Package "linux-hwe-6.8"

  linux-hwe-6.8 (6.8.0-40.40~22.04.3) jammy; urgency=medium

  * jammy/linux-hwe-6.8: 6.8.0-40.40~22.04.3 -proposed tracker (LP: #2075181)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.hwe-6.8/dkms-versions -- update from kernel-versions
      (main/2024.07.08)

  * Linux 6.8 fails to boot on ARM64 if any param is more than 146 chars
    (LP: #2069534)
    - SAUCE: arm64: v6.8: cmdline param >= 146 chars kills kernel

  * revert support for arbitrary symbol length in modversion in hwe kernels
    (LP: #2039010)
    - Revert "UBUNTU: SAUCE: modpost: Replace 0-length array with flex-array
      member"
    - Revert "UBUNTU: SAUCE: allows to enable Rust with modversions"
    - Revert "UBUNTU: SAUCE: modpost: support arbitrary symbol length in
      modversion"

  linux-hwe-6.8 (6.8.0-39.39~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.8: 6.8.0-39.39~22.04.1 -proposed tracker (LP: #2071982)

  [ Ubuntu: 6.8.0-39.39 ]

  * noble/linux: 6.8.0-39.39 -proposed tracker (LP: #2071983)
  * CVE-2024-25742
    - x86/sev: Harden #VC instruction emulation somewhat
    - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler
  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35984
    - i2c: smbus: fix NULL function pointer dereference
  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35990
    - dma: xilinx_dpdma: Fix locking
  * Noble update: v6.8.9 upstream stable release (LP: #2070337) //
    CVE-2024-35997
    - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
  * CVE-2024-36016
    - tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
  * CVE-2024-36008
    - ipv4: check for NULL idev in ip_route_use_hint()
  * CVE-2024-35992
    - phy: marvell: a3700-comphy: Fix out of bounds read

 -- Stefan Bader <email address hidden> Wed, 10 Jul 2024 15:42:33 +0200

  linux-hwe-6.8 (6.8.0-38.38~22.04.1) jammy; urgency=medium

  * jammy/linux-hwe-6.8: 6.8.0-38.38~22.04.1 -proposed tracker (LP: #2068734)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.hwe-6.8/dkms-versions -- update from kernel-versions
      (main/2024.06.10)

  * Noble update: v6.8.7 upstream stable release (LP: #2065912)
    - [Config] hwe-6.8: Change BHI mitigation to always enabled

  [ Ubuntu: 6.8.0-38.38 ]

  * noble/linux: 6.8.0-38.38 -proposed tracker (LP: #2068318)
  * race_sched in ubuntu_stress_smoke_test will cause kernel panic on 6.8 with
    Azure Standard_A2_v2 instance (LP: #2068024)
    - sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
  * Noble: btrfs: re-introduce 'norecovery' mount option (LP: #2068591)
    - btrfs: re-introduce 'norecovery' mount option
  * Fix system hang while entering suspend with AMD Navi3x graphics
    (LP: #2063417)
    - drm/amdgpu/mes: fix use-after-free issue
  * Noble update: v6.8.8 upstream stable release (LP: #2068087)
    - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64()
      failure
    - drm/i915/cdclk: Fix voltage_level programming edge case
    - Revert "vmgenid: emit uevent when VMGENID updates"
    - SUNRPC: Fix rpcgss_context trace event acceptor field
    - selftests/ftrace: Limit length in subsystem-enable tests
    - random: handle creditable entropy from atomic process context
    - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING
    - net: usb: ax88179_178a: avoid writing the mac address before first reading
    - btrfs: do not wait for short bulk allocation
    - btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer
    - r8169: fix LED-related deadlock on module removal
    - r8169: add missing conditional compiling for call to r8169_remove_leds
    - scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5
    - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
    - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
    - netfilter: br_netfilter: skip conntrack input hook for promisc packets
    - netfilter: nft_set_pipapo: constify lookup fn args where possible
    - netfilter: nft_set_pipapo: walk over current view on netlink dump
    - netfilter: flowtable: validate pppoe header
    - netfilter: flowtable: incorrect pppoe tuple
    - af_unix: Call manage_oob() for every skb in unix_stream_read_generic().
    - af_unix: Don't peek OOB data without MSG_OOB.
    - net: sparx5: flower: fix fragment flags handling
    - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation
    - net/mlx5: Restore mistakenly dropped parts in register devlink flow
    - net/mlx5e: Prevent deadlock while disabling aRFS
    - net: change maximum number of UDP segments to 128
    - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation
    - selftests/tcp_ao: Make RST tests less flaky
    - selftests/tcp_ao: Zero-init tcp_ao_info_opt
    - selftests/tcp_ao: Fix fscanf() call for format-security
    - selftests/tcp_ao: Printing fixes to confirm with format-security
    - net: stmmac: Apply half-duplex-less constraint for DW QoS Eth only
    - net: stmmac: Fix max-speed being ignored on queue re-init
    - net: stmmac: Fix IP-cores specific MAC capabilities
    - ice: tc: check src_vsi in case of traffic from VF
    - ice: tc: allow zero flags in parsing tc flower
    - ice: Fix checking for unsupported keys on non-tunnel device
    - tun: limit printing rate when illegal packet received by tun dev
    - net: dsa: mt7530: fix mirroring frames received on local port
    - net: dsa: mt7530: fix port mirroring for MT7988 SoC switch
    - s390/ism: Properly fix receive message buffer allocation
    - netfilter: nf_tables: missing iterator type in lookup walk
    - netfilter: nf_tables: restore set elements when delete set fails
    - gpiolib: swnode: Remove wrong header inclusion
    - netfilter: nf_tables: fix memleak in map from abort path
    - net/sched: Fix mirred deadlock on device recursion
    - net: ethernet: mtk_eth_soc: fix WED + wifi reset
    - ravb: Group descriptor types used in Rx ring
    - net: ravb: Count packets instead of descriptors in R-Car RX path
    - net: ravb: Allow RX loop to move past DMA mapping errors
    - net: ethernet: ti: am65-cpsw-nuss: cleanup DMA Channels before using them
    - NFSD: fix endianness issue in nfsd4_encode_fattr4
    - RDMA/rxe: Fix the problem "mutex_destroy missing"
    - RDMA/cm: Print the old state when cm_destroy_id gets timeout
    - RDMA/mlx5: Fix port number for counter query in multi-port configuration
    - perf annotate: Make sure to call symbol__annotate2() in TUI
    - perf lock contention: Add a missing NULL check
    - s390/qdio: handle deferred cc1
    - s390/cio: fix race condition during online processing
    - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest
    - iommufd: Add config needed for iommufd_fail_nth
    - drm: nv04: Fix out of bounds access
    - drm/v3d: Don't increment `enabled_ns` twice
    - userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE
    - thunderbolt: Introduce tb_port_reset()
    - thunderbolt: Introduce tb_path_deactivate_hop()
    - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4
      routers
    - thunderbolt: Reset topology created by the boot firmware
    - drm/panel: visionox-rm69299: don't unregister DSI device
    - drm/radeon: make -fstrict-flex-arrays=3 happy
    - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4
    - thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
    - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes
    - interconnect: qcom: x1e80100: Remove inexistent ACV_PERF BCM
    - interconnect: Don't access req_list while it's being manipulated
    - clk: Remove prepare_lock hold assertion in __clk_release()
    - clk: Initialize struct clk_core kref earlier
    - clk: Get ru