Package "linux"

  linux (6.8.0-79.79) noble; urgency=medium

  * noble/linux: 6.8.0-79.79 -proposed tracker (LP: #2120415)

  * CVE-2024-57996 // CVE-2025-37752
    - net_sched: sch_sfq: move the limit validation

  * CVE-2025-38350
    - net/sched: Always pass notifications when child class becomes empty

  * CVE-2025-21887
    - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up

 -- Stefan Bader <email address hidden> Tue, 12 Aug 2025 12:33:51 +0200

  linux (6.8.0-78.78) noble; urgency=medium

  * noble/linux: 6.8.0-78.78 -proposed tracker (LP: #2120405)

  * Incorrect backport for CVE-2025-21861 causes kernel hangs
    (LP: #2120330) // CVE-2025-21861
    - mm/migrate_device: don't add folio to be freed to LRU in
      migrate_device_finalize()

  * Incorrect backport for CVE-2025-21861 causes kernel hangs (LP: #2120330)
    - SAUCE: Revert "mm/migrate_device: don't add folio to be freed to LRU in
      migrate_device_finalize()"
    - mm: migrate_device: use more folio in migrate_device_finalize()

  linux (6.8.0-71.71) noble; urgency=medium

  * noble/linux: 6.8.0-71.71 -proposed tracker (LP: #2117506)

  * [Regression Updates] "PCI: Explicitly put devices into D0 when
    initializing" breaks pci-pass-through in QEMU/KVM (LP: #2117494)
    - PCI/PM: Set up runtime PM even for devices without PCI PM

  linux (6.8.0-64.67) noble; urgency=medium

  * noble/linux: 6.8.0-64.67 -proposed tracker (LP: #2114668)

  * Unexpected system reboot at loading GUI session on some AMD platforms
    (LP: #2112462)
    - drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
    - drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
    - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
    - drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush

  * [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
    (LP: #2114174)
    - s390/pci: rename lock member in struct zpci_dev
    - s390/pci: introduce lock to synchronize state of zpci_dev's
    - s390/pci: remove hotplug slot when releasing the device
    - s390/pci: Remove redundant bus removal and disable from
      zpci_release_device()
    - s390/pci: Prevent self deletion in disable_slot()
    - s390/pci: Allow re-add of a reserved but not yet removed device
    - s390/pci: Serialize device addition and removal

  * [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
    (LP: #2114174) // CVE-2025-37946
    - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has
      child VFs

  * [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
    (LP: #2114174) // CVE-2025-37974
    - s390/pci: Fix missing check for zpci_create_device() error return

  * [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
    (LP: #2114174) // CVE-2024-56699
    - s390/pci: Fix potential double remove of hotplug slot

  * System will restart while resuming with SATA HDD or nvme installed with
    password set (LP: #2110090)
    - PCI: Explicitly put devices into D0 when initializing

  * Noble update: upstream stable patchset 2025-06-12 (LP: #2114239)
    - btrfs: fix assertion failure when splitting ordered extent after
      transaction abort
    - btrfs: fix use-after-free when attempting to join an aborted transaction
    - arm64/mm: Ensure adequate HUGE_MAX_HSTATE
    - exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
    - s390/stackleak: Use exrl instead of ex in __stackleak_poison()
    - btrfs: fix data race when accessing the inode's disk_i_size at
      btrfs_drop_extents()
    - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error
      handling
    - sched: Don't try to catch up excess steal time.
    - locking/ww_mutex/test: Use swap() macro
    - lockdep: Fix upper limit for LOCKDEP_*_BITS configs
    - x86/amd_nb: Restrict init function to AMD-based systems
    - drm/virtio: New fence for every plane update
    - drm: Add panel backlight quirks
    - drm: panel-backlight-quirks: Add Framework 13 matte panel
    - drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels
    - nvkm/gsp: correctly advance the read pointer of GSP message queue
    - nvkm: correctly calculate the available space of the GSP cmdq buffer
    - drm/amd/display: Populate chroma prefetch parameters, DET buffer fix
    - drm/amd/display: Overwriting dualDPP UBF values before usage
    - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
    - drm/connector: add mutex to protect ELD from concurrent access
    - drm/bridge: anx7625: use eld_mutex to protect access to connector->eld
    - drm/bridge: ite-it66121: use eld_mutex to protect access to
      connector->eld
    - drm/amd/display: use eld_mutex to protect access to connector->eld
    - drm/exynos: hdmi: use eld_mutex to protect access to connector->eld
    - drm/radeon: use eld_mutex to protect access to connector->eld
    - drm/sti: hdmi: use eld_mutex to protect access to connector->eld
    - drm/vc4: hdmi: use eld_mutex to protect access to connector->eld
    - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
    - drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt
    - drm/amdkfd: Queue interrupt work to different CPU
    - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT
    - drm/bridge: it6505: fix HDCP Bstatus check
    - drm/bridge: it6505: fix HDCP encryption when R0 ready
    - drm/bridge: it6505: fix HDCP CTS compare V matching
    - drm/bridge: it6505: fix HDCP V match check is not performed correctly
    - drm/bridge: it6505: fix HDCP CTS KSV list wait timer
    - safesetid: check size of policy writes
    - drm/amd/display: Increase sanitizer frame larger than limit when compile
      testing with clang
    - drm/amd/display: Limit Scaling Ratio on DCN3.01
    - wifi: rtw89: add crystal_cap check to avoid setting as overflow value
    - tun: fix group permission check
    - mmc: core: Respect quirk_max_rate for non-UHS SDIO card
    - mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G
    - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
    - tomoyo: don't emit warning in tomoyo_write_control()
    - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
    - wifi: rtw88: add __packed attribute to efuse layout struct
    - clk: qcom: Make GCC_8150 depend on QCOM_GDSC
    - HID: multitouch: Add quirk for Hantick 5288 touchpad
    - HID: Wacom: Add PCI Wacom device support
    - net/mlx5: use do_aux_work for PHC overflow checks
    - wifi: brcmfmac: Check the return value of
      of_property_read_string_index()
    - wifi: iwlwifi: pcie: Add support for new device ids
    - wifi: iwlwifi: avoid memory leak
    - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
    - APEI: GHES: Have GHES honor the panic= setting
    - Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922
    - Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925
    - Bluetooth: MGMT: Fix slab-use-after-free Read in
      mgmt_remove_adv_monitor_sync
    - net: wwan: iosm: Fix hibernation by re-binding the driver around it
    - mmc: sdhci-msm: Correctly set the load for the regulator
    - octeon_ep: update tx/rx

  linux (6.8.0-63.66) noble; urgency=medium

  * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update annotations scripts

  * CVE-2025-37798
    - sch_htb: make htb_qlen_notify() idempotent
    - sch_htb: make htb_deactivate() idempotent
    - sch_drr: make drr_qlen_notify() idempotent
    - sch_hfsc: make hfsc_qlen_notify() idempotent
    - sch_qfq: make qfq_qlen_notify() idempotent
    - sch_ets: make est_qlen_notify() idempotent
    - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()

  * CVE-2025-37997
    - netfilter: ipset: fix region locking in hash types

  * CVE-2025-22088
    - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

  * CVE-2025-37890
    - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
      qdisc
    - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
    - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

  * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)
    - md/raid1: Add check for missing source disk in process_checks()

 -- Manuel Diewald <email address hidden> Fri, 13 Jun 2025 16:50:07 +0200