This bug was fixed in the package linux - 5.15.0-144.157
---------------
linux (5.15.0-144.157) jammy; urgency=medium
* jammy/linux: 5.15.0-144.157 -proposed tracker (LP: #2114581)
* cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
- cifs: fix NULL ptr dereference in refresh_mounts()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- tracing: probes: Fix a possible race in trace_probe_log APIs
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: chemical: sps30: use aligned_s64 for timestamp
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
- nfs: handle failure of nfs_get_lock_context in unlock path
- spi: loopback-test: Do not split 1024-byte hexdumps
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- x86,nospec: Simplify {JMP,CALL}_NOSPEC
- x86/speculation: Simplify and make CALL_NOSPEC consistent
- x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
- x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- [Config] enable ITS mitigation
- x86/alternative: Optimize returns patching
- x86/alternatives: Remove faulty optimization
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/its: Use dynamic thunks for indirect branches
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
interrupted"
- btrfs: fix discard worker infinite loop after disabling discard
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- wifi: mt76: disable napi on driver removal
- dmaengine: ti: k3-udma: Add missing locking
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- block: fix direct io NOWAIT flag not work
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
- selftests/mm: compaction_test: support platform with huge mount of
memory
- netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
- netfilter: nf_tables: wait for rcu grace period on net_device removal
- netfilter: nf_tables: do not defer rule destruction via call_rcu
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
- Linux 5.15.184
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49063
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2022-49168
- btrfs: do not clean up repair bio if submit fails
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-46751
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-22062
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-53203
- usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2024-35790
- usb: typec: altmodes/displayport: create sysfs nodes as driver's default
device attribute group
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
output (LP: #2107516)
- SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
device"
* Jammy update: v5.15.183 upstream stable release (LP: #2111705)
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- openvswitch: Fix unsafe attribute parsing in output_userspace()
- gre: Fix again IPv6 link-local address generation.
- can: gw: use call_rcu() instead of costly synchronize_rcu()
- rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
- can: gw: fix RCU/BH usage in cgw_create_job()
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: fix learning on VLAN unaware bridges
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- iio: adc: ad7606: fix serial register access
- iio: adis16201: Correct inclinometer channel resolution
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- usb: uhci-platform: Make the clock really optional
- module: ensure that kobject_put() is safe for module type kobjects
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- usb: typec: ucsi: displayport: Fix NULL pointer access
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- types: Complement the aligned types with signed 64-bit one
- iio: adc: dln2: Use aligned_s64 for timestamp
- MIPS: Fix MAX_REG_OFFSET
- drm/panel: simple: Update timings for AUO G101EVN010
- nvme: unblock ctrl state transition for firmware update
- do_umount(): add missing barrier before refcount checks in sync case
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- Linux 5.15.183
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Jammy update: v5.15.183 upstream stable release (LP: #2111705) //
CVE-2025-37964
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
* Jammy update: v5.15.182 upstream stable release (LP: #2111618)
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5: E-switch, Fix error handling for enabling roce
- net: ethernet: mtk-star-emac: separate tx/rx handling with two NAPIs
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- ice: Refactor promiscuous functions
- net: dlink: Correct endianness handling of led_mode
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: add support for external loopback test
