[ubuntu/noble-security] linux-gcp-6.14 6.14.0-1014.15~24.04.1 (Accepted)
Andy Whitcroft
apw at canonical.com
Mon Aug 18 08:56:36 UTC 2025
linux-gcp-6.14 (6.14.0-1014.15~24.04.1) noble; urgency=medium
* noble/linux-gcp-6.14: 6.14.0-1014.15~24.04.1 -proposed tracker (LP: #2117632)
* Packaging resync (LP: #1786013)
- [Packaging] update Ubuntu.md
- [Packaging] debian.gcp-6.14/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* linux-gcp: move ptp_kvm to linux-modules in GCP kernels (LP: #2110241)
- [Packaging] gcp: Move ptp_kvm module to linux-modules
[ Ubuntu-gcp: 6.14.0-1014.15 ]
* plucky/linux-gcp: 6.14.0-1014.15 -proposed tracker (LP: #2117633)
* Packaging resync (LP: #1786013)
- [Packaging] debian.gcp/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* linux-gcp: NVIDIA Grace platform support (LP: #2111859)
- arch_topology: init capacity_freq_ref to 0
- cpufreq: Allow arch_freq_get_on_cpu to return an error
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu
- arm64: Update AMU-based freq scale factor on entering idle
- arm64: Utilize for_each_cpu_wrap for reference lookup
- [Packaging] gcp: enable CONFIG_CPUFREQ_ARCH_CUR_FREQ
- [Packaging] gcp: enable CONFIG_ARM64_CONTPTE
* linux-gcp: move ptp_kvm to linux-modules in GCP kernels (LP: #2110241)
- [Packaging] gcp: Move ptp_kvm module to linux-modules
[ Ubuntu: 6.14.0-28.28 ]
* plucky/linux: 6.14.0-28.28 -proposed tracker (LP: #2117649)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* Dell AIO backlight is not working, dell_uart_backlight module is missing
(LP: #2083800)
- [Config] enable CONFIG_DELL_UART_BACKLIGHT
* integrated I219-LM network adapter appears to be running too fast, causing
synchronization issues when using the I219-LM PTP feature (LP: #2116072)
- e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
* Audio broken on ThinkPad X13s (LP: #2115898)
- SAUCE: Revert "UBUNTU: SAUCE: Change: cracking sound fix"
* Ubuntu 24.04+ arm64: screen resolution fixed to 1024x768 with last kernel
update (LP: #2115068)
- [Config] Replace FB_HYPERV with DRM_HYPERV
* [SRU][HPE 24.04] Patch Request for HPE iLO7 VGA device for Gen12 Servers
(LP: #2114516)
- drm/mgag200: Added support for the new device G200eH5
* A process exiting with an open /dev/snapshot fd causes a NULL pointer
dereference caught by ubuntu_stress_smoke_test:sut-scan (LP: #2113990)
- libfs: export find_next_child()
- efivarfs: support freeze/thaw
* [SRU] Add support for new hotkey of F9 on Thinkpad X9 (LP: #2115022)
- platform/x86: thinkpad-acpi: Add support for new hotkey for camera
shutter switch
* [SRU] Fix GT0: Engine reset when suspend on Intel LNL (LP: #2114697)
- drm/xe/sched: stop re-submitting signalled jobs
* CVE-2025-38056
- devres: Introduce devm_kmemdup_array()
- ASoC: SOF: Intel: hda: Fix UAF when reloading module
* Handle IOMMU IVRS entries with mismatched UID on AMD Strix or newer
platforms (LP: #2115174)
- iommu/amd: Allow matching ACPI HID devices without matching UIDs
* [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
- s390: Add z17 elf platform
* [UBUNTU 24.04] Kernel: Add CPUMF extended counter set for z17
(LP: #2114258)
- s390/cpumf: Update CPU Measurement facility extended counter set support
* Plucky update: v6.14.8 upstream stable release (LP: #2115266)
- arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-
cm3588
- fs/xattr.c: fix simple_xattr_list to always include security.* xattrs
- drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC
Policies
- drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies
- x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE
- platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive
drivers
- arm64: dts: rockchip: fix Sige5 RTC interrupt pin
- riscv: dts: sophgo: fix DMA data-width configuration for CV18xx
- binfmt_elf: Move brk for static PIE even if ASLR disabled
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie
14XA (GX4HRXL)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all
PF_NO_SETAFFINITY tasks
- tracing: fprobe: Fix RCU warning message in list traversal
- tracing: probes: Fix a possible race in trace_probe_log APIs
- tpm: tis: Double the timeout B to 4s
- iio: adc: ad7606: move the software mode configuration
- iio: adc: ad7606: move software functions into common file
- HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
- spi: loopback-test: Do not split 1024-byte hexdumps
- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags
- drm/meson: Use 1000ULL when operating with mode->clock
- tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing
- tests/ncdevmem: Fix double-free of queue array
- net: mctp: Ensure keys maintain only one ref to corresponding dev
- ALSA: seq: Fix delivery of UMP events to group ports
- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- nvme-pci: make nvme_pci_npages_prp() __always_inline
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- net: dsa: b53: prevent standalone from trying to forward to other ports
- vsock/test: Fix occasional failure in SIOCOUTQ tests
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- octeontx2-pf: Fix ethtool support for SDP representors
- drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value
- netlink: specs: tc: fix a couple of attribute names
- netlink: specs: tc: all actions are indexed arrays
- octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy
- net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW
capability
- octeontx2-af: Fix CGX Receive counters
- octeontx2-pf: Do not reallocate all ntuple filters
- tsnep: fix timestamping with a stacked DSA driver
- ublk: fix dead loop when canceling io command
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
interrupted"
- Revert "kbuild, rust: use -fremap-path-prefix to make paths relative"
- udf: Make sure i_lenExtents is uptodate on inode eviction
- HID: amd_sfh: Fix SRA sensor when it's the only sensor
- LoongArch: Prevent cond_resched() occurring within kernel-fpu
- LoongArch: Move __arch_cpu_idle() to .cpuidle.text section
- LoongArch: Save and restore CSR.CNTC for hibernation
- LoongArch: Fix MAX_REG_OFFSET calculation
