Package "linux-tools-host"

  linux (5.15.0-176.186) jammy; urgency=medium

  * jammy/linux: 5.15.0-176.186 -proposed tracker (LP: #2143539)

  * Jammy update: v5.15.199 upstream stable release (LP: #2143343)
    - nvmet-tcp: remove boilerplate code
    - SAUCE: Fix skb_vlan_inet_prepare() usage
    - net: update netdev_lock_{type,name}
    - vsock/test: add a final full barrier after run all tests
    - net/mlx5e: Restore destroying state bit after profile cleanup
    - selftests: drv-net: fix RPS mask handling for high CPU numbers
    - ASoC: tlv320adcx140: fix word length
    - textsearch: describe @list member in ts_ops search
    - mm, kfence: describe @slab parameter in __kfence_obj_info()
    - dmaengine: xilinx_dma: Fix uninitialized addr_width when
      "xlnx,addrwidth" property is missing
    - phy: broadcom: ns-usb3: Fix Wvoid-pointer-to-enum-cast warning (again)
    - HID: usbhid: paper over wrong bNumDescriptor field
    - ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer
    - x86/kaslr: Recognize all ZONE_DEVICE users as physaddr consumers
    - phy: rockchip: inno-usb2: fix disconnection in gadget mode
    - phy: rockchip: inno-usb2: fix communication disruption in gadget mode
    - phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
    - usb: dwc3: Check for USB4 IP_NAME
    - USB: OHCI/UHCI: Add soft dependencies on ehci_platform
    - USB: serial: option: add Telit LE910 MBIM composition
    - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
    - nvme-pci: disable secondary temp for Wodposit WPBSNM8
    - hrtimer: Fix softirq base check in update_needs_ipi()
    - EDAC/x38: Fix a resource leak in x38_probe1()
    - EDAC/i3200: Fix a resource leak in i3200_probe1()
    - x86/resctrl: Add missing resctrl initialization for Hygon
    - x86/resctrl: Fix memory bandwidth counter width for Hygon
    - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free
    - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
    - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
    - dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all()
    - dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation
    - dmaengine: ti: k3-udma: fix device leak on udma lookup
    - posix-clock: introduce posix_clock_context concept
    - Fix memory leak in posix_clock_open()
    - posix-clock: Store file pointer in struct posix_clock_context
    - ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE.
    - testptp: add option to shift clock by nanoseconds
    - testptp: Add support for testing ptp_clock_info .adjphase callback
    - selftests/ptp: Add -x option for testing PTP_SYS_OFFSET_EXTENDED
    - selftests/ptp: Add -X option for testing PTP_SYS_OFFSET_PRECISE
    - ptp: add testptp mask test
    - selftest/ptp: update ptp selftest to exercise the gettimex options
    - testptp: Add option to open PHC in readonly mode
    - net: usb: dm9601: remove broken SR9700 support
    - amd-xgbe: avoid misleading per-packet error log
    - netlink: add a proto specification for FOU
    - net: fou: rename the source for linking
    - net: fou: use policy and operation tables generated from the spec
    - comedi: dmm32at: serialize use of paged registers
    - w1: fix redundant counter decrement in w1_attach_slave_device()
    - Revert "nfc/nci: Add the inconsistency check between the input data
      length and count"
    - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
    - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
    - scsi: storvsc: Process unsupported MODE_SENSE_10
    - x86/kfence: avoid writing L1TF-vulnerable PTEs
    - staging:iio:adc:ad7280a: Register define cleanup.
    - iio: adc: ad7280a: handle spi_setup() errors in probe()
    - ALSA: usb: Increase volume range that triggers a warning
    - net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M
    - net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue
    - usbnet: limit max_mtu based on device's hard_mtu
    - drm/amd/pm: Don't clear SI SMC table when setting power limit
    - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
    - octeontx2-af: Fix error handling
    - x86: make page fault handling disable interrupts properly
    - of: fix reference count leak in of_alias_scan()
    - iio: adc: ad9467: fix ad9434 vref mask
    - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
    - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
    - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
    - octeontx2: Fix otx2_dma_map_page() error return code
    - slimbus: core: fix runtime PM imbalance on report present
    - perf/x86/intel: Do not enable BTS for guests
    - net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup()
    - net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins()
    - ipv6: use the right ifindex when replying to icmpv6 from localhost
    - ice: stop counting UDP csum mismatch as rx_errors
    - net/mlx5: Add HW definitions of vport debug counters
    - net/mlx5e: Expose rx_oversize_pkts_buffer counter
    - net/mlx5e: Report rx_discards_phy via rx_dropped
    - net/mlx5e: Account for netdev stats in ndo_get_stats64
    - net: bridge: fix static key check
    - scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg()
    - gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler
    - dma/pool: distinguish between missing and exhausted atomic pools
    - ASoC: fsl: imx-card: Do not force slot width to sample width
    - scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo()
    - scsi: qla2xxx: edif: Fix dma_free_coherent() size
    - mptcp: only reset subflow errors when propagated
    - net: Add locking to protect skb->dev access in ip_output
    - comedi: Fix getting range information for subdevices 16 to 255
    - of: platform: Use default match table for /firmware
    - iio: adc: exynos_adc: fix OF populate on driver rebind
    - arm64: dts: rockc

