Package "linux-tools-common"

  linux (6.17.0-38.38) questing; urgency=medium

  * questing/linux: 6.17.0-38.38 -proposed tracker (LP: #2154532)

  * Generic questing kernel oops on bootup with newer Nvidia machines
    (LP: #2154481)
    - nouveau: don't attempt fwsec on sb on newer platforms.

  * Kernel regression (6.8.0-117.generic) (LP: #2153556)
    - bonding: do not set usable_slaves for broadcast mode

  * powerpc-build in ubuntu_kernel_selftests fails to build due to
    uninitialized value (LP: #2129844)
    - selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15

  * iptables connlimit traffic loss (LP: #2149872)
    - netfilter: nf_conncount: fix tracking of connections from localhost

  * On Dell system, the internal OLED display drops to a visibly low FPS after
    suspend/resume (LP: #2144712)
    - drm/i915/psr: Disable Panel Replay on Dell XPS 14 DA14260 as a quirk
    - drm/i915/psr: Fixes for Dell XPS DA14260 quirk

  * CVE-2026-23272
    - netfilter: nf_tables: unconditionally bump set->nelems before insertion

  * CVE-2026-31418
    - netfilter: ipset: drop logically empty buckets in mtype_del

  * CVE-2026-23392
    - netfilter: nf_tables: release flowtable after rcu grace period on error

  * CVE-2026-23278
    - netfilter: nf_tables: always walk all pending catchall elements

  * GRO managed-frag use-after-free leading to local privilege escalation
    (LP: #2154172)
    - net: gro: don't merge zcopy skbs

  * AppArmor Vulnerabilities (LP: #2151747)
    - SAUCE: apparmor: pass big_resp to handler
    - SAUCE: apparmor: remove redundant kref_init for listener->count
    - SAUCE: apparmor: fix NULL pointer dereference in unpack_pdb

  * AppArmor Vulnerabilities (LP: #2151747) // CVE-2026-47337
    - SAUCE: apparmor: fix NULL pointer dereference in bind_map_addr

  * AppArmor Vulnerabilities (LP: #2151747) // CVE-2026-47334
    - SAUCE: apparmor: fix sleep prone memory allocation under a spin_lock

  * AppArmor Vulnerabilities (LP: #2151747) // CVE-2026-47333
    - SAUCE: apparmor: fix dfa unpacking size of the notification filter

  * AppArmor Vulnerabilities (LP: #2151747) // CVE-2026-47332
    - SAUCE: apparmor: fix size check against type instead of pointer

  * apparmor: LLVM/clang build failure due to uninitialized variable in
    notify.c (LP: #2148809) // CVE-2026-47330
    - SAUCE: apparmor: initialize variable used in uninitialized context

  * AppArmor Vulnerabilities (LP: #2151747) // CVE-2026-47329
    - SAUCE: apparmor: fix name validation bypass on notification

  * AppArmor Vulnerabilities (LP: #2151747) // CVE-2026-47327 //
    CVE-2026-47328
    - SAUCE: apparmor: fix glob memory leak after kstrdup

  * AppArmor Vulnerabilities (LP: #2151747) // CVE-2026-47326
    - SAUCE: apparmor: fix inverted NULL check after aa_get_buffer

  * CVE-2026-46300
    - net: skbuff: preserve shared-frag marker during coalescing
    - net: skbuff: propagate shared-frag marker through frag-transfer helpers

  * net/rds: reset op_nents when zerocopy page pin fails (LP: #2153962)
    - net/rds: reset op_nents when zerocopy page pin fails

  * CVE-2026-46333
    - ptrace: slightly saner 'get_dumpable()' logic

  * CVE-2026-43500
    - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
    - rxrpc: Fix potential UAF after skb_unshare() failure
    - rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
    - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

  * CVE-2026-31676 // CVE-2026-43500
    - rxrpc: only handle RESPONSE during service challenge

  * CVE-2026-43284
    - xfrm: esp: avoid in-place decrypt on shared skb frags

  * CVE-2026-31419
    - net: bonding: fix use-after-free in bond_xmit_broadcast()

