UbuntuUpdates.org

Package "linux-cloud-tools-common"

Name: linux-cloud-tools-common

Description:

Linux kernel version specific cloud tools for version 6.8.0

Latest version: 6.8.0-86.87
Release: noble (24.04)
Level: updates
Repository: main
Head package: linux

Links


Download "linux-cloud-tools-common"


Other versions of "linux-cloud-tools-common" in Noble

Repository Area Version
base main 6.8.0-31.31
security main 6.8.0-85.85
proposed main 6.8.0-86.87
PPA: Canonical Kernel Team 6.8.0-88.89

Changelog

Version: 6.8.0-86.87 2025-10-20 22:11:47 UTC

  linux (6.8.0-86.87) noble; urgency=medium

  * noble/linux: 6.8.0-86.87 -proposed tracker (LP: #2125391)
    - Fix FTBS caused by incorrect pick/backport of
      "perf dso: fix dso__is_kallsyms() check"

  * noble ubuntu_ftrace_smoke_test:mmiotrace timeout on aws:r5.metal
    (LP: #2121673)
    - mm: memcg: add NULL check to obj_cgroup_put()
    - memcg: drain obj stock on cpu hotplug teardown

  * [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z
    hardware - perf part (LP: #2103415)
    - perf list: Add IBM z17 event descriptions

  * memory leaks when configuring a small rate limit in audit (LP: #2122554)
    - audit: fix skb leak when audit rate limit is exceeded

  * [UBUNTU 24.04] PAI/NNPA support for new IBM z17 (LP: #2121956)
    - s390/pai: export number of sysfs attribute files
    - s390/pai_crypto: Add support for MSA 10 and 11 pai counters
    - s390/pai_ext: Update PAI extension 1 counters

  * [UBUNTU 24.04] s390/pci: Don't abort recovery for user-space drivers
    (LP: #2121150)
    - s390/pci: Allow automatic recovery with minimal driver support

  * [UBUNTU 24.04] s390/pci: Fix stale function handles in error handling
    (LP: #2121149)
    - s390/pci: Fix stale function handles in error handling
    - s390/pci: Do not try re-enabling load/store if device is disabled

  * [UBUNTU 24.04] vfio/pci: fix 8-byte PCI loads and stores (LP: #2121146)
    - vfio/pci: Extract duplicated code into macro
    - vfio/pci: Support 8-byte PCI loads and stores
    - vfio/pci: Fix typo in macro to declare accessors

  * x86 systems with PCIe BAR addresses located outside a certain range see
    P2PDMA allocation failures and CUDA initialization errors (LP: #2120209)
    - x86/kaslr: Reduce KASLR entropy on most x86 systems
    - x86/mm/init: Handle the special case of device private pages in
      add_pages(), to not increase max_pfn and trigger
      dma_addressing_limited() bounce buffers

  * sources list generation using dwarfdump takes up to 0.5hr in build process
    (LP: #2104911)
    - [Packaging] Don't generate list of source files

  * [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user
    namespaces (LP: #2121257)
    - apparmor: shift ouid when mediating hard links in userns
    - apparmor: shift uid when mediating af_unix in userns

  * UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:452:16
    (LP: #2119713)
    - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller

  * [IdeaPad Slim 5 13ARP10 , 83J2] Microphone on AMD Ryzen 7 7735HS does not
    work (LP: #2102749)
    - ASoC: amd: yc: update quirk data for new Lenovo model

  * Fix compilation failure because of incomplete backport (LP: #2120561)
    - SAUCE: netfilter: ctnetlink: Fix -Wuninitialized in
      ctnetlink_secctx_size()

