Package "linux-image-unsigned-6.8.0-100-generic"

  linux (6.8.0-100.100) noble; urgency=medium

  * noble/linux: 6.8.0-100.100 -proposed tracker (LP: #2138307)

  * Turbo boost stuck disabled on Clevo PD5x_7xSNC_SND_SNE (LP: #2122531)
    - cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes

  * [noble] write-sealed memfd mappings fail to map read-only (LP: #2138244)
    - SAUCE: Fix read-only mapping of write-sealed pages

  linux (6.8.0-94.96) noble; urgency=medium

  * noble/linux: 6.8.0-94.96 -proposed tracker (LP: #2138092)

  * CVE-2025-40019
    - crypto: essiv - Check ssize for decryption and in-place encryption

  * CVE-2025-38561
    - ksmbd: fix Preauh_HashValue race condition

  * CVE-2025-39698
    - io_uring/futex: ensure io_futex_wait() cleans up properly on failure

 -- Manuel Diewald <email address hidden> Fri, 09 Jan 2026 17:07:51 +0100

  linux (6.8.0-90.91) noble; urgency=medium

  * noble/linux: 6.8.0-90.91 -proposed tracker (LP: #2131785)

  * cifs: Fix memory leak of a folio every call to cifs_writepages_begin()
    (LP: #2131213)
    - cifs: fix pagecache leak when do writepages

  linux (6.8.0-88.89) noble; urgency=medium

  * noble/linux: 6.8.0-88.89 -proposed tracker (LP: #2127619)

  * Enable Xilinx PS UART configs (LP: #2121337)
    - [Config] Enable Xilinx PS UART configs

  * Fix ARL-U/H suspend issues (LP: #2112469)
    - platform/x86/intel/pmc: Add Arrow Lake U/H support to intel_pmc_core
      driver
    - platform/x86/intel/pmc: Fix Arrow Lake U/H NPU PCI ID

  * r8169 can not wake on LAN via SFP moudule (LP: #2123901)
    - r8169: set EEE speed down ratio to 1

  * Add pvpanic kernel modules to linux-modules (LP: #2126659)
    - [Packaging] Add pvpanic kernel modules to linux-modules

  * CVE-2025-21729
    - wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion

  * Fix failure to build TDX module (LP: #2126698)
    - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT

  * Ubuntu 24.04.2: error in audit_log_object_context keep printing in the
    kernel and console (LP: #2123815)
    - SAUCE: fix: apparmor4.0.0 [26/90]: LSM stacking v39: Audit: Add record
      for multiple object contexts

  * ensure mptcp keepalives are honored when set (LP: #2125444)
    - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN

  * System hangs when running the memory stress test (LP: #2103680)
    - mm: page_alloc: avoid kswapd thrashing due to NUMA restrictions

  * UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer
    dereference (LP: #2125053)
    - SAUCE: fan: vxlan: check memory allocation for map

  * jammy:linux-riscv-6.8 is FTBFS because of wrong include (LP: #2122592)
    - SAUCE: riscv: KVM: Remove broken include

  * Performance degrades rapidly when spawning more processes to run benchmark
    (LP: #2122006)
    - cpuidle: menu: Avoid discarding useful information
    - cpuidle: governors: menu: Avoid using invalid recent intervals data

  * CVE-2025-38227
    - media: vidtv: Terminating the subsequent process of initialization
      failure

  * CVE-2025-38678
    - netfilter: nf_tables: reject duplicate device on updates

  * CVE-2025-38616
    - tls: handle data disappearing from under the TLS ULP

  * CVE-2025-37838
    - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
      Driver Due to Race Condition

  * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300
    - Documentation/hw-vuln: Add VMSCAPE documentation
    - x86/vmscape: Enumerate VMSCAPE bug
    - x86/vmscape: Add conditional IBPB mitigation
    - x86/vmscape: Enable the mitigation
    - x86/bugs: Move cpu_bugs_smt_update() down
    - x86/vmscape: Warn when STIBP is disabled with SMT
    - x86/vmscape: Add old Intel CPUs to affected list

  * VMSCAPE CVE-2025-40300 (LP: #2124105)
    - [Config] Enable MITIGATION_VMSCAPE config

  * CVE-2025-38352
    - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
      posix_cpu_timer_del()

  * CVE-2025-38118
    - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
    - Bluetooth: MGMT: Fix sparse errors

 -- Edoardo Canepa <email address hidden> Sat, 11 Oct 2025 01:38:46 +0200

  linux (6.8.0-87.88) noble; urgency=medium

  * noble/linux: 6.8.0-87.88 -proposed tracker (LP: #2127436)

  * CVE-2025-37838
    - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol
      Driver Due to Race Condition

  * VMSCAPE CVE-2025-40300 (LP: #2124105) // CVE-2025-40300
    - Documentation/hw-vuln: Add VMSCAPE documentation
    - x86/vmscape: Enumerate VMSCAPE bug
    - x86/vmscape: Add conditional IBPB mitigation
    - x86/vmscape: Enable the mitigation
    - x86/bugs: Move cpu_bugs_smt_update() down
    - x86/vmscape: Warn when STIBP is disabled with SMT
    - x86/vmscape: Add old Intel CPUs to affected list

  * VMSCAPE CVE-2025-40300 (LP: #2124105)
    - [Config] Enable MITIGATION_VMSCAPE config

  * CVE-2025-38352
    - posix-cpu-timers: fix race between handle_posix_cpu_timers() and
      posix_cpu_timer_del()

  * CVE-2025-38118
    - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
    - Bluetooth: MGMT: Fix sparse errors

 -- Manuel Diewald <email address hidden> Fri, 10 Oct 2025 20:20:13 +0200