  * CVE-2026-31431
    - crypto: algif_aead - Revert to operating out-of-place
    - crypto: algif_aead - snapshot IV for async AEAD requests
    - crypto: authencesn - Do not place hiseq at end of dst for out-of-place
      decryption
    - crypto: authencesn - Fix src offset when decrypting in-place
    - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
    - crypto: algif_aead - Fix minimum RX size check for decryption

  * CVE-2026-31533
    - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

  * CVE-2026-31504
    - net: fix fanout UAF in packet_release() via NETDEV_UP race

 -- Edoardo Canepa <email address hidden> Fri, 29 May 2026 03:41:15 +0200

  linux (6.17.0-28.28) questing; urgency=medium

  * questing/linux: 6.17.0-28.28 -proposed tracker (LP: #2150051)

  * Linux kernel 6.17.0-22.22 breaks amdxdna (LP: #2149766)
    - Revert "iommu: disable SVA when CONFIG_X86 is set"

  linux (6.17.0-24.24) questing; urgency=medium

  * questing/linux: 6.17.0-24.24 -proposed tracker (LP: #2148025)

  * Remount ext4 to readonly with data=journal mode may dump call trace
    (LP: #2147400)
    - ext4: fix stale xarray tags after writeback

  * System hangs during stress-ng stack test (LP: #2137755)
    - mm, swap: fix swap cache index error when retrying reclaim

  * BUG: kernel NULL pointer dereference when starting VM inside a container
    (LP: #2147374)
    - apparmor: fix NULL pointer dereference in __unix_needs_revalidation

  * BUG: kernel NULL pointer dereference in amdgpu (LP: #2144577)
    - drm/amdgpu: validate the flush_gpu_tlb_pasid()
    - drm/amdgpu: Fix validating flush_gpu_tlb_pasid()

  * Jellyfin Desktop Flatpak doesn't work with the current AppArmor profile
    (LP: #2142956)
    - SAUCE: apparmor5.0.0 [53/57]: apparmor: fix af_unix local addr mediation
      binding

  * Fine grained network mediation was broken if v8/v9 was used (LP: #2142860)
    - SAUCE: apparmor5.0.0 [29/57]: apparmor: fix fine grained inet mediation
      sock_file_perm

  * Enable CirrusLogic audio solution CS42L45+CS35L63 on AMD and Intel PTL
    (LP: #2143104)
    - ASoC: amd: acp: Add ACP7.0 match entries for cs35l56 and cs42l43
    - ASoC: amd: acp: soc-acpi: add is_device_rt712_vb() helper
    - ASoC: amd: acp: Sort match table into most specific first
    - ASoC: amd: acp: Rename Cirrus Logic component match entries to include
      link and uid
    - ASoC: amd: acp: Sort Cirrus Logic match entries
    - ASoC: amd: acp: Add ACP7.0 match entries for Cirrus Logic parts
    - ASoC: amd: acp: Fix Kconfig dependencies for
      SND_SOC_ACPI_AMD_SDCA_QUIRKS
    - [Config] Enable SND_SOC_ACPI_AMD_SDCA_QUIRKS
    - soundwire: amd: add clock init control function
    - soundwire: amd: refactor bandwidth calculation logic

  * CVE-2026-23112
    - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

  * Canonical Kmod 2025 key rotation (LP: #2147447)
    - [Packaging] ubuntu-compatible-signing -- make Ubuntu-Compatible-Signing
      extensible
    - [Packaging] ubuntu-compatible-signing -- allow consumption of positive
      certs
    - [Packaging] ubuntu-compatible-signing -- report the livepatch:2025 key
    - [Config] prepare for Canonical Kmod key rotation
    - [Packaging] ubuntu-compatible-signing -- report the kmod:2025 key
    - [Packaging] ensure our cert rollups are always fresh

