Package "linux-mtk"

 linux-mtk (5.15.0-1036.42) jammy; urgency=medium
 .
   * jammy/linux-mtk: 5.15.0-1036.42 -proposed tracker (LP: #2088406)
 .
   * mtk-fsource: ubuntu kernel integration (LP: #2092506)
     - SAUCE: (no-up) ubuntu: mtk-fsource-driver: add mediatek fsource driver
 .
   * [g1200-evk] Call trace appeared when reload mtk_mdp3 module (LP: #2090981)
     - SAUCE: (no-up) GENIO: media: mediatek: mdp3: fix unload module flow
 .
   * [g510] mt8188-mdla-devfreq probe failed message found in dmesg
     (LP: #2090978)
     - SAUCE: (no-up) power: Ignore duplicate OPP entry to fix probe fail
 .
   * Fail to detect card after unplugging DPoC cable and reboot (LP: #2090979)
     - SAUCE: (no-up) GENIO: drm/mediatek: dp: Remove DP enabled check
 .
   * Miscellaneous Ubuntu changes
     - SAUCE: (no-up) drm/mediatek: fix build error for DRM_MODE_ROTATE_0
       declaration
 .
   [ Ubuntu: 5.15.0-130.140 ]
 .
   * jammy/linux: 5.15.0-130.140 -proposed tracker (LP: #2092132)
   * ovs/linuxbridge jobs running on ubuntu jammy broken with latest kernel
     5.15.0-127.137 (LP: #2091990)
     - netfilter: xtables: fix typo causing some targets not to load on IPv6
 .
   [ Ubuntu: 5.15.0-128.138 ]
 .
   * jammy/linux: 5.15.0-128.138 -proposed tracker (LP: #2090163)
   * CVE-2024-50264
     - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
   * CVE-2024-53057
     - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
   * CVE-2024-43904
     - drm/amd/display: Add null checks for 'stream' and 'plane' before
       dereferencing
   * CVE-2024-40973
     - media: mtk-vcodec: potential null pointer deference in SCP
   * CVE-2024-38553
     - net: fec: remove .ndo_poll_controller to avoid deadlocks
   * CVE-2024-26822
     - smb: client: set correct id, uid and cruid for multiuser automounts
   * CVE-2020-12351 // CVE-2020-12352 // CVE-2020-24490
     - [Config] Disable BlueZ highspeed support
   * CVE-2024-40910
     - ax25: Fix refcount imbalance on inbound connections
   * CVE-2024-35963
     - Bluetooth: hci_sock: Fix not validating setsockopt user input
   * CVE-2024-35965
     - Bluetooth: L2CAP: Fix not validating setsockopt user input
   * CVE-2024-35966
     - Bluetooth: RFCOMM: Fix not validating setsockopt user input
   * CVE-2024-35967
     - Bluetooth: SCO: Fix not validating setsockopt user input
 .
   [ Ubuntu: 5.15.0-127.137 ]
 .
   * jammy/linux: 5.15.0-127.137 -proposed tracker (LP: #2086357)
   * Jammy update: v5.15.168 upstream stable release (LP: #2086242)
     - parisc: Fix 64-bit userspace syscall path
     - parisc: Fix stack start for ADDR_NO_RANDOMIZE personality
     - of/irq: Support #msi-cells=<0> in of_msi_get_domain
     - drm: omapdrm: Add missing check for alloc_ordered_workqueue
     - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
     - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit
     - mm: krealloc: consider spare memory for __GFP_ZERO
     - ocfs2: fix the la space leak when unmounting an ocfs2 volume
     - ocfs2: fix uninit-value in ocfs2_get_block()
     - ocfs2: reserve space for inline xattr before attaching reflink tree
     - ocfs2: cancel dqi_sync_work before freeing oinfo
     - ocfs2: remove unreasonable unlock in ocfs2_read_blocks
     - ocfs2: fix null-ptr-deref when journal load failed.
     - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
     - usbnet: ipheth: fix carrier detection in modes 1 and 4
     - net: ethernet: use ip_hdrlen() instead of bit shift
     - net: phy: vitesse: repair vsc73xx autonegotiation
     - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
     - btrfs: update target inode's ctime on unlink
     - Input: ads7846 - ratelimit the spi_sync error message
     - Input: synaptics - enable SMBus for HP Elitebook 840 G2
     - HID: multitouch: Add support for GT7868Q
     - scripts: kconfig: merge_config: config files: add a trailing newline
     - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3
     - drm/msm/adreno: Fix error return if missing firmware-name
     - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
     - NFSv4: Fix clearing of layout segments in layoutreturn
     - NFS: Avoid unnecessary rescanning of the per-server delegation list
     - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
     - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
     - mptcp: pm: Fix uaf in __timer_delete_sync
     - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
       Puma
     - minmax: reduce min/max macro expansion in atomisp driver
     - net: tighten bad gso csum offset check in virtio_net_hdr
     - mm: avoid leaving partial pfn mappings around in error case
     - fs/ntfs3: Use kvfree to free memory allocated by kvmalloc
     - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
     - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
     - selftests/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected()
     - hwmon: (pmbus) Introduce and use write_byte_data callback
     - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >=
       1.2
     - ice: fix accounting for filters shared by multiple VSIs
     - igb: Always call igb_xdp_ring_update_tail() under Tx lock
     - net/mlx5e: Add missing link modes to ptys2ethtool_map
     - net/mlx5: Explicitly set scheduling element and TSAR type
     - net/mlx5: Add support to create match definer
     - net/mlx5: Add IFC bits and enums for flow meter
     - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
     - fou: fix initialization of grc
     - octeontx2-af: Set XOFF on other child transmit schedulers during SMQ flush
     - octeontx2-af: Modify SMQ flush sequence to drop packets
     - net: ftgmac100: Enable TX interrupt to avoid TX timeout
     - netfilter: nft_socket: fix sk r

 linux-mtk (5.15.0-1035.41) jammy; urgency=medium
 .
   * jammy/linux-mtk: 5.15.0-1035.41 -proposed tracker (LP: #2081792)
 .
   * [g510] ddc failed message when the monitor does not support SCDC
     (LP: #2084626)
     - SAUCE: (no-up) GENIO: drm: mediatek: hdmi: fix ddc failed message when the
       monitor does not support SCDC
 .
   * [g700] support p1v4 hardware (LP: #2081699)
     - SAUCE: (no-up) GENIO: arm64: dts: mediatek: genio-700-evk: modify gpio 111
       to be regulator-gpio
     - SAUCE: (no-up) GENIO: panel: startek-kd070fhfid015: change enable gpio to be
       optional
     - SAUCE: (no-up) arm: dts: mt8188: add disp_pwm1 node
     - SAUCE: (no-up) dtbo: genio-700-evk: add display-dsi-p1v4.dts for G700 EVK
       p1v4
     - SAUCE: (no-up) arm64: dts: mediatek: genio-700-evk: add p1v4 device tree
       overlay
 .
   * [g1200] Call trace appeared when reload mtk_rng module (LP: #2081696)
     - hwrng: mtk - Use devm_pm_runtime_enable
 .
   * [g1200] possible kernel memory leak through CONFIG_DEBUG_KMEMLEAK
     (LP: #2081686)
     - drm/mediatek: Correctly free sg_table in gem prime vmap
 .
   [ Ubuntu: 5.15.0-124.134 ]
 .
   * jammy/linux: 5.15.0-124.134 -proposed tracker (LP: #2082176)
   * CVE-2024-45016
     - netem: fix return value if duplicate enqueue fails
   * CVE-2024-38630
     - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
   * CVE-2024-27397
     - netfilter: nf_tables: use timestamp to check for set element timeout
 .
   [ Ubuntu: 5.15.0-122.132 ]
 .
