Package "linux-tools-common"

  linux (5.15.0-153.163) jammy; urgency=medium

  * jammy/linux: 5.15.0-153.163 -proposed tracker (LP: #2119877)

  * CVE-2024-57996 // CVE-2025-37752
    - net_sched: sch_sfq: annotate data-races around q->perturb_period
    - net_sched: sch_sfq: handle bigger packets
    - net_sched: sch_sfq: don't allow 1 packet limit
    - net_sched: sch_sfq: use a temporary work area for validating
      configuration
    - net_sched: sch_sfq: move the limit validation

  * CVE-2025-38350
    - net/sched: Always pass notifications when child class becomes empty

  * CVE-2024-27407
    - fs/ntfs3: Fixed overflow check in mi_enum_attr()

  * watchdog: BUG: soft lockup - CPU#6 stuck for 5718s! [wdavdaemon:1134] with
    5.15.0-144-generic (LP: #2118407)
    - fs/proc: do_task_stat: use __for_each_thread()

 -- Manuel Diewald <email address hidden> Thu, 07 Aug 2025 16:45:02 +0200

  linux (5.15.0-152.162) jammy; urgency=medium

  * jammy/linux: 5.15.0-152.162 -proposed tracker (LP: #2117618)

  * [UBUNTU 22.04] kernel: Fix z17 elf platform recognition (LP: #2114450)
    - s390: add z16 elf platform
    - s390: Add z17 elf platform

  * Jammy update: v5.15.185 upstream stable release (LP: #2115240)
    - dma-mapping: avoid potential unused data compilation warning
    - cgroup: Fix compilation issue due to cgroup_mutex not being exported
    - net: enetc: refactor bulk flipping of RX buffers to separate function
    - bpf: fix possible endless loop in BPF map iteration
    - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora
    - kconfig: merge_config: use an empty file as initfile
    - NFSv4: Check for delegation validity in
      nfs_start_delegation_return_locked()
    - tracing: Mark binary printing functions with __printf() attribute
    - mailbox: use error ret code of of_parse_phandle_with_args()
    - fbdev: fsl-diu-fb: add missing device_remove_file()
    - fbcon: Use correct erase colour for clearing in fbcon
    - fbdev: core: tileblit: Implement missing margin clearing for tileblit
    - NFSv4: Treat ENETUNREACH errors as fatal for state recovery
    - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting
    - SUNRPC: rpcbind should never reset the port to the value '0'
    - thermal/drivers/qoriq: Power down TMU on system suspend
    - dql: Fix dql->limit value when reset.
    - lockdep: Fix wait context check on softirq for PREEMPT_RT
    - PCI: dwc: ep: Ensure proper iteration over outbound map windows
    - tools/build: Don't pass test log files to linker
    - pNFS/flexfiles: Report ENETDOWN as a connection error
    - PCI: vmd: Disable MSI remapping bypass under Xen
    - mmc: host: Wait for Vdd to settle on card power off
    - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2
    - i2c: qup: Vote for interconnect bandwidth to DRAM
    - i2c: pxa: fix call balance of i2c->clk handling routines
    - btrfs: make btrfs_discard_workfn() block_group ref explicit
    - btrfs: avoid linker error in btrfs_find_create_tree_block()
    - btrfs: get zone unusable bytes while holding lock at
      btrfs_reclaim_bgs_work()
    - btrfs: send: return -ENAMETOOLONG when attempting a path that is too
      long
    - i3c: master: svc: Fix missing STOP for master request
    - dlm: make tcp still work in multi-link env
    - um: Store full CSGSFS and SS register from mcontext
    - um: Update min_low_pfn to match changes in uml_reserved
    - ext4: reorder capability check last
    - scsi: st: Tighten the page format heuristics with MODE SELECT
    - scsi: st: ERASE does not change tape location
    - vfio/pci: Handle INTx IRQ_NOTCONNECTED
    - tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()
    - rtc: rv3032: fix EERD location
    - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect
    - kbuild: fix argument parsing in scripts/config
    - crypto: octeontx2 - suppress auth failure screaming due to negative
      tests
    - dm: restrict dm device size to 2^63-512 bytes
    - xen: Add support for XenServer 6.1 platform device
    - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject()
    - posix-timers: Add cond_resched() to posix_timer_add() search loop
    - timer_list: Don't use %pK through printk()
    - netfilter: conntrack: Bound nf_conntrack sysctl writes
    - arm64/mm: Check PUD_TYPE_TABLE in pud_bad()
    - mmc: sdhci: Disable SD card clock before changing parameters
    - ipv6: save dontfrag in cork
    - auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct
      hd44780_common"
    - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup()
    - cpufreq: tegra186: Share policy per cluster
    - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator
    - powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7
    - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc()
    - rtc: ds1307: stop disabling alarms on probe
    - ieee802154: ca8210: Use proper setters and getters for bitwise types
    - ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114
    - media: c8sectpfe: Call of_node_put(i2c_bus) only once in
      c8sectpfe_probe()
    - remoteproc: qcom_wcnss: Handle platforms with only single power domain
    - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c
    - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
    - net: ethernet: ti: cpsw_new: populate netdev of_node
    - net: pktgen: fix mpls maximum labels list parsing
    - ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config().
    - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map
    - clk: imx8mp: inform CCF of maximum frequency of clocks
    - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2
    - hwmon: (gpio-fan) Add missing mutex locks
    - ARM: at91: pm: fix at91_suspend_finish for ZQ calibration
    - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence
    - fpga: altera-cvp: Increase credit timeout
    - PCI: brcmstb: Expand inbound window size up to 64GB
    - PCI: brcmstb: Add a softdep to MIP MSI-X driver
    - net/mlx5: Avoid report two health errors on same syndrome
    - selftests/net: have `gro.sh -t` return a correct exit code
    - drm/amdkfd: KFD release_work possible circular locking
    - net: xgene-v2: remove incorrect ACPI_PTR annotation
    - bonding: report duplicate MAC address in all situations
    - soc: ti: k3-socinfo: Do not use syscon helper to build regmap
    - x86/build: Fix broken copy command in genimage.sh when making isoimage
    - drm/amd/display: handle max_downscale_src_width fail check
    - x86/nmi: Add an emergency handler in nmi_desc & use it in
      nmi_shootdown_cpus()
    - cpuidle: menu: Avoid discarding useful information
    - libbpf: Fix out-of-bound read
    - x86/kaslr: Reduce KASLR entropy on mo

