Package "linux-tools-host"

  linux (6.8.0-64.67) noble; urgency=medium

  * noble/linux: 6.8.0-64.67 -proposed tracker (LP: #2114668)

  * Unexpected system reboot at loading GUI session on some AMD platforms
    (LP: #2112462)
    - drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
    - drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
    - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
    - drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush

  * [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
    (LP: #2114174)
    - s390/pci: rename lock member in struct zpci_dev
    - s390/pci: introduce lock to synchronize state of zpci_dev's
    - s390/pci: remove hotplug slot when releasing the device
    - s390/pci: Remove redundant bus removal and disable from
      zpci_release_device()
    - s390/pci: Prevent self deletion in disable_slot()
    - s390/pci: Allow re-add of a reserved but not yet removed device
    - s390/pci: Serialize device addition and removal

  * [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
    (LP: #2114174) // CVE-2025-37946
    - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has
      child VFs

  * [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
    (LP: #2114174) // CVE-2025-37974
    - s390/pci: Fix missing check for zpci_create_device() error return

  * [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
    (LP: #2114174) // CVE-2024-56699
    - s390/pci: Fix potential double remove of hotplug slot

  * System will restart while resuming with SATA HDD or nvme installed with
    password set (LP: #2110090)
    - PCI: Explicitly put devices into D0 when initializing

  * Noble update: upstream stable patchset 2025-06-12 (LP: #2114239)
    - btrfs: fix assertion failure when splitting ordered extent after
      transaction abort
    - btrfs: fix use-after-free when attempting to join an aborted transaction
    - arm64/mm: Ensure adequate HUGE_MAX_HSTATE
    - exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
    - s390/stackleak: Use exrl instead of ex in __stackleak_poison()
    - btrfs: fix data race when accessing the inode's disk_i_size at
      btrfs_drop_extents()
    - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error
      handling
    - sched: Don't try to catch up excess steal time.
    - locking/ww_mutex/test: Use swap() macro
    - lockdep: Fix upper limit for LOCKDEP_*_BITS configs
    - x86/amd_nb: Restrict init function to AMD-based systems
    - drm/virtio: New fence for every plane update
    - drm: Add panel backlight quirks
    - drm: panel-backlight-quirks: Add Framework 13 matte panel
    - drm: panel-backlight-quirks: Add Framework 13 glossy and 2.8k panels
    - nvkm/gsp: correctly advance the read pointer of GSP message queue
    - nvkm: correctly calculate the available space of the GSP cmdq buffer
    - drm/amd/display: Populate chroma prefetch parameters, DET buffer fix
    - drm/amd/display: Overwriting dualDPP UBF values before usage
    - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
    - drm/connector: add mutex to protect ELD from concurrent access
    - drm/bridge: anx7625: use eld_mutex to protect access to connector->eld
    - drm/bridge: ite-it66121: use eld_mutex to protect access to
      connector->eld
    - drm/amd/display: use eld_mutex to protect access to connector->eld
    - drm/exynos: hdmi: use eld_mutex to protect access to connector->eld
    - drm/radeon: use eld_mutex to protect access to connector->eld
    - drm/sti: hdmi: use eld_mutex to protect access to connector->eld
    - drm/vc4: hdmi: use eld_mutex to protect access to connector->eld
    - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor
    - drm/amdgpu: Don't enable sdma 4.4.5 CTXEMPTY interrupt
    - drm/amdkfd: Queue interrupt work to different CPU
    - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT
    - drm/bridge: it6505: fix HDCP Bstatus check
    - drm/bridge: it6505: fix HDCP encryption when R0 ready
    - drm/bridge: it6505: fix HDCP CTS compare V matching
    - drm/bridge: it6505: fix HDCP V match check is not performed correctly
    - drm/bridge: it6505: fix HDCP CTS KSV list wait timer
    - safesetid: check size of policy writes
    - drm/amd/display: Increase sanitizer frame larger than limit when compile
      testing with clang
    - drm/amd/display: Limit Scaling Ratio on DCN3.01
    - wifi: rtw89: add crystal_cap check to avoid setting as overflow value
    - tun: fix group permission check
    - mmc: core: Respect quirk_max_rate for non-UHS SDIO card
    - mmc: sdhci-esdhc-imx: enable 'SDHCI_QUIRK_NO_LED' quirk for S32G
    - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
    - tomoyo: don't emit warning in tomoyo_write_control()
    - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
    - wifi: rtw88: add __packed attribute to efuse layout struct
    - clk: qcom: Make GCC_8150 depend on QCOM_GDSC
    - HID: multitouch: Add quirk for Hantick 5288 touchpad
    - HID: Wacom: Add PCI Wacom device support
    - net/mlx5: use do_aux_work for PHC overflow checks
    - wifi: brcmfmac: Check the return value of
      of_property_read_string_index()
    - wifi: iwlwifi: pcie: Add support for new device ids
    - wifi: iwlwifi: avoid memory leak
    - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
    - APEI: GHES: Have GHES honor the panic= setting
    - Bluetooth: btusb: Add new VID/PID 13d3/3610 for MT7922
    - Bluetooth: btusb: Add new VID/PID 13d3/3628 for MT7925
    - Bluetooth: MGMT: Fix slab-use-after-free Read in
      mgmt_remove_adv_monitor_sync
    - net: wwan: iosm: Fix hibernation by re-binding the driver around it
    - mmc: sdhci-msm: Correctly set the load for the regulator
    - octeon_ep: update tx/rx

