Package "linux-libc-dev"

  linux (5.15.0-166.176) jammy; urgency=medium

  * jammy/linux: 5.15.0-166.176 -proposed tracker (LP: #2135905)

  * veth.sh from ubuntu_kselftests_net failed on J-5.15 / N-6.8 (with xdp
    attached - gro flag) (LP: #2065369)
    - selftests: net: veth: test the ability to independently manipulate GRO
      and XDP

  * Black screen when booting 5.15.0-160 (on AMD Lucienne / Cezanne / Navi /
    Renoir / Rembrandt) (LP: #2128729)
    - SAUCE: drm/amd/display: Fix incorrect code path taken in
      amdgpu_dm_atomic_check()

  * Jammy update: v5.15.196 upstream stable release (LP: #2134182)
    - r8152: add error handling in rtl8152_driver_init
    - jbd2: ensure that all ongoing I/O complete before freeing blocks
    - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already
      running
    - media: s5p-mfc: remove an unused/uninitialized variable
    - media: rc: Directly use ida_free()
    - media: lirc: Fix error handling in lirc_register()
    - blk-crypto: fix missing blktrace bio split events
    - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in
      functions
    - drm/exynos: exynos7_drm_decon: properly clear channels during bind
    - drm/exynos: exynos7_drm_decon: remove ctx->suspended
    - crypto: rockchip - Fix dma_unmap_sg() nents value
    - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay
    - HID: multitouch: fix sticky fingers
    - dax: skip read lock assertion for read-only filesystems
    - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable()
    - net: dlink: handle dma_map_single() failure properly
    - doc: fix seg6_flowlabel path
    - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H
    - amd-xgbe: Avoid spurious link down messages during interface toggle
    - tcp: fix tcp_tso_should_defer() vs large RTT
    - tg3: prevent use of uninitialized remote_adv and local_adv variables
    - splice, net: Add a splice_eof op to file-ops and socket-ops
    - net: tls: wait for async completion on last message
    - tls: wait for async encrypt in case of error during latter iterations of
      sendmsg
    - tls: always set record_type in tls_process_cmsg
    - tls: don't rely on tx_work during send()
    - net: usb: use eth_hw_addr_set() instead of ether_addr_copy()
    - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address
    - net: usb: lan78xx: fix use of improperly initialized dev->chipid in
      lan78xx_reset
    - riscv: kprobes: Fix probe address validation
    - drm/amd/powerplay: Fix CIK shutdown temperature
    - sched/balancing: Rename newidle_balance() => sched_balance_newidle()
    - sched/fair: Fix pelt lost idle time detection
    - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
    - PCI/sysfs: Ensure devices are powered for config reads (part 2)
    - exec: Fix incorrect type for ret
    - nios2: ensure that memblock.current_limit is set when setting pfn limits
    - hfs: clear offset and space out of valid records in b-tree node
    - hfs: make proper initalization of struct hfs_find_data
    - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
    - hfs: validate record offset in hfsplus_bmap_alloc
    - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
    - dlm: check for defined force value in dlm_lockspace_release
    - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
    - hfsplus: return EIO when type of hidden directory mismatch in
      hfsplus_fill_super()
    - m68k: bitops: Fix find_*_bit() signatures
    - net: rtnetlink: add helper to extract msg type's kind
    - net: rtnetlink: use BIT for flag values
    - net: netlink: add NLM_F_BULK delete request modifier
    - net: rtnetlink: add bulk delete support flag
    - net: add ndo_fdb_del_bulk
    - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del
    - rtnetlink: Allow deleting FDB entries in user namespace
    - net: enetc: correct the value of ENETC_RXB_TRUESIZE
    - dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
    - arm64, mm: avoid always making PTE dirty in pte_mkwrite()
    - sctp: avoid NULL dereference when chunk data buffer is missing
    - net: bonding: fix possible peer notify event loss or dup issue
    - Revert "cpuidle: menu: Avoid discarding useful information"
    - MIPS: Malta: Fix keyboard resource preventing i8042 driver from
      registering
    - ocfs2: clear extent cache after moving/defragmenting extents
    - vsock: fix lock inversion in vsock_assign_transport()
    - net: usb: rtl8150: Fix frame padding
    - net: ravb: Ensure memory write completes before ringing TX doorbell
    - USB: serial: option: add UNISOC UIS7720
    - USB: serial: option: add Quectel RG255C
    - USB: serial: option: add Telit FN920C04 ECM compositions
    - usb/core/quirks: Add Huawei ME906S to wakeup quirk
    - usb: raw-gadget: do not limit transfer length
    - xhci: dbc: enable back DbC in resume if it was enabled before suspend
    - binder: remove "invalid inc weak" check
    - mei: me: add wildcat lake P DID
    - most: usb: Fix use-after-free in hdm_disconnect
    - most: usb: hdm_probe: Fix calling put_device() before device
      initialization
    - serial: 8250_exar: add support for Advantech 2 port card with Device ID
      0x0018
    - arm64: cputype: Add Neoverse-V3AE definitions
    - arm64: errata: Apply workarounds for Neoverse-V3AE
    - s390/cio: Update purge function to unregister the unused subchannels
    - xfs: rename the old_crc variable in xlog_recover_process
    - xfs: fix log CRC mismatches between i386 and other architectures
    - NFSD: Rework encoding and decoding of nfsd4_deviceid
    - NFSD: Minor cleanup in layoutcommit processing
    - NFSD: Fix last write offset handling in layoutcommit
    - iio: imu: inv_icm42600: use = { } instead of memset()
    - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime
      suspended
    - PM: runtime: Add new devm functions
    

