This bug was fixed in the package linux-azure - 6.14.0-1010.10
---------------
linux-azure (6.14.0-1010.10) plucky; urgency=medium
* plucky/linux-azure: 6.14.0-1010.10 -proposed tracker (LP: #2117631)
* Packaging resync (LP: #1786013)
- [Packaging] debian.azure/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* Additional MANA patch support, kernel 5.15 and later (LP: #2115356)
- net: mana: Set tx_packets to post gso processing packet count
- net: mana: Add support for Multi Vports on Bare metal
- net: mana: Add handler for hardware servicing events
* Additional MANA patch support, kernel 6.8 and later (LP: #2115309)
- PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations
- PCI: hv: Allow dynamic MSI-X vector allocation
- net: mana: explain irq_setup() algorithm
- net: mana: Allow irq_setup() to skip cpus for affinity
- net: mana: Allocate MSI-X vectors dynamically
* vhci-hcd and usbip-core not available (LP: #2115827)
- [Config] azure: Revert to -generic config for CONFIG_USBIP_VHCI_HCD and
CONFIG_USBIP_CORE
[ Ubuntu: 6.14.0-28.28 ]
* plucky/linux: 6.14.0-28.28 -proposed tracker (LP: #2117649)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* Dell AIO backlight is not working, dell_uart_backlight module is missing
(LP: #2083800)
- [Config] enable CONFIG_DELL_UART_BACKLIGHT
* integrated I219-LM network adapter appears to be running too fast, causing
synchronization issues when using the I219-LM PTP feature (LP: #2116072)
- e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
* Audio broken on ThinkPad X13s (LP: #2115898)
- SAUCE: Revert "UBUNTU: SAUCE: Change: cracking sound fix"
* Ubuntu 24.04+ arm64: screen resolution fixed to 1024x768 with last kernel
update (LP: #2115068)
- [Config] Replace FB_HYPERV with DRM_HYPERV
* [SRU][HPE 24.04] Patch Request for HPE iLO7 VGA device for Gen12 Servers
(LP: #2114516)
- drm/mgag200: Added support for the new device G200eH5
* A process exiting with an open /dev/snapshot fd causes a NULL pointer
dereference caught by ubuntu_stress_smoke_test:sut-scan (LP: #2113990)
- libfs: export find_next_child()
- efivarfs: support freeze/thaw
* [SRU] Add support for new hotkey of F9 on Thinkpad X9 (LP: #2115022)
- platform/x86: thinkpad-acpi: Add support for new hotkey for camera
shutter switch
* [SRU] Fix GT0: Engine reset when suspend on Intel LNL (LP: #2114697)
- drm/xe/sched: stop re-submitting signalled jobs
* CVE-2025-38056
- devres: Introduce devm_kmemdup_array()
- ASoC: SOF: Intel: hda: Fix UAF when reloading module
* Handle IOMMU IVRS entries with mismatched UID on AMD Strix or newer
platforms (LP: #2115174)
- iommu/amd: Allow matching ACPI HID devices without matching UIDs
* [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
- s390: Add z17 elf platform
* [UBUNTU 24.04] Kernel: Add CPUMF extended counter set for z17
(LP: #2114258)
- s390/cpumf: Update CPU Measurement facility extended counter set support
* Plucky update: v6.14.8 upstream stable release (LP: #2115266)
- arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-
cm3588
- fs/xattr.c: fix simple_xattr_list to always include security.* xattrs
- drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC
Policies
- drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies
- x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE
- platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive
drivers
- arm64: dts: rockchip: fix Sige5 RTC interrupt pin
- riscv: dts: sophgo: fix DMA data-width configuration for CV18xx
- binfmt_elf: Move brk for static PIE even if ASLR disabled
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie
14XA (GX4HRXL)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all
PF_NO_SETAFFINITY tasks
- tracing: fprobe: Fix RCU warning message in list traversal
- tracing: probes: Fix a possible race in trace_probe_log APIs
- tpm: tis: Double the timeout B to 4s
- iio: adc: ad7606: move the software mode configuration
- iio: adc: ad7606: move software functions into common file
- HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
- spi: loopback-test: Do not split 1024-byte hexdumps
- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags
- drm/meson: Use 1000ULL when operating with mode->clock
- tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing
- tests/ncdevmem: Fix double-free of queue array
- net: mctp: Ensure keys maintain only one ref to corresponding dev
- ALSA: seq: Fix delivery of UMP events to group ports
- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- nvme-pci: make nvme_pci_npages_prp() __always_inline
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- net: dsa: b53: prevent standalone from trying to forward to other ports
- vsock/test: Fix occasional failure in SIOCOUTQ tests
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- octeontx2-pf: Fix ethtool support for SDP representors
- drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value
- netlink: specs: tc: fix a couple of attribute names
- netlink: specs: tc: all actions are indexed arrays
- octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy
- net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW
capability
- octeontx2-af: Fix CGX Receive counters
- octeontx2-pf: Do not reallocate all ntuple filters
- tsnep: fix timestamping with a stacked DSA driver
- ublk: fix dead loop when canceling io command
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
interrupted"
- Revert "kbuild, rust: use -fremap-path-prefix to make paths relative"
- udf: Make sure i_lenExtents is uptodate on inode eviction
- HID: amd_sfh: Fix SRA sensor when it's the only sensor
- LoongArch: Prevent cond_resched() occurring within kernel-fpu
- LoongArch: Move __arch_cpu_idle() to .cpuidle.text section
- LoongArch: Save and restore CSR.CNTC for hibernation
- LoongArch: Fix MAX_REG_OFFSET calculation
- LoongArch: uprobes: Remove user_{en,dis}able_single_step()
- LoongArch: uprobes: Remove redundant code about resume_era
- btrfs: fix discard worker infinite loop after disabling discard
- btrfs: fix folio leak in submit_one_async_extent()
- btrfs: add back warning for mount option commit values exceeding 300
- Revert "drm/amd/display: Hardware cursor changes color when switched to
software cursor"
- drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()
- drm/amdgpu: fix incorrect MALL size for GFX1151
- drm/amd/display: Correct the reply value when AUX write incomplete
- drm/amd/display: Avoid flooding unnecessary info messages
- MAINTAINERS: Update Alexey Makhalov's email address
- gpio: pca953x: fix IRQ storm on system wake up
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- dma-buf: insert memory barrier before updating num_fences
- arm64: dts: amlogic: dreambox: fix missing clkc_audio node
- arm64: dts: rockchip: Allow Turing RK1 cooling fan to spin down
- arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
- hv_netvsc: Remove rmsg_pgcnt
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
- Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
- kbuild: Disable -Wdefault-const-init-unsafe
- i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- x86/sev: Do not touch VMSA pages during SNP guest memory kdump
- x86/sev: Make sure pages are not skipped during kdump
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ
switches
- net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
- smb: client: fix memory leak during error handling for POSIX mkdir
- spi: tegra114: Use value to check for invalid delays
- tpm: Mask TPM RC in tpm2_start_auth_session()
- wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl
- ring-buffer: Fix persistent buffer when commit page is the reader page
- net: qede: Initialize qede_ll_ops with designated initializer
- io_uring/memmap: don't use page_address() on a highmem page
- io_uring/uring_cmd: fix hybrid polling initialization issue
- mm: hugetlb: fix incorrect fallback for subpool
- mm: userfaultfd: correct dirty flags set for both present and swap pte
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_wqs
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- dmaengine: idxd: Add missing cleanup for early error out in
idxd_setup_internals
- dmaengine: idxd: Add missing cleanups in cleanup internals
- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove
call
- dmaengine: idxd: fix memory leak in error handling path of
idxd_pci_probe
- accel/ivpu: Use workqueue for IRQ handling
- accel/ivpu: Dump only first MMU fault from single context
- accel/ivpu: Move parts of MMU event IRQ handling to thread handler
- accel/ivpu: Fix missing MMU events from reserved SSID
- accel/ivpu: Fix missing MMU events if file_priv is unbound
- accel/ivpu: Flush pending jobs of device's workqueues
- drm/xe/gsc: do not flush the GSC worker from the reset path
- perf tools: Fix build error for LoongArch
- phy: tegra: xusb: remove a stray unlock
- Linux 6.14.8
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38008
- mm/page_alloc: fix race condition in unaccepted memory handling
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38014
- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38015
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38005
- dmaengine: ti: k3-udma: Add missing locking
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38009
- wifi: mt76: disable napi on driver removal
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38010
- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38011
- drm/amdgpu: csa unmap use uninterruptible lock
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38016
- HID: bpf: abort dispatch if device destroyed
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38012
- sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38018
- net/tls: fix kernel panic when alloc_page failed
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38019
- mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38013
- wifi: mac80211: Set n_channels after allocating struct
cfg80211_scan_request
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38002
- io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38027
- regulator: max20086: fix invalid memory access
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38020
- net/mlx5e: Disable MACsec offload for uplink representor profile
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38021
- drm/amd/display: Fix null check of pipe_ctx->plane_state for
update_dchubp_dpp
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38006
- net: mctp: Don't access ifa_index when missing
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38022
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device"
problem
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38028
- NFS/localio: Fix a race in nfs_local_open_fh()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38023
- nfs: handle failure of nfs_get_lock_context in unlock path
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38007
- HID: uclogic: Add NULL check in uclogic_input_configured()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38024
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38025
- iio: adc: ad7606: check for NULL before calling sw_mode_config()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252)
- dm: add missing unlock on in dm_keyslot_evict()
- Revert "btrfs: canonicalize the device path before adding it"
- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
- firmware: arm_scmi: Fix timeout checks on polling path
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- vfio/pci: Align huge faults to order
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls
- s390/entry: Fix last breaking event handling in case of stack corruption
- SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
- sch_htb: make htb_deactivate() idempotent
- virtio-net: don't re-enable refill work too early when NAPI is disabled
- gre: Fix again IPv6 link-local address generation.
- net: ethernet: mtk_eth_soc: reset all TX queues on DMA free
- net: ethernet: mtk_eth_soc: do not reset PSE when setting FE
- can: mcp251xfd: fix TDC setting for low data bit rates
- can: gw: fix RCU/BH usage in cgw_create_job()
- wifi: mac80211: fix the type of status_code for negotiated TID to Link
Mapping
- ice: use DSN instead of PCI BDF for ice_adapter index
- erofs: ensure the extra temporary copy is valid for shortened bvecs
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: keep CPU port always tagged again
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: do not allow to configure VLAN 0
- net: dsa: b53: do not program vlans when vlan filtering is off
- net: dsa: b53: fix toggling vlan_filtering
- net: dsa: b53: fix learning on VLAN unaware bridges
- net: dsa: b53: do not set learning and unicast/multicast on up
- fbnic: Fix initialization of mailbox descriptor rings
- fbnic: Gate AXI read/write enabling on FW mailbox
- fbnic: Actually flush_tx instead of stalling out
- fbnic: Cleanup handling of completions
- fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready
- fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context
- fbnic: Do not allow mailbox to toggle to ready outside
fbnic_mbx_poll_tx_ready
- net: export a helper for adding up queue stats
- virtio-net: fix total qstat values
- Input: cyttsp5 - ensure minimum reset pulse width
- Input: cyttsp5 - fix power control issue on wakeup
- Input: xpad - fix Share button on Xbox One controllers
- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller
- Input: xpad - fix two controller table values
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- rust: clean Rust 1.88.0's `unnecessary_transmutes` lint
- objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0
- rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros`
configuration
- uio_hv_generic: Fix sysfs creation path for ring buffer
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- mm: fix folio_pte_batch() on XEN PV
- mm: vmalloc: support more granular vrealloc() sizing
- mm/userfaultfd: fix uninitialized output field for -EAGAIN race
- selftests/mm: compaction_test: support platform with huge mount of
memory
- selftests/mm: fix a build failure on powerpc
- selftests/mm: fix build break when compiling pkey_util.c
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are
changing
- drm/amd/display: Shift DMUB AUX reply command if necessary
- io_uring: ensure deferred completions are flushed for multishot
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: adc: ad7266: Fix potential timestamp alignment issue.