- LoongArch: uprobes: Remove user_{en,dis}able_single_step()
- LoongArch: uprobes: Remove redundant code about resume_era
- btrfs: fix discard worker infinite loop after disabling discard
- btrfs: fix folio leak in submit_one_async_extent()
- btrfs: add back warning for mount option commit values exceeding 300
- Revert "drm/amd/display: Hardware cursor changes color when switched to
software cursor"
- drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()
- drm/amdgpu: fix incorrect MALL size for GFX1151
- drm/amd/display: Correct the reply value when AUX write incomplete
- drm/amd/display: Avoid flooding unnecessary info messages
- MAINTAINERS: Update Alexey Makhalov's email address
- gpio: pca953x: fix IRQ storm on system wake up
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- dma-buf: insert memory barrier before updating num_fences
- arm64: dts: amlogic: dreambox: fix missing clkc_audio node
- arm64: dts: rockchip: Allow Turing RK1 cooling fan to spin down
- arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
- hv_netvsc: Remove rmsg_pgcnt
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
- Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
- kbuild: Disable -Wdefault-const-init-unsafe
- i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- x86/sev: Do not touch VMSA pages during SNP guest memory kdump
- x86/sev: Make sure pages are not skipped during kdump
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ
switches
- net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
- smb: client: fix memory leak during error handling for POSIX mkdir
- spi: tegra114: Use value to check for invalid delays
- tpm: Mask TPM RC in tpm2_start_auth_session()
- wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl
- ring-buffer: Fix persistent buffer when commit page is the reader page
- net: qede: Initialize qede_ll_ops with designated initializer
- io_uring/memmap: don't use page_address() on a highmem page
- io_uring/uring_cmd: fix hybrid polling initialization issue
- mm: hugetlb: fix incorrect fallback for subpool
- mm: userfaultfd: correct dirty flags set for both present and swap pte
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_wqs
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- dmaengine: idxd: Add missing cleanup for early error out in
idxd_setup_internals
- dmaengine: idxd: Add missing cleanups in cleanup internals
- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove
call
- dmaengine: idxd: fix memory leak in error handling path of
idxd_pci_probe
- accel/ivpu: Use workqueue for IRQ handling
- accel/ivpu: Dump only first MMU fault from single context
- accel/ivpu: Move parts of MMU event IRQ handling to thread handler
- accel/ivpu: Fix missing MMU events from reserved SSID
- accel/ivpu: Fix missing MMU events if file_priv is unbound
- accel/ivpu: Flush pending jobs of device's workqueues
- drm/xe/gsc: do not flush the GSC worker from the reset path
- perf tools: Fix build error for LoongArch
- phy: tegra: xusb: remove a stray unlock
- Linux 6.14.8
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38008
- mm/page_alloc: fix race condition in unaccepted memory handling
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38014
- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38015
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38005
- dmaengine: ti: k3-udma: Add missing locking
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38009
- wifi: mt76: disable napi on driver removal
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38010
- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38011
- drm/amdgpu: csa unmap use uninterruptible lock
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38016
- HID: bpf: abort dispatch if device destroyed
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38012
- sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38018
- net/tls: fix kernel panic when alloc_page failed
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38019
- mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38013
- wifi: mac80211: Set n_channels after allocating struct
cfg80211_scan_request
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38002
- io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38027
- regulator: max20086: fix invalid memory access
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38020
- net/mlx5e: Disable MACsec offload for uplink representor profile
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38021
- drm/amd/display: Fix null check of pipe_ctx->plane_state for
update_dchubp_dpp
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38006
- net: mctp: Don't access ifa_index when missing
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38022
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device"
problem
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38028
- NFS/localio: Fix a race in nfs_local_open_fh()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38023
- nfs: handle failure of nfs_get_lock_context in unlock path
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38007
- HID: uclogic: Add NULL check in uclogic_input_configured()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38024
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38025
- iio: adc: ad7606: check for NULL before calling sw_mode_config()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252)
- dm: add missing unlock on in dm_keyslot_evict()
- Revert "btrfs: canonicalize the device path before adding it"
- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
- firmware: arm_scmi: Fix timeout checks on polling path
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- vfio/pci: Align huge faults to order
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls
- s390/entry: Fix last breaking event handling in case of stack corruption
- SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
- sch_htb: make htb_deactivate() idempotent
- virtio-net: don't re-enable refill work too early when NAPI is disabled
- gre: Fix again IPv6 link-local address generation.
