Package "linux-azure-nvidia"

  linux-azure-nvidia (6.8.0-1027.30) noble; urgency=medium

  * noble/linux-azure-nvidia: 6.8.0-1027.30 -proposed tracker (LP: #2127397)

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants

  [ Ubuntu-azure: 6.8.0-1042.48 ]

  * noble/linux-azure: 6.8.0-1042.48 -proposed tracker (LP: #2127400)
  * azure: backport "cifs: reset iface weights when we cannot find a
    candidate" (LP: #2127706)
    - cifs: reset iface weights when we cannot find a candidate
  * azure: backport "hv_netvsc: fix loss of early receive events from host
    during channel open" (LP: #2127705)
    - net: hv_netvsc: fix loss of early receive events from host during
      channel open.
  * Backport fix for Linux SMB directory contents caching (LP: #2125686)
    - smb: improve directory cache reuse for readdir operations
  [ Ubuntu: 6.8.0-87.88 ]
  * noble/linux: 6.8.0-87.88 -proposed tracker (LP: #2127436)
  * CVE-2025-37838
    - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
      Driver Due to Race Condition
  * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300
    - Documentation/hw-vuln: Add VMSCAPE documentation
    - x86/vmscape: Enumerate VMSCAPE bug
    - x86/vmscape: Add conditional IBPB mitigation
    - x86/vmscape: Enable the mitigation
    - x86/bugs: Move cpu_bugs_smt_update() down
    - x86/vmscape: Warn when STIBP is disabled with SMT
    - x86/vmscape: Add old Intel CPUs to affected list
  * VMSCAPE CVE-2025-40300 (LP: #2124105)
    - [Config] Enable MITIGATION_VMSCAPE config
  * CVE-2025-38352
    - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
      posix_cpu_timer_del()
  * CVE-2025-38118
    - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
    - Bluetooth: MGMT: Fix sparse errors

 -- John Cabaj <email address hidden> Wed, 15 Oct 2025 16:15:55 -0500

  linux-azure-nvidia (6.8.0-1025.27) noble; urgency=medium

  * noble/linux-azure-nvidia: 6.8.0-1025.27 -proposed tracker (LP: #2125071)

  [ Ubuntu-nvidia: 6.8.0-1040.43 ]

  * noble/linux-nvidia: 6.8.0-1040.43 -proposed tracker (LP: #2125093)

  [ Ubuntu-azure: 6.8.0-1040.46 ]

  * noble/linux-azure: 6.8.0-1040.46 -proposed tracker (LP: #2125522)
  * azure: backport "cifs: fix pagecache leak when do writepages"
    (LP: #2122719)
    - cifs: fix pagecache leak when do writepages
  * azure: backport "hv_netvsc: Fix panic during namespace deletion with VF"
    (LP: #2120803)
    - hv_netvsc: Fix panic during namespace deletion with VF
  * azure: backport various SMB multichannel fixes (LP: #2118807)
    - cifs: reset connections for all channels when reconnect requested
    - cifs: update dstaddr whenever channel iface is updated
    - cifs: dns resolution is needed only for primary channel
    - cifs: deal with the channel loading lag while picking channels
    - cifs: serialize other channels when query server interfaces is pending
    - cifs: do not disable interface polling on failure
    - smb: client: fix potential deadlock when reconnecting channels
    - smb: client: fix warning when reconnecting channel
  * net: mana: Use page pool fragments for RX buffers instead of full pages to
    improve memory efficiency (LP: #2121570)
    - net: mana: Use page pool fragments for RX buffers instead of full pages
      to improve memory efficiency.

  [ Ubuntu-azure: 6.8.0-1039.45 ]

  * noble/linux-azure: 6.8.0-1039.45 -proposed tracker (LP: #2125074)
  [ Ubuntu: 6.8.0-85.85 ]
  * noble/linux: 6.8.0-85.85 -proposed tracker (LP: #2125109)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
  * CVE-2025-38500
    - xfrm: interface: fix use-after-free after changing collect_md xfrm
      interface
  * TLS socket disconnection causes various issues (LP: #2120516) //
    CVE-2025-37756
    - net: tls: explicitly disallow disconnect
  * CVE-2025-38477
    - net/sched: sch_qfq: Fix race condition on qfq_aggregate
    - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
      qfq_delete_class
  * CVE-2025-38618
    - vsock: Do not allow binding to VMADDR_PORT_ANY
  * CVE-2025-38617
    - net/packet: fix a race in packet_set_ring() and packet_notifier()
  * CVE-2025-37785
    - ext4: fix OOB read when checking dotdot dir

  [ Ubuntu-azure: 6.8.0-1038.44 ]

  [ Ubuntu: 6.8.0-84.84 ]
  * Linux refcount imbalance in af_unix subsystem (LP: #2121515)
    - SAUCE: af_unix: Fix GC compatibility with upstream OOB refcount changes