  linux (6.8.0-63.66) noble; urgency=medium

  * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update annotations scripts

  * CVE-2025-37798
    - sch_htb: make htb_qlen_notify() idempotent
    - sch_htb: make htb_deactivate() idempotent
    - sch_drr: make drr_qlen_notify() idempotent
    - sch_hfsc: make hfsc_qlen_notify() idempotent
    - sch_qfq: make qfq_qlen_notify() idempotent
    - sch_ets: make est_qlen_notify() idempotent
    - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()

  * CVE-2025-37997
    - netfilter: ipset: fix region locking in hash types

  * CVE-2025-22088
    - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

  * CVE-2025-37890
    - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
      qdisc
    - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
    - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

  * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)
    - md/raid1: Add check for missing source disk in process_checks()

 -- Manuel Diewald <email address hidden> Fri, 13 Jun 2025 16:50:07 +0200

  linux (6.8.0-62.65) noble; urgency=medium

  * noble/linux: 6.8.0-62.65 -proposed tracker (LP: #2110737)

  * Rotate the Canonical Livepatch key (LP: #2111244)
    - [Config] Prepare for Canonical Livepatch key rotation

  * KVM bug causes Firecracker crash when it runs the vCPU for the first time
    (LP: #2109859)
    - vhost: return task creation error instead of NULL
    - kvm: retry nx_huge_page_recovery_thread creation

  * CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
    (LP: #2099914) // CVE-2025-2312
    - CIFS: New mount option for cifs.upcall namespace resolution

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640)
    - ASoC: wm8994: Add depends on MFD core
    - ASoC: samsung: Add missing selects for MFD_WM8994
    - seccomp: Stub for !CONFIG_SECCOMP
    - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request
    - of/unittest: Add test that of_address_to_resource() fails on non-
      translatable address
    - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
    - hwmon: (drivetemp) Set scsi command timeout to 10s
    - ASoC: samsung: Add missing depends on I2C
    - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf()
    - Revert "libfs: fix infinite directory reads for offset dir"
    - libfs: Replace simple_offset end-of-directory detection
    - Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
    - ALSA: usb-audio: Add delay quirk for USB Audio Device
    - Input: xpad - add support for Nacon Pro Compact
    - Input: atkbd - map F23 key to support default copilot shortcut
    - Input: xpad - add unofficial Xbox 360 wireless receiver clone
    - Input: xpad - add QH Electronics VID/PID
    - Input: xpad - improve name of 8BitDo controller 2dc8:3106
    - Input: xpad - add support for Nacon Evol-X Xbox One Controller
    - Input: xpad - add support for wooting two he (arm)
    - ASoC: codecs: es8316: Fix HW rate calculation for 48Mhz MCLK
    - ASoC: cs42l43: Add codec force suspend/resume ops
    - ALSA: hda/realtek: Fix volume adjustment issue on Lenovo ThinkBook 16P Gen5
    - libfs: Return ENOSPC when the directory offset range is exhausted
    - Revert "libfs: Add simple_offset_empty()"
    - libfs: Use d_children list to iterate simple_offset directories
    - wifi: rtl8xxxu: add more missing rtl8192cu USB IDs
    - HID: wacom: Initialize brightness of LED trigger
    - Upstream stable to v6.6.75, v6.12.12