- net: ethernet: mtk_eth_soc: reset all TX queues on DMA free
- net: ethernet: mtk_eth_soc: do not reset PSE when setting FE
- can: mcp251xfd: fix TDC setting for low data bit rates
- can: gw: fix RCU/BH usage in cgw_create_job()
- wifi: mac80211: fix the type of status_code for negotiated TID to Link
Mapping
- ice: use DSN instead of PCI BDF for ice_adapter index
- erofs: ensure the extra temporary copy is valid for shortened bvecs
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: keep CPU port always tagged again
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: do not allow to configure VLAN 0
- net: dsa: b53: do not program vlans when vlan filtering is off
- net: dsa: b53: fix toggling vlan_filtering
- net: dsa: b53: fix learning on VLAN unaware bridges
- net: dsa: b53: do not set learning and unicast/multicast on up
- fbnic: Fix initialization of mailbox descriptor rings
- fbnic: Gate AXI read/write enabling on FW mailbox
- fbnic: Actually flush_tx instead of stalling out
- fbnic: Cleanup handling of completions
- fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready
- fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context
- fbnic: Do not allow mailbox to toggle to ready outside
fbnic_mbx_poll_tx_ready
- net: export a helper for adding up queue stats
- virtio-net: fix total qstat values
- Input: cyttsp5 - ensure minimum reset pulse width
- Input: cyttsp5 - fix power control issue on wakeup
- Input: xpad - fix Share button on Xbox One controllers
- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller
- Input: xpad - fix two controller table values
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- rust: clean Rust 1.88.0's `unnecessary_transmutes` lint
- objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0
- rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros`
configuration
- uio_hv_generic: Fix sysfs creation path for ring buffer
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- mm: fix folio_pte_batch() on XEN PV
- mm: vmalloc: support more granular vrealloc() sizing
- mm/userfaultfd: fix uninitialized output field for -EAGAIN race
- selftests/mm: compaction_test: support platform with huge mount of
memory
- selftests/mm: fix a build failure on powerpc
- selftests/mm: fix build break when compiling pkey_util.c
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are
changing
- drm/amd/display: Shift DMUB AUX reply command if necessary
- io_uring: ensure deferred completions are flushed for multishot
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: adc: ad7266: Fix potential timestamp alignment issue.
- iio: adc: ad7606: fix serial register access
- iio: adc: rockchip: Fix clock initialization sequence
- iio: adis16201: Correct inclinometer channel resolution
- iio: chemical: sps30: use aligned_s64 for timestamp
- iio: chemical: pms7003: use aligned_s64 for timestamp
- iio: hid-sensor-prox: Restore lost scale assignments
- iio: hid-sensor-prox: support multi-channel SCALE calculation
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation
- iio: imu: inv_mpu6050: align buffer for timestamp
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp
- Revert "drm/amd: Stop evicting resources on APUs in suspend"
- drm/xe: Add page queue multiplier
- drm/amdgpu: fix pm notifier handling
- drm/amdgpu/vcn: using separate VCN1_AON_SOC offset
- drm/amd/display: Fix the checking condition in dmub aux handling
- drm/amd/display: Remove incorrect checking in dmub aux handler
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- drm/amd/display: Copy AUX read reply data whenever length > 0
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are
inactive.