   * jammy/linux: 5.15.0-122.132 -proposed tracker (LP: #2078154)
   * isolcpus are ignored when using cgroups V2, causing processes to have wrong
     affinity (LP: #2076957)
     - cgroup/cpuset: Optimize cpuset_attach() on v2
   * Jammy update: v5.15.164 upstream stable release (LP: #2076100) //
     CVE-2024-41009
     - bpf: Fix overrunning reservations in ringbuf
   * CVE-2024-39494
     - ima: Fix use-after-free on a dentry's dname.name
   * CVE-2024-39496
     - btrfs: zoned: fix use-after-free due to race with dev replace
   * CVE-2024-42160
     - f2fs: check validation of fault attrs in f2fs_build_fault_attr()
     - f2fs: Add inline to f2fs_build_fault_attr() stub
   * CVE-2024-38570
     - gfs2: Rename sd_{ glock => kill }_wait
     - gfs2: Fix potential glock use-after-free on unmount
   * CVE-2024-42228
     - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
   * CVE-2024-27012
     - netfilter: nf_tables: restore set elements when delete set fails
   * CVE-2024-26677
     - rxrpc: Fix delayed ACKs to not set the reference serial number
 .
   [ Ubuntu: 5.15.0-121.131 ]
 .
   * jammy/linux: 5.15.0-121.131 -proposed tracker (LP: #2076347)
   * jammy:linux bpf selftest do not build (LP: #2076334)
     - SAUCE: Revert "bpf: Allow reads from uninit stack"
 .
   [ Ubuntu: 5.15.0-120.130 ]
 .
   * jammy/linux: 5.15.0-120.130 -proposed tracker (LP: #2075903)
   * Packaging resync (LP: #1786013)
     - [Packaging] debian.master/dkms-versions -- update from kernel-versions
       (main/2024.08.05)
   * Jammy update: v5.15.163 upstream stable release (LP: #2075170)
     - Compiler Attributes: Add __uninitialized macro
     - locking/mutex: Introduce devm_mutex_init()
     - drm/lima: fix shared irq handling on driver remove
     - media: dvb: as102-fe: Fix as10x_register_addr packing
     - media: dvb-usb: dib0700_devices: Add missing release_firmware()
     - IB/core: Implement a limit on UMAD receive List
     - scsi: qedf: Make qedf_execute_tmf() non-preemptible
     - crypto: aead,cipher - zeroize key buffer after use
     - drm/amdgpu: Initialize timestamp for some legacy SOCs
     - drm/amd/display: Check index msg_id before read or write
     - drm/amd/display: Check pipe offset before setting vblank
     - drm/amd/display: Skip finding free audio for unknown engine_id
     - media: dw2102: Don't translate i2c read into write
     - sctp: prefer struct_size over open coded arithmetic
     - firmware: dmi: Stop decoding on broken entry
     - Input: ff-core - prefer struct_size over open coded arithmetic
     - wifi: mt76: replace skb_put with skb_put_zero
     - net: dsa: mv88e6xxx: Correct check for empty list
     - media: dvb-frontends: tda18271c2dd: Remove casting during div
     - media: s2255: Use refcount_t instead of atomic_t for num_channels
     - media: dvb-frontends: tda10048: Fix integer overflow
     - i2c: i801: Annotate apanel_addr as __ro_after_init
     - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n
     - orangefs: fix out-of-bounds fsid access
     - kunit: Fix timeout message
     - powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
     - igc: fix a log entry using uninitialized netdev
     - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
     - jffs2: Fix potential illegal address access in jffs2_free_inode
     - s390/pkey: Wipe sensitive data on failure
     - tools/power turbostat: Remember global max_die_id
     - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open()
     - tcp_metrics: validate source addr length
     - KVM: s390: fix LPSWEY handling
     - e1000e: Fix S0ix residency on corporate systems
     - net: allow skb_datagram_iter to be called from any context
     - wifi: wilc1000: fix ies_len type in connect path
     - riscv: kexec: Avoid deadlock in kexec crash path
     - netfilter: nf_tables: unconditionally flush pending work before notifier
     - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
     - selftests: fix OOM in msg_zerocopy selftest
     - selftests: make order checking verbose in msg_zerocopy selftest
     - inet_diag: Initialize pad field in struct inet_diag_req_v2
     - gpiolib: of: factor out code overriding gpio line polarity
     - gpiolib: of: add a quirk for reset line polarity for Himax LCDs
     - gpiolib: of: add polarity quirk for TSC2005
     - Revert "igc: fix a log entry using uninit

 linux-mtk (5.15.0-1034.40) jammy; urgency=medium
 .
