Package "linux"

 linux (5.15.0-165.175) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-165.175 -proposed tracker (LP: #2132307)
 .
   * CAP_PERFMON insufficient to get perf data (LP: #2131046)
     - SAUCE: perf/core: Allow CAP_PERFMON for paranoid level 4
 .
   * Jammy Linux: Introduced Warning with CVE-2024-53090 fix (LP: #2130553)
     - SAUCE: Remove warning introduced during CVE-2024-53090 fix
 .
   * [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
     namespaces (LP: #2121257)
     - apparmor: shift ouid when mediating hard links in userns
     - apparmor: shift uid when mediating af_unix in userns
 .
   * i40e driver is triggering VF resets on every link state change
     (LP: #2130552)
     - i40e: avoid redundant VF link state updates
 .
   * Jammy update: v5.15.194 upstream stable release (LP: #2127866)
     - Revert "fbdev: Disable sysfb device registration when removing
       conflicting FBs"
     - xfs: short circuit xfs_growfs_data_private() if delta is zero
     - kunit: kasan_test: disable fortify string checker on kasan_strings()
       test
     - mm: introduce and use {pgd,p4d}_populate_kernel()
     - media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
     - media: i2c: imx214: Fix link frequency validation
     - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
     - tracing: Do not add length to print format in synthetic events
     - mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
     - flexfiles/pNFS: fix NULL checks on result of
       ff_layout_choose_ds_for_read
     - NFSv4: Don't clear capabilities that won't be reset
     - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
     - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
     - tracing: Fix tracing_marker may trigger page fault during
       preempt_disable
     - NFSv4/flexfiles: Fix layout merge mirror check.
     - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to
       allocate psock->cork.
     - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
     - KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
     - KVM: SVM: Set synthesized TSA CPUID flags
     - EDAC/altera: Delete an inappropriate dma_free_coherent() call
     - compiler-clang.h: define __SANITIZE_*__ macros only when undefined
     - ocfs2: fix recursive semaphore deadlock in fiemap call
     - mtd: rawnand: stm32_fmc2: fix ECC overwrite
     - fuse: check if copy_file_range() returns larger than requested size
     - fuse: prevent overflow in copy_file_range return value
     - libceph: fix invalid accesses to ceph_connection_v1_info
     - mm/khugepaged: fix the address passed to notifier on testing young
     - mtd: nand: raw: atmel: Fix comment in timings preparation
     - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
     - mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check
     - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
     - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk
       table
     - tty: hvc_console: Call hvc_kick in hvc_write unconditionally
     - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
     - USB: serial: option: add Telit Cinterion FN990A w/audio compositions
     - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
     - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
     - tunnels: reset the GSO metadata before reusing the skb
     - igb: fix link test skipping when interface is admin down
     - genirq: Provide new interfaces for affinity hints
     - i40e: Use irq_update_affinity_hint()
     - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
     - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
       j1939_local_ecu_get() failed
     - can: j1939: j1939_local_ecu_get(): undo increment when
       j1939_local_ecu_get() fails
     - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted
       SKB
     - net: hsr: Disable promiscuous mode in offload mode
     - net: hsr: Add support for MC filtering at the slave device
     - net: hsr: Add VLAN CTAG filter support
     - hsr: use rtnl lock when iterating over ports
     - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
     - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
     - regulator: sy7636a: fix lifecycle of power good gpio
     - hrtimer: Remove unused function
     - hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
     - hrtimers: Unconditionally update target CPU base after offline timer
       migration
     - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
     - phy: tegra: xusb: fix device and OF node leak at probe
     - phy: ti-pipe3: fix device leak at unbind
     - soc: qcom: mdt_loader: Deal with zero e_shentsize
     - drm/amdgpu: fix a memory leak in fence cleanup when unloading
     - drm/i915/power: fix size for for_each_set_bit() in abox iteration
     - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
       memory
     - net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
     - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is
       not supported
     - wifi: mac80211: fix incorrect type for ret
     - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section
       mismatch
     - cgroup: split cgroup_destroy_wq into 3 workqueues
     - um: virtio_uml: Fix use-after-free after put_device in probe
     - dpaa2-switch: fix buffer pool seeding for control traffic
     - qed: Don't collect too many protection override GRC elements
     - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
     - i40e: remove redundant memory barrier when cleaning Tx descs
     - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
     - Revert "net/mlx5e: Update and set Xon/X

 linux (5.15.0-163.173) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-163.173 -proposed tracker (LP: #2127867)
 .