- usb: uhci-platform: Make the clock really optional
- xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it
- accel/ivpu: Increase state dump msg timeout
- arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to
prevent wrong idmap generation
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- x86/microcode: Consolidate the loader enablement checking
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: dwc3: gadget: Make gadget_wakeup asynchronous
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: f_ecm: Add get_status callback
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: gadget: Use get_status callback to set remote wakeup capability
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- iio: imu: bmi270: fix initial sampling frequency configuration
- iio: accel: adxl367: fix setting odr for activity time update
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64
- iio: adc: dln2: Use aligned_s64 for timestamp
- timekeeping: Prevent coarse clocks going backwards
- accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation
- accel/ivpu: Correct mutex unlock order in job submission
- MIPS: Fix MAX_REG_OFFSET
- riscv: misaligned: Add handling for ZCB instructions
- loop: factor out a loop_assign_backing_file helper
- loop: Add sanity check for read/write_iter
- drm/panel: simple: Update timings for AUO G101EVN010
- nvme: unblock ctrl state transition for firmware update
- riscv: misaligned: factorize trap handling
- riscv: misaligned: enable IRQs while handling misaligned accesses
- riscv: Disallow PR_GET_TAGGED_ADDR_CTRL without Supm
- drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs
- drm/xe: Release force wake first then runtime power
- io_uring/sqpoll: Increase task_work submission batch size
- do_umount(): add missing barrier before refcount checks in sync case
- rust: allow Rust 1.87.0's `clippy::ptr_eq` lint
- rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint
- io_uring: always arm linked timeouts prior to issue
- Bluetooth: btmtk: Remove the resetting step before downloading the fw
- mm: page_alloc: don't steal single pages from biggest buddy
- mm: page_alloc: speed up fallbacks in rmqueue_bulk()
- arm64: insn: Add support for encoding DSB
- arm64: proton-pack: Expose whether the platform is mitigated by firmware
- arm64: proton-pack: Expose whether the branchy loop k value
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- [Config] enable MITIGATION_ITS
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Add support for RSB stuffing mitigation
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/ibt: Keep IBT disabled during alternative patching
- x86/its: Use dynamic thunks for indirect branches
- selftest/x86/bugs: Add selftests for ITS
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- Linux 6.14.7
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37963
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37948
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37994
- usb: typec: ucsi: displayport: Fix NULL pointer access
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37950
- ocfs2: fix panic in failed foilio allocation
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37995
- module: ensure that kobject_put() is safe for module type kobjects
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37960
- memblock: Accept allocated memory before use in memblock_double_array()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37996
- KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37954
- smb: client: Avoid race in open_cached_dir with lease breaks
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37965
- drm/amd/display: Fix invalid context error in dml helper
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37951
- drm/v3d: Add job to pending list if the reset was skipped
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37968
- iio: light: opt3001: fix deadlock due to concurrent flag access
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37966
- riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37957
- KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37958
- mm/huge_memory: fix dereferencing invalid pmd migration entry
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37964
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37971
- staging: bcm2835-camera: Initialise dev in v4l2_dev
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37972
- Input: mtk-pmic-keys - fix possible null pointer dereference
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37959
- bpf: Scrub packet on bpf_redirect_peer
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37961
- ipvs: fix uninit-value for saddr in do_output_route4
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37993
- can: m_can: m_can_class_allocate_dev(): initialize spin lock on device
probe
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37955
- virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37962
- ksmbd: fix memory leak in parse_lease_state()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37998
- openvswitch: Fix unsafe attribute parsing in output_userspace()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37952
- ksmbd: Fix UAF in __close_file_table_ids
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37947
- ksmbd: prevent out-of-bounds stream writes by validating *pos
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37956
- ksmbd: prevent rename with empty string
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37973
- wifi: cfg80211: fix out-of-bounds access during multi-link element
defragmentation
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37999
- fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()
* Creating a VXLAN interface with a Fan mapping causes a NULL pointer
dereference caught by ubuntu_fan_smoke_test:sut-scan (LP: #2113992)
- SAUCE: fan: vxlan: parse fan-map from IFLA_VXLAN_FAN_MAP attribute ID
* [Regression Updates] "PCI: Explicitly put devices into D0 when
initializing" breaks pci-pass-through in QEMU/KVM (LP: #2117494)
- PCI/PM: Set up runtime PM even for devices without PCI PM
* [UBUNTU 25.04] lszcrypt output shows no cards because ap module has to be
loaded manually (LP: #2116061)
- [Config] s390: Build ap driver into the kernel
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
linux-gcp-6.14 (6.14.0-1013.13~24.04.1) noble; urgency=medium
* noble/linux-gcp-6.14: 6.14.0-1013.13~24.04.1 -proposed tracker (LP: #2116587)
* Packaging resync (LP: #1786013)