   * jammy/linux-mtk: 5.15.0-1034.40 -proposed tracker (LP: #2082876)
 .
   * [g1200] regulators not enabled after sru d2024.08.12 (LP: #2082868)
     - SAUCE: (no-up) regulator: mt6360: fix compatibility issue for downstream
       device tree
     - SAUCE: (no-up) power: supply: mt6360_charger: fix compatibility issue for
       downstream device tree
 .
   * [uc22][g700] systemd-backlight@backlight:1c008000.dsi0.0.service loaded
     failed during cold boot stress test (LP: #2078763)
     - [Config] CONFIG_DRM_MEDIATEK_HDMI=y and CONFIG_PHY_MTK_HDMI=y
 .
   * [g510][g700] add fsource device tree node (LP: #2078762)
     - SAUCE: (no-up) GENIO: arm64: dts: mediatek: genio-700-evk/genio-510-evk: add
       fsource device tree node
 .
   [ Ubuntu: 5.15.0-119.129 ]
 .
   * jammy/linux: 5.15.0-119.129 -proposed tracker (LP: #2075665)
   * Virtualbox Guru meditation on VM start caused by kernel commit in v6.9-rc4
     (LP: #2073267)
     - SAUCE: Revert "randomize_kstack: Improve entropy diffusion"
   * CVE-2024-26921
     - inet: inet_defrag: prevent sk release while still in use
   * Jammy update: v5.15.162 upstream stable release (LP: #2073765) //
     CVE-2024-39484
     - mmc: davinci: Don't strip remove function when driver is builtin
   * Jammy update: v5.15.162 upstream stable release (LP: #2073765)
     - mmc: davinci_mmc: Convert to platform remove callback returning void
   * CVE-2024-39292
     - um: Add winch to winch_handlers before registering winch IRQ
   * CVE-2024-36901
     - ipv6: prevent NULL dereference in ip6_output()
   * CVE-2024-26830
     - i40e: Do not allow untrusted VF to remove administratively set MAC
   * CVE-2024-26680
     - net: atlantic: Fix DMA mapping for PTP hwts ring
   * CVE-2023-52760
     - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
   * CVE-2023-52629
     - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
 .
   [ Ubuntu: 5.15.0-118.128 ]
 .
   * jammy/linux: 5.15.0-118.128 -proposed tracker (LP: #2072255)
   * Jammy update: v5.15.160 upstream stable release (LP: #2070292)
     - drm/amd/display: Fix division by zero in setup_dsc_config
     - pinctrl: core: handle radix_tree_insert() errors in
       pinctrl_register_one_pin()
     - nfsd: don't allow nfsd threads to be signalled.
     - KEYS: trusted: Fix memory leak in tpm2_key_encode()
     - Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
     - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
     - net: bcmgenet: synchronize UMAC_CMD access
     - netlink: annotate lockless accesses to nlk->max_recvmsg_len
     - netlink: annotate data-races around sk->sk_err
     - KVM: x86: Clear "has_error_code", not "error_code", for RM exception
       injection
     - drm/amdgpu: Fix possible NULL dereference in
       amdgpu_ras_query_error_status_helper()
     - binder: fix max_thread type inconsistency
     - usb: typec: ucsi: displayport: Fix potential deadlock
     - serial: kgdboc: Fix NMI-safety problems from keyboard reset code
     - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
     - KEYS: trusted: Do not use WARN when encode fails
     - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
     - docs: kernel_include.py: Cope with docutils 0.21
     - Linux 5.15.160
   * Jammy update: v5.15.159 upstream stable release (LP: #2070028)
     - dmaengine: pl330: issue_pending waits until WFP state
     - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
     - wifi: nl80211: don't free NULL coalescing rule
     - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
     - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
     - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
     - eeprom: at24: Use dev_err_probe for nvmem register failure
     - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
     - eeprom: at24: fix memory corruption race condition
     - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
     - pinctrl/meson: fix typo in PDM's pin name
     - pinctrl: core: delete incorrect free in pinctrl_enable()
     - pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
     - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
     - pinctrl: mediatek: paris: Rework support for
       PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
     - sunrpc: add a struct rpc_stats arg to rpc_create_args
     - nfs: expose /proc/net/sunrpc/nfs in net namespaces
     - nfs: make the rpc_stat per net namespace
     - nfs: Handle error of rpc_proc_register() in nfs_net_init().
