[ubuntu/noble-proposed] linux 6.8.0-86.87 (Accepted)
Andy Whitcroft
apw at canonical.com
Thu Sep 25 13:55:44 UTC 2025
linux (6.8.0-86.87) noble; urgency=medium
* noble/linux: 6.8.0-86.87 -proposed tracker (LP: #2125391)
- Fix FTBS caused by incorrect pick/backport of
"perf dso: fix dso__is_kallsyms() check"
* noble ubuntu_ftrace_smoke_test:mmiotrace timeout on aws:r5.metal
(LP: #2121673)
- mm: memcg: add NULL check to obj_cgroup_put()
- memcg: drain obj stock on cpu hotplug teardown
* [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z
hardware - perf part (LP: #2103415)
- perf list: Add IBM z17 event descriptions
* memory leaks when configuring a small rate limit in audit (LP: #2122554)
- audit: fix skb leak when audit rate limit is exceeded
* [UBUNTU 24.04] PAI/NNPA support for new IBM z17 (LP: #2121956)
- s390/pai: export number of sysfs attribute files
- s390/pai_crypto: Add support for MSA 10 and 11 pai counters
- s390/pai_ext: Update PAI extension 1 counters
* [UBUNTU 24.04] s390/pci: Don't abort recovery for user-space drivers
(LP: #2121150)
- s390/pci: Allow automatic recovery with minimal driver support
* [UBUNTU 24.04] s390/pci: Fix stale function handles in error handling
(LP: #2121149)
- s390/pci: Fix stale function handles in error handling
- s390/pci: Do not try re-enabling load/store if device is disabled
* [UBUNTU 24.04] vfio/pci: fix 8-byte PCI loads and stores (LP: #2121146)
- vfio/pci: Extract duplicated code into macro
- vfio/pci: Support 8-byte PCI loads and stores
- vfio/pci: Fix typo in macro to declare accessors
* x86 systems with PCIe BAR addresses located outside a certain range see
P2PDMA allocation failures and CUDA initialization errors (LP: #2120209)
- x86/kaslr: Reduce KASLR entropy on most x86 systems
- x86/mm/init: Handle the special case of device private pages in
add_pages(), to not increase max_pfn and trigger
dma_addressing_limited() bounce buffers
* sources list generation using dwarfdump takes up to 0.5hr in build process
(LP: #2104911)
- [Packaging] Don't generate list of source files
* [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
namespaces (LP: #2121257)
- apparmor: shift ouid when mediating hard links in userns
- apparmor: shift uid when mediating af_unix in userns
* UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:452:16
(LP: #2119713)
- EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
* [IdeaPad Slim 5 13ARP10 , 83J2] Microphone on AMD Ryzen 7 7735HS does not
work (LP: #2102749)
- ASoC: amd: yc: update quirk data for new Lenovo model
* Fix compilation failure because of incomplete backport (LP: #2120561)
- SAUCE: netfilter: ctnetlink: Fix -Wuninitialized in
ctnetlink_secctx_size()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716)
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
- cpufreq: scpi: compare kHz instead of Hz
- smack: dont compile ipv6 code unless ipv6 is configured
- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
- EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald
Rapids
- x86/fpu: Fix guest FPU state buffer allocation size
- x86/fpu: Avoid copying dynamic FP state from init_task in
arch_dup_task_struct()
- x86/platform: Only allow CONFIG_EISA for 32-bit
- [Config] updateconfigs after disabling CONFIG_EISA for amd64
- x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
- lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
- PM: sleep: Adjust check before setting power.must_resume
- RISC-V: KVM: Disable the kernel perf counter during configure
- selinux: Chain up tool resolving errors in install_policy.sh
- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
- EDAC/ie31200: Fix the DIMM size mask for several SoCs
- EDAC/ie31200: Fix the error path order of ie31200_init()
- PM: sleep: Fix handling devices with direct_complete set on errors
- lockdep: Don't disable interrupts on RT in
disable_irq_nosync_lockdep.*()
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
- x86/traps: Make exc_double_fault() consistently noreturn
- x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
- media: verisilicon: HEVC: Initialize start_bit field
- media: platform: allgro-dvt: unregister v4l2_device on the error path
