[Bug 2154481] Re: Generic questing kernel oops on bootup with newer Nvidia machines

Thu, 25 Jun 2026 15:37:48 -0700 

This bug was fixed in the package linux - 6.17.0-40.40

---------------
linux (6.17.0-40.40) questing; urgency=medium

  * questing/linux: 6.17.0-40.40 -proposed tracker (LP: #2157631)

  * CVE-2026-43037
    - ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

linux (6.17.0-39.39) questing; urgency=medium

  * questing/linux: 6.17.0-39.39 -proposed tracker (LP: #2157145)

  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts

  * CVE-2026-45988
    - rxrpc: Fix re-decryption of RESPONSE packets

  * CVE-2026-46135
    - nvmet-tcp: fix race between ICReq handling and queue teardown

  * CVE-2026-46195
    - smb: client: validate dacloffset before building DACL pointers

  * CVE-2026-31402
    - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

  * CVE-2026-43378
    - smb: server: fix use-after-free in smb2_open()

  * CVE-2026-31657
    - batman-adv: hold claim backbone gateways by reference

  * CVE-2026-46266
    - inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP

  * CVE-2026-46289
    - lib/scatterlist: fix length calculations in extract_kvec_to_sg

  * CVE-2026-31436
    - dmaengine: idxd: fix possible wrong descriptor completion in
      llist_abort_desc()

  * CVE-2026-31649
    - net: stmmac: fix integer underflow in chain mode

  * CVE-2026-31659
    - batman-adv: reject oversized global TT response buffers

  * CVE-2026-31448
    - ext4: avoid infinite loops caused by residual data

  * CVE-2026-43071
    - dcache: Limit the minimal number of bucket to two

  * CVE-2026-31478
    - ksmbd: replace hardcoded hdr2_len with offsetof() in
      smb2_calc_max_out_buf_len()

  * CVE-2026-31682
    - bridge: br_nd_send: linearize skb before parsing ND options

  * CVE-2026-43117
    - btrfs: tracepoints: get correct superblock from dentry in event
      btrfs_sync_file()

  * CVE-2026-31669
    - mptcp: fix slab-use-after-free in __inet_lookup_established

  * CVE-2026-46115
    - block: add pgmap check to biovec_phys_mergeable

  * CVE-2026-45898
    - RDMA/iwcm: Fix workqueue list corruption by removing work_list

  * CVE-2026-46244
    - netfilter: nft_inner: Fix IPv6 inner_thoff desync

  * CVE-2026-43493
    - crypto: pcrypt - Fix handling of MAY_BACKLOG requests

  * CVE-2026-43186
    - ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()

  * CVE-2026-31685
    - netfilter: ip6t_eui64: reject invalid MAC header for all packets

  * CVE-2026-43114
    - netfilter: nft_set_pipapo_avx2: don't return non-matching entry on
      expiry

  * CVE-2026-46325
    - RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE

  * CVE-2026-31668
    - seg6: separate dst_cache for input and output paths in seg6 lwtunnel

  * CVE-2026-43197
    - netconsole: avoid OOB reads, msg is not nul-terminated

  * CVE-2026-43083
    - net: ioam6: fix OOB and missing lock

  * CVE-2026-46043
    - RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv

  * CVE-2026-23428
    - ksmbd: fix use-after-free of share_conf in compound request

  * CVE-2026-23450
    - net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()

  * CVE-2026-46185
    - smb/client: fix out-of-bounds read in symlink_data()

  * CVE-2026-23455
    - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

  * CVE-2026-46119
    - libceph: Fix slab-out-of-bounds access in auth message processing

  * CVE-2026-46039
    - rxgk: Fix potential integer overflow in length check

  * CVE-2026-23427
    - ksmbd: fix use-after-free in durable v2 replay of active file handles

  * CVE-2026-31718
    - ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger

  * CVE-2026-31637
    - rxrpc: reject undecryptable rxkad response tickets

  * CVE-2026-43011
    - net/x25: Fix potential double free of skb

  * CVE-2026-43038
    - ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

  * CVE-2026-31635
    - rxrpc: fix oversized RESPONSE authenticator length check

  * CVE-2026-43501
    - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

  * CVE-2026-43125
    - dlm: validate length in dlm_search_rsb_tree

  * CVE-2026-46316
    - KVM: arm64: vgic-its: Drop the translation cache reference only for the
      erased entry

  * CVE-2026-43185
    - ksmbd: fix signededness bug in smb_direct_prepare_negotiation()

  * CVE-2026-43341
    - net/ipv6: ioam6: prevent schema length wraparound in trace fill

  * CVE-2026-31607
    - usbip: validate number_of_packets in usbip_pack_ret_submit()

  * CVE-2026-43402
    - kthread: consolidate kthread exit paths to prevent use-after-free

  * CVE-2026-43384
    - net/tcp-ao: Fix MAC comparison to be constant-time

  * CVE-2026-43383
    - net/tcp-md5: Fix MAC comparison to be constant-time

  * CVE-2026-43376
    - ksmbd: fix use-after-free by using call_rcu() for oplock_info

  * CVE-2026-46243
    - smb: client: reject userspace cifs.spnego descriptions

  * CVE-2026-43414
    - scsi: qla2xxx: Completely fix fcport double free

  * CVE-2026-43407
    - libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()

  * CVE-2026-43406
    - libceph: prevent potential out-of-bounds reads in
      process_message_header()

  * CVE-2026-43304
    - libceph: define and enforce CEPH_MAX_KEY_LEN

  * CVE-2026-22984
    - libceph: prevent potential out-of-bounds reads in handle_auth_done()

 -- Manuel Diewald <[email protected]>  Fri, 19 Jun 2026
15:57:33 +0200

** Changed in: linux (Ubuntu Questing)
       Status: New => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2026-22984

** CVE added: https://cve.org/CVERecord?id=CVE-2026-23427

** CVE added: https://cve.org/CVERecord?id=CVE-2026-23428

** CVE added: https://cve.org/CVERecord?id=CVE-2026-23450

** CVE added: https://cve.org/CVERecord?id=CVE-2026-23455

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31402

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31436

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31448

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31478

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31607

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31635

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31637

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31649

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31657

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31659

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31668

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31669

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31682

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31685

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31718

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43011

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43037

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43038

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43071

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43083

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43114

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43117

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43125

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43185

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43186

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43197

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43304

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43341

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43376

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43378

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43383

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43384

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43402

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43406

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43407

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43414

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43493

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43501

** CVE added: https://cve.org/CVERecord?id=CVE-2026-45898

** CVE added: https://cve.org/CVERecord?id=CVE-2026-45988

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46039

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46043

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46115

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46119

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46135

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46185

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46195

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46243

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46244

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46266

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46289

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46316

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46325

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2154481

Title:
  Generic questing kernel oops on bootup with newer Nvidia machines

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2154481/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to