     - power: rt9455: hide unused rt9455_boost_voltage_values
     - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator
     - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
     - regulator: mt6360: De-capitalize devicetree regulator subnodes
     - bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
     - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
     - bpf: Fix a verifier verbose message
     - spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs
     - s390/mm: Fix storage key clearing for guest huge pages
     - s390/mm: Fix clearing storage keys for huge pages
     - xdp: Move conversion to xdp_frame out of map functions
     - xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames
     - xdp: use flags field to disambiguate broadcast redirect
     - bna: ensure the copied buf is NUL terminated
     - octeontx2-af: avoid off-by-one read from userspace
     - nsh: Restore skb->{protocol,data,mac_header} for outer header in
       nsh_gso_segment().
     - net l2tp: drop flow hash on forward
     - s390/vdso: Add CFI for RA register to asm macro vdso_func
     - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
     - net: qede: use return from qede_parse_flow_attr

 linux-mtk (5.15.0-1034.39) jammy; urgency=medium
 .
   * jammy/linux-mtk: 5.15.0-1034.39 -proposed tracker (LP: #2078880)
 .
   * [uc22][g700] systemd-backlight@backlight:1c008000.dsi0.0.service loaded
     failed during cold boot stress test (LP: #2078763)
     - [Config] CONFIG_DRM_MEDIATEK_HDMI=y and CONFIG_PHY_MTK_HDMI=y
 .
   * [g510][g700] add fsource device tree node (LP: #2078762)
     - SAUCE: (no-up) GENIO: arm64: dts: mediatek: genio-700-evk/genio-510-evk: add
       fsource device tree node
 .
   [ Ubuntu: 5.15.0-119.129 ]
 .
   * jammy/linux: 5.15.0-119.129 -proposed tracker (LP: #2075665)
   * Virtualbox Guru meditation on VM start caused by kernel commit in v6.9-rc4
     (LP: #2073267)
     - SAUCE: Revert "randomize_kstack: Improve entropy diffusion"
   * CVE-2024-26921
     - inet: inet_defrag: prevent sk release while still in use
   * Jammy update: v5.15.162 upstream stable release (LP: #2073765) //
     CVE-2024-39484
     - mmc: davinci: Don't strip remove function when driver is builtin
   * Jammy update: v5.15.162 upstream stable release (LP: #2073765)
     - mmc: davinci_mmc: Convert to platform remove callback returning void
   * CVE-2024-39292
     - um: Add winch to winch_handlers before registering winch IRQ
   * CVE-2024-36901
     - ipv6: prevent NULL dereference in ip6_output()
   * CVE-2024-26830
     - i40e: Do not allow untrusted VF to remove administratively set MAC
   * CVE-2024-26680
     - net: atlantic: Fix DMA mapping for PTP hwts ring
   * CVE-2023-52760
     - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
   * CVE-2023-52629
     - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
 .
   [ Ubuntu: 5.15.0-118.128 ]
 .
   * jammy/linux: 5.15.0-118.128 -proposed tracker (LP: #2072255)
   * Jammy update: v5.15.160 upstream stable release (LP: #2070292)
     - drm/amd/display: Fix division by zero in setup_dsc_config
     - pinctrl: core: handle radix_tree_insert() errors in
       pinctrl_register_one_pin()
     - nfsd: don't allow nfsd threads to be signalled.