- [Packaging] update Ubuntu.md
- [Packaging] debian.gcp-6.14/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* linux-gcp: move ptp_kvm to linux-modules in GCP kernels (LP: #2110241)
- [Packaging] gcp: Move ptp_kvm module to linux-modules
[ Ubuntu-gcp: 6.14.0-1013.13 ]
* plucky/linux-gcp: 6.14.0-1013.13 -proposed tracker (LP: #2116588)
* Packaging resync (LP: #1786013)
- [Packaging] debian.gcp/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* linux-gcp: NVIDIA Grace platform support (LP: #2111859)
- arch_topology: init capacity_freq_ref to 0
- cpufreq: Allow arch_freq_get_on_cpu to return an error
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu
- arm64: Update AMU-based freq scale factor on entering idle
- arm64: Utilize for_each_cpu_wrap for reference lookup
- [Packaging] gcp: enable CONFIG_CPUFREQ_ARCH_CUR_FREQ
- [Packaging] gcp: enable CONFIG_ARM64_CONTPTE
* linux-gcp: move ptp_kvm to linux-modules in GCP kernels (LP: #2110241)
- [Packaging] gcp: Move ptp_kvm module to linux-modules
[ Ubuntu: 6.14.0-26.26 ]
* plucky/linux: 6.14.0-26.26 -proposed tracker (LP: #2116604)
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.07.14)
* Dell AIO backlight is not working, dell_uart_backlight module is missing
(LP: #2083800)
- [Config] enable CONFIG_DELL_UART_BACKLIGHT
* integrated I219-LM network adapter appears to be running too fast, causing
synchronization issues when using the I219-LM PTP feature (LP: #2116072)
- e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13
* Audio broken on ThinkPad X13s (LP: #2115898)
- SAUCE: Revert "UBUNTU: SAUCE: Change: cracking sound fix"
* Ubuntu 24.04+ arm64: screen resolution fixed to 1024x768 with last kernel
update (LP: #2115068)
- [Config] Replace FB_HYPERV with DRM_HYPERV
* [SRU][HPE 24.04] Patch Request for HPE iLO7 VGA device for Gen12 Servers
(LP: #2114516)
- drm/mgag200: Added support for the new device G200eH5
* A process exiting with an open /dev/snapshot fd causes a NULL pointer
dereference caught by ubuntu_stress_smoke_test:sut-scan (LP: #2113990)
- libfs: export find_next_child()
- efivarfs: support freeze/thaw
* [SRU] Add support for new hotkey of F9 on Thinkpad X9 (LP: #2115022)
- platform/x86: thinkpad-acpi: Add support for new hotkey for camera
shutter switch
* [SRU] Fix GT0: Engine reset when suspend on Intel LNL (LP: #2114697)
- drm/xe/sched: stop re-submitting signalled jobs
* CVE-2025-38056
- devres: Introduce devm_kmemdup_array()
- ASoC: SOF: Intel: hda: Fix UAF when reloading module
* Handle IOMMU IVRS entries with mismatched UID on AMD Strix or newer
platforms (LP: #2115174)
- iommu/amd: Allow matching ACPI HID devices without matching UIDs
* [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
- s390: Add z17 elf platform
* [UBUNTU 24.04] Kernel: Add CPUMF extended counter set for z17
(LP: #2114258)
- s390/cpumf: Update CPU Measurement facility extended counter set support
* Plucky update: v6.14.8 upstream stable release (LP: #2115266)
- arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-
cm3588
- fs/xattr.c: fix simple_xattr_list to always include security.* xattrs
- drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC
Policies
- drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies
- x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE
- platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive
drivers
- arm64: dts: rockchip: fix Sige5 RTC interrupt pin
- riscv: dts: sophgo: fix DMA data-width configuration for CV18xx
- binfmt_elf: Move brk for static PIE even if ASLR disabled
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie
14XA (GX4HRXL)
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
- arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout
- cgroup/cpuset: Extend kthread_is_per_cpu() check to all
PF_NO_SETAFFINITY tasks
- tracing: fprobe: Fix RCU warning message in list traversal
- tracing: probes: Fix a possible race in trace_probe_log APIs
- tpm: tis: Double the timeout B to 4s
- iio: adc: ad7606: move the software mode configuration
- iio: adc: ad7606: move software functions into common file
- HID: thrustmaster: fix memory leak in thrustmaster_interrupts()
- spi: loopback-test: Do not split 1024-byte hexdumps
- Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags
- drm/meson: Use 1000ULL when operating with mode->clock
- tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing
- tests/ncdevmem: Fix double-free of queue array
- net: mctp: Ensure keys maintain only one ref to corresponding dev
- ALSA: seq: Fix delivery of UMP events to group ports
- ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
- nvme-pci: make nvme_pci_npages_prp() __always_inline
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
- ALSA: sh: SND_AICA should depend on SH_DMA_API
- net: dsa: b53: prevent standalone from trying to forward to other ports
- vsock/test: Fix occasional failure in SIOCOUTQ tests
- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
- octeontx2-pf: Fix ethtool support for SDP representors
- drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value
- netlink: specs: tc: fix a couple of attribute names
- netlink: specs: tc: all actions are indexed arrays
- octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy
- net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW
capability
- octeontx2-af: Fix CGX Receive counters
- octeontx2-pf: Do not reallocate all ntuple filters
- tsnep: fix timestamping with a stacked DSA driver
- ublk: fix dead loop when canceling io command
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
interrupted"
- Revert "kbuild, rust: use -fremap-path-prefix to make paths relative"
- udf: Make sure i_lenExtents is uptodate on inode eviction
- HID: amd_sfh: Fix SRA sensor when it's the only sensor
- LoongArch: Prevent cond_resched() occurring within kernel-fpu
- LoongArch: Move __arch_cpu_idle() to .cpuidle.text section
- LoongArch: Save and restore CSR.CNTC for hibernation
- LoongArch: Fix MAX_REG_OFFSET calculation
- LoongArch: uprobes: Remove user_{en,dis}able_single_step()
- LoongArch: uprobes: Remove redundant code about resume_era
- btrfs: fix discard worker infinite loop after disabling discard
- btrfs: fix folio leak in submit_one_async_extent()
- btrfs: add back warning for mount option commit values exceeding 300
- Revert "drm/amd/display: Hardware cursor changes color when switched to
software cursor"
- drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()
- drm/amdgpu: fix incorrect MALL size for GFX1151
- drm/amd/display: Correct the reply value when AUX write incomplete