  linux (5.15.0-174.184) jammy; urgency=medium

  * jammy/linux: 5.15.0-174.184 -proposed tracker (LP: #2144218)

  * CVE-2026-23074
    - net/sched: Enforce that teql can only be used as root qdisc

  * CVE-2026-23060
    - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
      spec

  * CVE-2026-23111
    - netfilter: nf_tables: fix inverted genmask check in
      nft_map_catchall_activate()

  * CVE-2025-37849
    - KVM: arm64: vgic: Add a non-locking primitive for
      kvm_vgic_vcpu_destroy()
    - KVM: arm64: Tear down vGIC on failed vCPU creation

 -- Manuel Diewald <email address hidden> Fri, 13 Mar 2026 14:13:17 +0100

  linux (5.15.0-173.183) jammy; urgency=medium

  * Miscellaneous upstream changes
    - apparmor: validate DFA start states are in bounds in unpack_pdb
    - apparmor: fix memory leak in verify_header
    - apparmor: replace recursive profile removal with iterative approach
    - apparmor: fix: limit the number of levels of policy namespaces
    - apparmor: fix side-effect bug in match_char() macro usage
    - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
    - apparmor: Fix double free of ns_name in aa_replace_profiles()
    - apparmor: fix unprivileged local user can do privileged policy
      management
    - apparmor: fix differential encoding verification
    - apparmor: fix race on rawdata dereference
    - apparmor: fix race between freeing data and fs accessing it

 -- Mehmet Basaran <email address hidden> Fri, 06 Mar 2026 16:14:08 +0300

  linux (5.15.0-171.181) jammy; urgency=medium

  * jammy/linux: 5.15.0-171.181 -proposed tracker (LP: #2140905)

  * CVE-2022-49267
    - mmc: core: use sysfs_emit() instead of sprintf()

  * CVE-2025-21780
    - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

 -- Manuel Diewald <email address hidden> Fri, 06 Feb 2026 21:15:39 +0100

  linux (5.15.0-170.180) jammy; urgency=medium

  * jammy/linux: 5.15.0-170.180 -proposed tracker (LP: #2137825)

  * ubuntu_kselftests:_net/net:gre_gso.sh failing (LP: #2136820)
    - SAUCE increase socat timeout in gre_gso.sh

  * CVE-2025-40256
    - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that
      were never added

  * CVE-2025-40215
    - xfrm: delete x->tunnel as we delete x

  * CVE-2025-38248
    - bridge: mcast: Fix use-after-free during router port configuration

  * selftests: net: veth: fix compatibility with older ethtool versions
    (LP: #2136734)
    - SAUCE: selftests: net: veth: use short form gro for ethtool -K
    - SAUCE: selftests: net: veth: accept 0 for unsupported combined channels

  * veth.sh from ubuntu_kselftests_net failed on J-5.15 / N-6.8 (with xdp
    attached - gro flag) (LP: #2065369)
    - selftests: net: veth: test the ability to independently manipulate GRO
      and XDP