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- PCI: imx6: Skip controller_id generation logic for i.MX7D
- net: hns3: fix deadlock issue when externel_lb and reset are executed
together
- ARM: dts: opos6ul: add ksz8081 phy properties
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates"
- irqchip/gic-v2m: Add const to of_device_id
- irqchip/gic-v2m: Mark a few functions __init
- iommu/arm-smmu-v3: Use the new rb tree helpers
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- dm: fix copying after src array boundaries
- Linux 5.15.182
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2022-21546
- scsi: target: Fix WRITE_SAME No Data Buffer crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37819
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-38541
- of: module: add buffer overflow check in of_modalias()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2024-26739
- net/sched: act_mirred: don't override retval if we already lost the skb
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-21839
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Jammy update: v5.15.182 upstream stable release (LP: #2111618) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606)
- net: ethtool: Don't call .cleanup_data when prepare_data fails
- ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining
ones
- ata: sata_sx4: Add error handling in pdc20621_i2c_read()
- nvmet-fcloop: swap list_add_tail arguments
- nft_set_pipapo: fix incorrect avx2 match of 5th field octet
- umount: Allow superblock owners to force umount
- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD
when running in a virtual machine
- perf: arm_pmu: Don't disable counter in armpmu_add()
- arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
- xen/mcelog: Add __nonstring annotations for unterminated strings
- HID: pidff: Convert infinite length from Linux API to PID standard
- HID: pidff: Do not send effect envelope if it's empty
- ALSA: hda: intel: Fix Optimus when GPU has no sound
- ASoC: fsl_audmix: register card device depends on 'dais' property
- ALSA: usb-audio: Fix CME quirk for UF series keyboards
- fs/jfs: cast inactags to s64 to prevent potential overflow
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller
- ext4: protect ext4_release_dquot against freezing
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
- tracing: fix return value in __ftrace_event_enable_disable for
TRACE_REG_UNREGISTER
- Bluetooth: hci_uart: fix race during initialization
- drm: allow encoder mode_set even when connectors change for crtc
- drm/amd/display: Update Cursor request mode to the beginning prefetch
always
- drm: panel-orientation-quirks: Add support for AYANEO 2S
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2
- drm/bridge: panel: forbid initializing a panel with unknown connector
type
- drivers: base: devres: Allow to release group on device release
- drm/amdkfd: clamp queue size to minimum
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories
- pwm: rcar: Simplify multiplication/shift logic
- pwm: rcar: Improve register calculation
- pwm: fsl-ftm: Handle clk_get_rate() returning 0
- bpf: Add endian modifiers to fix endian warnings
- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
- ext4: don't treat fhandle lookup of ea_inode as FS corruption
- media: i2c: adv748x: Fix test pattern selection mask
- media: vim2m: print device name after registering device
- media: siano: Fix error handling in smsdvb_module_init()
- xenfs/xensyms: respect hypervisor's "next" indication
- arm64: cputype: Add MIDR_CORTEX_A76AE
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe
list
- spi: cadence-qspi: Fix probe on AM62A LP SK
- media: streamzap: prevent processing IR data on URB failure
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
- media: i2c: ccs: Set the device's runtime PM status correctly in remove
- media: i2c: ccs: Set the device's runtime PM status correctly in probe
- media: i2c: ov7251: Set enable GPIO low in probe
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
- mtd: Add check for devm_kcalloc()
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320
family
- mtd: Replace kcalloc() with devm_kcalloc()
- clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init
wakeup
- wifi: mt76: Add check for devm_kstrdup()
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
- vdpa/mlx5: Fix oversized null mkey longer than 32bit
- i3c: master: svc: Use readsb helper for reading MDB
- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
- lib: scatterlist: fix sg_split_phys to preserve original scatterlist
offsets
- mptcp: only inc MPJoinAckHMacFailure for HMAC failures
- mtd: rawnand: Add status chack in r852_ready()
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