  linux (5.15.0-165.175) jammy; urgency=medium

  * jammy/linux: 5.15.0-165.175 -proposed tracker (LP: #2132307)

  * CAP_PERFMON insufficient to get perf data (LP: #2131046)
    - SAUCE: perf/core: Allow CAP_PERFMON for paranoid level 4

  * Jammy Linux: Introduced Warning with CVE-2024-53090 fix (LP: #2130553)
    - SAUCE: Remove warning introduced during CVE-2024-53090 fix

  * [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
    namespaces (LP: #2121257)
    - apparmor: shift ouid when mediating hard links in userns
    - apparmor: shift uid when mediating af_unix in userns

  * i40e driver is triggering VF resets on every link state change
    (LP: #2130552)
    - i40e: avoid redundant VF link state updates

  * Jammy update: v5.15.194 upstream stable release (LP: #2127866)
    - Revert "fbdev: Disable sysfb device registration when removing
      conflicting FBs"
    - xfs: short circuit xfs_growfs_data_private() if delta is zero
    - kunit: kasan_test: disable fortify string checker on kasan_strings()
      test
    - mm: introduce and use {pgd,p4d}_populate_kernel()
    - media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning
    - media: i2c: imx214: Fix link frequency validation
    - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.
    - tracing: Do not add length to print format in synthetic events
    - mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
    - flexfiles/pNFS: fix NULL checks on result of
      ff_layout_choose_ds_for_read
    - NFSv4: Don't clear capabilities that won't be reset
    - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
    - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server
    - tracing: Fix tracing_marker may trigger page fault during
      preempt_disable
    - NFSv4/flexfiles: Fix layout merge mirror check.
    - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to
      allocate psock->cork.
    - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
    - KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func()
    - KVM: SVM: Set synthesized TSA CPUID flags
    - EDAC/altera: Delete an inappropriate dma_free_coherent() call
    - compiler-clang.h: define __SANITIZE_*__ macros only when undefined
    - ocfs2: fix recursive semaphore deadlock in fiemap call
    - mtd: rawnand: stm32_fmc2: fix ECC overwrite
    - fuse: check if copy_file_range() returns larger than requested size
    - fuse: prevent overflow in copy_file_range return value
    - libceph: fix invalid accesses to ceph_connection_v1_info
    - mm/khugepaged: fix the address passed to notifier on testing young
    - mtd: nand: raw: atmel: Fix comment in timings preparation
    - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
    - mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check
    - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
    - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk
      table
    - tty: hvc_console: Call hvc_kick in hvc_write unconditionally
    - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks
    - USB: serial: option: add Telit Cinterion FN990A w/audio compositions
    - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
    - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
    - tunnels: reset the GSO metadata before reusing the skb
    - igb: fix link test skipping when interface is admin down
    - genirq: Provide new interfaces for affinity hints
    - i40e: Use irq_update_affinity_hint()
    - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
    - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when
      j1939_local_ecu_get() failed
    - can: j1939: j1939_local_ecu_get(): undo increment when
      j1939_local_ecu_get() fails
    - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted
      SKB
    - net: hsr: Disable promiscuous mode in offload mode
    - net: hsr: Add support for MC filtering at the slave device
    - net: hsr: Add VLAN CTAG filter support
    - hsr: use rtnl lock when iterating over ports
    - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr
    - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
    - regulator: sy7636a: fix lifecycle of power good gpio
    - hrtimer: Remove unused function
    - hrtimer: Rename __hrtimer_hres_active() to hrtimer_hres_active()
    - hrtimers: Unconditionally update target CPU base after offline timer
      migration
    - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
    - phy: tegra: xusb: fix device and OF node leak at probe
    - phy: ti-pipe3: fix device leak at unbind
    - soc: qcom: mdt_loader: Deal with zero e_shentsize
    - drm/amdgpu: fix a memory leak in fence cleanup when unloading
    - drm/i915/power: fix size for for_each_set_bit() in abox iteration
    - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison
      memory
    - net: hsr: hsr_slave: Fix the promiscuous mode in offload mode
    - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is
      not supported
    - wifi: mac80211: fix incorrect type for ret
    - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section
      mismatch
    - cgroup: split cgroup_destroy_wq into 3 workqueues
    - um: virtio_uml: Fix use-after-free after put_device in probe
    - dpaa2-switch: fix buffer pool seeding for control traffic
    - qed: Don't collect too many protection override GRC elements
    - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure
    - i40e: remove redundant memory barrier when cleaning Tx descs
    - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().
    - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
    - net: liquidio: fix overflow in octeon_init_instr_queue()
    - cnic: Fix use-aft