   * Add pvpanic kernel modules to linux-modules (LP: #2126659)
     - [Packaging] Add pvpanic kernel modules to linux-modules
 .
   * Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
     kernel and console (LP: #2123815)
     - SAUCE: fix: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record
       for multiple object contexts
 .
   * Hung task when heavily accessing kernfs files (LP: #2125142)
     - kernfs: switch global kernfs_rwsem lock to per-fs lock
     - kernfs: dont take i_lock on inode attr read
     - kernfs: move struct kernfs_root out of the public view.
     - kernfs: Introduce separate rwsem to protect inode attributes.
     - kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info.
     - kernfs: change kernfs_rename_lock into a read-write lock.
     - kernfs: prevent early freeing of root node
     - kernfs: remove redundant kernfs_rwsem declaration.
     - kernfs: fix NULL dereferencing in kernfs_remove
     - kernfs: fix potential NULL dereference in __kernfs_remove
     - kernfs: fix missing kernfs_iattr_rwsem locking
 .
   * ensure mptcp keepalives are honored when set (LP: #2125444)
     - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
 .
   * UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer
     dereference (LP: #2125053)
     - SAUCE: fan: vxlan: check memory allocation for map
 .
   * Jammy update: v5.15.193 upstream stable release (LP: #2127112)
     - [Config] enable CONFIG_MITIGATION_VMSCAPE
     - Linux 5.15.193
 .
   * Jammy update: v5.15.192 upstream stable release (LP: #2126782)
     - bpf: Add cookie object to bpf maps
     - bpf: Move cgroup iterator helpers to bpf.h
     - bpf: Move bpf map owner out of common struct
     - bpf: Fix oob access in cgroup local storage
     - drm/amd/display: Don't warn when missing DCE encoder caps
     - fs: writeback: fix use-after-free in __mark_inode_dirty()
     - tee: fix NULL pointer dereference in tee_shm_put
     - arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
     - wifi: cfg80211: fix use-after-free in cmp_bss()
     - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
       after confirm
     - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
     - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
     - xirc2ps_cs: fix register access when enabling FullDuplex
     - mISDN: Fix memory leak in dsp_hwec_enable()
     - icmp: fix icmp_ndo_send address translation for reply direction
     - i40e: Fix potential invalid access when MAC list is empty
     - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
     - wifi: cw1200: cap SSID length in cw1200_do_join()
     - wifi: libertas: cap SSID len in lbs_associate()
     - net: thunder_bgx: add a missing of_node_put
     - net: thunder_bgx: decrement cleanup index before use
     - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
     - ax25: properly unshare skbs in ax25_kiss_rcv()
     - net: atm: fix memory leak in atm_register_sysfs when device_register
       fail
     - ppp: fix memory leak in pad_compress_skb
     - ptp: Add generic PTP is_sync() function
     - net: phy: mscc: Fix memory leak when using one step timestamping
     - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
     - ALSA: usb-audio: Add mute TLV for playback volumes on some devices
     - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
     - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
       arch_sync_kernel_mappings()
     - mm: move page table sync declarations to linux/pgtable.h
     - wifi: mwifiex: Initialize the chan_stats array to zero
     - drm/amdgpu: drop hw access in non-DC audio fini