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21689
    - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21690
    - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21691
    - cachestat: fix page cache statistics permission checking

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21692
    - net: sched: fix ets qdisc OOB Indexing

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2025-21699
    - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag

  * Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
    CVE-2024-50157
    - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop

  * rtw89: Support hardware rfkill (LP: #2077384)
    - wifi: rtw89: add support for hardware rfkill

  * Introduce configfs-based interface for gpio-aggregator (LP: #2103496)
    - gpio: introduce utilities for synchronous fake device creation
    - bitmap: Define a cleanup function for bitmaps
    - gpio: aggregator: simplify aggr_parse() with scoped bitmap
    - gpio: aggregator: protect driver attr handlers against module unload
    - gpio: aggregator: reorder functions to prepare for configfs introduction
    - gpio: aggregator: unify function naming
    - gpio: aggregator: add gpio_aggregator_{alloc, free}()
    - gpio: aggregator: introduce basic configfs interface
    - [Config] Enable DEV_SYNC_PROBE as module
    - SAUCE: gpio: aggregator: Fix error code in gpio_aggregator_activate()
    - gpio: aggregator: rename 'name' to 'key' in gpio_aggregator_parse()
    - gpio: aggregator: expose aggregator created via legacy sysfs to configfs
    - SAUCE: gpio: aggregator: fix "_sysfs" prefix check in
      gpio_aggregator_make_group()
    - SAUCE: gpio: aggregator: Fix gpio_aggregator_line_alloc() checking
    - SAUCE: gpio: aggregator: Return an error if there are no GPIOs in
      gpio_aggregator_parse()
    - SAUCE: gpio: aggregator: Fix leak in gpio_aggregator_parse()
    - gpio: aggregator: cancel deferred probe for devices created via configfs
    - Documentation: gpio: document configfs interface for gpio-aggregator
    - selftests: gpio: add test cases for gpio-aggregator
    - SAUCE: selftests: gpio: gpio-aggregator: add a test case for _sysfs prefix
      reservation

  * Noble update: upstream stable patchset 2025-04-16 (LP: #2107449)
    - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
    - net: add exit_batch_rtnl() method
    - gtp: use exit_batch_rtnl() method
    - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
    - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
    - nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
    - net: xilinx: axienet: Fix IRQ coalescing packet count overflow
    - net/mlx5: Fix RDMA TX steering prio
    - net/mlx5e: Rely on reqid in IPsec tunnel mode
    - net/mlx5e: Always start IPsec sequence number from 1
    - drm/vmwgfx: Add new keep_resv BO param
    - drm/v3d: Assign job pointer to NULL before signaling the fence
    - soc: ti: pruss: Fix pruss APIs
    - hwmon: (tmp513) Fix division of negative numbers
    - i2c: mux: demux-pinctrl: check initial mux selection, too
    - i2c: rcar: fix NACK handling when being a target
    - hfs: Sanity che

  linux (6.8.0-60.63) noble; urgency=medium

  * noble/linux: 6.8.0-60.63 -proposed tracker (LP: #2107138)

  * Packaging resync (LP: #1786013)
    - [Packaging] debian.master/dkms-versions -- update from kernel-versions
      (main/2025.04.14)

  * Missing upstream commits for LP: #2102181 (LP: #2107336)
    - libperf cpumap: Add any, empty and min helpers
    - libperf cpumap: Ensure empty cpumap is NULL from alloc