- drm/amd/display: Avoid flooding unnecessary info messages
- MAINTAINERS: Update Alexey Makhalov's email address
- gpio: pca953x: fix IRQ storm on system wake up
- ACPI: PPTT: Fix processor subtable walk
- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
- ALSA: usb-audio: Add sample rate quirk for Audioengine D1
- ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
- dma-buf: insert memory barrier before updating num_fences
- arm64: dts: amlogic: dreambox: fix missing clkc_audio node
- arm64: dts: rockchip: Allow Turing RK1 cooling fan to spin down
- arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
- hv_netvsc: Remove rmsg_pgcnt
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
- Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
- kbuild: Disable -Wdefault-const-init-unsafe
- i2c: designware: Fix an error handling path in i2c_dw_pci_probe()
- ftrace: Fix preemption accounting for stacktrace trigger command
- ftrace: Fix preemption accounting for stacktrace filter command
- x86/sev: Do not touch VMSA pages during SNP guest memory kdump
- x86/sev: Make sure pages are not skipped during kdump
- tracing: samples: Initialize trace_array_printk() with the correct
function
- phy: Fix error handling in tegra_xusb_port_init
- net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ
switches
- net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink
- phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
- smb: client: fix memory leak during error handling for POSIX mkdir
- spi: tegra114: Use value to check for invalid delays
- tpm: Mask TPM RC in tpm2_start_auth_session()
- wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl
- ring-buffer: Fix persistent buffer when commit page is the reader page
- net: qede: Initialize qede_ll_ops with designated initializer
- io_uring/memmap: don't use page_address() on a highmem page
- io_uring/uring_cmd: fix hybrid polling initialization issue
- mm: hugetlb: fix incorrect fallback for subpool
- mm: userfaultfd: correct dirty flags set for both present and swap pte
- dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
instead of a local copy
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_wqs
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_engines
- dmaengine: idxd: fix memory leak in error handling path of
idxd_setup_groups
- dmaengine: idxd: Add missing cleanup for early error out in
idxd_setup_internals
- dmaengine: idxd: Add missing cleanups in cleanup internals
- dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove
call
- dmaengine: idxd: fix memory leak in error handling path of
idxd_pci_probe
- accel/ivpu: Use workqueue for IRQ handling
- accel/ivpu: Dump only first MMU fault from single context
- accel/ivpu: Move parts of MMU event IRQ handling to thread handler
- accel/ivpu: Fix missing MMU events from reserved SSID
- accel/ivpu: Fix missing MMU events if file_priv is unbound
- accel/ivpu: Flush pending jobs of device's workqueues
- drm/xe/gsc: do not flush the GSC worker from the reset path
- perf tools: Fix build error for LoongArch
- phy: tegra: xusb: remove a stray unlock
- Linux 6.14.8
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38008
- mm/page_alloc: fix race condition in unaccepted memory handling
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38014
- dmaengine: idxd: Refactor remove call with idxd_cleanup() helper
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38015
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38005
- dmaengine: ti: k3-udma: Add missing locking
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38009
- wifi: mt76: disable napi on driver removal
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38010
- phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38011
- drm/amdgpu: csa unmap use uninterruptible lock
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38016
- HID: bpf: abort dispatch if device destroyed
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38012
- sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38018
- net/tls: fix kernel panic when alloc_page failed
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38019
- mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38013
- wifi: mac80211: Set n_channels after allocating struct
cfg80211_scan_request
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38002
- io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38027
- regulator: max20086: fix invalid memory access
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38020
- net/mlx5e: Disable MACsec offload for uplink representor profile
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38021
- drm/amd/display: Fix null check of pipe_ctx->plane_state for
update_dchubp_dpp
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38006
- net: mctp: Don't access ifa_index when missing
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-37992
- net_sched: Flush gso_skb list too during ->change()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38022
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device"
problem
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38028
- NFS/localio: Fix a race in nfs_local_open_fh()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38023
- nfs: handle failure of nfs_get_lock_context in unlock path
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38007
- HID: uclogic: Add NULL check in uclogic_input_configured()
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38024
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
* Plucky update: v6.14.8 upstream stable release (LP: #2115266) //
CVE-2025-38025
- iio: adc: ad7606: check for NULL before calling sw_mode_config()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252)
- dm: add missing unlock on in dm_keyslot_evict()
- Revert "btrfs: canonicalize the device path before adding it"
- arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2
- firmware: arm_scmi: Fix timeout checks on polling path
- can: mcan: m_can_class_unregister(): fix order of unregistration calls
- vfio/pci: Align huge faults to order
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
- can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls
- s390/entry: Fix last breaking event handling in case of stack corruption
- SAUCE: Revert "sch_htb: make htb_deactivate() idempotent"
- sch_htb: make htb_deactivate() idempotent
- virtio-net: don't re-enable refill work too early when NAPI is disabled
- gre: Fix again IPv6 link-local address generation.
