Package "linux"

  linux (6.8.0-88.89) noble; urgency=medium

  * noble/linux: 6.8.0-88.89 -proposed tracker (LP: #2127619)

  * Enable Xilinx PS UART configs (LP: #2121337)
    - [Config] Enable Xilinx PS UART configs

  * Fix ARL-U/H suspend issues (LP: #2112469)
    - platform/x86/intel/pmc: Add Arrow Lake U/H support to intel_pmc_core
      driver
    - platform/x86/intel/pmc: Fix Arrow Lake U/H NPU PCI ID

  * r8169 can not wake on LAN via SFP moudule (LP: #2123901)
    - r8169: set EEE speed down ratio to 1

  * Add pvpanic kernel modules to linux-modules (LP: #2126659)
    - [Packaging] Add pvpanic kernel modules to linux-modules

  * CVE-2025-21729
    - wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion

  * Fix failure to build TDX module (LP: #2126698)
    - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT

  * Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
    kernel and console (LP: #2123815)
    - SAUCE: fix: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record
      for multiple object contexts

  * ensure mptcp keepalives are honored when set (LP: #2125444)
    - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN

  * System hangs when running the memory stress test (LP: #2103680)
    - mm: page_alloc: avoid kswapd thrashing due to NUMA restrictions

  * UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer
    dereference (LP: #2125053)
    - SAUCE: fan: vxlan: check memory allocation for map

  * jammy:linux-riscv-6.8 is FTBFS because of wrong include (LP: #2122592)
    - SAUCE: riscv: KVM: Remove broken include

  * Performance degrades rapidly when spawning more processes to run benchmark
    (LP: #2122006)
    - cpuidle: menu: Avoid discarding useful information
    - cpuidle: governors: menu: Avoid using invalid recent intervals data

  * CVE-2025-38227
    - media: vidtv: Terminating the subsequent process of initialization
      failure

  * CVE-2025-38678
    - netfilter: nf_tables: reject duplicate device on updates

  * CVE-2025-38616
    - tls: handle data disappearing from under the TLS ULP

  * CVE-2025-37838
    - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
      Driver Due to Race Condition

  * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300
    - Documentation/hw-vuln: Add VMSCAPE documentation
    - x86/vmscape: Enumerate VMSCAPE bug
    - x86/vmscape: Add conditional IBPB mitigation
    - x86/vmscape: Enable the mitigation
    - x86/bugs: Move cpu_bugs_smt_update() down
    - x86/vmscape: Warn when STIBP is disabled with SMT
    - x86/vmscape: Add old Intel CPUs to affected list

  * VMSCAPE CVE-2025-40300 (LP: #2124105)
    - [Config] Enable MITIGATION_VMSCAPE config

  * CVE-2025-38352
    - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
      posix_cpu_timer_del()

  * CVE-2025-38118
    - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
    - Bluetooth: MGMT: Fix sparse errors

 -- Edoardo Canepa <email address hidden> Sat, 11 Oct 2025 01:38:46 +0200

  linux (6.8.0-86.87) noble; urgency=medium

  * noble/linux: 6.8.0-86.87 -proposed tracker (LP: #2125391)
    - Fix FTBS caused by incorrect pick/backport of
      "perf dso: fix dso__is_kallsyms() check"

  * noble ubuntu_ftrace_smoke_test:mmiotrace timeout on aws:r5.metal
    (LP: #2121673)
    - mm: memcg: add NULL check to obj_cgroup_put()
    - memcg: drain obj stock on cpu hotplug teardown

  * [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z
    hardware - perf part (LP: #2103415)
    - perf list: Add IBM z17 event descriptions

  * memory leaks when configuring a small rate limit in audit (LP: #2122554)
    - audit: fix skb leak when audit rate limit is exceeded

  * [UBUNTU 24.04] PAI/NNPA support for new IBM z17 (LP: #2121956)
    - s390/pai: export number of sysfs attribute files
    - s390/pai_crypto: Add support for MSA 10 and 11 pai counters
    - s390/pai_ext: Update PAI extension 1 counters

