Package "linux-nvidia-tegra"

  linux-nvidia-tegra (5.15.0-1060.60) jammy; urgency=medium

  * jammy/linux-nvidia-tegra: 5.15.0-1060.60 -proposed tracker (LP: #2150985)

  [ Ubuntu-realtime: 5.15.0-1107.116 ]

  * jammy/linux-realtime: 5.15.0-1107.116 -proposed tracker (LP: #2150989)
  [ Ubuntu: 5.15.0-179.189 ]
  * jammy/linux: 5.15.0-179.189 -proposed tracker (LP: #2151014)
  * CVE-2026-31419
    - net: bonding: fix use-after-free in bond_xmit_broadcast()
  * CVE-2026-31431
    - crypto: scatterwalk - Backport memcpy_sglist()
    - crypto: algif_aead - use memcpy_sglist() instead of null skcipher
    - crypto: algif_aead - Revert to operating out-of-place
    - crypto: algif_aead - snapshot IV for async AEAD requests
    - crypto: authenc - use memcpy_sglist() instead of null skcipher
    - crypto: authencesn - Do not place hiseq at end of dst for out-of-place
      decryption
    - crypto: authencesn - Fix src offset when decrypting in-place
    - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
    - crypto: algif_aead - Fix minimum RX size check for decryption
  * CVE-2026-31533
    - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
  * CVE-2026-31504
    - net: fix fanout UAF in packet_release() via NETDEV_UP race

 -- Jacob Martin <email address hidden> Wed, 06 May 2026 16:37:09 -0500

  linux-nvidia-tegra (5.15.0-1058.58) jammy; urgency=medium

  * jammy/linux-nvidia-tegra: 5.15.0-1058.58 -proposed tracker (LP: #2147809)

  [ Ubuntu-realtime: 5.15.0-1105.114 ]

  * jammy/linux-realtime: 5.15.0-1105.114 -proposed tracker (LP: #2147813)
  [ Ubuntu: 5.15.0-177.187 ]
  * jammy/linux: 5.15.0-177.187 -proposed tracker (LP: #2147840)
  * macvlan: observe an RCU grace period in macvlan_common_newlink() error
    path (LP: #2144380) // CVE-2026-23209
    - macvlan: observe an RCU grace period in macvlan_common_newlink() error
      path
  * CVE-2023-2640 // CVE-2023-32629
    - SAUCE: Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial
      user namespace
  * CVE-2026-23112
    - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

 -- Noah Wager <email address hidden> Mon, 20 Apr 2026 09:48:23 -0700

  linux-nvidia-tegra (5.15.0-1057.57) jammy; urgency=medium

  * jammy/linux-nvidia-tegra: 5.15.0-1057.57 -proposed tracker (LP: #2143508)

  [ Ubuntu-realtime: 5.15.0-1104.113 ]