- platform/x86: dell-ddv: Fix temperature calculation
- ASoC: cs35l41: check the return value from spi_setup()
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
- dt-bindings: vendor-prefixes: add GOcontroll
- ALSA: hda/realtek: Always honor no_shutup_pins
- ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
compatible
- drm/bridge: ti-sn65dsi86: Fix multiple instances
- drm/dp_mst: Fix drm RAD print
- drm: xlnx: zynqmp: Fix max dma segment size
- PCI: Use downstream bridges for distributing resources
- drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
- drm/msm/dpu: don't use active in atomic_check()
- drm/msm/dsi: Use existing per-interface slice count in DSC timing
- drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
- drm/amdkfd: Fix Circular Locking Dependency in
'svm_range_cpu_invalidate_pagetables'
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
payload
- PCI: brcmstb: Use internal register to change link capability
- PCI: brcmstb: Fix potential premature regulator disabling
- PCI/portdrv: Only disable pciehp interrupts early when needed
- drm/amd/display: fix type mismatch in
CalculateDynamicMetadataParameters()
- PCI: Remove stray put_device() in pci_register_host_bridge()
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
- drm/amd/display: avoid NPD when ASIC does not support DMUB
- PCI: histb: Fix an error handling path in histb_pcie_probe()
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
- fbdev: au1100fb: Move a variable assignment behind a null pointer check
- mdacon: rework dependency list
- fbdev: sm501fb: Add some geometry checks.
- clk: amlogic: gxbb: drop incorrect flag on 32k clock
- crypto: hisilicon/sec2 - fix for aead authsize alignment
- crypto: hisilicon/sec2 - fix for sec spec check
- of: property: Increase NR_FWNODE_REFERENCE_ARGS
- remoteproc: qcom_q6v5_pas: Make single-PD handling more robust
- libbpf: Fix hypothetical STT_SECTION extern NULL deref case
- selftests/bpf: Fix string read in strncmp benchmark
- clk: qcom: gcc-msm8953: fix stuck venus0_core0 clock
- RDMA/mana_ib: Ensure variable err is initialized
- remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8226
- bpf: Use preempt_count() directly in bpf_send_signal_common()
- lib: 842: Improve error handling in sw842_compress()
- pinctrl: renesas: rza2: Fix missing of_node_put() call
- pinctrl: renesas: rzg2l: Fix missing of_node_put() call
- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent
- RDMA/mlx5: Fix calculation of total invalidated pages
- remoteproc: qcom_q6v5_mss: Handle platforms with one power domain
- IB/mad: Check available slots before posting receive WRs
- pinctrl: tegra: Set SFIO mode to Mux Register
- clk: amlogic: g12b: fix cluster A parent data
- clk: amlogic: gxbb: drop non existing 32k clock parent
- selftests/bpf: Select NUMA_NO_NODE to create map
- clk: clk-imx8mp-audiomix: fix dsp/ocram_a clock parents
- clk: amlogic: g12a: fix mmc A peripheral clock
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1
- power: supply: max77693: Fix wrong conversion of charge input threshold
value
- crypto: nx - Fix uninitialised hv_nxc on error
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call
- mfd: sm501: Switch to BIT() to mitigate integer overflows
- leds: Fix LED_OFF brightness race
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to
misplaced assignment
- crypto: hisilicon/sec2 - fix for aead auth key length
- pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm()
- clk: qcom: mmcc-sdm660: fix stuck video_subcore0 clock
- perf stat: Fix find_stat for mixed legacy/non-legacy events
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
- soundwire: slave: fix an OF node reference leak in soundwire slave
device
- coresight: catu: Fix number of pages while using 64k pages
- coresight-etm4x: add isb() before reading the TRCSTATR
- perf pmu: Don't double count common sysfs and json events
- ucsi_ccg: Don't show failed to get FW build information error
- iio: accel: mma8452: Ensure error return on failure to matching
oversampling ratio
- iio: accel: msa311: Fix failure to release runtime pm if direct mode
claim fails.