- sparc/mm: disable preemption in lazy mmu mode
- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
- mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
- crypto: ccp - Fix check for the primary ASP device
- dm-integrity: set ti->error on memory allocation failure
- gpio: zynq: Fix wakeup source leaks on device unbind
- ntb: use 64-bit arithmetic for the MSI doorbell mask
- of/irq: Fix device node refcount leakages in of_irq_count()
- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
- of/irq: Fix device node refcount leakages in of_irq_init()
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
- PCI: Fix reference leak in pci_alloc_child_bus()
- pinctrl: qcom: Clear latched interrupt status when changing IRQ type
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected()
lists
- ACPI: platform-profile: Fix CFI violation when accessing sysfs files
- x86/e820: Fix handling of subpage regions when calculating nosave ranges
in e820__register_nosave_regions()
- Bluetooth: hci_uart: Fix another race during initialization
- scsi: hisi_sas: Start delivery hisi_sas_task_exec() directly
- scsi: hisi_sas: Pass abort structure for internal abort
- scsi: hisi_sas: Factor out task prep and delivery code
- scsi: hisi_sas: Fix setting of hisi_sas_slot.is_internal
- scsi: libsas: Delete lldd_clear_aca callback
- scsi: libsas: Add struct sas_tmf_task
- scsi: hisi_sas: Enable force phy when SATA disk directly connected
- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
- scsi: iscsi: Fix missing scsi_host_put() in error path
- md/raid10: fix missing discard IO accounting
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
- RDMA/hns: Fix wrong maximum DMA segment size
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid
address
- Bluetooth: l2cap: Check encryption key size on incoming connection
- Revert "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()"
- igc: move ktime snapshot into PTM retry loop
- igc: handle the IGC_PTP_ENABLED flag correctly
- igc: cleanup PTP module if probe fails
- net: b53: enable BPDU reception for management port
- net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del()
fails
- riscv: Properly export reserved regions in /proc/iomem
- riscv: KGDB: Do not inline arch_kgdb_breakpoint()
- riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
- cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
- writeback: fix false warning in inode_to_wb()
- Revert "PCI: Avoid reset when disabled via sysfs"
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
- asus-laptop: Fix an uninitialized variable
- nfs: move nfs_fhandle_hash to common include file
- nfs: add missing selections of CONFIG_CRC32
- btrfs: correctly escape subvol in btrfs_show_options()
- crypto: caam/qi - Fix drv_ctx refcount bug
- loop: properly send KOBJ_CHANGED uevent for disk device
- loop: LOOP_SET_FD: send uevents for partitions
- mm/gup: fix wrongly calculated returned value in
fault_in_safe_writeable()
- riscv: Avoid fortify warning in syscall_get_arguments()
- tracing: Fix filter string testing
- perf/x86/intel: Allow to update user space GPRs from PEBS records
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
- drm/repaper: fix integer overflows in repeat functions
- drm/amdgpu/dma_buf: fix page_link check
- drm/sti: remove duplicate object names
- KVM: arm64: Get rid of host SVE tracking/saving
- KVM: arm64: Always start with clearing SVE flag on load
- KVM: arm64: Discard any SVE state when entering KVM guests
- arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
- arm64/fpsimd: Have KVM explicitly say which FP registers to save
- arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM
- KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
- KVM: arm64: Remove host FPSIMD saving for non-protected KVM
- KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
- KVM: arm64: Calculate cptr_el2 traps on activating traps
- KVM: arm64: Eagerly switch ZCR_EL{1,2}
- cpufreq: Reference count policy in cpufreq_update_limits()
- kbuild: Add '-fno-builtin-wcslen'
- mptcp: sockopt: fix getting IPV6_V6ONLY
- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq'
error
- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
- x86/pvh: Call C code via the kernel virtual mapping
- landlock: Add the errata interface
- nvmet-fc: Remove unused functions
- Revert "smb: client: fix use-after-free bug in
cifs_debug_data_proc_show()"
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
- blk-cgroup: support to track if policy is online
- net: openvswitch: fix race on port output
- openvswitch: fix lockup on tx to unregistering netdev with carrier
- MIPS: dec: Declare which_prom() as static