- iio: adc: ad7606: fix serial register access
- iio: adc: rockchip: Fix clock initialization sequence
- iio: adis16201: Correct inclinometer channel resolution
- iio: chemical: sps30: use aligned_s64 for timestamp
- iio: chemical: pms7003: use aligned_s64 for timestamp
- iio: hid-sensor-prox: Restore lost scale assignments
- iio: hid-sensor-prox: support multi-channel SCALE calculation
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation
- iio: imu: inv_mpu6050: align buffer for timestamp
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp
- Revert "drm/amd: Stop evicting resources on APUs in suspend"
- drm/xe: Add page queue multiplier
- drm/amdgpu: fix pm notifier handling
- drm/amdgpu/vcn: using separate VCN1_AON_SOC offset
- drm/amd/display: Fix the checking condition in dmub aux handling
- drm/amd/display: Remove incorrect checking in dmub aux handler
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- drm/amd/display: Copy AUX read reply data whenever length > 0
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are
inactive.
- usb: uhci-platform: Make the clock really optional
- xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it
- accel/ivpu: Increase state dump msg timeout
- arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to
prevent wrong idmap generation
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- x86/microcode: Consolidate the loader enablement checking
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: dwc3: gadget: Make gadget_wakeup asynchronous
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: f_ecm: Add get_status callback
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: gadget: Use get_status callback to set remote wakeup capability
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- iio: imu: bmi270: fix initial sampling frequency configuration
- iio: accel: adxl367: fix setting odr for activity time update
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64
- iio: adc: dln2: Use aligned_s64 for timestamp
- timekeeping: Prevent coarse clocks going backwards
- accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation
- accel/ivpu: Correct mutex unlock order in job submission
- MIPS: Fix MAX_REG_OFFSET
- riscv: misaligned: Add handling for ZCB instructions
- loop: factor out a loop_assign_backing_file helper
- loop: Add sanity check for read/write_iter
- drm/panel: simple: Update timings for AUO G101EVN010
- nvme: unblock ctrl state transition for firmware update
- riscv: misaligned: factorize trap handling
- riscv: misaligned: enable IRQs while handling misaligned accesses
- riscv: Disallow PR_GET_TAGGED_ADDR_CTRL without Supm
- drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs
- drm/xe: Release force wake first then runtime power
- io_uring/sqpoll: Increase task_work submission batch size
- do_umount(): add missing barrier before refcount checks in sync case
- rust: allow Rust 1.87.0's `clippy::ptr_eq` lint
- rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint
- io_uring: always arm linked timeouts prior to issue
- Bluetooth: btmtk: Remove the resetting step before downloading the fw
- mm: page_alloc: don't steal single pages from biggest buddy
- mm: page_alloc: speed up fallbacks in rmqueue_bulk()
- arm64: insn: Add support for encoding DSB
- arm64: proton-pack: Expose whether the platform is mitigated by firmware
- arm64: proton-pack: Expose whether the branchy loop k value
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- [Config] enable MITIGATION_ITS
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Add support for RSB stuffing mitigation
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/ibt: Keep IBT disabled during alternative patching
- x86/its: Use dynamic thunks for indirect branches
- selftest/x86/bugs: Add selftests for ITS
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- Linux 6.14.7
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37963
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37948
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37994
- usb: typec: ucsi: displayport: Fix NULL pointer access
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37950
- ocfs2: fix panic in failed foilio allocation
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37995
- module: ensure that kobject_put() is safe for module type kobjects
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37960
- memblock: Accept allocated memory before use in memblock_double_array()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37996
- KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37954
- smb: client: Avoid race in open_cached_dir with lease breaks
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37965
- drm/amd/display: Fix invalid context error in dml helper
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37951