  linux (5.15.0-151.161) jammy; urgency=medium

  * jammy/linux: 5.15.0-151.161 -proposed tracker (LP: #2117499)

  * raid10: block discard causes a NULL pointer dereference after
    5.15.0-144-generic (LP: #2117395)
    - md: move initialization and destruction of 'io_acct_set' to md.c

  linux (5.15.0-144.157) jammy; urgency=medium

  * jammy/linux: 5.15.0-144.157 -proposed tracker (LP: #2114581)

  * cifs: NULL pointer dereference in refresh_cache_worker (LP: #2112440)
    - cifs: fix NULL ptr dereference in refresh_mounts()

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581)
    - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
    - tracing: probes: Fix a possible race in trace_probe_log APIs
    - iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
    - iio: chemical: sps30: use aligned_s64 for timestamp
    - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug
    - nfs: handle failure of nfs_get_lock_context in unlock path
    - spi: loopback-test: Do not split 1024-byte hexdumps
    - net: cadence: macb: Fix a possible deadlock in macb_halt_tx.
    - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING
    - ALSA: sh: SND_AICA should depend on SH_DMA_API
    - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()
    - NFSv4/pnfs: Reset the layout state after a layoutreturn
    - x86,nospec: Simplify {JMP,CALL}_NOSPEC
    - x86/speculation: Simplify and make CALL_NOSPEC consistent
    - x86/speculation: Add a conditional CS prefix to CALL_NOSPEC
    - x86/speculation: Remove the extra #ifdef around CALL_NOSPEC
    - Documentation: x86/bugs/its: Add ITS documentation
    - x86/its: Enumerate Indirect Target Selection (ITS) bug
    - x86/its: Add support for ITS-safe indirect thunk
    - [Config] enable ITS mitigation
    - x86/alternative: Optimize returns patching
    - x86/alternatives: Remove faulty optimization
    - x86/its: Add support for ITS-safe return thunk
    - x86/its: Enable Indirect Target Selection mitigation
    - x86/its: Add "vmexit" option to skip mitigation on some CPUs
    - x86/its: Align RETs in BHB clear sequence to avoid thunking
    - x86/its: Use dynamic thunks for indirect branches
    - x86/its: Fix build errors when CONFIG_MODULES=n
    - x86/its: FineIBT-paranoid vs ITS
    - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when
      interrupted"
    - btrfs: fix discard worker infinite loop after disabling discard
    - ACPI: PPTT: Fix processor subtable walk
    - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()
    - ALSA: usb-audio: Add sample rate quirk for Audioengine D1
    - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera
    - ftrace: Fix preemption accounting for stacktrace trigger command
    - ftrace: Fix preemption accounting for stacktrace filter command
    - tracing: samples: Initialize trace_array_printk() with the correct
      function
    - phy: Fix error handling in tegra_xusb_port_init
    - phy: renesas: rcar-gen3-usb2: Set timing registers only once
    - wifi: mt76: disable napi on driver removal
    - dmaengine: ti: k3-udma: Add missing locking
    - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure
      instead of a local copy
    - dmaengine: idxd: fix memory leak in error handling path of
      idxd_setup_engines
    - dmaengine: idxd: fix memory leak in error handling path of
      idxd_setup_groups
    - block: fix direct io NOWAIT flag not work
    - clocksource/i8253: Use raw_spinlock_irqsave() in
      clockevent_i8253_disable()
    - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control()
    - selftests/mm: compaction_test: support platform with huge mount of
      memory
    - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx
    - netfilter: nf_tables: wait for rcu grace period on net_device removal
    - netfilter: nf_tables: do not defer rule destruction via call_rcu
    - x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
    - Linux 5.15.184