- MIPS: cevt-ds1287: Add missing ds1287.h include
- MIPS: ds1287: Match ds1287_set_base_clock() function types
- mm: fix apply_to_existing_page_range()
- module: sign with sha512 instead of sha1 by default
- media: streamzap: remove unnecessary ir_raw_event_reset and handle
- media: streamzap: no need for usb pid/vid in device name
- media: streamzap: less chatter
- media: streamzap: remove unused struct members
- auxdisplay: hd44780: Convert to platform remove callback returning void
- auxdisplay: hd44780: Fix an API misuse in hd44780.c
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family
- soc: samsung: exynos-chipid: avoid soc_device_to_device()
- soc: samsung: exynos-chipid: Pass revision reg offsets
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary
return value check
- iio: adc: ad7768-1: Fix conversion result sign
- backlight: led_bl: Convert to platform remove callback returning void
- cifs: print TIDs as hex
- cifs: fix integer overflow in match_server()
- gpio: tegra186: Force one interrupt per bank
- gpio: tegra186: fix resource handling in ACPI probe path
- Revert "PCI: Coalesce host bridge contiguous apertures"
- PCI: Coalesce host bridge contiguous apertures
- PCI: Assign PCI domain IDs by ida_alloc()
- ksmbd: Prevent integer overflow in calculation of deadtime
- selftests/mm: generate a temporary mountpoint for cgroup filesystem
- kmsan: disable strscpy() optimization under KMSAN
- string: Add load_unaligned_zeropad() code path to sized_strscpy()
- drm/msm/a6xx: Improve gpu recovery sequence
- drm/msm/a6xx: Handle GMU prepare-slumber hfi failure
- drm/msm/a6xx: Avoid gx gbit halt during rpm suspend
- drm/msm/a6xx: Fix stale rpmh votes from GPU
- dma/contiguous: avoid warning about unused size_bytes
- cpufreq: cppc: Fix invalid return value in .get() callback
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE
- virtio_console: fix missing byte order handling for cols and rows
- net: selftests: initialize TCP header and skb payload with zero
- drm/amd/display: Fix gpu reset in multidisplay config
- KVM: SVM: Allocate IR data using atomic allocation
- USB: storage: quirk for ADATA Portable HDD CH94
- mei: me: add panther lake H DID
- serial: sifive: lock port in startup()/shutdown() callbacks
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
- USB: serial: option: add Sierra Wireless EM9291
- USB: serial: simple: add OWON HDS200 series oscilloscope support
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
- USB: VLI disk crashes if LPM is used
- USB: wdm: handle IO errors in wdm_wwan_port_start
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
- USB: wdm: add annotation
- MIPS: cm: Detect CM quirks from device tree
- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()
- parisc: PDT: Fix missing prototype warning
- s390/tty: Fix a potential memory leak bug
- usb: host: max3421-hcd: Add missing spi_device_id table
- fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield
- dmaengine: dmatest: Fix dmatest waiting less when interrupted
- usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running
- objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in
wcd934x_slim_irq_handler()
- ntb: reduce stack usage in idt_scan_mws
- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
- KVM: s390: Don't use %pK through tracepoints
- selftests: ublk: fix test_stripe_04
- xen: Change xen-acpi-processor dom0 dependency
- nvme: requeue namespace scan on missed AENs
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
- nvme: re-read ANA log page after ns scan completes
- objtool: Stop UNRET validation on UD2
- selftests/mincore: Allow read-ahead pages to reach the end of the file
- x86/bugs: Use SBPB in write_ibpb() if applicable
- x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline
- x86/bugs: Don't fill RSB on context switch with eIBRS
- nvmet-fc: take tgtport reference only once
- nvmet-fc: put ref when assoc->del_work is already scheduled
- ext4: make block validity check resistent to sb bh corruption
- scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes
- scsi: pm80xx: Set phy_attached to zero when device is gone
- loop: aio inherit the ioprio of original request
- ubsan: Fix panic from test_ubsan_out_of_bounds
- md/raid1: Add check for missing source disk in process_checks()
- jfs: define xtree root and page independently
- comedi: jr3_pci: Fix synchronous deletion of timer
- crypto: atmel-sha204a - Set hwrng quality to lowest possible
- net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family
- net: dsa: mv88e6xxx: enable PVT for 6321 switch
- net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family
- xdp: Reset bpf_redirect_info before running a xdp's BPF prog.