- drm/v3d: Add job to pending list if the reset was skipped
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37968
- iio: light: opt3001: fix deadlock due to concurrent flag access
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37966
- riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37957
- KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37958
- mm/huge_memory: fix dereferencing invalid pmd migration entry
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37964
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37971
- staging: bcm2835-camera: Initialise dev in v4l2_dev
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37972
- Input: mtk-pmic-keys - fix possible null pointer dereference
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37959
- bpf: Scrub packet on bpf_redirect_peer
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37961
- ipvs: fix uninit-value for saddr in do_output_route4
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37993
- can: m_can: m_can_class_allocate_dev(): initialize spin lock on device
probe
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37955
- virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37962
- ksmbd: fix memory leak in parse_lease_state()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37998
- openvswitch: Fix unsafe attribute parsing in output_userspace()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37952
- ksmbd: Fix UAF in __close_file_table_ids
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37947
- ksmbd: prevent out-of-bounds stream writes by validating *pos
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37956
- ksmbd: prevent rename with empty string
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37973
- wifi: cfg80211: fix out-of-bounds access during multi-link element
defragmentation
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37999
- fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()
* Creating a VXLAN interface with a Fan mapping causes a NULL pointer
dereference caught by ubuntu_fan_smoke_test:sut-scan (LP: #2113992)
- SAUCE: fan: vxlan: parse fan-map from IFLA_VXLAN_FAN_MAP attribute ID
* [Regression Updates] "PCI: Explicitly put devices into D0 when
initializing" breaks pci-pass-through in QEMU/KVM (LP: #2117494)
- PCI/PM: Set up runtime PM even for devices without PCI PM
* [UBUNTU 25.04] lszcrypt output shows no cards because ap module has to be
loaded manually (LP: #2116061)
- [Config] s390: Build ap driver into the kernel
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
linux-azure (6.14.0-1009.9) plucky; urgency=medium
* plucky/linux-azure: 6.14.0-1009.9 -proposed tracker (LP: #2114485)
[ Ubuntu: 6.14.0-24.24 ]
* plucky/linux: 6.14.0-24.24 -proposed tracker (LP: #2114501)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.06.16)
* Apple spi keyboard/trackpad not working 25.04 (LP: #2107976)
- iommu/vt-d: Restore context entry setup order for aliased devices
* Unexpected system reboot at loading GUI session on some AMD platforms
(LP: #2112462)
- drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush
* Fix ARL-U/H suspend issues (LP: #2112469)
- platform/x86/intel/pmc: Remove duplicate enum
- platform/x86:intel/pmc: Make tgl_core_generic_init() static
- platform/x86:intel/pmc: Create generic_core_init() for all platforms
- platform/x86/intel/pmc: Remove simple init functions
- platform/x86/intel/pmc: Add Arrow Lake U/H support to intel_pmc_core
driver
- platform/x86/intel/pmc: Fix Arrow Lake U/H NPU PCI ID
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174)
- s390/pci: Remove redundant bus removal and disable from
zpci_release_device()
- s390/pci: Prevent self deletion in disable_slot()
- s390/pci: Allow re-add of a reserved but not yet removed device
- s390/pci: Serialize device addition and removal
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174) // CVE-2025-37946
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has
child VFs
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174) // CVE-2025-37974
- s390/pci: Fix missing check for zpci_create_device() error return
* HW accelerated video playback causes VCN timeout on VCN 4.0.5 (AMD Strix)
(LP: #2112582)
- drm/amdgpu: read back register after written for VCN v4.0.5
* kvmppc_set_passthru_irq_hv: Could not assign IRQ map traces are seen when
pci device is attached to kvm guest when "xive=off" is set (LP: #2109951)
- KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest
* System will restart while resuming with SATA HDD or nvme installed with
password set (LP: #2110090)
- PCI: Explicitly put devices into D0 when initializing
* VM boots slowly with large-BAR GPU Passthrough (Root Cause Fix SRU)
(LP: #2111861)
- mm: Provide address mask in struct follow_pfnmap_args
