Package "linux"

 linux (5.15.0-152.162) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-152.162 -proposed tracker (LP: #2117618)
 .
   * [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
     - s390: add z16 elf platform
     - s390: Add z17 elf platform
 .
   * Jammy update: v5.15.185 upstream stable release (LP: #2115240)
     - dma-mapping: avoid potential unused data compilation warning
     - cgroup: Fix compilation issue due to cgroup_mutex not being exported
     - net: enetc: refactor bulk flipping of RX buffers to separate function
     - bpf: fix possible endless loop in BPF map iteration
     - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora
     - kconfig: merge_config: use an empty file as initfile
     - NFSv4: Check for delegation validity in
       nfs_start_delegation_return_locked()
     - tracing: Mark binary printing functions with __printf() attribute
     - mailbox: use error ret code of of_parse_phandle_with_args()
     - fbdev: fsl-diu-fb: add missing device_remove_file()
     - fbcon: Use correct erase colour for clearing in fbcon
     - fbdev: core: tileblit: Implement missing margin clearing for tileblit
     - NFSv4: Treat ENETUNREACH errors as fatal for state recovery
     - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
     - SUNRPC: rpcbind should never reset the port to the value '0'
     - thermal/drivers/qoriq: Power down TMU on system suspend
     - dql: Fix dql->limit value when reset.
     - lockdep: Fix wait context check on softirq for PREEMPT_RT
     - PCI: dwc: ep: Ensure proper iteration over outbound map windows
     - tools/build: Don't pass test log files to linker
     - pNFS/flexfiles: Report ENETDOWN as a connection error
     - PCI: vmd: Disable MSI remapping bypass under Xen
     - mmc: host: Wait for Vdd to settle on card power off
     - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2
     - i2c: qup: Vote for interconnect bandwidth to DRAM
     - i2c: pxa: fix call balance of i2c->clk handling routines
     - btrfs: make btrfs_discard_workfn() block_group ref explicit
     - btrfs: avoid linker error in btrfs_find_create_tree_block()
     - btrfs: get zone unusable bytes while holding lock at
       btrfs_reclaim_bgs_work()
     - btrfs: send: return -ENAMETOOLONG when attempting a path that is too
       long
     - i3c: master: svc: Fix missing STOP for master request
     - dlm: make tcp still work in multi-link env
     - um: Store full CSGSFS and SS register from mcontext
     - um: Update min_low_pfn to match changes in uml_reserved
     - ext4: reorder capability check last
     - scsi: st: Tighten the page format heuristics with MODE SELECT
     - scsi: st: ERASE does not change tape location
     - vfio/pci: Handle INTx IRQ_NOTCONNECTED
     - tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
     - rtc: rv3032: fix EERD location
     - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect
     - kbuild: fix argument parsing in scripts/config
     - crypto: octeontx2 - suppress auth failure screaming due to negative
       tests
     - dm: restrict dm device size to 2^63-512 bytes
     - xen: Add support for XenServer 6.1 platform device
     - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
     - posix-timers: Add cond_resched() to posix_timer_add() search loop
     - timer_list: Don't use %pK through printk()
     - netfilter: conntrack: Bound nf_conntrack sysctl writes
     - arm64/mm: Check PUD_TYPE_TABLE in pud_bad()
     - mmc: sdhci: Disable SD card clock before changing parameters
     - ipv6: save dontfrag in cork
     - auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
       hd44780_common"
     - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup()
     - cpufreq: tegra186: Share policy per cluster
     - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator
     - powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7
     - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
     - rtc: ds1307: stop disabling alarms on probe
     - ieee802154: ca8210: Use proper setters and getters for bitwise types
     - ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114
     - media: c8sectpfe: Call of_node_put(i2c_bus) only once in
       c8sectpfe_probe()
     - remoteproc: qcom_wcnss: Handle platforms with only single power domain
     - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
     - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
     - net: ethernet: ti: cpsw_new: populate netdev of_node
     - net: pktgen: fix mpls maximum labels list parsing
     - ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
     - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
     - clk: imx8mp: inform CCF of maximum frequency of clocks
     - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
     - hwmon: (gpio-fan) Add missing mutex locks
     - ARM: at91: pm: fix at91_suspend_finish for ZQ calibration
     - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence
     - fpga: altera-cvp: Increase credit timeout
     - PCI: brcmstb: Expand inbound window size up to 64GB
     - PCI: brcmstb: Add a softdep to MIP MSI-X driver
     - net/mlx5: Avoid report two health errors on same syndrome
     - selftests/net: have `gro.sh -t` return a correct exit code
     - drm/amdkfd: KFD release_work possible circular locking
     - net: xgene-v2: remove incorrect ACPI_PTR annotation
     - bonding: report duplicate MAC address in all situations
     - soc: ti: k3-socinfo: Do not use syscon helper to build regmap
     - x86/build: Fix broken copy command in genimage.sh when making isoimage
     - drm/amd/display: handle max_downscale_src_width fail check
     - x86/nmi: Add an emergency handler in nmi_desc & use it in
       nmi_shootdown_cpus()
     - cpuidle: menu: Avoid disca

 linux (5.15.0-150.160) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-150.160 -proposed tracker (LP: #2116706)
 .
   * [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
     - s390: add z16 elf platform
     - s390: Add z17 elf platform
 .
   * Jammy update: v5.15.185 upstream stable release (LP: #2115240)
     - dma-mapping: avoid potential unused data compilation warning
     - cgroup: Fix compilation issue due to cgroup_mutex not being exported
     - net: enetc: refactor bulk flipping of RX buffers to separate function
     - bpf: fix possible endless loop in BPF map iteration
     - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora
     - kconfig: merge_config: use an empty file as initfile
     - NFSv4: Check for delegation validity in
       nfs_start_delegation_return_locked()
     - tracing: Mark binary printing functions with __printf() attribute
     - mailbox: use error ret code of of_parse_phandle_with_args()
     - fbdev: fsl-diu-fb: add missing device_remove_file()
     - fbcon: Use correct erase colour for clearing in fbcon
     - fbdev: core: tileblit: Implement missing margin clearing for tileblit
     - NFSv4: Treat ENETUNREACH errors as fatal for state recovery
     - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
     - SUNRPC: rpcbind should never reset the port to the value '0'
     - thermal/drivers/qoriq: Power down TMU on system suspend
     - dql: Fix dql->limit value when reset.
     - lockdep: Fix wait context check on softirq for PREEMPT_RT
     - PCI: dwc: ep: Ensure proper iteration over outbound map windows
     - tools/build: Don't pass test log files to linker
     - pNFS/flexfiles: Report ENETDOWN as a connection error
     - PCI: vmd: Disable MSI remapping bypass under Xen
     - mmc: host: Wait for Vdd to settle on card power off
     - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2
     - i2c: qup: Vote for interconnect bandwidth to DRAM
     - i2c: pxa: fix call balance of i2c->clk handling routines
     - btrfs: make btrfs_discard_workfn() block_group ref explicit
     - btrfs: avoid linker error in btrfs_find_create_tree_block()
     - btrfs: get zone unusable bytes while holding lock at
       btrfs_reclaim_bgs_work()
     - btrfs: send: return -ENAMETOOLONG when attempting a path that is too
       long
     - i3c: master: svc: Fix missing STOP for master request
     - dlm: make tcp still work in multi-link env
     - um: Store full CSGSFS and SS register from mcontext
     - um: Update min_low_pfn to match changes in uml_reserved
     - ext4: reorder capability check last
     - scsi: st: Tighten the page format heuristics with MODE SELECT
     - scsi: st: ERASE does not change tape location
     - vfio/pci: Handle INTx IRQ_NOTCONNECTED
     - tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
     - rtc: rv3032: fix EERD location
     - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect
     - kbuild: fix argument parsing in scripts/config
     - crypto: octeontx2 - suppress auth failure screaming due to negative
       tests
     - dm: restrict dm device size to 2^63-512 bytes
     - xen: Add support for XenServer 6.1 platform device
     - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
     - posix-timers: Add cond_resched() to posix_timer_add() search loop
     - timer_list: Don't use %pK through printk()
     - netfilter: conntrack: Bound nf_conntrack sysctl writes
     - arm64/mm: Check PUD_TYPE_TABLE in pud_bad()
     - mmc: sdhci: Disable SD card clock before changing parameters
     - ipv6: save dontfrag in cork
     - auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
       hd44780_common"
     - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup()
     - cpufreq: tegra186: Share policy per cluster
     - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator
     - powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7
     - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
     - rtc: ds1307: stop disabling alarms on probe
     - ieee802154: ca8210: Use proper setters and getters for bitwise types
     - ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114
     - media: c8sectpfe: Call of_node_put(i2c_bus) only once in
       c8sectpfe_probe()
     - remoteproc: qcom_wcnss: Handle platforms with only single power domain
     - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
     - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
     - net: ethernet: ti: cpsw_new: populate netdev of_node
     - net: pktgen: fix mpls maximum labels list parsing
     - ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
     - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
     - clk: imx8mp: inform CCF of maximum frequency of clocks
     - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
     - hwmon: (gpio-fan) Add missing mutex locks
     - ARM: at91: pm: fix at91_suspend_finish for ZQ calibration
     - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence
     - fpga: altera-cvp: Increase credit timeout
     - PCI: brcmstb: Expand inbound window size up to 64GB
     - PCI: brcmstb: Add a softdep to MIP MSI-X driver
     - net/mlx5: Avoid report two health errors on same syndrome
     - selftests/net: have `gro.sh -t` return a correct exit code
     - drm/amdkfd: KFD release_work possible circular locking
     - net: xgene-v2: remove incorrect ACPI_PTR annotation
     - bonding: report duplicate MAC address in all situations
     - soc: ti: k3-socinfo: Do not use syscon helper to build regmap
     - x86/build: Fix broken copy command in genimage.sh when making isoimage
     - drm/amd/display: handle max_downscale_src_width fail check
     - x86/nmi: Add an emergency handler in nmi_desc & use it in
       nmi_shootdown_cpus()
     - cpuidle: menu: Avoid disca

 linux (5.15.0-144.157) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-144.157 -proposed tracker (LP: #2114581)
 .
   * cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
     - cifs: fix NULL ptr dereference in refresh_mounts()
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581)
     - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
     - tracing: probes: Fix a possible race in trace_probe_log APIs
     - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
     - iio: chemical: sps30: use aligned_s64 for timestamp
     - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
     - nfs: handle failure of nfs_get_lock_context in unlock path
     - spi: loopback-test: Do not split 1024-byte hexdumps
     - net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
     - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
     - ALSA: sh: SND_AICA should depend on SH_DMA_API
     - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
     - NFSv4/pnfs: Reset the layout state after a layoutreturn
     - x86,nospec: Simplify {JMP,CALL}_NOSPEC
     - x86/speculation: Simplify and make CALL_NOSPEC consistent
     - x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
     - x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
     - Documentation: x86/bugs/its: Add ITS documentation
     - x86/its: Enumerate Indirect Target Selection (ITS) bug
     - x86/its: Add support for ITS-safe indirect thunk
     - [Config] enable ITS mitigation
     - x86/alternative: Optimize returns patching
     - x86/alternatives: Remove faulty optimization
     - x86/its: Add support for ITS-safe return thunk
     - x86/its: Enable Indirect Target Selection mitigation
     - x86/its: Add "vmexit" option to skip mitigation on some CPUs
     - x86/its: Align RETs in BHB clear sequence to avoid thunking
     - x86/its: Use dynamic thunks for indirect branches
     - x86/its: Fix build errors when CONFIG_MODULES=n
     - x86/its: FineIBT-paranoid vs ITS
     - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
       interrupted"
     - btrfs: fix discard worker infinite loop after disabling discard
     - ACPI: PPTT: Fix processor subtable walk
     - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
     - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
     - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
     - ftrace: Fix preemption accounting for stacktrace trigger command
     - ftrace: Fix preemption accounting for stacktrace filter command
     - tracing: samples: Initialize trace_array_printk() with the correct
       function