  * Jammy update: v5.15.196 upstream stable release (LP: #2134182)
    - r8152: add error handling in rtl8152_driver_init
    - jbd2: ensure that all ongoing I/O complete before freeing blocks
    - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already
      running
    - media: s5p-mfc: remove an unused/uninitialized variable
    - media: rc: Directly use ida_free()
    - media: lirc: Fix error handling in lirc_register()
    - blk-crypto: fix missing blktrace bio split events
    - drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in
      functions
    - drm/exynos: exynos7_drm_decon: properly clear channels during bind
    - drm/exynos: exynos7_drm_decon: remove ctx->suspended
    - crypto: rockchip - Fix dma_unmap_sg() nents value
    - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay
    - HID: multitouch: fix sticky fingers
    - dax: skip read lock assertion for read-only filesystems
    - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable()
    - net: dlink: handle dma_map_single() failure properly
    - doc: fix seg6_flowlabel path
    - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H
    - amd-xgbe: Avoid spurious link down messages during interface toggle
    - tcp: fix tcp_tso_should_defer() vs large RTT
    - tg3: prevent use of uninitialized remote_adv and local_adv variables
    - splice, net: Add a splice_eof op to file-ops and socket-ops
    - net: tls: wait for async completion on last message
    - tls: wait for async encrypt in case of error during latter iterations of
      sendmsg
    - tls: always set record_type in tls_process_cmsg
    - tls: don't rely on tx_work during send()
    - net: usb: use eth_hw_addr_set() instead of ether_addr_copy()
    - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address
    - net: usb: lan78xx: fix use of improperly initialized dev->chipid in
      lan78xx_reset
    - riscv: kprobes: Fix probe address validation
    - drm/amd/powerplay: Fix CIK shutdown temperature
    - sched/balancing: Rename newidle_balance() => sched_balance_newidle()
    - sched/fair: Fix pelt lost idle time detection
    - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
    - PCI/sysfs: Ensure devices are powered for config reads (part 2)
    - exec: Fix incorrect type for ret
    - nios2: ensure that memblock.current_limit is set when setting pfn limits
    - hfs: clear offset and space out of valid records in b-tree node
    - hfs: make proper initalization of struct hfs_find_data
    - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
    - hfs: validate record offset in hfsplus_bmap_alloc
    - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
    - dlm: check for defined force value in dlm_lockspace_release
    - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
    - hfsplus: return EIO when type of hidden directory mismatch in
      hfsplus_fill_super()
    - m68k: bitops: Fix find_*_bit() signatures
    - net: rtnetlink: add helper to extract msg type's kind
    - net: rtnetlink: use BIT for flag values
    - net: netlink: add NLM_F_BULK delete request modifier
    - net: rtnetlink: add bulk delete support flag
    - net: add ndo_fdb_del_bulk
    - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del
    - rtnetlink: Allow deleting FDB entries in user namespace
    - net: enetc: correct the value of ENETC_RXB_TRUESIZE
    - dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path
    - arm64, mm: avoid always making PTE dirty in pte_mkwrite()
    - sctp: avoid NULL dereference when chunk data buffer is missing
    - net: bonding: fix possible peer notify event loss or dup issue
    - Revert "cpuidle: menu: Avoid discarding useful information"
    - MIPS: Malta: Fix keyboard resource preventing i8042 driver from
      registering
    - ocfs2: clear extent cache after moving/defragmenting extents
    - vsock: fix lock inversion in vsock_assign_transport()
    - net: usb: rtl8150: Fix frame padding
    - net: ravb: Ensure memory write completes before ringing TX doorbell
    - USB: serial: option: add UNISOC UIS7720
    - USB: serial: option: add Quectel RG255C
    - USB: serial: option: add Telit FN920C04 ECM compositions
    - usb/core/quirks: Add Huawei ME906S to wakeup quirk
    - usb: raw-gadget: do not limit transfer length
    - xhci: dbc: enable back DbC in resume if it was enabled before suspend
    - binder: remove "invalid inc weak" check
    - mei: me: add wildcat lake P DID
    - most: usb: Fix use-after-free in hdm_disconnect
    - most: usb: hdm_probe: Fix calling put_device() before device
      initialization
    - serial: 8250_exar: add support for Advantech 2 port card with Device ID
      0x0018
    - arm64: cputype: Add Neoverse-V3AE definitions
    - arm64: errata: Apply workarounds for Neoverse-V3AE
    - s390/cio: Update purge function to unregister the unused subchannels
    - xfs: rename the old_crc variable in xlog_recover_process
    - xfs