- vfio/type1: Convert all vaddr_get_pfns() callers to use vfio_batch
- vfio/type1: Catch zero from pin_user_pages_remote()
- vfio/type1: Use vfio_batch for vaddr_get_pfns()
- vfio/type1: Use consistent types for page counts
- vfio/type1: Use mapping page mask for pfnmaps
* Plucky update: v6.14.6 upstream stable release (LP: #2113881)
- Revert "rndis_host: Flag RNDIS modems as WWAN devices"
- ALSA: hda/realtek - Add more HP laptops which need mute led fixup
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS()
- btrfs: fix COW handling in run_delalloc_nocow()
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
- drm/fdinfo: Protect against driver unbind
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- pinctrl: airoha: fix wrong PHY LED mapping and PHY2 LED defines
- perf/x86/intel: Only check the group flag for X86 leader
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mm/memblock: pass size instead of end to memblock_set_node()
- mm/memblock: repeat setting reserved region nid if array is doubled
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- spi: tegra114: Don't fail set_cs_timing when delays are zero
- tracing: Do not take trace_event_sem in print_event_fields()
- x86/boot/sev: Support memory acceptance in the EFI stub under SVSM
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- drm/amdgpu: Fix offset for HDP remap in nbio v7.11
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep
cycles
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
hotplug
- smb: client: fix zero length for mkdir POSIX create context
- cpufreq: Avoid using inconsistent policy->min and policy->max
- cpufreq: Fix setting policy limits when frequency tables are used
- bcachefs: Remove incorrect __counted_by annotation
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
properties
- ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB
- firmware: cs_dsp: tests: Depend on FW_CS_DSP rather then enabling it
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
- Revert "UBUNTU: SAUCE: powerpc64/ftrace: fix module loading without
patchable function entries"
- pinctrl: imx: Return NULL if no group is matched and found
- powerpc/boot: Check for ld-option support
- ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init()
- iommu/arm-smmu-v3: Add missing S2FWB feature detection
- ALSA: hda/realtek - Enable speaker for HP platform
- drm/i915/pxp: fix undefined reference to
`intel_pxp_gsccs_is_ready_for_sessions'
- wifi: iwlwifi: back off on continuous errors
- wifi: iwlwifi: don't warn if the NIC is gone in resume
- wifi: iwlwifi: fix the check for the SCRATCH register upon resume
- powerpc/boot: Fix dash warning
- xsk: Fix offset calculation in unaligned mode
- net/mlx5e: Use custom tunnel header for vxlan gbp
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5e: TC, Continue the attr process even if encap entry is invalid
- net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover
- net/mlx5: E-switch, Fix error handling for enabling roce
- accel/ivpu: Correct DCT interrupt handling
- cpufreq: Introduce policy->boost_supported flag
- cpufreq: acpi: Set policy->boost_supported
- cpufreq: ACPI: Re-sync CPU boost state on system resume
- Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver
- Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync
- Bluetooth: btintel_pcie: Avoid redundant buffer allocation
- Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths
- Bluetooth: L2CAP: copy RX timestamp to new fragments
- net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
- octeon_ep_vf: Resolve netdevice usage count issue
- bnxt_en: improve TX timestamping FIFO configuration
- rtase: Modify the condition used to detect overflow in
rtase_calc_time_mitigation
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array
- pds_core: make pdsc_auxbus_dev_del() void
- pds_core: specify auxiliary_device to be created
- ice: Don't check device type when checking GNSS presence
- ice: Remove unnecessary ice_is_e8xx() functions
- ice: fix Get Tx Topology AQ command error on E830
- idpf: fix offloads support for encapsulated packets
- scsi: ufs: core: Remove redundant query_complete trace
- drm/xe/guc: Fix capture of steering registers
- pinctrl: qcom: Fix PINGROUP definition for sm8750
- nvme-pci: fix queue unquiesce check on slot_reset
- drm/tests: shmem: Fix memleak
- drm/mipi-dbi: Fix blanking for non-16 bit formats
- net: dlink: Correct endianness handling of led_mode
- net: mdio: mux-meson-gxl: set reversed bit when using internal phy
- idpf: fix potential memory leak on kcalloc() failure
- idpf: protect shutdown from reset
- igc: fix lock order in igc_ptp_reset
- net: dsa: felix: fix broken taprio gate states after clock jump
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models
- bnxt_en: Fix ethtool selftest output in one of the failure cases
