Package "linux"

  linux (5.15.0-141.151) jammy; urgency=medium

  * jammy/linux: 5.15.0-141.151 -proposed tracker (LP: #2111052)

  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts

  * CVE-2024-56608
    - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

  * CVE-2024-53168
    - net: make sock_inuse_add() available
    - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket

  * CVE-2024-56551
    - drm/amdgpu: fix usage slab after free

 -- Manuel Diewald <email address hidden> Sat, 17 May 2025 22:28:31 +0200

  linux (5.15.0-140.150) jammy; urgency=medium

  * jammy/linux: 5.15.0-140.150 -proposed tracker (LP: #2106996)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.04.14)

  * NFS, overlay, fstab issue after update to kernel 5.15.0-133-generic and -134
    (LP: #2103598)
    - udf: Fix directory iteration for longer tail extents

  * Remove floppy kernel module causes null pointer deference (LP: #2104326)
    - floppy: fix add_disk() assumption on exit due to new developments

  * CVE-2025-21971
    - net_sched: Prevent creation of classes with TC_H_ROOT

  * CVE-2024-56599
    - wifi: ath10k: avoid NULL pointer error during sdio remove

  * CVE-2024-56721
    - x86/CPU/AMD: Terminate the erratum_1386_microcode array

  * Jammy update: v5.15.179 upstream stable release (LP: #2106026)
    - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY
    - afs: Fix directory format encoding struct
    - hung_task: move hung_task sysctl interface to hung_task.c
    - sysctl: use const for typically used max/min proc sysctls
    - sysctl: share unsigned long const values
    - fs: move inode sysctls to its own file
    - fs: move fs stat sysctls to file_table.c
    - fs: fix proc_handler for sysctl_nr_open
    - block: deprecate autoloading based on dev_t
    - block: retry call probe after request_module in blk_request_module
    - pstore/blk: trivial typo fixes
    - nvme: Add error check for xa_store in nvme_get_effects_log
    - partitions: ldm: remove the initial kernel-doc notation
    - select: Fix unbalanced user_access_end()
    - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call
    - sched/psi: Use task->psi_flags to clear in CPU migration
    - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat
    - drm/etnaviv: Fix page property being used for non writecombine buffers
    - genirq: Make handle_enforce_irqctx() unconditionally available
    - wifi: rtlwifi: do not complete firmware loading needlessly
    - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
    - wifi: rtlwifi: wait for firmware loading before releasing memory
    - wifi: rtlwifi: fix init_sw_vars leak when probe fails
    - wifi: rtlwifi: usb: fix workqueue leak when probe fails
    - spi: zynq-qspi: Add check for clk_enable()
    - dt-bindings: mmc: controller: clarify the address-cells description
    - spi: dt-bindings: add schema listing peripheral-specific properties
    - dt-bindings: Another pass removing cases of 'allOf' containing a '$ref'
    - dt-bindings: leds: Add Qualcomm Light Pulse Generator binding
    - dt-bindings: leds: Optional multi-led unit address
    - dt-bindings: leds: Add multicolor PWM LED bindings
    - dt-bindings: leds: class-multicolor: reference class directly in multi-led
      node
    - dt-bindings: leds: class-multicolor: Fix path to color definitions
    - rtlwifi: replace usage of found with dedicated list iterator variable
    - wifi: rtlwifi: remove unused timer and related code
    - wifi: rtlwifi: remove unused dualmac control leftovers
    - wifi: rtlwifi: destroy workqueue at rtl_deinit_core
    - wifi: rtlwifi: pci: wait for firmware loading before releasing memory
    - HID: multitouch: Add support for lenovo Y9000P Touchpad
    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    - HID: multitouch: fix support for Goodix PID 0x01e9
    - regulator: dt-bindings: mt6315: Drop regulator-compatible property
    - ACPI: fan: cleanup resources in the error path of .probe()
    - cpupower: fix TSC MHz calculation
    - dt-bindings: mfd: bd71815: Fix rsense and typos
    - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata()
    - cpufreq: schedutil: Fix superfluous updates caused by need_freq_update
    - clk: imx8mp: Fix clkout1/2 support
    - regulator: of: Implement the unwind path of of_regulator_match()
    - samples/landlock: Fix possible NULL dereference in parse_path()
    - wifi: wlcore: fix unbalanced pm_runtime calls
    - net/smc: fix data error when recvmsg with MSG_PEEK flag
    - landlock: Move filesystem helpers and add a new one
    - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO
    - cpufreq: ACPI: Fix max-frequency computation
    - selftests: harness: fix printing of mismatch values in __EXPECT()
    - wifi: cfg80211: Handle specific BSSID in 6GHz scanning
    - wifi: cfg80211: adjust allocation of colocated AP data
    - clk: analogbits: Fix incorrect calculation of vco rate delta
    - selftests/landlock: Fix error message
    - net/mlxfw: Drop hard coded max FW flash image size
    - netfilter: nft_flow_offload: update tcp state flags under lock
    - tcp_cubic: fix incorrect HyStart round start detection
    - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind
    - libbpf: Fix segfault due to libelf functions not setting errno
    - ASoC: sun4i-spdif: Add clock multiplier settings
    - perf header: Fix one memory leakage in process_bpf_btf()
    - perf header: Fix one memory leakage in process_bpf_prog_info()
    - perf bpf: Fix two memory leakages when calling
      perf_env__insert_bpf_prog_info()
    - ASoC: renesas: rz-ssi: Use only the proper amount of dividers
    - ktest.pl: Remove unused declarations in run_bisect_test function
    - crypto: hisilicon/sec - add some comments for soft fallback
    - crypto: hisilicon/sec - delete redundant blank lines
    - crypto: hisilicon/sec2 - optimize the error return process
    - crypto: hisilicon/sec2 - fix for aead icv error
    - crypto: hisilicon/sec2 - fix for aead invalid authsize
    - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto()
    - padata: fix sysfs store callback check
    - perf top: Don't complain about lack of vmlinux when not resolving some
      kernel samples
    - perf report: Fix misleading help message about --demangle
    