     - scsi: lpfc: Fix buffer free/clear order in deferred receive path
     - batman-adv: fix OOB read/write in network-coding decode
     - e1000e: fix heap overflow in e1000_set_eeprom
     - mm/khugepaged: fix ->anon_vma race
     - cpufreq/sched: Explicitly synchronize limits_changed flag handling
     - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
     - spi: tegra114: Remove unnecessary NULL-pointer checks
     - spi: tegra114: Don't fail set_cs_timing when delays are zero
     - iio: chemical: pms7003: use aligned_s64 for timestamp
     - iio: light: opt3001: fix deadlock due to concurrent flag access
     - gpio: pca953x: fix IRQ storm on system wake up
     - dma-buf: insert memory barrier before updating num_fences
     - dmaengine: mediatek: Fix a possible deadlock error in
       mtk_cqdma_tx_status()
     - net: dsa: microchip: update tag_ksz masks for KSZ9477 family
     - net: dsa: microchip: linearize skb for tail-tagging switches
     - vmxnet3: update MTU after device quiesce
     - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs
     - randstruct: gcc-plugin: Remove bogus void member
     - randstruct: gcc-plugin: Fix attribute addition
     - mm/slub: avoid accessing metadata when pointer is invalid in
       object_err()
     - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
     - pcmcia: Add error handling for add_interval() in do_validate_mem()
     - spi: spi-fsl-lpspi: Fix transmissions when using CONT
     - spi: spi-fsl-lpspi: Set correct chip-select polarity bit
     - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
     - drm/bridge: ti-sn65dsi86: fix REFCLK setting
     - perf bpf-event: Fix use-after-free in synthesis
     - clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
     - spi: tegra114: Use value to check for invalid delays
     - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()
     - Linux 5.15.192
 .
   * Jammy update: v5.15.191 upstream stable release (LP: #2125626)
     - pinctrl: STMFX: add missing HAS_IOMEM depe

 linux (5.15.0-162.172) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-162.172 -proposed tracker (LP: #2127572)
 .
   * Add pvpanic kernel modules to linux-modules (LP: #2126659)
     - [Packaging] Add pvpanic kernel modules to linux-modules
 .
   * Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
     kernel and console (LP: #2123815)
     - SAUCE: fix: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record
       for multiple object contexts
 .
   * Hung task when heavily accessing kernfs files (LP: #2125142)
     - kernfs: switch global kernfs_rwsem lock to per-fs lock
     - kernfs: dont take i_lock on inode attr read
     - kernfs: move struct kernfs_root out of the public view.
     - kernfs: Introduce separate rwsem to protect inode attributes.
     - kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info.
     - kernfs: change kernfs_rename_lock into a read-write lock.
     - kernfs: prevent early freeing of root node
     - kernfs: remove redundant kernfs_rwsem declaration.
     - kernfs: fix NULL dereferencing in kernfs_remove
     - kernfs: fix potential NULL dereference in __kernfs_remove
     - kernfs: fix missing kernfs_iattr_rwsem locking
 .
   * ensure mptcp keepalives are honored when set (LP: #2125444)
     - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN
 .
   * UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer
     dereference (LP: #2125053)
     - SAUCE: fan: vxlan: check memory allocation for map
 .
   * Jammy update: v5.15.193 upstream stable release (LP: #2127112)
     - [Config] enable CONFIG_MITIGATION_VMSCAPE
     - Linux 5.15.193
 .