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan()
- bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings()
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS
- ASoC: stm32: sai: skip useless iterations on kernel rate loop
- ASoC: stm32: sai: add a check on minimal kernel frequency
- bnxt_en: fix module unload sequence
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- net: vertexcom: mse102x: Fix possible stuck of SPI interrupt
- net: vertexcom: mse102x: Fix LEN_MASK
- net: vertexcom: mse102x: Add range check for CMD_RTS
- net: vertexcom: mse102x: Fix RX error handling
- accel/ivpu: Abort all jobs after command queue unregister
- accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW
- drm/xe: Invalidate L3 read-only cachelines for geometry streams too
- platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7
- ublk: add helper of ublk_need_map_io()
- ublk: properly serialize all FETCH_REQs
- ublk: move device reset into ublk_ch_release()
- ublk: improve detection and handling of ublk server exit
- ublk: remove __ublk_quiesce_dev()
- ublk: simplify aborting ublk request
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired
- arm64: dts: imx95: Correct the range of PCIe app-reg region
- ARM: dts: opos6ul: add ksz8081 phy properties
- arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs
- arm64: dts: st: Use 128kB size for aliased GIC400 register access on
stm32mp25 SoCs
- block: introduce zone capacity helper
- btrfs: zoned: skip reporting zone for new block group
- kernel: param: rename locate_module_kobject
- kernel: globalize lookup_or_create_module_kobject()
- drivers: base: handle module_kobject creation
- btrfs: expose per-inode stable writes flag
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode()
- btrfs: pass struct btrfs_inode to btrfs_iget_locked()
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
- bcachefs: Change btree_insert_node() assertion to error
- dm: fix copying after src array boundaries
- Linux 6.14.6
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37903
- drm/amd/display: Fix slab-use-after-free in hdcp
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37904
- btrfs: fix the inode leak in btrfs_iget()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37906
- ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37907
- accel/ivpu: Fix locking order in ivpu_job_submit
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37908
- mm, slab: clean up slab->obj_exts always
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37933
- octeon_ep: Fix host hang issue during device reboot
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37910
- ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37894
- net: use sock_gen_put() when sk_state is TCP_TIME_WAIT
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37934
- ASoC: simple-card-utils: Fix pointer check in
graph_util_parse_link_direction
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37895
- bnxt_en: Fix error handling path in bnxt_init_chip()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37935
- net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37891
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37916
- pds_core: remove write-after-free of client_id
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37917
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37918
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37919
- ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37896
- spi: spi-mem: Add fix to avoid divide error
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37920
- xsk: Fix race condition in AF_XDP generic RX path
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37921
- vxlan: vnifilter: Fix unlocked deletion of default FDB entry
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37897
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37898
- powerpc64/ftrace: fix module loading without patchable function entries
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37922
- book3s64/radix : Align section vmemmap start address to PAGE_SIZE
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37899
- ksmbd: fix use-after-free in session logoff
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37924
- ksmbd: fix use-after-free in kerberos authentication
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37926
- ksmbd: fix use-after-free in ksmbd_session_rpc_open
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37900
- iommu: Fix two issues in iommu_copy_struct_from_user()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37928
- dm-bufio: don't schedule in atomic context
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37901
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37936
- perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
value.