     - KEYS: trusted: Fix memory leak in tpm2_key_encode()
     - Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
     - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
     - net: bcmgenet: synchronize UMAC_CMD access
     - netlink: annotate lockless accesses to nlk->max_recvmsg_len
     - netlink: annotate data-races around sk->sk_err
     - KVM: x86: Clear "has_error_code", not "error_code", for RM exception
       injection
     - drm/amdgpu: Fix possible NULL dereference in
       amdgpu_ras_query_error_status_helper()
     - binder: fix max_thread type inconsistency
     - usb: typec: ucsi: displayport: Fix potential deadlock
     - serial: kgdboc: Fix NMI-safety problems from keyboard reset code
     - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
     - KEYS: trusted: Do not use WARN when encode fails
     - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
     - docs: kernel_include.py: Cope with docutils 0.21
     - Linux 5.15.160
   * Jammy update: v5.15.159 upstream stable release (LP: #2070028)
     - dmaengine: pl330: issue_pending waits until WFP state
     - dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
     - wifi: nl80211: don't free NULL coalescing rule
     - ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf
     - ksmbd: validate request buffer size in smb2_allocate_rsp_buf()
     - ksmbd: clear RENAME_NOREPLACE before calling vfs_rename
     - eeprom: at24: Use dev_err_probe for nvmem register failure
     - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case
     - eeprom: at24: fix memory corruption race condition
     - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T
     - pinctrl/meson: fix typo in PDM's pin name
     - pinctrl: core: delete incorrect free in pinctrl_enable()
     - pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic
     - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback
     - pinctrl: mediatek: paris: Rework support for
       PIN_CONFIG_{INPUT,OUTPUT}_ENABLE
     - sunrpc: add a struct rpc_stats arg to rpc_create_args
     - nfs: expose /proc/net/sunrpc/nfs in net namespaces
     - nfs: make the rpc_stat per net namespace
     - nfs: Handle error of rpc_proc_register() in nfs_net_init().
     - power: rt9455: hide unused rt9455_boost_voltage_values
     - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator
     - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
     - regulator: mt6360: De-capitalize devicetree regulator subnodes
     - bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition
     - bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
     - bpf: Fix a verifier verbose message
     - spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs
     - s390/mm: Fix storage key clearing for guest huge pages
     - s390/mm: Fix clearing storage keys for huge pages
     - xdp: Move conversion to xdp_frame out of map functions
     - xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames
     - xdp: use flags field to disambiguate broadcast redirect
     - bna: ensure the copied buf is NUL terminated
     - octeontx2-af: avoid off-by-one read from userspace
     - nsh: Restore skb->{protocol,data,mac_header} for outer header in
       nsh_gso_segment().
     - net l2tp: drop flow hash on forward
     - s390/vdso: Add CFI for RA register to asm macro vdso_func
     - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr()
     - net: qede: use return from qede_parse_flow_attr() for flower
     - net: qede: use return from qede_parse_flow_attr() for flow_spec
     - net: qede: use return from qede_parse_actions()
     - ASoC: meson: axg-fifo: use FIELD helpers
     - ASoC: meson: axg-fifo: use threaded irq to check periods
     - ASoC: meson: axg-card: make lin

 linux-mtk (5.15.0-1033.38) jammy; urgency=medium
 .
   * jammy/linux-mtk: 5.15.0-1033.38 -proposed tracker (LP: #2072455)
 .
   * [g350] No video output on HDMI (LP: #2072531)
     - SAUCE: (no-up) drm/mediatek: dpi: fix hdmi output for g350(mt8365)
 .
   * [UC22][g350] systemd-backlight@backlight:14014000.dsi0.0.service: Failed to
     write system 'brightness' attribute: Invalid argument during warm-boot /
     cold-boot stress test (LP: #2069787)
     - [Config] CONFIG_DRM_PANEL_STARTEK_KD070FHFID015=m
 .
   * [SRU] UBSAN: shift-out-of-bounds in mt6359-regulator.c:281 (LP: #2059227)
     - SAUCE: (no-up) regulator: mt6359: fix regulator mode setting
 .
   [ Ubuntu: 5.15.0-113.123 ]
 .
   * jammy/linux: 5.15.0-113.123 -proposed tracker (LP: #2068242)
   * CVE-2024-26924
     - netfilter: nft_set_pipapo: do not free live element
   * CVE-2024-26643
     - netfilter: nf_tables: mark set as dead when unbinding anonymous set with
       timeout