   * Jammy update: v5.15.192 upstream stable release (LP: #2126782)
     - bpf: Add cookie object to bpf maps
     - bpf: Move cgroup iterator helpers to bpf.h
     - bpf: Move bpf map owner out of common struct
     - bpf: Fix oob access in cgroup local storage
     - drm/amd/display: Don't warn when missing DCE encoder caps
     - fs: writeback: fix use-after-free in __mark_inode_dirty()
     - tee: fix NULL pointer dereference in tee_shm_put
     - arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
     - wifi: cfg80211: fix use-after-free in cmp_bss()
     - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
       after confirm
     - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
     - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
     - xirc2ps_cs: fix register access when enabling FullDuplex
     - mISDN: Fix memory leak in dsp_hwec_enable()
     - icmp: fix icmp_ndo_send address translation for reply direction
     - i40e: Fix potential invalid access when MAC list is empty
     - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
     - wifi: cw1200: cap SSID length in cw1200_do_join()
     - wifi: libertas: cap SSID len in lbs_associate()
     - net: thunder_bgx: add a missing of_node_put
     - net: thunder_bgx: decrement cleanup index before use
     - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
     - ax25: properly unshare skbs in ax25_kiss_rcv()
     - net: atm: fix memory leak in atm_register_sysfs when device_register
       fail
     - ppp: fix memory leak in pad_compress_skb
     - ptp: Add generic PTP is_sync() function
     - net: phy: mscc: Fix memory leak when using one step timestamping
     - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
     - ALSA: usb-audio: Add mute TLV for playback volumes on some devices
     - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
     - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
       arch_sync_kernel_mappings()
     - mm: move page table sync declarations to linux/pgtable.h
     - wifi: mwifiex: Initialize the chan_stats array to zero
     - drm/amdgpu: drop hw access in non-DC audio fini
     - scsi: lpfc: Fix buffer free/clear order in deferred receive path
     - batman-adv: fix OOB read/write in network-coding decode
     - e1000e: fix heap overflow in e1000_set_eeprom
     - mm/khugepaged: fix ->anon_vma race
     - cpufreq/sched: Explicitly synchronize limits_changed flag handling
     - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
     - spi: tegra114: Remove unnecessary NULL-pointer checks
     - spi: tegra114: Don't fail set_cs_timing when delays are zero
     - iio: chemical: pms7003: use aligned_s64 for timestamp
     - iio: light: opt3001: fix deadlock due to concurrent flag access
     - gpio: pca953x: fix IRQ storm on system wake up
     - dma-buf: insert memory barrier before updating num_fences
     - dmaengine: mediatek: Fix a possible deadlock error in
       mtk_cqdma_tx_status()
     - net: dsa: microchip: update tag_ksz masks for KSZ9477 family
     - net: dsa: microchip: linearize skb for tail-tagging switches
     - vmxnet3: update MTU after device quiesce
     - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs
     - randstruct: gcc-plugin: Remove bogus void member
     - randstruct: gcc-plugin: Fix attribute addition
     - mm/slub: avoid accessing metadata when pointer is invalid in
       object_err()
     - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
     - pcmcia: Add error handling for add_interval() in do_validate_mem()
     - spi: spi-fsl-lpspi: Fix transmissions when using CONT
     - spi: spi-fsl-lpspi: Set correct chip-select polarity bit
     - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
     - drm/bridge: ti-sn65dsi86: fix REFCLK setting
     - perf bpf-event: Fix use-after-free in synthesis
     - clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
     - spi: tegra114: Use value to check for invalid delays
     - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()
     - Linux 5.15.192
 .
   * Jammy update: v5.15.191 upstream stable release (LP: #2125626)
     - pinctrl: STMFX: add missing HAS_IOMEM depe

 linux (5.15.0-160.170) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-160.170 -proposed tracker (LP: #2126548)
 .
   * [Regression Updates] System hangs when loading audit rules
     (5.15.0-156.166) (LP: #2126434)
     - netlink: avoid infinite retry looping in netlink_unicast()
 .

 linux (5.15.0-158.168) jammy; urgency=medium
 .
   * jammy/linux: 5.15.0-158.168 -proposed tracker (LP: #2124104)
 .
   * [UBUNTU 22.04] s390/pci: Handle PCI error codes other than 0x3a
     (LP: #2120344)
     - s390/pci: Handle PCI error codes other than 0x3a
 .
   * sources list generation using dwarfdump takes up to 0.5hr in build process
     (LP: #2104911)
     - [Packaging] Don't generate list of source files
 .
   * CVE-2024-26700
     - drm/amd/display: Fix MST Null Ptr for RV
 .
   * CVE-2023-52593
     - wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
     - wifi: wfx: fix memory leak when starting AP
     - wifi: wfx: repair open network AP mode
 .
   * CVE-2025-38477
     - net/sched: sch_qfq: Fix race condition on qfq_aggregate
     - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
       qfq_delete_class
 .
   * CVE-2025-38617
     - net/packet: fix a race in packet_set_ring() and packet_notifier()
 .
   * CVE-2025-38618
     - vsock: Do not allow binding to VMADDR_PORT_ANY
 .
   * Packaging resync (LP: #1786013)
     - [Packaging] resync git-ubuntu-log