  * jammy/linux-realtime: 5.15.0-1104.113 -proposed tracker (LP: #2143512)
  * Jammy real-time patch set update: v5.15.201-rt93 (LP: #2146026)
    - rcu/tree: Protect rcu_rdp_is_offloaded() invocations on RT
    - sched: Introduce migratable()
    - arm64: mm: Make arch_faults_on_old_pte() check for migratability
    - printk: rename printk cpulock API and always disable interrupts
    - console: add write_atomic interface
    - kdb: only use atomic consoles for output mirroring
    - serial: 8250: implement write_atomic
    - printk: relocate printk_delay()
    - printk: call boot_delay_msec() in printk_delay()
    - printk: use seqcount_latch for console_seq
    - printk: introduce kernel sync mode
    - printk: move console printing to kthreads
    - printk: add console handover
    - printk: add pr_flush()
    - printk: Enhance the condition check of msleep in pr_flush()
    - sched: Switch wait_task_inactive to HRTIMER_MODE_REL_HARD
    - kthread: Move prio/affinite change into the newly created thread
    - genirq: Move prio assignment into the newly created thread
    - genirq: Disable irqfixup/poll on PREEMPT_RT.
    - efi: Allow efi=runtime
    - mm: Disable zsmalloc on PREEMPT_RT
    - net/core: disable NET_RX_BUSY_POLL on PREEMPT_RT
    - samples/kfifo: Rename read_lock/write_lock
    - crypto: testmgr - Only disable migration in
      crypto_disable_simd_for_test()
    - mm: Allow only SLUB on PREEMPT_RT
    - mm: page_alloc: Use migrate_disable() in drain_local_pages_wq()
    - mm/scatterlist: Replace the !preemptible warning in sg_miter_stop()
    - mm: Disable NUMA_BALANCING_DEFAULT_ENABLED and TRANSPARENT_HUGEPAGE on
      PREEMPT_RT
    - x86/softirq: Disable softirq stacks on PREEMPT_RT
    - Documentation/kcov: Include types.h in the example.
    - Documentation/kcov: Define `ip' in the example.
    - kcov: Allocate per-CPU memory on the relevant node.
    - kcov: Avoid enable+disable interrupts if !in_task().
    - kcov: Replace local_irq_save() with a local_lock_t.
    - gen_stats: Add instead Set the value in __gnet_stats_copy_basic().
    - gen_stats: Add gnet_stats_add_queue().
    - mq, mqprio: Use gnet_stats_add_queue().
    - gen_stats: Move remaining users to gnet_stats_add_queue().
    - u64_stats: Introduce u64_stats_set()
    - net: sched: Protect Qdisc::bstats with u64_stats
    - net: sched: Use _bstats_update/set() instead of raw writes
    - net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types
    - net: sched: Remove Qdisc::running sequence counter
    - net: sched: Allow statistics reads from softirq.
    - net: sched: fix logic error in qdisc_run_begin()
    - net: sched: remove one pair of atomic operations
    - net: stats: Read the statistics in ___gnet_stats_copy_basic() instead of
      adding.
    - net: sched: gred: dynamically allocate tc_gred_qopt_offload
    - sched/rt: Annotate the RT balancing logic irqwork as IRQ_WORK_HARD_IRQ
    - irq_work: Allow irq_work_sync() to sleep if irq_work() no IRQ support.
    - irq_work: Handle some irq_work in a per-CPU thread on PREEMPT_RT
    - irq_work: Also rcuwait for !IRQ_WORK_HARD_IRQ on PREEMPT_RT
    - irq_poll: Use raise_softirq_irqoff() in cpu_dead notifier
    - smp: Wake ksoftirqd on PREEMPT_RT instead do_softirq().
    - fs/namespace: Boost the mount_lock.lock owner instead of spinning on
      PREEMPT_RT.
    - fscache: Use only one fscache_object_cong_wait.
    - sched: Clean up the might_sleep() underscore zoo
    - sched: Make cond_resched_*lock() variants consistent vs. might_sleep()
    - sched: Remove preempt_offset argument from __might_sleep()
    - sched: Cleanup might_sleep() printks
    - sched: Make might_sleep() output less confusing
    - sched: Make RCU nest depth distinct in __might_resched()
    - sched: Make cond_resched_lock() variants RT aware
    - locking/rt: Take RCU nesting into account for __might_resched()
    - sched: Limit the number of task migrations per batch on RT
    - sched: Disable TTWU_QUEUE on RT
    - sched: Move kprobes cleanup out of finish_task_switch()
    - sched: Delay task stack freeing on RT
    - sched: Move mmdrop to RCU on RT
    - cgroup: use irqsave in cgroup_rstat_flush_locked()
    - mm: workingset: replace IRQ-off check with a lockdep assert.
    - jump-label: disable if stop_machine() is used
    - locking: Remove rt_rwlock_is_contended()
    - lockdep/selftests: Avoid using local_lock_{acquire|release}().
    - sched: Trigger warning if ->migration_disabled counter underflows.
    - rtmutex: Add a special case for ww-mutex handling.
    - rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable().
    - lockdep: Make it RT aware
    - lockdep/selftests: Add rtmutex to the last column
    - lockdep/selftests: Unbalanced migrate_disable() & rcu_read_lock()
    - lockdep/selftests: Skip the softirq related tests on PREEMPT_RT
    - lockdep/selftests: Adapt ww-tests for PREEMPT_RT
    - locking: Allow to include asm/spinlock_types.h from
      linux/spinlock_types_raw.h
    - sched: Make preempt_enable_no_resched() behave like preempt_enable() on
      PREEMPT_RT
    - kernel/sched: add {put|get}_cpu_light()
    - block/mq: do not invoke preempt_disable()
    - md: raid5: Make raid5_percpu handling RT aware
    - scsi/fcoe: Make RT aware.
    - mm/vmalloc: Another preempt disable region which sucks
    - net: Remove preemption disabling in netif_rx()
    - sunrpc: Make svc_xprt_do_enqueue() use get_cpu_light()
    - softirq: Check preemption after reenabling interrupts
    - mm/memcontrol: Disable on PREEMPT_RT
    - signal: Revert ptrace preempt magic
    - ptrace: fix ptrace vs tasklist_lock race
    - fs/dcache: use swait_queue instead of waitqueue
    - fs/dcache: disable preemption on i_dir_seq's write side
    - rcu: Delay RCU-sel

  linux-nvidia-tegra (5.15.0-1056.56) jammy; urgency=medium

  * jammy/linux-nvidia-tegra: 5.15.0-1056.56 -proposed tracker (LP: #2144188)

  [ Ubuntu-realtime: 5.15.0-1103.112 ]

  * jammy/linux-realtime: 5.15.0-1103.112 -proposed tracker (LP: #2144192)
  [ Ubuntu: 5.15.0-174.184 ]
  * jammy/linux: 5.15.0-174.184 -proposed tracker (LP: #2144218)
  * CVE-2026-23074
    - net/sched: Enforce that teql can only be used as root qdisc
  * CVE-2026-23060
    - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
      spec
  * CVE-2026-23111
    - netfilter: nf_tables: fix inverted genmask check in
      nft_map_catchall_activate()
  * CVE-2025-37849
    - KVM: arm64: vgic: Add a non-locking primitive for
      kvm_vgic_vcpu_destroy()
    - KVM: arm64: Tear down vGIC on failed vCPU creation

 -- Noah Wager <email address hidden> Tue, 24 Mar 2026 00:00:55 -0700

  linux-nvidia-tegra (5.15.0-1055.55) jammy; urgency=medium

  [ Ubuntu-realtime: 5.15.0-1102.111 ]

  [ Ubuntu: 5.15.0-173.183 ]
  * Miscellaneous upstream changes
    - apparmor: validate DFA start states are in bounds in unpack_pdb
    - apparmor: fix memory leak in verify_header
    - apparmor: replace recursive profile removal with iterative approach
    - apparmor: fix: limit the number of levels of policy namespaces
    - apparmor: fix side-effect bug in match_char() macro usage
    - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
    - apparmor: Fix double free of ns_name in aa_replace_profiles()
    - apparmor: fix unprivileged local user can do privileged policy
      management
    - apparmor: fix differential encoding verification
    - apparmor: fix race on rawdata dereference
    - apparmor: fix race between freeing data and fs accessing it

 -- Mehmet Basaran <email address hidden> Mon, 09 Mar 2026 15:23:48 +0300