 -- John Cabaj <email address hidden> Tue, 23 Sep 2025 16:07:09 -0500

  linux-azure-nvidia (6.8.0-1022.23) noble; urgency=medium

  * noble/linux-azure-nvidia: 6.8.0-1022.23 -proposed tracker (LP: #2120371)

  [ Ubuntu-azure: 6.8.0-1034.39 ]

  * noble/linux-azure: 6.8.0-1034.39 -proposed tracker (LP: #2120374)
  [ Ubuntu: 6.8.0-78.78 ]
  * noble/linux: 6.8.0-78.78 -proposed tracker (LP: #2120405)
  * Incorrect backport for CVE-2025-21861 causes kernel hangs
    (LP: #2120330) // CVE-2025-21861
    - mm/migrate_device: don't add folio to be freed to LRU in
      migrate_device_finalize()
  * Incorrect backport for CVE-2025-21861 causes kernel hangs (LP: #2120330)
    - SAUCE: Revert "mm/migrate_device: don't add folio to be freed to LRU in
      migrate_device_finalize()"
    - mm: migrate_device: use more folio in migrate_device_finalize()

  linux-azure-nvidia (6.8.0-1019.20) noble; urgency=medium

  * noble/linux-azure-nvidia: 6.8.0-1019.20 -proposed tracker (LP: #2114309)

  * [GB200] MANA patch updates (LP: #2115453)
    - RDMA/mana_ib: Fix error code in probe()
    - net: mana: Probe rdma device in mana driver
    - RDMA/mana_ib: Add support of 4M, 1G, and 2G pages
    - RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic
    - RDMA/mana_ib: unify mana_ib functions to support any gdma device
    - net: mana: Add support for auxiliary device servicing events
    - net: mana: use ethtool string helpers
    - net: mana: Expose additional hardware counters for drop and TC via
      ethtool.
    - RDMA/mana_ib: Add device statistics support
    - net: mana: Add handler for hardware servicing events

  * [Arm64] High reboot time for 96 core Linux VMs (LP: #2114218)
    - arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
    - arm64: mm: Batch dsb and isb when populating pgtables
    - arm64: mm: Don't remap pgtables for allocate vs populate

  [ Ubuntu-nvidia: 6.8.0-1030.33 ]

  * noble/linux-nvidia: 6.8.0-1030.33 -proposed tracker (LP: #2114327)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants

  [ Ubuntu-azure: 6.8.0-1031.36 ]

  * noble/linux-azure: 6.8.0-1031.36 -proposed tracker (LP: #2114312)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
  * Request to allow variable-sized MANA indirection table (LP: #2100902)
    - net: mana: Allow variable size indirection table
  * [Arm64] High reboot time for 96 core Linux VMs (LP: #2114218)
    - arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
    - arm64: mm: Batch dsb and isb when populating pgtables
    - arm64: mm: Don't remap pgtables for allocate vs populate
  * Backport of [hv_netvsc]Fix error "nvsp_rndis_pkt_complete error status: 2"
    (LP: #2112423)
    - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges
    - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages
    - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array
    - hv_netvsc: Remove rmsg_pgcnt
    - Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer()
  * Backport request of tools: hv: Enable debug logs for hv_kvp_daemon
    (LP: #2112609)
    - tools: hv: Enable debug logs for hv_kvp_daemon
  * KVM-AMD Crash in GitHub Actions (LP: #2106673)
    - SAUCE (no-up): KVM: SVM: Workaround overly strict CR3 check by Hyper-V
  * noble/linux: 6.8.0-63.66 -proposed tracker (LP: #2114341)
  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] update annotations scripts
  * CVE-2025-37798
    - sch_htb: make htb_qlen_notify() idempotent
    - sch_htb: make htb_deactivate() idempotent
    - sch_drr: make drr_qlen_notify() idempotent
    - sch_hfsc: make hfsc_qlen_notify() idempotent
    - sch_qfq: make qfq_qlen_notify() idempotent
    - sch_ets: make est_qlen_notify() idempotent
    - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
  * CVE-2025-37997
    - netfilter: ipset: fix region locking in hash types
  * CVE-2025-22088
    - RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
  * CVE-2025-37890
    - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
      qdisc
    - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
    - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
  * raid1: Fix NULL pointer dereference in process_checks() (LP: #2112519)
    - md/raid1: Add check for missing source disk in process_checks()

 -- John Cabaj <email address hidden> Fri, 27 Jun 2025 17:13:34 -0500

  linux-azure-nvidia (6.8.0-1018.19) noble; urgency=medium

  * noble/linux-azure-nvidia: 6.8.0-1018.19 -proposed tracker (LP: #2112225)