     - phy: Fix error handling in tegra_xusb_port_init
     - phy: renesas: rcar-gen3-usb2: Set timing registers only once
     - wifi: mt76: disable napi on driver removal
     - dmaengine: ti: k3-udma: Add missing locking
     - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
       instead of a local copy
     - dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_engines
     - dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_groups
     - block: fix direct io NOWAIT flag not work
     - clocksource/i8253: Use raw_spinlock_irqsave() in
       clockevent_i8253_disable()
     - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
     - selftests/mm: compaction_test: support platform with huge mount of
       memory
     - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
     - netfilter: nf_tables: wait for rcu grace period on net_device removal
     - netfilter: nf_tables: do not defer rule destruction via call_rcu
     - x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
     - Linux 5.15.184
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2022-49063
     - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2022-49168
     - btrfs: do not clean up repair bio if submit fails
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2024-46751
     - btrfs: don't BUG_ON() when 0 reference count at
       btrfs_lookup_extent_info()
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2025-22062
     - sctp: add mutual exclusion in proc_sctp_do_udp_port()
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2024-53203
     - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2024-35790
     - usb: typec: altmodes/displayport: create sysfs nodes as driver's default
       device attribute group
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2025-37967
     - usb: typec: ucsi: displayport: Fix deadlock
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2025-37992
     - net_sched: Flush gso_skb list too during ->change()
 .
   * Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
     output (LP: #2107516)
     - SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
       device"
 .
   * Jammy update: v5.15.183 upstream stable release (LP: #2111705)
     - can: mcan: m_can_class_unregister(): fix order of unregistration calls
     - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
     - openvswitch: Fix unsafe attribute parsing in output_userspace()
     - gre: Fix again IPv6 link-local address generation.
     - can: gw: use call_rcu() instead of costly synchronize_rcu()
     - rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
     - can: gw: fix RCU/BH usage in cgw_create_job()
     - net: dsa: b53: allow leaky reserved multicast
     - net: dsa: b53: f

 linux (5.15.0-144.155) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-144.155 -proposed tracker (LP: #2114581)
 .
   * cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
     - cifs: fix NULL ptr dereference in refresh_mounts()
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581)
     - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
     - tracing: probes: Fix a possible race in trace_probe_log APIs
     - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
     - iio: chemical: sps30: use aligned_s64 for timestamp
     - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
     - nfs: handle failure of nfs_get_lock_context in unlock path
     - spi: loopback-test: Do not split 1024-byte hexdumps
     - net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
     - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
     - ALSA: sh: SND_AICA should depend on SH_DMA_API
     - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
     - NFSv4/pnfs: Reset the layout state after a layoutreturn
     - x86,nospec: Simplify {JMP,CALL}_NOSPEC
     - x86/speculation: Simplify and make CALL_NOSPEC consistent
     - x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
     - x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
     - Documentation: x86/bugs/its: Add ITS documentation
     - x86/its: Enumerate Indirect Target Selection (ITS) bug
     - x86/its: Add support for ITS-safe indirect thunk
     - [Config] enable ITS mitigation
     - x86/alternative: Optimize returns patching
     - x86/alternatives: Remove faulty optimization
     - x86/its: Add support for ITS-safe return thunk
     - x86/its: Enable Indirect Target Selection mitigation
     - x86/its: Add "vmexit" option to skip mitigation on some CPUs
     - x86/its: Align RETs in BHB clear sequence to avoid thunking
     - x86/its: Use dynamic thunks for indirect branches
     - x86/its: Fix build errors when CONFIG_MODULES=n
     - x86/its: FineIBT-paranoid vs ITS
     - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
       interrupted"
     - btrfs: fix discard worker infinite loop after disabling discard
     - ACPI: PPTT: Fix processor subtable walk
     - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
     - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
     - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
     - ftrace: Fix preemption accounting for stacktrace trigger command
     - ftrace: Fix preemption accounting for stacktrace filter command
     - tracing: samples: Initialize trace_array_printk() with the correct
       function
     - phy: Fix error handling in tegra_xusb_port_init
     - phy: renesas: rcar-gen3-usb2: Set timing registers only once
     - wifi: mt76: disable napi on driver removal
     - dmaengine: ti: k3-udma: Add missing locking
     - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
       instead of a local copy
     - dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_engines
     - dmaengine: idxd: fix memory leak in error handling path of
       idxd_setup_groups
     - block: fix direct io NOWAIT flag not work
     - clocksource/i8253: Use raw_spinlock_irqsave() in
       clockevent_i8253_disable()
     - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
     - selftests/mm: compaction_test: support platform with huge mount of
       memory
     - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
     - netfilter: nf_tables: wait for rcu grace period on net_device removal
     - netfilter: nf_tables: do not defer rule destruction via call_rcu
     - x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
     - Linux 5.15.184
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2022-49063
     - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2022-49168
     - btrfs: do not clean up repair bio if submit fails
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2024-46751
     - btrfs: don't BUG_ON() when 0 reference count at
       btrfs_lookup_extent_info()
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2025-22062
     - sctp: add mutual exclusion in proc_sctp_do_udp_port()
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2024-53203
     - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2024-35790
     - usb: typec: altmodes/displayport: create sysfs nodes as driver's default
       device attribute group
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2025-37967
     - usb: typec: ucsi: displayport: Fix deadlock
 .
   * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
     CVE-2025-37992
     - net_sched: Flush gso_skb list too during ->change()
 .
   * Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
     output (LP: #2107516)
     - SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
       device"
 .
   * Jammy update: v5.15.183 upstream stable release (LP: #2111705)
     - can: mcan: m_can_class_unregister(): fix order of unregistration calls
     - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
     - openvswitch: Fix unsafe attribute parsing in output_userspace()
     - gre: Fix again IPv6 link-local address generation.
     - can: gw: use call_rcu() instead of costly synchronize_rcu()
     - rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
     - can: gw: fix RCU/BH usage in cgw_create_job()
     - net: dsa: b53: allow leaky reserved multicast
     - net: dsa: b53: f

 linux (5.15.0-142.152) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-142.152 -proposed tracker (LP: #2110829)
 .
   * Rotate the Canonical Livepatch key (LP: #2111244)
     - [Config] Prepare for Canonical Livepatch key rotation
 .
   * Jammy generic-64k fails to initialize gVNIC devices (LP: #2109537)
     - gve: Perform adminq allocations through a dma_pool.
     - gve: Deprecate adminq_pfn for pci revision 0x1.
     - gve: Remove obsolete checks that rely on page size.
     - gve: Add page size register to the register_page_list command.
     - gve: Remove dependency on 4k page size.
 .
   * CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
     (LP: #2099914) // CVE-2025-2312
     - CIFS: New mount option for cifs.upcall namespace resolution
 .
   * [UBUNTU 22.04] net/smc: fix neighbour and rtable leak in smc_ib_find_route()
     (LP: #2109601) // CVE-2024-36945
     - net/smc: fix neighbour and rtable leak in smc_ib_find_route()
 .
   * Jammy update: v5.15.180 upstream stable release (LP: #2109355)
     - clockevents/drivers/i8253: Fix stop sequence for timer 0
     - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
     - fbdev: hyperv_fb: iounmap() the correct memory when removing a device
     - pinctrl: bcm281xx: Fix incorrect regmap max_registers value
     - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template.