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2022-49063
    - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2022-49168
    - btrfs: do not clean up repair bio if submit fails

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2024-46751
    - btrfs: don't BUG_ON() when 0 reference count at
      btrfs_lookup_extent_info()

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2025-22062
    - sctp: add mutual exclusion in proc_sctp_do_udp_port()

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2024-53203
    - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2024-35790
    - usb: typec: altmodes/displayport: create sysfs nodes as driver's default
      device attribute group

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2025-37967
    - usb: typec: ucsi: displayport: Fix deadlock

  * Jammy update: v5.15.184 upstream stable release (LP: #2112581) //
    CVE-2025-37992
    - net_sched: Flush gso_skb list too during ->change()

  * Mounting btrfs LVM volumes changes mountpoint location and breaks lsblk
    output (LP: #2107516)
    - SAUCE: Revert "btrfs: avoid unnecessary device path update for the same
      device"

  * Jammy update: v5.15.183 upstream stable release (LP: #2111705)
    - can: mcan: m_can_class_unregister(): fix order of unregistration calls
    - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls
    - openvswitch: Fix unsafe attribute parsing in output_userspace()
    - gre: Fix again IPv6 link-local address generation.
    - can: gw: use call_rcu() instead of costly synchronize_rcu()
    - rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep()
    - can: gw: fix RCU/BH usage in cgw_create_job()
    - net: dsa: b53: allow leaky reserved multicast
    - net: dsa: b53: fix clearing PVID of a port
    - net: dsa: b53: fix flushing old pvid VLAN on pvid change
    - net: dsa: b53: fix VLAN ID for unt

  linux (5.15.0-143.153) jammy; urgency=medium

  * jammy/linux: 5.15.0-143.153 -proposed tracker (LP: #2114401)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update annotations scripts

  * CVE-2024-53051
    - drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability

  * CVE-2024-46787
    - userfaultfd: fix checks for huge PMDs

  * CVE-2025-37890
    - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
      qdisc
    - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
    - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

  * CVE-2025-37997
    - netfilter: ipset: fix region locking in hash types

  * CVE-2025-37798
    - sch_htb: make htb_qlen_notify() idempotent
    - sch_htb: make htb_deactivate() idempotent
    - sch_drr: make drr_qlen_notify() idempotent
    - sch_hfsc: make hfsc_qlen_notify() idempotent
    - sch_qfq: make qfq_qlen_notify() idempotent
    - sch_ets: make est_qlen_notify() idempotent
    - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()

  * CVE-2025-37750
    - smb: client: fix UAF in decryption with multichannel

  * CVE-2024-53185
    - smb: client: fix NULL ptr deref in crypto_aead_setkey()

  * CVE-2024-50047
    - smb: client: fix UAF in async decryption

 -- Manuel Diewald <email address hidden> Fri, 13 Jun 2025 18:39:23 +0200