- perf arm-spe: Fix load-store operation checking
- perf bench: Fix perf bench syscall loop count
- usb: xhci: correct debug message page size calculation
- dmaengine: fsl-edma: cleanup chan after dma_async_device_unregister
- iio: adc: ad4130: Fix comparison of channel setups
- iio: adc: ad7124: Fix comparison of channel configs
- perf evlist: Add success path to evlist__create_syswide_maps
- perf units: Fix insufficient array space
- kernel/events/uprobes: handle device-exclusive entries correctly in
__replace_page()
- kexec: initialize ELF lowest address to ULONG_MAX
- arch/powerpc: drop GENERIC_PTDUMP from mpc885_ads_defconfig
- NFSv4: Don't trigger uneccessary scans for return-on-close delegations
- fuse: fix dax truncate/punch_hole fault path
- selftests/mm/cow: fix the incorrect error handling
- um: remove copy_from_kernel_nofault_allowed
- um: hostfs: avoid issues on inode number reuse by host
- i3c: master: svc: Fix missing the IBI rules
- perf python: Fixup description of sample.id event member
- perf python: Decrement the refcount of just created event on failure
- perf python: Don't keep a raw_data pointer to consumed ring buffer space
- perf python: Check if there is space to copy all the event
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES
- tty: n_tty: use uint for space returned by tty_write_room()
- fs/procfs: fix the comment above proc_pid_wchan()
- perf tools: annotate asm_pure_loop.S
- NFS: Shut down the nfs_client only after all the superblocks
- exfat: fix the infinite loop in exfat_find_last_cluster()
- ksmbd: fix multichannel connection failure
- net/mlx5e: SHAMPO, Make reserved size independent of page size
- ring-buffer: Fix bytes_dropped calculation issue
- objtool: Fix segfault in ignore_unreachable_insn()
- LoongArch: Fix help text of CMDLINE_EXTEND in Kconfig
- LoongArch: Rework the arch_kgdb_breakpoint() implementation
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states
are invalid
- octeontx2-af: Fix mbox INTR handler when num VFs > 64
- octeontx2-af: Free NIX_AF_INT_VEC_GEN irq
- objtool: Fix verbose disassembly if CROSS_COMPILE isn't set
- sched/smt: Always inline sched_smt_active()
- context_tracking: Always inline ct_{nmi,irq}_{enter,exit}()
- rcu-tasks: Always inline rcu_irq_work_resched()
- wifi: iwlwifi: fw: allocate chained SG tables for dump
- wifi: iwlwifi: mvm: use the right version of the rate API
- nvme-tcp: fix possible UAF in nvme_tcp_poll
- nvme-pci: clean up CMBMSC when registering CMB fails
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
- wifi: brcmfmac: keep power during suspend if board requires it
- affs: generate OFS sequence numbers starting at 1
- affs: don't write overlarge OFS data block size fields
- ALSA: hda/realtek: Fix Asus Z13 2025 audio
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
- perf/core: Fix perf_pmu_register() vs. perf_init_event()
- cifs: fix incorrect validation for num_aces field of smb_acl
- platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4
tablet
- platform/x86/intel/vsec: Add Diamond Rapids support
- HID: i2c-hid: improve i2c_hid_get_report error message
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using
CS35L41 HDA
- sched/deadline: Use online cpus for validating runtime
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
- wifi: mac80211: flush the station before moving it to UN-AUTHORIZED
state
- locking/semaphore: Use wake_q to wake up processes outside lock critical
section
- x86/hyperv: Fix output argument to hypercall that changes page
visibility
- x86/sgx: Warn explicitly if X86_FEATURE_SGX_LC is not enabled
- nvme-pci: fix stuck reset on concurrent DPC and HP
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx
- can: statistics: use atomic access in hot path
- memory: omap-gpmc: drop no compatible check
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
- riscv: ftrace: Add parentheses in macro definitions of make_call_t0 and
make_call_ra
- ntb: intel: Fix using link status DB's
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success
- RISC-V: errata: Use medany for relocatable builds
- x86/uaccess: Improve performance by aligning writes to 8 bytes in
copy_user_generic(), on non-FSRM/ERMS CPUs
- ASoC: codecs: rt5665: Fix some error handling paths in rt5665_probe()
- riscv: Fix hugetlb retrieval of number of ptes in case of !present pte
- netfilter: nft_set_hash: GC reaps elements with conncount for dynamic
sets only
- vsock: avoid timeout during connect() if the socket is closing
- tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu().
- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS
- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
- ipv6: Start path selection from the first nexthop
- ipv6: Do not consider link down nexthops in path selection
- drm/amdgpu/gfx11: fix num_mec
- perf/core: Fix child_total_time_enabled accounting bug at task exit
- tracing: Switch trace_events_hist.c code over to use guard()
- tracing/hist: Add poll(POLLIN) support on hist file
- tracing/hist: Support POLLPRI event for poll on histogram
- tracing: Correct the refcount if the hist/hist_debug file fails to open
- LoongArch: Increase ARCH_DMA_MINALIGN up to 16
- LoongArch: BPF: Fix off-by-one error in build_prologue()
- LoongArch: BPF: Don't override subprog's return value
- LoongArch: BPF: Use move_addr() for BPF_PSEUDO_FUNC
- x86/hyperv: Fix check of return value from snp_set_vmsa()
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers
- platform/x86: ISST: Correct command storage data length
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in
perf_copy_chunk()
- perf/x86/intel: Apply static call for drain_pebs
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
- mmc: omap: Fix memory leak in mmc_omap_new_slot
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
- tracing: Ensure module defining synth event cannot be unloaded while
tracing
- tracing: Fix synth event printk format for str fields
- tracing/osnoise: Fix possible recursive locking for cpus_read_lock()
- ext4: don't over-report free space or inodes in statvfs
- jfs: add index corruption check to DT_GETPAGE()
- exec: fix the racy usage of fs_struct->in_exec
- NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
- tracing: Do not use PERF enums when perf is not defined
- smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label
- sched: Cancel the slice protection of the idle entity
- cpufreq: tegra194: Allow building for Tegra234
- kunit/stackinit: Use fill byte different from Clang i386 pattern
- watchdog/hardlockup/perf: Fix perf_event memory leak
- x86/entry: Add __init to ia32_emulation_override_cmdline()
- regulator: pca9450: Fix enable register for LDO5
- auxdisplay: panel: Fix an API misuse in panel.c
- ASoC: amd: acp: Fix for enabling DMIC on acp platforms via _DSD entry
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
- drm/ssd130x: fix ssd132x encoding
- drm/ssd130x: ensure ssd132x pitch is correct
- gpu: cdns-mhdp8546: fix call balance of mhdp->clk handling routines
- drm/panel: ilitek-ili9882t: fix GPIO name in error message
- drm/msm/dsi/phy: Program clock inverters in correct register
- PCI: brcmstb: Set generation limit before PCIe link up
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump
- powerpc/kexec: fix physical address calculation in clear_utlb_entry()
- drm/mediatek: Fix config_updating flag never false when no mbox channel
- PCI: dwc: ep: Return -ENOMEM for allocation failures
- PCI/sysfs: Demacrofy pci_dev_resource_resize_attr(n) functions
- PCI: Fix BAR resizing when VF BARs are assigned
- dummycon: fix default rows/cols
- crypto: iaa - Test the correct request flag
- crypto: qat - set parity error mask for qat_420xx
- pinctrl: renesas: rzg2l: Suppress binding attributes
- clk: renesas: r8a08g045: Check the source of the CPU PLL settings
- remoteproc: qcom: pas: add minidump_id to SC7280 WPSS
- pinctrl: nuvoton: npcm8xx: Fix error handling in npcm8xx_gpio_fw()
- s390: Remove ioremap_wt() and pgprot_writethrough()
- clk: qcom: gcc-x1e80100: Unregister GCC_GPU_CFG_AHB_CLK/GCC_DISP_XO_CLK
- RDMA/mlx5: Fix MR cache initialization error flow
- power: supply: bq27xxx_battery: do not update cached flags prematurely
- pinctrl: npcm8xx: Fix incorrect struct npcm8xx_pincfg assignment
- crypto: qat - remove access to parity register for QAT GEN4
- clk: qcom: gcc-sm8650: Do not turn off USB GDSCs during gdsc_disable()
- perf report: Switch data file correctly in TUI
- perf debug: Avoid stack overflow in recursive error message
- NFSv4: Avoid unnecessary scans of filesystems for returning delegations
- NFSv4: Avoid unnecessary scans of filesystems for expired delegations
- NFSv4: Avoid unnecessary scans of filesystems for delayed delegations
- um: Pass the correct Rust target and options with gcc
- perf dso: fix dso__is_kallsyms() check
- staging: vchiq_arm: Register debugfs after cdev
- perf vendor events arm64 AmpereOneX: Fix frontend_bound calculation
- LoongArch: Fix device node refcount leak in fdt_cpu_clk_init()
- net: phy: broadcom: Correct BCM5221 PHY model detection
- wifi: mac80211: Cleanup sta TXQs on flush
- wifi: mac80211: remove debugfs dir for virtual monitor
- smb: common: change the data type of num_aces to le16