  linux (5.15.0-139.149) jammy; urgency=medium

  * jammy/linux: 5.15.0-139.149 -proposed tracker (LP: #2107038)

  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts

  * CVE-2023-52664
    - net: atlantic: eliminate double free in error handling logic

  * CVE-2023-52927
    - netfilter: allow exp not to be removed in nf_ct_find_expectation

 -- Manuel Diewald <email address hidden> Fri, 11 Apr 2025 22:45:01 +0200

  linux (5.15.0-138.148) jammy; urgency=medium

  * jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)

  * ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
    (LP: #2096976)
    - SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload

  * CVE-2025-21756
    - vsock: Keep the binding until socket destruction
    - vsock: Orphan socket after transport release

  * CVE-2024-50256
    - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

  * CVE-2025-21702
    - pfifo_tail_enqueue: Drop new packet when sch->limit == 0

  * CVE-2025-21703
    - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()

  * CVE-2025-21700
    - net: sched: Disallow replacing of child qdisc from one parent to another

  * CVE-2024-46826
    - ELF: fix kernel.randomize_va_space double read

  * CVE-2024-56651
    - can: hi311x: hi3110_can_ist(): fix potential use-after-free

  * iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
    - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

  * CVE-2024-50248
    - ntfs3: Add bounds checking to mi_enum_attr()
    - fs/ntfs3: Sequential field availability check in mi_enum_attr()

  * CVE-2022-0995
    - watch_queue: Use the bitmap API when applicable

  * CVE-2024-26837
    - net: bridge: switchdev: Skip MDB replays of deferred events on offload

  * CVE-2025-21701
    - net: avoid race between device unregistration and ethnl ops

  * CVE-2024-57798
    - drm/dp_mst: Skip CSN if topology probing is not done yet
    - drm/dp_mst: Ensure mst_primary pointer is valid in
      drm_dp_mst_handle_up_req()

  * CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle

  * CVE-2024-35864
    - smb: client: fix potential UAF in smb2_is_valid_lease_break()

  * CVE-2024-35864/CVE-2024-26928
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()

 -- Stefan Bader <email address hidden> Fri, 14 Mar 2025 15:32:05 +0100

  linux (5.15.0-136.147) jammy; urgency=medium

  * jammy/linux: 5.15.0-136.147 -proposed tracker (LP: #2102429)

  * CVE-2024-57798
    - drm/dp_mst: Skip CSN if topology probing is not done yet
    - drm/dp_mst: Ensure mst_primary pointer is valid in
      drm_dp_mst_handle_up_req()

  * CVE-2024-56658
    - net: defer final 'struct net' free in netns dismantle

  * CVE-2024-35864
    - smb: client: fix potential UAF in smb2_is_valid_lease_break()

  * CVE-2024-35864/CVE-2024-26928
    - smb: client: fix potential UAF in cifs_debug_files_proc_show()

 -- Manuel Diewald <email address hidden> Fri, 14 Mar 2025 18:48:32 +0100