- MIPS: cm: Fix warning if MIPS_CM is disabled
- nvme: fixup scan failure for non-ANA multipath controllers
- PCI: Fix use-after-free in pci_bus_release_domain_nr()
- PCI: Fix dropping valid root bus resources with .end = zero
- PCI: Release resource invalidated by coalescing
- Linux 5.15.181
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49989
- drm/amd/display: fix double free issue during amdgpu module unload
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37803
- udmabuf: fix a buf size overflow issue during udmabuf creation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37983
- qibfs: fix _another_ leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37881
- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37805
- sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37883
- s390/sclp: Add check for get_zeroed_page()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37808
- crypto: null - Use spin lock instead of mutex
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37985
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37810
- usb: dwc3: gadget: check that event count does not exceed event buffer
length
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37811
- usb: chipidea: ci_hdrc_imx: fix usbmisc handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37812
- usb: cdns3: Fix deadlock when using NCM gadget
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37885
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37817
- mcb: fix a double free bug in chameleon_parse_gdd()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37823
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37824
- tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37989
- net: phy: leds: fix memory leak
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37829
- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37830
- cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37836
- PCI: Fix reference leak in pci_register_host_bridge()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37844
- cifs: avoid NULL pointer dereference in dbg call
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23144
- backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23148
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-22027
- media: streamzap: fix race between device disconnection and urb callback
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50125
- Bluetooth: SCO: Fix UAF on sco_sock_timeout
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-49535
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI
and PLOGI
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35943
- pmdomain: ti: Add a null pointer check to the omap_prm_domain_init
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-26686
- fs/proc: do_task_stat: use sig->stats_lock to gather the
threads/children stats
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2022-48893
- drm/i915/gt: Cleanup partial engine discovery failures
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50280
- dm cache: fix flushing uninitialized delayed_work on cache_ctr error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-54458
- scsi: ufs: bsg: Set bsg_queue to NULL after removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-42322
- ipvs: properly dereference pe in ip_vs_add_service
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-49960
- ext4: fix timer use-after-free on failed mount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-36908
- blk-iocost: do not WARN if iocg was already offlined
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-21853
- bpf: avoid holding freeze_mutex during mmap operation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-53128
- sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35867
- smb: client: fix potential UAF in cifs_stats_proc_show()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52757
- smb: client: fix potential deadlock when releasing mids
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46742
- smb/server: fix potential null-ptr-deref of lease_ctx_info in
smb2_open()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2023-52572
- cifs: Fix UAF in cifs_demultiplex_thread()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-35866
- smb: client: fix potential UAF in cifs_dump_full_key()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46816
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than
max_links
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-46774
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-38540
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-27402
- phonet/pep: fix racy skb_queue_empty() use
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50272
- filemap: Fix bounds checking in filemap_read()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-50258
- net: fix crash when config small gso_max_size/gso_ipv4_max_size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2024-56751
- ipv6: release nexthop on device removal
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23140
- misc: pci_endpoint_test: Avoid issue of interrupts remaining after
request_irq error
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37765
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37766
- drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37767
- drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768
- drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37770
- drm/amd/pm/powerplay: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37768 // CVE-2025-37771
- drm/amd/pm: Prevent division by zero
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37773
- virtiofs: add filesystem context source name check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37780
- isofs: Prevent the use of too small fid
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37781
- i2c: cros-ec-tunnel: defer probe if parent EC is not present
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37782
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-0927 has been rejected. Revert this fix and apply upstream fix
- Revert "UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to
hfs_bnode_read_key"
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37871
- nfsd: decrease sc_count directly if fail to queue dl_recall
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37787
- net: dsa: mv88e6xxx: avoid unregistering devlink regions which were
never registered
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37788
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37789
- net: openvswitch: fix nested key length validation in the set() action
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37790
- net: mctp: Set SOCK_RCU_FREE
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37875
- igc: fix PTM cycle trigger logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37792
- Bluetooth: btrtl: Prevent potential NULL dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37867
- RDMA/core: Silence oversized kvmalloc() warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37982
- wifi: wl1251: fix memory leak in wl1251_tx_work
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37794
- wifi: mac80211: Purge vif txq in ieee80211_do_stop()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37796
- wifi: at76c50x: fix use after free access in at76_disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37838
- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
Driver Due to Race Condition
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37940
- ftrace: Add cond_resched() to ftrace_graph_set_hash()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23142
- sctp: detect and prevent references to a freed transport in sendmsg
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37892
- mtd: inftlcore: Add error check for inftl_read_oob()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23145
- mptcp: fix NULL pointer in can_accept_new_subflow
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23146
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37839
- jbd2: remove wrong sb->s_sequence check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23147
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23150
- ext4: fix off-by-one error in do_split
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23151
- bus: mhi: host: Fix race between unprepare and queue_buf
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23156
- media: venus: hfi_parser: refactor hfi packet parsing logic
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23157
- media: venus: hfi_parser: add check to avoid out of bound access
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37840
- mtd: rawnand: brcmnand: fix PM resume warning
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23158
- media: venus: hfi: add check to handle incorrect queue size
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23159
- media: venus: hfi: add a check to handle OOB in sfr region
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37850
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37851
- fbdev: omapfb: Add 'plane' value check
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23161
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-23163
- net: vlan: don't propagate flags on open
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37857
- scsi: st: Fix array overflow in st_setup()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37738
- ext4: ignore xattrs past end
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37739
- f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37740
- jfs: add sanity check for agwidth in dbMount
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37741
- jfs: Prevent copying of nlink with value 0 from disk inode
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37858
- fs/jfs: Prevent integer overflow in AG size calculation
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37742
- jfs: Fix uninit-value access of imap allocated in the diMount() function
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37859
- page_pool: avoid infinite loop to schedule delayed worker
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37862
- HID: pidff: Fix null pointer dereference in pidff_find_fields
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37841
- pm: cpupower: bench: Prevent NULL dereference on malloc failure
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37749
- net: ppp: Add bound checking for skb data on ppp_sync_txmung
