZO|XZ)
- net: ravb: Fix max TX frame size for RZ/V2M
- net/mlx5: SF, Fix add port error handling
- drm/vmwgfx: Unreserve BO on error
- i2c: testunit: on errors, repeat NACK until STOP
- hwmon: (ltc2991) Fix mixed signed/unsigned in DIV_ROUND_CLOSEST
- fs/qnx6: Fix building with GCC 15
- gpio: sim: lock up configfs that an instantiated device depends on
- gpio: sim: lock hog configfs items if present
- platform/x86: ISST: Add Clearwater Forest to support list
- drm/nouveau/disp: Fix missing backlight control on Macbook 5,1
- net/ncsi: fix locking in Get MAC Address handling
- drm/amd/display: Do not elevate mem_type change to full update
- drm/xe: Mark ComputeCS read mode as UC on iGPU
- drm/amdgpu/smu13: update powersave optimizations
- drm/amdgpu: fix fw attestation for MP0_14_0_{2/3}
- drm/amdgpu: disable gfxoff with the compute workload on gfx12
- drm/amd/display: Fix PSR-SU not support but still call the
amdgpu_dm_psr_enable
- Upstream stable to v6.6.73, v6.6.74, v6.12.11
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21672
- afs: Fix merge preference rule failure condition
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21682
- eth: bnxt: always recalculate features after XDP clearing, fix null-deref
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-53124
- net: fix data-races around sk->sk_forward_alloc
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-57924
- fs: relax assertions on failure to encode file handles
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-57951
- hrtimers: Handle CPU state correctly on hotplug
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-57949
- irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21668
- pmdomain: imx8mp-blk-ctrl: add missing loop break condition
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21684
- gpio: xilinx: Convert gpio_lock to raw spinlock
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21694
- fs/proc: fix softlockup in __read_vmcore (part 2)
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21665
- filemap: avoid truncating 64-bit offset to 32 bits
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21666
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21669
- vsock/virtio: discard packets if the transport changes
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21670
- vsock/bpf: return early if transport is not assigned
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21667
- iomap: avoid avoid truncating 64-bit offset to 32 bits
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-57948
- mac802154: check local interfaces before deleting sdata list
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21673
- smb: client: fix double free of TCP_Server_Info::hostname
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21697
- drm/v3d: Ensure job pointer is set to NULL after job completion
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21674
- net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21675
- net/mlx5: Clear port select structure when fail to create
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21676
- net: fec: handle page_pool_dev_alloc_pages error
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21678
- gtp: Destroy device along with udp socket's netns dismantle.
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21680
- pktgen: Avoid out-of-bounds access in get_imix_entries
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21681
- openvswitch: fix lockup on tx to unregistering netdev with carrier
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21683
- bpf: Fix bpf_sk_select_reuseport() memory leak
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
-- Stefan Bader <[email protected]> Mon, 19 May 2025 12:55:33
+0200
** Changed in: linux (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50157
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53124
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57924
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57948
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57949
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57951
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21665
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21666
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21667
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21668
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21669
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21670
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21672
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21673
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21674
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21675
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21676
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21678
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21680
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21681
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21682
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21683
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21684
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21689
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21690
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21691
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21692
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21694
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21697
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21699
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-2312
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2109859
Title:
KVM bug causes Firecracker crash when it runs the vCPU for the first
time
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Noble:
Fix Released
Bug description:
[Impact]
Firecracker process crashes with an "out of memory" error when it attempts to
run the vCPU for the first time, even if the system has enough available
memory:
```
2025-05-02T16:31:21.850912998 [daf77128-f177-4a01-9b97-a88dd9faa78f:fc_vcpu
0] Failure during vcpu run: Out of memory (os error 12)
```
The issue is triggered by a race condition caused by the VMM thread sending a
SIGRTMIN to the vCPU thread, while it is starting the
nx_huge_page_recovery_thread. This makes the thread creation fail, but due to
a
bug in the kernel, it is classified as a ENOMEM, instead of a ERESTARTNOINTR,
which should be retried.
This only affects 6.8 kernels, since the bug is introduced by the following
commits, backported to the noble:linux 6.8.0-58.60 kernel as part of the
upstream
stable updates (LP: #2101915):
- 43fb96ae7855 ("KVM: x86/mmu: Ensure NX huge page recovery thread is alive
before waking")
- 931656b9e2ff ("kvm: defer huge page recovery vhost task to later")
- d96c77bd4eeb ("KVM: x86: switch hugepage recovery thread to vhost_task")
[Fix]
Cherry-pick cb380909ae3b ("vhost: return task creation error instead of NULL")
and 916b7f42b3b3 ("kvm: retry nx_huge_page_recovery_thread creation").
[Test Case]
1) Launch a Noble c5.metal instance on AWS
2) Install and boot into the linux-generic 6.8 kernel
3) Install docker and aws-cli
4) git clone https://github.com/firecracker-microvm/firecracker.git
5) Go to the firecracker directory and run `./tools/devtool test -- -n16
integration_tests/functional/test_snapshot_basic.py::test_cycled_snapshot_restore`
6) With this patchset, observe that all tests pass. Without it, a couple
of tests will fail accusing out of memory.
[Where problems could occur]
This patchset touches vhost_task_create(), making it return specific error
pointers instead of just NULL. Problems could occur if its callers
mishandle the return value.
More broadly, it also touches code responsible for MM of KVM VMs, and issues
could appear as these VMs failing to initialize.
[Other info]
SF #00410184
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2109859/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