  * [UBUNTU 24.04] s390/pci: Don't abort recovery for user-space drivers
    (LP: #2121150)
    - s390/pci: Allow automatic recovery with minimal driver support

  * [UBUNTU 24.04] s390/pci: Fix stale function handles in error handling
    (LP: #2121149)
    - s390/pci: Fix stale function handles in error handling
    - s390/pci: Do not try re-enabling load/store if device is disabled

  * [UBUNTU 24.04] vfio/pci: fix 8-byte PCI loads and stores (LP: #2121146)
    - vfio/pci: Extract duplicated code into macro
    - vfio/pci: Support 8-byte PCI loads and stores
    - vfio/pci: Fix typo in macro to declare accessors

  * x86 systems with PCIe BAR addresses located outside a certain range see
    P2PDMA allocation failures and CUDA initialization errors (LP: #2120209)
    - x86/kaslr: Reduce KASLR entropy on most x86 systems
    - x86/mm/init: Handle the special case of device private pages in
      add_pages(), to not increase max_pfn and trigger
      dma_addressing_limited() bounce buffers

  * sources list generation using dwarfdump takes up to 0.5hr in build process
    (LP: #2104911)
    - [Packaging] Don't generate list of source files

  * [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
    namespaces (LP: #2121257)
    - apparmor: shift ouid when mediating hard links in userns
    - apparmor: shift uid when mediating af_unix in userns

  * UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:452:16
    (LP: #2119713)
    - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller

  * [IdeaPad Slim 5 13ARP10 , 83J2] Microphone on AMD Ryzen 7 7735HS does not
    work (LP: #2102749)
    - ASoC: amd: yc: update quirk data for new Lenovo model

  * Fix compilation failure because of incomplete backport (LP: #2120561)
    - SAUCE: netfilter: ctnetlink: Fix -Wuninitialized in
      ctnetlink_secctx_size()

  * Noble update: upstream stable patchset 2025-09-01 (LP: #2121716)
    - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
    - cpufreq: scpi: compare kHz instead of Hz
    - smack: dont compile ipv6 code unless ipv6 is configured
    - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
    - EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald
      Rapids
    - x86/fpu: Fix guest FPU state buffer allocation size
    - x86/fpu: Avoid copying dynamic FP state from init_task in
      arch_dup_task_struct()
    - x86/platform: Only allow CONFIG_EISA for 32-bit
    - [Config] updateconfigs after disabling CONFIG_EISA for amd64
    - x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
    - lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
    - PM: sleep: Adjust check before setting power.must_resume
    - RISC-V: KVM: Disable the kernel perf counter during configure
    - selinux: Chain up tool resolving errors in install_policy.sh
    - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
    - EDAC/ie31200: Fix the DIMM size mask for several SoCs
    - EDAC/ie31200: Fix the error path order of ie31200_init()
    - PM: sleep: Fix handling devices with direct_complete set on errors
    - lockdep: Don't disable interrupts on RT in
      disable_irq_nosync_lockdep.*()
    - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
    - x86/traps: Make exc_double_fault() consistently noreturn
    - x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
    - media: verisilicon: HEVC: Initialize start_bit field
    - media: platform: allgro-dvt: unregister v4l2_device on the error path
    - platform/x86: dell-ddv: Fix temperature calculation
    - ASoC: cs35l41: check the return value from spi_setup()
    - HID: remove superfluous (and wrong) Makefile entry for
      CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
    - dt-bindings: vendor-prefixes: add GOcontroll
    - ALSA: hda/realtek: Always honor no_shutup_pins
    - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
      compatible
    - drm/bridge: ti-sn65dsi86: Fix multiple instances
    - drm/dp_mst: Fix drm RAD print
    - drm: xlnx: zynqmp: Fix max dma segment size
    - PCI: Use downstream bridges for distributing resources
    - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
    - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
    - drm/msm/dpu: don't use active in atomic_check()
    - drm/msm/dsi: Use existing per-interface slice count in DSC timing
    - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
    - drm/amdkfd: Fix Circular Locking Dependency in
      'svm_range_cpu_invalidate_pagetables'
    - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
      payload
    - PCI: brcmstb: Use internal register to change link capability
    - PCI: brcmstb: Fix potential premature regulator disabling
    - PCI/portdrv: Only disable pciehp interrupts early when needed
    - drm/amd/display: fix type mismatch in
      CalculateDynamicMetadataParameters()
    - PCI: Remove stray put_device() in pci_register_