- net: ethernet: mtk_eth_soc: reset all TX queues on DMA free
- net: ethernet: mtk_eth_soc: do not reset PSE when setting FE
- can: mcp251xfd: fix TDC setting for low data bit rates
- can: gw: fix RCU/BH usage in cgw_create_job()
- wifi: mac80211: fix the type of status_code for negotiated TID to Link
Mapping
- ice: use DSN instead of PCI BDF for ice_adapter index
- erofs: ensure the extra temporary copy is valid for shortened bvecs
- net: dsa: b53: allow leaky reserved multicast
- net: dsa: b53: keep CPU port always tagged again
- net: dsa: b53: fix clearing PVID of a port
- net: dsa: b53: fix flushing old pvid VLAN on pvid change
- net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave
- net: dsa: b53: always rejoin default untagged VLAN on bridge leave
- net: dsa: b53: do not allow to configure VLAN 0
- net: dsa: b53: do not program vlans when vlan filtering is off
- net: dsa: b53: fix toggling vlan_filtering
- net: dsa: b53: fix learning on VLAN unaware bridges
- net: dsa: b53: do not set learning and unicast/multicast on up
- fbnic: Fix initialization of mailbox descriptor rings
- fbnic: Gate AXI read/write enabling on FW mailbox
- fbnic: Actually flush_tx instead of stalling out
- fbnic: Cleanup handling of completions
- fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready
- fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context
- fbnic: Do not allow mailbox to toggle to ready outside
fbnic_mbx_poll_tx_ready
- net: export a helper for adding up queue stats
- virtio-net: fix total qstat values
- Input: cyttsp5 - ensure minimum reset pulse width
- Input: cyttsp5 - fix power control issue on wakeup
- Input: xpad - fix Share button on Xbox One controllers
- Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller
- Input: xpad - fix two controller table values
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- rust: clean Rust 1.88.0's `unnecessary_transmutes` lint
- objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0
- rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros`
configuration
- uio_hv_generic: Fix sysfs creation path for ring buffer
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation
- mm: fix folio_pte_batch() on XEN PV
- mm: vmalloc: support more granular vrealloc() sizing
- mm/userfaultfd: fix uninitialized output field for -EAGAIN race
- selftests/mm: compaction_test: support platform with huge mount of
memory
- selftests/mm: fix a build failure on powerpc
- selftests/mm: fix build break when compiling pkey_util.c
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are
changing
- drm/amd/display: Shift DMUB AUX reply command if necessary
- io_uring: ensure deferred completions are flushed for multishot
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- iio: adc: ad7266: Fix potential timestamp alignment issue.
- iio: adc: ad7606: fix serial register access
- iio: adc: rockchip: Fix clock initialization sequence
- iio: adis16201: Correct inclinometer channel resolution
- iio: chemical: sps30: use aligned_s64 for timestamp
- iio: chemical: pms7003: use aligned_s64 for timestamp
- iio: hid-sensor-prox: Restore lost scale assignments
- iio: hid-sensor-prox: support multi-channel SCALE calculation
- iio: hid-sensor-prox: Fix incorrect OFFSET calculation
- iio: imu: inv_mpu6050: align buffer for timestamp
- iio: pressure: mprls0025pa: use aligned_s64 for timestamp
- Revert "drm/amd: Stop evicting resources on APUs in suspend"
- drm/xe: Add page queue multiplier
- drm/amdgpu: fix pm notifier handling
- drm/amdgpu/vcn: using separate VCN1_AON_SOC offset
- drm/amd/display: Fix the checking condition in dmub aux handling
- drm/amd/display: Remove incorrect checking in dmub aux handler
- drm/amd/display: Fix wrong handling for AUX_DEFER case
- drm/amd/display: Copy AUX read reply data whenever length > 0
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are
inactive.
- usb: uhci-platform: Make the clock really optional
- xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it
- accel/ivpu: Increase state dump msg timeout
- arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to
prevent wrong idmap generation
- clocksource/i8253: Use raw_spinlock_irqsave() in
clockevent_i8253_disable()
- x86/microcode: Consolidate the loader enablement checking
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap
- ocfs2: switch osb->disable_recovery to enum
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: stop quota recovery before disabling quotas
- usb: dwc3: gadget: Make gadget_wakeup asynchronous
- usb: cdnsp: Fix issue with resuming from L1
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
- usb: gadget: f_ecm: Add get_status callback
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
- usb: gadget: Use get_status callback to set remote wakeup capability
- usb: host: tegra: Prevent host controller crash when OTG port is used
- usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous generic_read ioctl return
- iio: imu: bmi270: fix initial sampling frequency configuration
- iio: accel: adxl367: fix setting odr for activity time update
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer.
- iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64
- iio: adc: dln2: Use aligned_s64 for timestamp
- timekeeping: Prevent coarse clocks going backwards
- accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation
- accel/ivpu: Correct mutex unlock order in job submission
- MIPS: Fix MAX_REG_OFFSET
- riscv: misaligned: Add handling for ZCB instructions
- loop: factor out a loop_assign_backing_file helper
- loop: Add sanity check for read/write_iter
- drm/panel: simple: Update timings for AUO G101EVN010
- nvme: unblock ctrl state transition for firmware update
- riscv: misaligned: factorize trap handling
- riscv: misaligned: enable IRQs while handling misaligned accesses
- riscv: Disallow PR_GET_TAGGED_ADDR_CTRL without Supm
- drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs
- drm/xe: Release force wake first then runtime power
- io_uring/sqpoll: Increase task_work submission batch size
- do_umount(): add missing barrier before refcount checks in sync case
- rust: allow Rust 1.87.0's `clippy::ptr_eq` lint
- rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint
- io_uring: always arm linked timeouts prior to issue
- Bluetooth: btmtk: Remove the resetting step before downloading the fw
- mm: page_alloc: don't steal single pages from biggest buddy
- mm: page_alloc: speed up fallbacks in rmqueue_bulk()
- arm64: insn: Add support for encoding DSB
- arm64: proton-pack: Expose whether the platform is mitigated by firmware
- arm64: proton-pack: Expose whether the branchy loop k value
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation
- x86/bpf: Call branch history clearing sequence on exit
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode
- Documentation: x86/bugs/its: Add ITS documentation
- x86/its: Enumerate Indirect Target Selection (ITS) bug
- x86/its: Add support for ITS-safe indirect thunk
- x86/its: Add support for ITS-safe return thunk
- x86/its: Enable Indirect Target Selection mitigation
- [Config] enable MITIGATION_ITS
- x86/its: Add "vmexit" option to skip mitigation on some CPUs
- x86/its: Add support for RSB stuffing mitigation
- x86/its: Align RETs in BHB clear sequence to avoid thunking
- x86/ibt: Keep IBT disabled during alternative patching
- x86/its: Use dynamic thunks for indirect branches
- selftest/x86/bugs: Add selftests for ITS
- x86/its: Fix build errors when CONFIG_MODULES=n
- x86/its: FineIBT-paranoid vs ITS
- Linux 6.14.7
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37963
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37948
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37994
- usb: typec: ucsi: displayport: Fix NULL pointer access
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37967
- usb: typec: ucsi: displayport: Fix deadlock
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37950
- ocfs2: fix panic in failed foilio allocation
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37995
- module: ensure that kobject_put() is safe for module type kobjects
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37960
- memblock: Accept allocated memory before use in memblock_double_array()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37996
- KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37949
- xenbus: Use kref to track req lifetime
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37954
- smb: client: Avoid race in open_cached_dir with lease breaks
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37965
- drm/amd/display: Fix invalid context error in dml helper
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37951
- drm/v3d: Add job to pending list if the reset was skipped
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37968
- iio: light: opt3001: fix deadlock due to concurrent flag access
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37969
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37970
- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37966
- riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37957
- KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37958
- mm/huge_memory: fix dereferencing invalid pmd migration entry
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37964
- x86/mm: Eliminate window where TLB flushes may be inadvertently skipped
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37971
- staging: bcm2835-camera: Initialise dev in v4l2_dev
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37972
- Input: mtk-pmic-keys - fix possible null pointer dereference
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37959
- bpf: Scrub packet on bpf_redirect_peer
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37961
- ipvs: fix uninit-value for saddr in do_output_route4
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37993
- can: m_can: m_can_class_allocate_dev(): initialize spin lock on device
probe
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37955
- virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37962
- ksmbd: fix memory leak in parse_lease_state()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37998
- openvswitch: Fix unsafe attribute parsing in output_userspace()
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37952
- ksmbd: Fix UAF in __close_file_table_ids
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37947
- ksmbd: prevent out-of-bounds stream writes by validating *pos
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37956
- ksmbd: prevent rename with empty string
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37973
- wifi: cfg80211: fix out-of-bounds access during multi-link element
defragmentation
* Plucky update: v6.14.7 upstream stable release (LP: #2115252) //
CVE-2025-37999
- fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()
* Creating a VXLAN interface with a Fan mapping causes a NULL pointer
dereference caught by ubuntu_fan_smoke_test:sut-scan (LP: #2113992)
- UBUNTU: SAUCE: fan: vxlan: parse fan-map from IFLA_VXLAN_FAN_MAP
attribute ID
* [UBUNTU 25.04] lszcrypt output shows no cards because ap module has to be
loaded manually (LP: #2116061)
- [Config] s390: Build ap driver into the kernel
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
Date: 2025-07-25 21:02:17.072074+00:00
Changed-By: Tim Whisonant <tim.whisonant at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-gcp-6.14/6.14.0-1014.15~24.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list