Package "linux-doc"

  linux (6.8.0-117.117) noble; urgency=medium

  * noble/linux: 6.8.0-117.117 -proposed tracker (LP: #2151070)

  * CVE-2026-31419
    - net: bonding: fix use-after-free in bond_xmit_broadcast()

  * CVE-2026-31431
    - crypto: scatterwalk - Backport memcpy_sglist()
    - crypto: algif_aead - use memcpy_sglist() instead of null skcipher
    - crypto: algif_aead - Revert to operating out-of-place
    - crypto: algif_aead - snapshot IV for async AEAD requests
    - crypto: authenc - use memcpy_sglist() instead of null skcipher
    - crypto: authencesn - Do not place hiseq at end of dst for out-of-place
      decryption
    - crypto: authencesn - Fix src offset when decrypting in-place
    - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
    - crypto: algif_aead - Fix minimum RX size check for decryption

  * CVE-2026-31533
    - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

  * CVE-2026-31504
    - net: fix fanout UAF in packet_release() via NETDEV_UP race

 -- Manuel Diewald <email address hidden> Tue, 05 May 2026 15:53:02 +0200

  linux (6.8.0-111.111) noble; urgency=medium

  * noble/linux: 6.8.0-111.111 -proposed tracker (LP: #2147890)

  * CVE-2026-23231
    - netfilter: nf_tables: fix use-after-free in nf_tables_addchain()

  * macvlan: observe an RCU grace period in macvlan_common_newlink() error
    path (LP: #2144380) // CVE-2026-23209
    - macvlan: observe an RCU grace period in macvlan_common_newlink() error
      path

  * CVE-2026-23112
    - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

 -- Manuel Diewald <email address hidden> Sat, 11 Apr 2026 22:54:06 +0200

  linux (6.8.0-110.110) noble; urgency=medium

  * noble/linux: 6.8.0-110.110 -proposed tracker (LP: #2144887)

  * ITS mitigation is not enabled on affected CPUs (LP: #2144730)
    - x86/bugs: Rename CONFIG_RETPOLINE => CONFIG_MITIGATION_RETPOLINE
    - x86/bugs: Rename CONFIG_RETHUNK => CONFIG_MITIGATION_RETHUNK
    - [Config] rename config options RETHUNK and RETPOLINE

  linux (6.8.0-107.107) noble; urgency=medium

  * noble/linux: 6.8.0-107.107 -proposed tracker (LP: #2144267)

  * CVE-2026-23074
    - net/sched: Enforce that teql can only be used as root qdisc

  * CVE-2026-23060
    - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN
      spec

  * CVE-2026-23111
    - netfilter: nf_tables: fix inverted genmask check in
      nft_map_catchall_activate()

 -- Manuel Diewald <email address hidden> Fri, 13 Mar 2026 14:27:20 +0100

  linux (6.8.0-106.106) noble; urgency=medium

  * Miscellaneous upstream changes
    - apparmor: validate DFA start states are in bounds in unpack_pdb
    - apparmor: fix memory leak in verify_header
    - apparmor: replace recursive profile removal with iterative approach
    - apparmor: fix: limit the number of levels of policy namespaces
    - apparmor: fix side-effect bug in match_char() macro usage
    - apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
    - apparmor: Fix double free of ns_name in aa_replace_profiles()
    - apparmor: fix unprivileged local user can do privileged policy
      management
    - apparmor: fix differential encoding verification
    - apparmor: fix race on rawdata dereference
    - apparmor: fix race between freeing data and fs accessing it

 -- Mehmet Basaran <email address hidden> Fri, 06 Mar 2026 03:43:25 +0300