  * Noble update: upstream stable patchset 2025-04-10 (LP: #2106770)
    - memblock: use numa_valid_node() helper to check for invalid node ID
    - jbd2: increase IO priority for writing revoke records
    - jbd2: flush filesystem device before updating tail sequence
    - dm array: fix unreleased btree blocks on closing a faulty array cursor
    - dm array: fix cursor index when skipping across block boundaries
    - exfat: fix the infinite loop in __exfat_free_cluster()
    - erofs: fix PSI memstall accounting
    - ASoC: rt722: add delay time to wait for the calibration procedure
    - ASoC: mediatek: disable buffer pre-allocation
    - selftests/alsa: Fix circular dependency involving global-timer
    - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe()
    - net: 802: LLC+SNAP OID:PID lookup on start of skb data
    - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog
    - tcp/dccp: allow a connection when sk_max_ack_backlog is zero
    - net: libwx: fix firmware mailbox abnormal return
    - pds_core: limit loop over fw name list
    - bnxt_en: Fix possible memory leak when hwrm_req_replace fails
    - cxgb4: Avoid removal of uninserted tid
    - ice: fix incorrect PHY settings for 100 GB/s
    - igc: return early when failing to read EECD register
    - tls: Fix tls_sw_sendmsg error handling
    - eth: gve: use appropriate helper to set xdp_features
    - Bluetooth: hci_sync: Fix not setting Random Address when required
    - Bluetooth: MGMT: Fix Add Device to responding before completing
    - Bluetooth: btnxpuart: Fix driver sending truncated data
    - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
    - riscv: Fix early ftrace nop patching
    - memblock tests: fix implicit declaration of function 'numa_valid_node'
    - iio: imu: inv_icm42600: fix timestamps after suspend if sensor is on
    - netfilter: nf_tables: imbalance in flowtable binding
    - drm/mediatek: stop selecting foreign drivers
    - [Config] updateconfigs for MTK_SMI
    - drm/mediatek: Fix YCbCr422 color format issue for DP
    - drm/mediatek: Fix mode valid issue for dp
    - drm/mediatek: Add return value check when reading DPCD
    - cpuidle: riscv-sbi: fix device node release in early exit of
      for_each_possible_cpu
    - scsi: ufs: qcom: Power off the PHY if it was already powered on in
      ufs_qcom_power_up_sequence()
    - dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
    - ksmbd: Implement new SMB3 POSIX type
    - thermal: of: fix OF node leak in of_thermal_zone_find()
    - smb: client: sync the root session and superblock context passwords before
      automounting
    - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[]
    - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[]
    - drm/amd/display: increase MAX_SURFACES to the value supported by hw
    - io_uring/timeout: fix multishot updates
    - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2)
    - USB: serial: option: add MeiG Smart SRM815
    - USB: serial: option: add Neoway N723-EA support
    - staging: iio: ad9834: Correct phase range check
    - staging: iio: ad9832: Correct phase range check
    - usb-storage: Add max sectors quirk for Nokia 208
    - USB: serial: cp210x: add Phoenix Contact UPS Device
    - usb: dwc3: gadget: fix writing NYET threshold
    - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set
      config
    - tty: serial: 8250: Fix another runtime PM usage counter underflow
    - usb: dwc3-am62: Disable autosuspend during remove
    - USB: usblp: return error when setting unsupported protocol
    - USB: core: Disable LPM only for non-suspended ports
    - usb: fix reference leak in usb_new_device()
    - usb: gadget: midi2: Reverse-select at the right place
    - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in
      the error path of .probe()
    - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
    - usb: typec: tcpm/tcpci_maxim: fix error code in
      max_contaminant_read_resistance_kohm()
    - usb: gadget: configfs: Ignore trailing LF for user strings to cdev
    - iio: gyro: fxas21002c: Fix missing data update in trigger handler
    - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
    - iio: inkern: call iio_device_put() only on mapped devices
    - iio: adc: ad7124: Disable all channels at probe time
    - riscv: kprobes: Fix incorrect address calculation
    - ARM: dts: imxrt1050: Fix clocks for mmc
    - arm64: dts: rockchip: add hevc power domain clock to rk3328
    - pmdomain: imx: gpcv2: Simplify with scoped for each OF child loop
    - pmdomain: imx: gpcv2: fix an OF node reference leak in imx_gpcv2_probe()
    - workqueue: Add rcu lock check at the end of work item execution
    - workqueue: Update lock debugging code
    - mm/hugetlb: enforce that PMD PT sharing has split PMD PT locks
    - riscv: Fix text patching when IPI are used
    - drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is supported
    - ovl: pass realinode to ovl_encode_real_fh() instead of realdentry
    - net: don't dump Tx and uninitialized NAPIs
    - ice: fix max values for dpll pin phase adjust
    - net: hns3: fixed reset failure issues caused by the incorrect reset type
    - net: hns3: fix missing features due to dev->features configuration too early
    - net: hns3: Resolved the issue that the debugfs query result is inconsistent.
    - net: hns3: initialize reset_timer before hclgevf

  linux (6.8.0-59.61) noble; urgency=medium

  * noble/linux: 6.8.0-59.61 -proposed tracker (LP: #2107076)

  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts

  * CVE-2024-56653
    - Bluetooth: btmtk: avoid UAF in btmtk_process_coredump

 -- Manuel Diewald <email address hidden> Fri, 11 Apr 2025 22:44:56 +0200