- platform/x86/amd/pmf: Update PMF Driver for Compatibility with new PMF-
TA
- exfat: add a check for invalid data size
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for various ASUS Laptops using CS35L41
HDA
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using
CS35L41 HDA
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using
CS35L41 HDA
- wifi: mac80211: fix SA Query processing in MLO
- riscv/kexec_file: Handle R_RISCV_64 in purgatory relocator
- riscv/purgatory: 4B align purgatory_start
- nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
- spi: bcm2835: Do not call gpiod_put() on invalid descriptor
- spi: bcm2835: Restore native CS probing when pinctrl-bcm2835 is absent
- kbuild: deb-pkg: don't set KBUILD_BUILD_VERSION unconditionally
- tty: serial: fsl_lpuart: Use u32 and u8 for register variables
- tty: serial: fsl_lpuart: use port struct directly to simply code
- tty: serial: fsl_lpuart: Fix unused variable 'sport' build warning
- tty: serial: lpuart: only disable CTS instead of overwriting the whole
UARTMODIR register
- wifi: mac80211: Fix sparse warning for monitor_sdata
- LoongArch: Increase MAX_IO_PICS up to 8
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs
- x86/Kconfig: Add cmpxchg8b support back to Geode CPUs
- wifi: mt76: mt7925: remove unused acpi function for clc
- media: omap3isp: Handle ARM dma_iommu_mapping
- Remove unnecessary firmware version check for gc v9_4_2
- exfat: fix potential wrong error return from get_block
- media: subdev: Fix use of sd->enabled_streams in call_s_stream()
- media: subdev: Improve v4l2_subdev_enable/disable_streams_fallback
- media: subdev: Add v4l2_subdev_is_streaming()
- NFSD: nfsd_unlink() clobbers non-zero status returned from
fh_fill_pre_attrs()
- NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
- platform/x86/amd/pmf: fix cleanup in amd_pmf_init_smart_pc()
- Upstream stable to v6.6.87, v6.12.23
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22028
- media: vimc: skip .s_stream() for stopped entities
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22036
- exfat: fix random stack corruption after get_block
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22039
- ksmbd: fix overflow in dacloffset bounds check
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22062
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22065
- idpf: fix adapter NULL pointer dereference on reboot
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22068
- ublk: make sure ubq->canceling is set when queue is frozen
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22070
- fs/9p: fix NULL pointer dereference on mkdir
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-40114
- iio: light: Add check for array bounds in veml6075_read_int_time_ms
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22025
- nfsd: put dl_stid if fail to queue dl_recall
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22027
- media: streamzap: fix race between device disconnection and urb callback
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-39735
- jfs: fix slab-out-of-bounds read in ea_get()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22033
- arm64: Don't call NULL in do_compat_alignment_fixup()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22035
- tracing: Fix use-after-free in print_graph_function_flags during tracer
switching
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22038
- ksmbd: validate zero num_subauth before sub_auth is accessed
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22040
- ksmbd: fix session use-after-free in multichannel connection
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22041
- ksmbd: fix use-after-free in ksmbd_sessions_deregister()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22042
- ksmbd: add bounds check for create lease context
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22044
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22045
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22050
- usbnet:fix NPE during rx_complete
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22053
- net: ibmveth: make veth_pool_store stop hanging
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22054
- arcnet: Add NULL check in com20020pci_probe()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22055
- net: fix geneve_opt length integer overflow
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22056
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22057
- net: decrease cached dst counters in dst_release
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22058
- udp: Fix memory accounting leak.