  linux (5.15.0-163.173) jammy; urgency=medium

  * jammy/linux: 5.15.0-163.173 -proposed tracker (LP: #2127867)

  * Add pvpanic kernel modules to linux-modules (LP: #2126659)
    - [Packaging] Add pvpanic kernel modules to linux-modules

  * Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
    kernel and console (LP: #2123815)
    - SAUCE: fix: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record
      for multiple object contexts

  * Hung task when heavily accessing kernfs files (LP: #2125142)
    - kernfs: switch global kernfs_rwsem lock to per-fs lock
    - kernfs: dont take i_lock on inode attr read
    - kernfs: move struct kernfs_root out of the public view.
    - kernfs: Introduce separate rwsem to protect inode attributes.
    - kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info.
    - kernfs: change kernfs_rename_lock into a read-write lock.
    - kernfs: prevent early freeing of root node
    - kernfs: remove redundant kernfs_rwsem declaration.
    - kernfs: fix NULL dereferencing in kernfs_remove
    - kernfs: fix potential NULL dereference in __kernfs_remove
    - kernfs: fix missing kernfs_iattr_rwsem locking

  * ensure mptcp keepalives are honored when set (LP: #2125444)
    - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN

  * UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer
    dereference (LP: #2125053)
    - SAUCE: fan: vxlan: check memory allocation for map

  * Jammy update: v5.15.193 upstream stable release (LP: #2127112)
    - [Config] enable CONFIG_MITIGATION_VMSCAPE
    - Linux 5.15.193