  linux (6.8.0-84.84) noble; urgency=medium

  * Linux refcount imbalance in af_unix subsystem (LP: #2121515)
    - SAUCE: af_unix: Fix GC compatibility with upstream OOB refcount changes

  linux (6.8.0-81.81) noble; urgency=medium

  * noble/linux: 6.8.0-81.81 -proposed tracker (LP: #2121671)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.08.11)

  * nvme no longer detected on boot after upgrade to 6.8.0-60 (LP: #2111521)
    - SAUCE: PCI: Disable RRS polling for Intel SSDPE2KX020T8 nvme

  * No IP Address assigned after hot-plugging Ethernet cable on HP Platform
    (LP: #2115393)
    - Revert "e1000e: change k1 configuration on MTP and later platforms"

  * minimal kernel lacks modules for blk disk in arm64 openstack environments
    where config_drive is required (LP: #2118499)
    - [Config] Enable SYM53C8XX_2 on arm64

  * rcu: Eliminate deadlocks involving do_exit() and RCU tasks (LP: #2117123)
    - rcu-tasks: Initialize callback lists at rcu_init() time
    - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() deadlocks
    - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU tasks
    - rcu-tasks: Maintain real-time response in rcu_tasks_postscan()

  * BPF header file in wrong location (LP: #2118965)
    - [Packaging] Install bpf header to correct location

  * i915: support ARL-H gpu (LP: #2117716)
    - drm/i915: Add additional ARL PCI IDs
    - drm/i915/mtl: Add fake PCH for Meteor Lake
    - drm/i915/mtl: Wake GT before sending H2G message
    - drm/i915/xelpg: Add workaround 14019877138
    - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+
    - drm/i915/display: correct dual pps handling for MTL_PCH+

  * Ubuntu 24.04.2: NULL pointer dereference with Ceph and selinux
    (LP: #2115447)
    - SAUCE: fs/ceph, selinux: fix NULL pointer dereference on CephFS write
      with SELinux in permissive mode

