Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2026-06-09
Ported from the following upstream stable releases:
v6.6.134, v6.6.135, v6.12.82
from git://git.kernel.org/
vfio/pci: Use unmap_mapping_range()
gfs2: Improve gfs2_consist_inode() usage
x86/CPU: Fix FPDSS on Zen1
lib/crypto: chacha: Zeroize permuted_state before it leaves scope
wifi: rt2x00usb: fix devres lifetime
xfrm_user: fix info leak in build_report()
net: rfkill: prevent unlimited numbers of rfkill events from being created
mptcp: fix slab-use-after-free in __inet_lookup_established
Input: uinput - fix circular locking dependency with ff-core
Input: uinput - take event lock when submitting FF request "event"
MIPS: Always record SEGBITS in cpu_data.vmbits
MIPS: mm: Suppress TLB uniquification on EHINV hardware
MIPS: mm: Rewrite TLB uniquification for the hidden bit feature
virtio_net: clamp rss_max_key_size to NETDEV_RSS_KEY_LEN
Revert "mptcp: add needs_id for netlink appending addr"
seg6: separate dst_cache for input and output paths in seg6 lwtunnel
netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR
netfilter: nft_ct: fix use-after-free in timeout object destroy
xfrm: clear trailing padding in build_polexpire()
tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
wifi: brcmsmac: Fix dma_free_coherent() size
Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower"
arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V
arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity
arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges
nfc: pn533: allocate rx skb before consuming bytes
batman-adv: reject oversized global TT response buffers
X.509: Fix out-of-bounds access when parsing extensions
EDAC/mc: Fix error path ordering in edac_mc_alloc()
net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
batman-adv: hold claim backbone gateways by reference
drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
net/mlx5: Update the list of the PCI supported devices
pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
mmc: vub300: fix NULL-deref on disconnect
net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure
net: stmmac: fix integer underflow in chain mode
mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
rxrpc: Fix call removal to use RCU safe deletion
rxrpc: Fix key reference count leak from call->key
rxrpc: Only put the call ref if one was acquired
rxrpc: reject undecryptable rxkad response tickets
rxrpc: fix reference count leak in rxrpc_server_keyring()
rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING)
rxrpc: Fix missing error checks for rxkad encryption/decryption failure
Revert "PCI: Enable ACS after configuring IOMMU for OF platforms"
usb: typec: ucsi: skip connector validation before init
blktrace: fix __this_cpu_read/write in preemptible context
nfc: nci: complete pending data exchange on device close
net: annotate data-races around sk->sk_{data_ready,write_space}
drm/i915/psr: Do not use pipe_src as borders for SU area
net: lan966x: fix page pool leak in error paths
rxrpc: Fix anonymous key handling
net: skb: fix cross-cache free of KFENCE-allocated skb head
ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6
rxrpc: Fix rxkad crypto unalignment handling
UBUNTU: Upstream stable to v6.6.134, v6.6.135, v6.12.82
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Invalid
** Affects: linux (Ubuntu Noble)
Importance: Medium
Assignee: Alice C. Munduruca (cremfuelled)
Status: In Progress
** Tags: kernel-stable-tracking-bug
** Changed in: linux (Ubuntu)
Status: New => Confirmed
** Tags added: kernel-stable-tracking-bug
** Also affects: linux (Ubuntu Noble)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu)
Status: Confirmed => Invalid
** Changed in: linux (Ubuntu Noble)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Noble)
Status: New => In Progress
** Changed in: linux (Ubuntu Noble)
Assignee: (unassigned) => Alice C. Munduruca (cremfuelled)
** Description changed:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2026-06-09
+
+ Ported from the following upstream stable releases:
+ v6.6.134, v6.6.135, v6.12.82
+
from git://git.kernel.org/
+
+ vfio/pci: Use unmap_mapping_range()
+ gfs2: Improve gfs2_consist_inode() usage
+ x86/CPU: Fix FPDSS on Zen1
+ lib/crypto: chacha: Zeroize permuted_state before it leaves scope
+ wifi: rt2x00usb: fix devres lifetime
+ xfrm_user: fix info leak in build_report()
+ net: rfkill: prevent unlimited numbers of rfkill events from being created
+ mptcp: fix slab-use-after-free in __inet_lookup_established
+ Input: uinput - fix circular locking dependency with ff-core
+ Input: uinput - take event lock when submitting FF request "event"
+ MIPS: Always record SEGBITS in cpu_data.vmbits
+ MIPS: mm: Suppress TLB uniquification on EHINV hardware
+ MIPS: mm: Rewrite TLB uniquification for the hidden bit feature
+ virtio_net: clamp rss_max_key_size to NETDEV_RSS_KEY_LEN
+ Revert "mptcp: add needs_id for netlink appending addr"
+ seg6: separate dst_cache for input and output paths in seg6 lwtunnel
+ netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR
+ netfilter: nft_ct: fix use-after-free in timeout object destroy
+ xfrm: clear trailing padding in build_polexpire()
+ tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
+ wifi: brcmsmac: Fix dma_free_coherent() size
+ Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower"
+ arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V
+ arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity
+ arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges
+ nfc: pn533: allocate rx skb before consuming bytes
+ batman-adv: reject oversized global TT response buffers
+ X.509: Fix out-of-bounds access when parsing extensions
+ EDAC/mc: Fix error path ordering in edac_mc_alloc()
+ net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
+ batman-adv: hold claim backbone gateways by reference
+ drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
+ net/mlx5: Update the list of the PCI supported devices
+ pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
+ mmc: vub300: fix NULL-deref on disconnect
+ net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure
+ net: stmmac: fix integer underflow in chain mode
+ mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
+ net: lan966x: fix page_pool error handling in
lan966x_fdma_rx_alloc_page_pool()
+ rxrpc: Fix call removal to use RCU safe deletion
+ rxrpc: Fix key reference count leak from call->key
+ rxrpc: Only put the call ref if one was acquired
+ rxrpc: reject undecryptable rxkad response tickets
+ rxrpc: fix reference count leak in rxrpc_server_keyring()
+ rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING)
+ rxrpc: Fix missing error checks for rxkad encryption/decryption failure
+ Revert "PCI: Enable ACS after configuring IOMMU for OF platforms"
+ usb: typec: ucsi: skip connector validation before init
+ blktrace: fix __this_cpu_read/write in preemptible context
+ nfc: nci: complete pending data exchange on device close
+ net: annotate data-races around sk->sk_{data_ready,write_space}
+ drm/i915/psr: Do not use pipe_src as borders for SU area
+ net: lan966x: fix page pool leak in error paths
+ rxrpc: Fix anonymous key handling
+ net: skb: fix cross-cache free of KFENCE-allocated skb head
+ ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6
+ rxrpc: Fix rxkad crypto unalignment handling
+ UBUNTU: Upstream stable to v6.6.134, v6.6.135, v6.12.82
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2156149
Title:
Noble update: upstream stable patchset 2026-06-09
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2156149/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