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22060
- net: mvpp2: Prevent parser TCAM memory corruption
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38637
- net_sched: skbprio: Remove overly strict queue assertions
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22063
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22064
- netfilter: nf_tables: don't unregister hook when table is dormant
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22066
- ASoC: imx-card: Add NULL check in imx_card_probe()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2023-53034
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22071
- spufs: fix a leak in spufs_create_context()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22072
- spufs: fix gang directory lifetimes
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22073
- spufs: fix a leak on spufs_new_file() failure
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38575
- ksmbd: use aead_request_free to match aead_request_alloc
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22075
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-37937
- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22079
- ocfs2: validate l_tree_depth to avoid out-of-bounds access
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22080
- fs/ntfs3: Prevent integer overflow in hdr_first_de()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22081
- fs/ntfs3: Fix a couple integer overflows on 32bit systems
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22083
- vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22086
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22089
- RDMA/core: Don't expose hw_counters outside of init net namespace
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-39728
- clk: samsung: Fix UBSAN panic in samsung_clk_init()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22090
- x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38152
- remoteproc: core: Clear table_sz when rproc_shutdown
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-38240
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22095
- PCI: brcmstb: Fix error path after a call to regulator_bulk_get()
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-22097
- drm/vkms: Fix use after free and double free on init error
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-23136
- thermal: int340x: Add NULL check for adev
* Noble update: upstream stable patchset 2025-09-01 (LP: #2121716) //
CVE-2025-23138
- watch_queue: fix pipe accounting mismatch
* Noble update: upstream stable patchset 2025-08-18 (LP: #2120877)
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
- atm: Fix NULL pointer dereference
- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
- ARM: Remove address checking for MMUless devices
- drm/dp_mst: Factor out function to queue a topology probe work
- drm/dp_mst: Add a helper to queue a topology probe
- drm/amd/display: Don't write DP_MSTM_CTRL after LT
- mm/page_alloc: fix memory accept before watermarks gets initialized
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
- counter: stm32-lptimer-cnt: fix error handling when enabling
- counter: microchip-tcb-capture: Fix undefined counter channel state on
probe
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- tty: serial: fsl_lpuart: disable transmitter before changing RS485
related registers
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
- net: usb: usbnet: restore usb%d name exception for local mac addresses
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove
- nfsd: fix legacy client tracking initialization
- tty: serial: 8250: Add some more device IDs
- tty: serial: 8250: Add Brainboxes XC devices
- perf tools: Fix up some comments and code to properly use the
event_source bus
- bcachefs: bch2_ioctl_subvolume_destroy() fixes
- Upstream stable to v6.6.86, v6.12.22
* CVE-2025-39682
- tls: fix handling of zero-length records on the rx_list
* CVE-2025-38500
- xfrm: interface: fix use-after-free after changing collect_md xfrm
interface
* TLS socket disconnection causes various issues (LP: #2120516) //
CVE-2025-37756
- net: tls: explicitly disallow disconnect
* CVE-2025-38477
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
qfq_delete_class
* CVE-2025-38618
- vsock: Do not allow binding to VMADDR_PORT_ANY
* CVE-2025-38617
- net/packet: fix a race in packet_set_ring() and packet_notifier()
* CVE-2025-37785
- ext4: fix OOB read when checking dotdot dir
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
Date: 2025-09-22 16:50:17.858012+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux/6.8.0-86.87
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list