  * Noble update: upstream stable patchset 2025-08-04 (LP: #2119458)
    - clockevents/drivers/i8253: Fix stop sequence for timer 0
    - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
    - hrtimer: Use and report correct timerslack values for realtime tasks
    - mm: add nommu variant of vm_insert_pages()
    - io_uring: get rid of remap_pfn_range() for mapping rings/sqes
    - io_uring: don't attempt to mmap larger than what the user asks for
    - io_uring: fix corner case forgetting to vunmap
    - io_uring: use vmap() for ring mapping
    - io_uring: unify io_pin_pages()
    - io_uring/kbuf: vmap pinned buffer ring
    - io_uring/kbuf: use vm_insert_pages() for mmap'ed pbuf ring
    - io_uring: use unpin_user_pages() where appropriate
    - io_uring: fix error pbuf checking
    - rust: Disallow BTF generation with Rust + LTO
    - rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and
      `Option<KBox<T>>`
    - lib/buildid: Handle memfd_secret() files in build_id_parse()
    - mm: split critical region in remap_file_pages() and invoke LSMs in
      between
    - stmmac: loongson: Pass correct arg to PCI function
    - rust: lockdep: Remove support for dynamically allocated LockClassKeys
    - netfilter: nf_tables: allow clone callbacks to sleep
    - drm/amd/display: should support dmub hw lock on Replay
    - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
    - KVM: arm64: Calculate cptr_el2 traps on activating traps
    - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
    - KVM: arm64: Remove host FPSIMD saving for non-protected KVM
    - KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
    - KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
    - KVM: arm64: Refactor exit handlers
    - KVM: arm64: Eagerly switch ZCR_EL{1,2}
    - Revert "sched/core: Reduce cost of sched_move_task when config
      autogroup"
    - wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version
      8
    - netfilter: nft_counter: Use u64_stats_t for statistic.
    - firmware: imx-scu: fix OF node leak in .probe()
    - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply
    - arm64: dts: rockchip: remove supports-cqe from rk3588 jaguar
    - xfrm: fix tunnel mode TX datapath in packet offload mode
    - xfrm_output: Force software GSO only in tunnel mode
    - soc: imx8m: Remove global soc_uid
    - soc: imx8m: Use devm_* to simplify probe failure handling
    - soc: imx8m: Unregister cpufreq and soc dev in cleanup path
    - ARM: dts: bcm2711: Fix xHCI power-domain
    - ARM: dts: bcm2711: PL011 UARTs are actually r1p5
    - arm64: dts: rockchip: Remove undocumented sdmmc property from lubancat-1
    - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
    - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate()
    - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP
    - ARM: dts: bcm2711: Don't mark timer regs unconfigured
    - dma-mapping: fix missing clear bdr in check_ram_in_range_map()
    - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
    - RDMA/hns: Fix soft lockup during bt pages loop
    - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
    - RDMA/hns: Fix a missing rollback in error path of
      hns_roce_create_qp_common()
    - RDMA/hns: Fix missing xa_destroy()
    - RDMA/hns: Fix wrong value of max_sge_rd
    - Bluetooth: Fix error code in chan_alloc_skb_cb()
    - Bluetooth: hci_event: Fix connection regression between LE and non-LE
      adapters
    - accel/qaic: Fix possible data corruption in BOs > 2G
    - ARM: davinci: da850: fix selecting ARCH_DAVINCI_DA8XX
    - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
    - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
    - devlink: fix xa_alloc_cyclic() error handling
    - dpll: fix xa_alloc_cyclic() error handling
    - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU
    - net: atm: fix use after free in lec_send()
    - net: lwtunnel: fix recursion loops
    - net: ipv6: ioam6: fix lwtunnel_output() loop
    - libfs: Fix duplicate directory entry in offset_dir_lookup
    - net/n

  linux (6.8.0-80.80) noble; urgency=medium

  * noble/linux: 6.8.0-80.80 -proposed tracker (LP: #2120433)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.08.11)

  * minimal kernel lacks modules for blk disk in arm64 openstack environments
    where config_drive is required (LP: #2118499)
    - [Config] Enable SYM53C8XX_2 on arm64

  * rcu: Eliminate deadlocks involving do_exit() and RCU tasks (LP: #2117123)
    - rcu-tasks: Initialize callback lists at rcu_init() time
    - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() deadlocks
    - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU tasks
    - rcu-tasks: Maintain real-time response in rcu_tasks_postscan()

  * BPF header file in wrong location (LP: #2118965)
    - [Packaging] Install bpf header to correct location

  * i915: support ARL-H gpu (LP: #2117716)
    - drm/i915: Add additional ARL PCI IDs
    - drm/i915/mtl: Add fake PCH for Meteor Lake
    - drm/i915/mtl: Wake GT before sending H2G message
    - drm/i915/xelpg: Add workaround 14019877138
    - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+
    - drm/i915/display: correct dual pps handling for MTL_PCH+

  * Ubuntu 24.04.2: NULL pointer dereference with Ceph and selinux
    (LP: #2115447)
    - SAUCE: fs/ceph, selinux: fix NULL pointer dereference on CephFS write
      with SELinux in permissive mode