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37757
- tipc: fix memory leak in tipc_link_xmit
* Jammy update: v5.15.181 upstream stable release (LP: #2111606) //
CVE-2025-37758
- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
* CVE-2024-53051
- drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability
* CVE-2024-46787
- userfaultfd: fix checks for huge PMDs
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
* CVE-2025-37750
- smb: client: fix UAF in decryption with multichannel
* CVE-2024-53185
- smb: client: fix NULL ptr deref in crypto_aead_setkey()
* CVE-2024-50047
- smb: client: fix UAF in async decryption
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
-- Mehmet Basaran <[email protected]> Mon, 16 Jun 2025
09:39:56 +0300
** Changed in: linux (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-21546
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-48893
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-49063
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-49168
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-49535
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52572
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-52757
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26686
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-26739
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-27402
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35790
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35866
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35867
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-35943
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-36908
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38540
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-38541
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-42322
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46742
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46751
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46774
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46787
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46816
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-49960
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-49989
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50047
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50125
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50258
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50272
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50280
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53051
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53128
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53185
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53203
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-54458
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-56751
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-0927
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21839
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21853
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22027
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22062
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23140
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23142
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23144
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23145
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23146
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23147
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23148
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23150
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23151
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23156
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23157
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23158
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23159
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23161
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23163
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37738
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37739
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37740
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37741
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37742
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37749
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37750
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37756
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37757
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37758
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37765
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37766
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37767
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37768
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37770
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37771
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37773
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37780
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37781
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37782
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37787
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37788
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37789
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37790
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37792
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37794
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37796
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37797
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37798
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37803
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37805
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37808
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37810
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37811
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37812
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37817
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37819
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37823
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37824
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37829
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37830
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37836
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37838
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37839
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37840
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37841
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37844
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37850
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37851
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37857
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37858
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37859
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37862
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37867
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37871
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37875
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37881
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37883
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37885
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37890
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37892
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37905
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37909
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37911
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37912
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37913
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37914
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37915
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37923
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37927
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37930
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37940
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37949
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37964
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37967
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37969
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37970
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37982
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37983
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37985
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37989
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37990
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37991
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37992
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37997
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2107516
Title:
Mounting btrfs LVM volumes changes mountpoint location and breaks
lsblk output
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Released
Bug description:
BugLink: https://bugs.launchpad.net/bugs/2107516
[Impact]
Since 5.15.0-136-generic, mounting btrfs LVM volumes changes behaviour in two
subtle ways.
The first, changes the mountpoint from
/dev/mapper/VG0-LV0
to
/dev/VG0/LV0
breaking any existing applications which rely on the volume being accessible
at
/dev/mapper.
The second, breaks lsblk displaying volume mountpoints when the volume is
mounted in duplicated places, e.g.:
sdb 8:16 0 9,1T 0 disk
└─sdb1 8:17 0 9,1T 0 part
└─hdd2 254:6 0 9,1T 0 crypt /mnt/hdd2
/var/cache/distfiles
/var/cache/binpkgs
becomes
sdb 8:16 0 9,1T 0 disk
└─sdb1 8:17 0 9,1T 0 part
└─hdd2 254:6 0 9,1T 0 crypt /mnt/hdd2
Only the first mountpoint is now displayed, where previously it would show
all of them.
[Fix]
The issue has been debugged in gentoo with the original patch author:
https://bugs.gentoo.org/947126
The findings were that the patch:
commit fc83c00ca63bc3a29778957170ccb96fabccf44c
Author: Qu Wenruo <[email protected]>
Date: Tue Sep 24 12:52:17 2024 +0930
Subject: btrfs: avoid unnecessary device path update for the same device
Link:
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=fc83c00ca63bc3a29778957170ccb96fabccf44c
relies on the recent migration of btrfs to the new fsconfig mount API,
available
in 6.8 onwards.