  * Jammy update: v5.15.192 upstream stable release (LP: #2126782)
    - bpf: Add cookie object to bpf maps
    - bpf: Move cgroup iterator helpers to bpf.h
    - bpf: Move bpf map owner out of common struct
    - bpf: Fix oob access in cgroup local storage
    - drm/amd/display: Don't warn when missing DCE encoder caps
    - fs: writeback: fix use-after-free in __mark_inode_dirty()
    - tee: fix NULL pointer dereference in tee_shm_put
    - arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro
    - wifi: cfg80211: fix use-after-free in cmp_bss()
    - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in()
      after confirm
    - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
    - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
    - xirc2ps_cs: fix register access when enabling FullDuplex
    - mISDN: Fix memory leak in dsp_hwec_enable()
    - icmp: fix icmp_ndo_send address translation for reply direction
    - i40e: Fix potential invalid access when MAC list is empty
    - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets
    - wifi: cw1200: cap SSID length in cw1200_do_join()
    - wifi: libertas: cap SSID len in lbs_associate()
    - net: thunder_bgx: add a missing of_node_put
    - net: thunder_bgx: decrement cleanup index before use
    - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()
    - ax25: properly unshare skbs in ax25_kiss_rcv()
    - net: atm: fix memory leak in atm_register_sysfs when device_register
      fail
    - ppp: fix memory leak in pad_compress_skb
    - ptp: Add generic PTP is_sync() function
    - net: phy: mscc: Fix memory leak when using one step timestamping
    - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock
    - ALSA: usb-audio: Add mute TLV for playback volumes on some devices
    - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()
    - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
      arch_sync_kernel_mappings()
    - mm: move page table sync declarations to linux/pgtable.h
    - wifi: mwifiex: Initialize the chan_stats array to zero
    - drm/amdgpu: drop hw access in non-DC audio fini
    - scsi: lpfc: Fix buffer free/clear order in deferred receive path
    - batman-adv: fix OOB read/write in network-coding decode
    - e1000e: fix heap overflow in e1000_set_eeprom
    - mm/khugepaged: fix ->anon_vma race
    - cpufreq/sched: Explicitly synchronize limits_changed flag handling
    - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
    - spi: tegra114: Remove unnecessary NULL-pointer checks
    - spi: tegra114: Don't fail set_cs_timing when delays are zero
    - iio: chemical: pms7003: use aligned_s64 for timestamp
    - iio: light: opt3001: fix deadlock due to concurrent flag access
    - gpio: pca953x: fix IRQ storm on system wake up
    - dma-buf: insert memory barrier before updating num_fences
    - dmaengine: mediatek: Fix a possible deadlock error in
      mtk_cqdma_tx_status()
    - net: dsa: microchip: update tag_ksz masks for KSZ9477 family
    - net: dsa: microchip: linearize skb for tail-tagging switches
    - vmxnet3: update MTU after device quiesce
    - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs
    - randstruct: gcc-plugin: Remove bogus void member
    - randstruct: gcc-plugin: Fix attribute addition
    - mm/slub: avoid accessing metadata when pointer is invalid in
      object_err()
    - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
    - pcmcia: Add error handling for add_interval() in do_validate_mem()
    - spi: spi-fsl-lpspi: Fix transmissions when using CONT
    - spi: spi-fsl-lpspi: Set correct chip-select polarity bit
    - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
    - drm/bridge: ti-sn65dsi86: fix REFCLK setting
    - perf bpf-event: Fix use-after-free in synthesis
    - clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
    - spi: tegra114: Use value to check for invalid delays
    - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()
    - Linux 5.15.192

  * Jammy update: v5.15.191 upstream stable release (LP: #2125626)
    - pinctrl: STMFX: add missing HAS_IOMEM dependency
    - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump
    - scsi: core: sysfs: Correct sy

  linux (5.15.0-160.170) jammy; urgency=medium

  * jammy/linux: 5.15.0-160.170 -proposed tracker (LP: #2126548)

  * [Regression Updates] System hangs when loading audit rules
    (5.15.0-156.166) (LP: #2126434)
    - netlink: avoid infinite retry looping in netlink_unicast()

  linux (5.15.0-158.168) jammy; urgency=medium

  * jammy/linux: 5.15.0-158.168 -proposed tracker (LP: #2124104)

  * [UBUNTU 22.04] s390/pci: Handle PCI error codes other than 0x3a
    (LP: #2120344)
    - s390/pci: Handle PCI error codes other than 0x3a

  * sources list generation using dwarfdump takes up to 0.5hr in build process
    (LP: #2104911)
    - [Packaging] Don't generate list of source files

  * CVE-2024-26700
    - drm/amd/display: Fix MST Null Ptr for RV

  * CVE-2023-52593
    - wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
    - wifi: wfx: fix memory leak when starting AP
    - wifi: wfx: repair open network AP mode

  * CVE-2025-38477
    - net/sched: sch_qfq: Fix race condition on qfq_aggregate
    - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
      qfq_delete_class

  * CVE-2025-38617
    - net/packet: fix a race in packet_set_ring() and packet_notifier()

  * CVE-2025-38618
    - vsock: Do not allow binding to VMADDR_PORT_ANY

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

 -- Stefan Bader <email address hidden> Tue, 16 Sep 2025 16:14:00 +0200