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37929
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37931
- btrfs: adjust subpage bit start based on sectorsize
* Support Sony IMX471 camera sensor for Intel IPU7 platforms (LP: #2107320)
- SAUCE: media: ipu-bridge: Support imx471 sensor
* deadlock on cpu_hotplug_lock in __accept_page() (LP: #2109543)
- mm/page_alloc: fix deadlock on cpu_hotplug_lock in __accept_page()
* Plucky fails to boot on (older) Macs (LP: #2105402)
- SAUCE: hack: efi/libstub: enable t14s boot failure hack only on arm64
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- selftests/tc-testing: Add a test case for FQ_CODEL with HTB parent
- selftests/tc-testing: Add a test case for FQ_CODEL with QFQ parent
- selftests/tc-testing: Add a test case for FQ_CODEL with HFSC parent
- selftests/tc-testing: Add a test case for FQ_CODEL with DRR parent
- selftests/tc-testing: Add a test case for FQ_CODEL with ETS parent
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
-- John Cabaj <[email protected]> Fri, 25 Jul 2025 14:22:30
-0500
** Changed in: linux-azure (Ubuntu Plucky)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37891
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37894
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37895
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37896
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37897
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37898
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37899
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37900
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37901
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37903
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37904
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37906
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37907
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37908
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37910
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37916
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37917
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37918
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37919
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37920
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37921
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37922
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37924
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37926
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37928
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37929
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37931
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37933
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37934
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37935
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37936
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37946
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37947
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37948
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37950
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37951
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37952
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37954
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37955
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37956
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37957
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37958
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37959
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37960
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37961
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37962
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37963
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37965
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37966
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37968
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37971
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37972
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37973
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37974
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37993
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37994
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37995
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37996
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37998
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37999
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38002
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38005
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38006
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38007
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38008
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38009
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38010
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38011
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38012
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38013
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38014
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38015
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38016
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38018
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38019
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38020
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38021
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38022
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38023
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38024
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38025
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38027
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38028
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38056
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/2115356
Title:
Additional MANA patch support, kernel 5.15 and later
Status in linux-azure package in Ubuntu:
Invalid
Status in linux-azure-5.15 package in Ubuntu:
Fix Committed
Status in linux-azure-5.15 source package in Focal:
Fix Committed
Status in linux-azure source package in Jammy:
Fix Released
Status in linux-azure source package in Noble:
Fix Committed
Status in linux-azure source package in Plucky:
Fix Released
Status in linux-azure source package in Questing:
Invalid
Bug description:
SRU Justification
[Impact]
* Microsoft requested MANA patches for the following:
* Represent packets transmitted after GSO processing
* Support holes in device list reply msg
* Support multi vports on bare-metal
* Action on receiving the special EQE notification
[Fix]
* Plucky:
* 1 clean cherry-pick from upstream
* 290e5d3c49f6: "net: mana: Add support for Multi Vports on Bare metal"
* 1 clean cherry-picks from linux-next
* 7399ef984022: "net: mana: Set tx_packets to post gso processing packet
count"
* 1 backport from linux-next:
* 7768c5f41733: "net: mana: Add handler for hardware servicing events"
* Noble:
* 2 clean cherry-picks from upstream
* 2fc8a346625e: "net: mana: Support holes in device list reply msg"
* 290e5d3c49f6: "net: mana: Add support for Multi Vports on Bare metal"
* 1 clean cherry-picks from linux-next
* 7399ef984022: "net: mana: Set tx_packets to post gso processing packet
count"
* 1 backport from linux-next:
* 7768c5f41733: "net: mana: Add handler for hardware servicing events"
* Jammy:
* 2 clean cherry-picks from upstream
* 2fc8a346625e: "net: mana: Support holes in device list reply msg"
* 290e5d3c49f6: "net: mana: Add support for Multi Vports on Bare metal"
* 2 clean cherry-picks from linux-next
* 7399ef984022: "net: mana: Set tx_packets to post gso processing packet
count"
* 7768c5f41733: "net: mana: Add handler for hardware servicing events"
[Test Plan]
* Compile tested
* Microsoft to test further
[Regression potential]
* Changes are largely localized to MANA, and either already upstream
or queued for upstream in the next merge window. Possible regressions
could result in unexpected behavior of MANA driver.
[Other info]
* SF#00413245
* SF#00413047
* SF#00411917
* SF#00413476
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-azure/+bug/2115356/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