The author tried to fix things up further, but only introduced more
regressions,
leading to the conclusion that this patch needs to be reverted for 5.15.
Hence, submitting a SAUCE patch to revert.
[Testcase]
Create a fresh VM, and attach a scratch disk to be used as a btrfs
volume.
$ uname -rv
5.15.0-127-generic #137-Ubuntu SMP Fri Nov 8 15:21:01 UTC 2024
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 10G 0 disk
├─vda1 252:1 0 9.9G 0 part /
├─vda14 252:14 0 4M 0 part
└─vda15 252:15 0 106M 0 part /boot/efi
vdb 252:16 0 372K 0 disk
vdc 252:32 0 5G 0 disk
$ sudo pvcreate /dev/vdc
Physical volume "/dev/vdc" successfully created.
$ sudo vgcreate VG0 /dev/vdc
Volume group "VG0" successfully created
$ sudo lvcreate -n LV0 -l 100%FREE VG0
Logical volume "LV0" created.
$ sudo mkfs.btrfs /dev/dm-0
$ sudo mkdir /mnt/a
$ sudo mkdir /mnt/b
$ sudo mkdir /mnt/c
$ sudo mount /dev/dm-0/mnt/a
$ sudo mount /dev/dm-0/mnt/b
$ sudo mount /dev/dm-0/mnt/c
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 10G 0 disk
├─vda1 252:1 0 9.9G 0 part /
├─vda14 252:14 0 4M 0 part
└─vda15 252:15 0 106M 0 part /boot/efi
vdb 252:16 0 372K 0 disk
vdc 252:32 0 5G 0 disk
└─VG0-LV0 253:0 0 5G 0 lvm /mnt/c
/mnt/b
/mnt/a
$ grep /mnt /proc/mounts
/dev/mapper/VG0-LV0 /mnt/a btrfs
rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
/dev/mapper/VG0-LV0 /mnt/b btrfs
rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
/dev/mapper/VG0-LV0 /mnt/c btrfs
rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
$ sudo apt install linux-image-5.15.0-136-generic linux-
modules-5.15.0-136-generic linux-modules-extra-5.15.0-136-generic
linux-headers-5.15.0-136-generic
$ uname -rv
5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025
$ ls /mnt
a b c
$ sudo mount /dev/dm-0/mnt/a
$ sudo mount /dev/dm-0/mnt/b
$ sudo mount /dev/dm-0/mnt/c
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vda 252:0 0 10G 0 disk
├─vda1 252:1 0 9.9G 0 part /
├─vda14 252:14 0 4M 0 part
└─vda15 252:15 0 106M 0 part /boot/efi
vdb 252:16 0 372K 0 disk
vdc 252:32 0 5G 0 disk
└─VG0-LV0 253:0 0 5G 0 lvm /mnt/c
$ grep /mnt /proc/mounts
/dev/mapper/VG0-LV0 /mnt/a btrfs
rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
/dev/mapper/VG0-LV0 /mnt/b btrfs
rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
/dev/mapper/VG0-LV0 /mnt/c btrfs
rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
$ sudo touch /dev/mapper/VG0-LV0
$ grep /mnt /proc/mounts
/dev/VG0/LV0 /mnt/a btrfs rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
/dev/VG0/LV0 /mnt/b btrfs rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
/dev/VG0/LV0 /mnt/c btrfs rw,relatime,space_cache=v2,subvolid=5,subvol=/ 0 0
[Where problems could occur]
We are changing how we check if devices are the same, and what happens if they
are. The original motivation behind the patch was to try avoid updating the
device paths on rescan from udev, but there is no evidence that this is even
a problem on 5.15, and the regressions from having the path names completely
changed and lsblk missing mountpoints outweighs any benefit of perceived
reductions in path updates on udev rescan.
We will go back to the original behaviour in 5.15.0-134-generic and earlier,
to keep things stable as they have been over jammy's lifecycle.
If a regression were to occur, it would affect btrfs mountpoints, and output
from lsblk showing duplicated mountpoints.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2107516/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