     - net: dsa: mv88e6xxx: Verify after ATU Load ops
     - netpoll: hold rcu read lock in __netpoll_send_skb()
     - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()
     - ipvs: prevent integer overflow in do_ip_vs_get_ctl()
     - netfilter: nft_exthdr: fix offset with ipv4_find_option()
     - gre: Fix IPv6 link-local address generation.
     - slab: clean up function prototypes
     - slab: Introduce kmalloc_size_roundup()
     - openvswitch: Use kmalloc_size_roundup() to match ksize() usage
     - net: openvswitch: remove misbehaving actions length check
     - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
     - nvme-fc: go straight to connecting state when initializing
     - hrtimers: Mark is_migration_base() with __always_inline
     - powercap: call put_device() on an error path in
       powercap_register_control_type()
     - scsi: core: Use GFP_NOIO to avoid circular locking dependency
     - ACPI: resource: IRQ override for Eluktronics MECH-17
     - alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support
     - vboxsf: fix building with GCC 15
     - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell
     - sched: Clarify wake_up_q()'s write to task->wake_q.next
     - s390/cio: Fix CHPID "configure" attribute caching
     - thermal/cpufreq_cooling: Remove structure member documentation
     - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()
     - ASoC: arizona/madera: use fsleep() in up/down DAPM event delays.
     - ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module
     - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
     - nvmet-rdma: recheck queue state is LIVE in state lock in recv done
     - sctp: Fix undefined behavior in left shift operation
     - nvme: only allow entering LIVE from CONNECTING state
     - ASoC: tas2770: Fix volume scale
     - ASoC: tas2764: Fix power control mask
     - ASoC: tas2764: Set the SDOUT polarity correctly
     - fuse: don't truncate cached, mutated symlink
     - x86/irq: Define trace events conditionally
     - mptcp: safety check before fallback
     - drm/nouveau: Do not override forced connector status
     - block: fix 'kmem_cache of name 'bio-108' already exists'
     - USB: serial: ftdi_sio: add support for Altera USB Blaster 3
     - USB: serial: option: add Telit Cinterion FE990B compositions
     - USB: serial: option: fix Telit Cinterion FE990A name
     - USB: serial: option: match on interface class for Telit FN990B
     - drm/atomic: Filter out redundant DPMS calls
     - drm/amd/display: Restore correct backlight brightness after a GPU reset
     - qlcnic: fix memory leak issues in qlcnic_sriov_common.c
     - lib/buildid: Handle memfd_secret() files in build_id_parse()
     - tcp: fix races in tcp_abort()
     - ASoC: ops: Consistently treat platform_max as control value
     - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
     - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
     - cifs: Fix integer overflow while processing actimeo mount option
     - i2c: ali1535: Fix an error handling path in ali1535_probe()
     - i2c: ali15x3: Fix an error handling path in ali15x3_probe()
     - i2c: sis630: Fix an error handling path in sis630_probe()
     - drm/amd/display: Check for invalid input params when building scaling params
     - smb: client: Fix match_session bug preventing session reuse
     - Revert "smb: client: fix potential UAF in cifs_debug_files_proc_show()"
     - smb: client: fix potential UAF in cifs_debug_files_proc_show()
     - firmware: imx-scu: fix OF node leak in .probe()
     - xfrm_output: Force software GSO only in tunnel mode
     - ARM: dts: bcm2711: PL011 UARTs are actually r1p5
     - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
     - ARM: dts: bcm2711: Don't mark timer regs unconfigured
     - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
     - RDMA/hns: Remove redundant 'phy_addr' in hns_roce_hem_list_find_mtt()
     - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
     - RDMA/hns: Fix a missing rollback in error path of
       hns_roce_create_qp_common()
     - RDMA/hns: Fix wrong value of max_sge_rd
     - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
     - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
     - Revert "gre: Fix IPv6 link-local address generation."
     - i2c: omap: fix IRQ storms
     - drm/v3d: Don't run jobs