  * Noble update: upstream stable patchset 2025-09-01 (LP: #2121716)
    - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
    - cpufreq: scpi: compare kHz instead of Hz
    - smack: dont compile ipv6 code unless ipv6 is configured
    - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()
    - EDAC/{skx_common,i10nm}: Fix some missing error reports on Emerald
      Rapids
    - x86/fpu: Fix guest FPU state buffer allocation size
    - x86/fpu: Avoid copying dynamic FP state from init_task in
      arch_dup_task_struct()
    - x86/platform: Only allow CONFIG_EISA for 32-bit
    - [Config] updateconfigs after disabling CONFIG_EISA for amd64
    - x86/sev: Add missing RIP_REL_REF() invocations during sme_enable()
    - lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock
    - PM: sleep: Adjust check before setting power.must_resume
    - RISC-V: KVM: Disable the kernel perf counter during configure
    - selinux: Chain up tool resolving errors in install_policy.sh
    - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer
    - EDAC/ie31200: Fix the DIMM size mask for several SoCs
    - EDAC/ie31200: Fix the error path order of ie31200_init()
    - PM: sleep: Fix handling devices with direct_complete set on errors
    - lockdep: Don't disable interrupts on RT in
      disable_irq_nosync_lockdep.*()
    - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
    - x86/traps: Make exc_double_fault() consistently noreturn
    - x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures
    - media: verisilicon: HEVC: Initialize start_bit field
    - media: platform: allgro-dvt: unregister v4l2_device on the error path
    - platform/x86: dell-ddv: Fix temperature calculation
    - ASoC: cs35l41: check the return value from spi_setup()
    - HID: remove superfluous (and wrong) Makefile entry for
      CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER
    - dt-bindings: vendor-prefixes: add GOcontroll
    - ALSA: hda/realtek: Always honor no_shutup_pins
    - ASoC: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio
      compatible
    - drm/bridge: ti-sn65dsi86: Fix multiple instances
    - drm/dp_mst: Fix drm RAD print
    - drm: xlnx: zynqmp: Fix max dma segment size
    - PCI: Use downstream bridges for distributing resources
    - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure
    - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
    - drm/msm/dpu: don't use active in atomic_check()
    - drm/msm/dsi: Use existing per-interface slice count in DSC timing
    - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host
    - drm/amdkfd: Fix Circular Locking Dependency in
      'svm_range_cpu_invalidate_pagetables'
    - PCI: cadence-ep: Fix the driver to send MSG TLP for INTx without data
      payload
    - PCI: brcmstb: Use internal register to change link capability
    - PCI: brcmstb: Fix potential premature regulator disabling
    - PCI/portdrv: Only disable pciehp interrupts early when needed
    - drm/amd/display: fix type mismatch in
      CalculateDynamicMetadataParameters()
    - PCI: Remove stray put_device() in pci_register_

Source diff to previous version
2121673 noble ubuntu_ftrace_smoke_test:mmiotrace timeout on aws:r5.metal
2103415 [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z hardware - perf part
2122554 memory leaks when configuring a small rate limit in audit
2121956 [UBUNTU 24.04] PAI/NNPA support for new IBM z17
2121150 [UBUNTU 24.04] s390/pci: Don't abort recovery for user-space drivers
2121149 [UBUNTU 24.04] s390/pci: Fix stale function handles in error handling
2121146 [UBUNTU 24.04] vfio/pci: fix 8-byte PCI loads and stores
2120209 x86 systems with PCIe BAR addresses located outside a certain range see P2PDMA allocation failures and CUDA initialization errors
2104911 sources list generation using dwarfdump takes up to 0.5hr in build process
2121257 [SRU] Apparmor: Unshifted uids for hardlinks and unix sockets in user namespaces
2119713 UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:452:16
2102749 [IdeaPad Slim 5 13ARP10 , 83J2] Microphone on AMD Ryzen 7 7735HS does not work
2120561 Fix compilation failure because of incomplete backport
2121716 Noble update: upstream stable patchset 2025-09-01
2120877 Noble update: upstream stable patchset 2025-08-18
2120516 TLS socket disconnection causes various issues
1786013 Packaging resync
CVE-2025-22028 In the Linux kernel, the following vulnerability has been resolved: media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warnin
CVE-2025-22036 In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called wit
CVE-2025-22039 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was origina
CVE-2025-22062 In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls t
CVE-2025-22065 In the Linux kernel, the following vulnerability has been resolved: idpf: fix adapter NULL pointer dereference on reboot With SRIOV enabled, idpf e
CVE-2025-22068 In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depe
CVE-2025-22070 In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with op
CVE-2025-40114 In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array c
CVE-2025-22025 In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to que
CVE-2025-22027 In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkal
CVE-2025-39735 In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in e
CVE-2025-22033 In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in do_compat_alignment_fixup() do_alignment_t32_to_handl
CVE-2025-22035 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switchin
CVE-2025-22038 In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero num_subauth before sub_auth is accessed Access psid->sub_a
CVE-2025-22040 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race co
CVE-2025-22041 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbd_sessions_deregister() In multichannel mode,
CVE-2025-22042 In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for c
CVE-2025-22044 In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a
CVE-2025-22045 In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the followin
CVE-2025-22050 In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rx_complete Missing usbnet_going_away Check in Critical P
CVE-2025-22053 In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make veth_pool_store stop hanging v2: - Created a single error ha
CVE-2025-22054 In the Linux kernel, the following vulnerability has been resolved: arcnet: Add NULL check in com20020pci_probe() devm_kasprintf() returns NULL whe
CVE-2025-22055 In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length
CVE-2025-22056 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling mul
CVE-2025-22057 In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dst_release Upstream fix ac888d58869b ("ne
CVE-2025-22058 In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage
CVE-2025-22060 In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM
CVE-2025-38637 In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implem
CVE-2025-22063 In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When cal
CVE-2025-22064 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't unregister hook when table is dormant When nf_table
CVE-2025-22066 In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NUL
CVE-2023-53034 In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There i
CVE-2025-22071 In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak in spufs_create_context() Leak fixes back in 2008 missed one
CVE-2025-22072 In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "[POWERPC] spufs: Fix gang destroy
CVE-2025-22073 In the Linux kernel, the following vulnerability has been resolved: spufs: fix a leak on spufs_new_file() failure It's called from spufs_fill_dir()
CVE-2025-38575 In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free(
CVE-2025-22075 In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0
CVE-2025-37937 In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000
CVE-2025-22079 In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The l_tree_depth fie
CVE-2025-22080 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" va
CVE-2025-22081 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the
CVE-2025-22083 In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_
CVE-2025-22086 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in or
CVE-2025-22089 In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f43
CVE-2025-39728 In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y,
CVE-2025-22090 In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() If track
CVE-2025-38152 In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear table_sz when rproc_shutdown There is case as below cou
CVE-2025-38240 In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr The function
CVE-2025-22095 In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulator_bulk_get() If the regula
CVE-2025-22097 In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initia
CVE-2025-23136 In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companio
CVE-2025-23138 In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() mod
CVE-2025-39682 In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call mus
CVE-2025-38500 In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface co
CVE-2025-37756 In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconne
CVE-2025-38477 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can oc
CVE-2025-38618 In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to au
CVE-2025-38617 In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_s
CVE-2025-37785 In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem wit