  * Noble update: upstream stable patchset 2025-08-04 (LP: #2119458)
    - clockevents/drivers/i8253: Fix stop sequence for timer 0
    - sched/isolation: Prevent boot crash when the boot CPU is nohz_full
    - hrtimer: Use and report correct timerslack values for realtime tasks
    - mm: add nommu variant of vm_insert_pages()
    - io_uring: get rid of remap_pfn_range() for mapping rings/sqes
    - io_uring: don't attempt to mmap larger than what the user asks for
    - io_uring: fix corner case forgetting to vunmap
    - io_uring: use vmap() for ring mapping
    - io_uring: unify io_pin_pages()
    - io_uring/kbuf: vmap pinned buffer ring
    - io_uring/kbuf: use vm_insert_pages() for mmap'ed pbuf ring
    - io_uring: use unpin_user_pages() where appropriate
    - io_uring: fix error pbuf checking
    - rust: Disallow BTF generation with Rust + LTO
    - rust: init: fix `Zeroable` implementation for `Option<NonNull<T>>` and
      `Option<KBox<T>>`
    - lib/buildid: Handle memfd_secret() files in build_id_parse()
    - mm: split critical region in remap_file_pages() and invoke LSMs in
      between
    - stmmac: loongson: Pass correct arg to PCI function
    - rust: lockdep: Remove support for dynamically allocated LockClassKeys
    - netfilter: nf_tables: allow clone callbacks to sleep
    - drm/amd/display: should support dmub hw lock on Replay
    - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
    - KVM: arm64: Calculate cptr_el2 traps on activating traps
    - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
    - KVM: arm64: Remove host FPSIMD saving for non-protected KVM
    - KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
    - KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
    - KVM: arm64: Refactor exit handlers
    - KVM: arm64: Eagerly switch ZCR_EL{1,2}
    - Revert "sched/core: Reduce cost of sched_move_task when config
      autogroup"
    - wifi: iwlwifi: support BIOS override for 5G9 in CA also in LARI version
      8
    - netfilter: nft_counter: Use u64_stats_t for statistic.
    - firmware: imx-scu: fix OF node leak in .probe()
    - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply
    - arm64: dts: rockchip: remove supports-cqe from rk3588 jaguar
    - xfrm: fix tunnel mode TX datapath in packet offload mode
    - xfrm_output: Force software GSO only in tunnel mode
    - soc: imx8m: Remove global soc_uid
    - soc: imx8m: Use devm_* to simplify probe failure handling
    - soc: imx8m: Unregister cpufreq and soc dev in cleanup path
    - ARM: dts: bcm2711: Fix xHCI power-domain
    - ARM: dts: bcm2711: PL011 UARTs are actually r1p5
    - arm64: dts: rockchip: Remove undocumented sdmmc property from lubancat-1
    - RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx
    - RDMA/mlx5: Handle errors returned from mlx5r_ib_rate()
    - ARM: OMAP1: select CONFIG_GENERIC_IRQ_CHIP
    - ARM: dts: bcm2711: Don't mark timer regs unconfigured
    - dma-mapping: fix missing clear bdr in check_ram_in_range_map()
    - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path
    - RDMA/hns: Fix soft lockup during bt pages loop
    - RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db()
    - RDMA/hns: Fix a missing rollback in error path of
      hns_roce_create_qp_common()
    - RDMA/hns: Fix missing xa_destroy()
    - RDMA/hns: Fix wrong value of max_sge_rd
    - Bluetooth: Fix error code in chan_alloc_skb_cb()
    - Bluetooth: hci_event: Fix connection regression between LE and non-LE
      adapters
    - accel/qaic: Fix possible data corruption in BOs > 2G
    - ARM: davinci: da850: fix selecting ARCH_DAVINCI_DA8XX
    - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
    - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().
    - devlink: fix xa_alloc_cyclic() error handling
    - dpll: fix xa_alloc_cyclic() error handling
    - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU
    - net: atm: fix use after free in lec_send()
    - net: lwtunnel: fix recursion loops
    - net: ipv6: ioam6: fix lwtunnel_output() loop
    - libfs: Fix duplicate directory entry in offset_dir_lookup
    - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES
    - i2c: omap: fix IRQ storms
    - net: mana: Support holes in device list reply msg
    - can: rcar_canfd: Fix page entries in the AFL list
    - can: ucan: fix out of bound read in strscpy() source
    - can: flexcan: only change CAN state when link up in s