Version: 6.8.0-85.85 2025-10-01 03:07:36 UTC

  linux (6.8.0-85.85) noble; urgency=medium

  * noble/linux: 6.8.0-85.85 -proposed tracker (LP: #2125109)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  * CVE-2025-38500
    - xfrm: interface: fix use-after-free after changing collect_md xfrm
      interface

  * TLS socket disconnection causes various issues (LP: #2120516) //
    CVE-2025-37756
    - net: tls: explicitly disallow disconnect

  * CVE-2025-38477
    - net/sched: sch_qfq: Fix race condition on qfq_aggregate
    - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in
      qfq_delete_class

  * CVE-2025-38618
    - vsock: Do not allow binding to VMADDR_PORT_ANY

  * CVE-2025-38617
    - net/packet: fix a race in packet_set_ring() and packet_notifier()

  * CVE-2025-37785
    - ext4: fix OOB read when checking dotdot dir

 -- Manuel Diewald <email address hidden> Thu, 18 Sep 2025 14:48:00 +0200

Source diff to previous version
1786013 Packaging resync
2120516 TLS socket disconnection causes various issues
CVE-2025-38500 In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface co
CVE-2025-37756 In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconne
CVE-2025-38477 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can oc
CVE-2025-38618 In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to au
CVE-2025-38617 In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_s
CVE-2025-37785 In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem wit

Version: 6.8.0-84.84 2025-09-23 14:07:26 UTC

  linux (6.8.0-84.84) noble; urgency=medium

  * Linux refcount imbalance in af_unix subsystem (LP: #2121515)
    - SAUCE: af_unix: Fix GC compatibility with upstream OOB refcount changes

Source diff to previous version
2121515 Linux refcount imbalance in af_unix subsystem

Version: 6.8.0-83.83 2025-09-16 22:07:21 UTC

  linux (6.8.0-83.83) noble; urgency=medium

  * Linux refcount imbalance in af_unix subsystem (LP: #2121515)
    - SAUCE: af_unix: Fix GC compatibility with upstream OOB refcount changes

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

 -- Manuel Diewald <email address hidden> Fri, 05 Sep 2025 12:34:38 +0200

Source diff to previous version
1786013 Packaging resync

Version: 6.8.0-79.79 2025-08-27 04:07:55 UTC

  linux (6.8.0-79.79) noble; urgency=medium

  * noble/linux: 6.8.0-79.79 -proposed tracker (LP: #2120415)

  * CVE-2024-57996 // CVE-2025-37752
    - net_sched: sch_sfq: move the limit validation

  * CVE-2025-38350
    - net/sched: Always pass notifications when child class becomes empty

  * CVE-2025-21887
    - ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up

 -- Stefan Bader <email address hidden> Tue, 12 Aug 2025 12:33:51 +0200

CVE-2024-57996 In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does
CVE-2025-37752 In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the limit validation It is not sufficient to directly
CVE-2025-38350 In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain cla
CVE-2025-21887 In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The iss



About   -   Send Feedback to @ubuntu_updates