  * Questing update: upstream stable patchset 2026-03-24 (LP: #2146193)
    - mptcp: fallback earlier on simult connection
    - mm: consider non-anon swap cache folios in folio_expected_ref_count()
    - mptcp: ensure context reset on disconnect()
    - wifi: mac80211: Discard Beacon frames to non-broadcast address
    - net: phy: mediatek: fix nvmem cell reference leak in
      mt798x_phy_calibration
    - drm/amdgpu: Forward VMID reservation errors
    - sched/fair: Small cleanup to sched_balance_newidle()
    - sched/fair: Small cleanup to update_newidle_cost()
    - sched/fair: Proportional newidle balance
    - Revert "iommu/amd: Skip enabling command/event buffers for kdump"
    - sched/proxy: Yield the donor task
    - drm: nova: depend on CONFIG_64BIT
    - sched/core: Add comment explaining force-idle vruntime snapshots
    - mm/huge_memory: merge uniform_split_supported() and
      non_uniform_split_supported()
    - drm/amdgpu: don't attach the tlb fence for SI
    - sched_ext: fix uninitialized ret on alloc_percpu() failure
    - idpf: fix LAN memory regions command on some NVMs
    - Bluetooth: MGMT: report BIS capability flags in supported settings
    - powerpc/tools: drop `-o pipefail` in gcc check scripts
    - net: airoha: Move net_devs registration in a dedicated routine
    - net: wangxun: move PHYLINK dependency
    - platform/x86/intel/pmt: Fix kobject memory leak on init failure
    - bng_en: update module description
    - mcb: Add missing modpost build support
    - net: mdio: rtl9300: use scoped for loops
    - tools/sched_ext: fix scx_show_state.py for scx_root change
    - platform/x86/intel/pmt/discovery: use valid device pointer in
      dev_err_probe
    - net: fib: restore ECMP balance from loopback
    - RDMA/mana_ib: check cqe length for kernel CQs
    - drm/gem-shmem: Fix the MODULE_LICENSE() string
    - kunit: Enforce task execution in {soft,hard}irq contexts
    - ublk: don't pass q_id to ublk_queue_cmd_buf_size()
    - ublk: implement NUMA-aware memory allocation
    - ublk: scan partition in async way
    - drm/xe/guc: READ/WRITE_ONCE g2h_fence->done
    - IB/rxe: Fix missing umem_odp->umem_mutex unlock on error path
    - hisi_acc_vfio_pci: Add .match_token_uuid callback in
      hisi_acc_vfio_pci_migrn_ops
    - mm, swap: do not perform synchronous discard during allocation
    - clk: qcom: mmcc-sdm660: Add missing MDSS reset
    - clk: qcom: Fix SM_VIDEOCC_6350 dependencies
    - [Config] set CONFIG_SM_GCC_6350, CONFIG_SM_VIDEOCC_6350 to '-'
    - clk: qcom: Fix dependencies of QCS_{DISP,GPU,VIDEO}CC_615
    - [Config] set CONFIG_QCS_{DISP,GPU,VIDEO}CC_615 to '-'
    - arm64: dts: ti: k3-am62d2-evm: Fix regulator properties
    - arm64: dts: ti: k3-am62d2-evm: Fix PMIC padconfig
    - arm64: dts: st: Add memory-region-names property for stm32mp257f-ev1
    - arm64: dts: qcom: sm6350: Fix wrong order of freq-table-hz for UFS
    - NFSD: Make FILE_SYNC WRITEs comply with spec
    - nvmet: pci-epf: move DMA initialization to EPC init callback
    - PCI: dwc: Add support for ELBI resource mapping
    - PCI: meson: Fix parsing the DBI register region
    - power: supply: max77705: Fix potential IRQ chip conflict when probing
      two devices
    - media: iris: Refine internal buffer reconfiguration logic for resolution
      change
    - LoongArch: Fix arch_dup_task_struct() for CONFIG_RANDSTRUCT
    - mm/damon/tests/core-kunit: fix memory leak in
      damon_test_set_filters_default_reject()
    - mm/damon/tests/core-kunit: handle alloc failur

  linux (6.17.0-22.22) questing; urgency=medium

  * questing/linux: 6.17.0-22.22 -proposed tracker (LP: #2143428)

  * Questing preinstalled server fails to boot on QCS8300 based boards
    (LP: #2134400)
    - [Config] move qcom interconnect/pinctrl/gcc as built-in for QCS8300

  * TBT call trace while connecting TBT4 monitor on TBT5 port (LP: #2137613)
    - SAUCE: thunderbolt: log path activation failures without WARN backtraces

  * efi: Fix swapped arguments to bsearch() in efi_status_to_*() SAUCE patch
    (LP: #2141276)
    - SAUCE efi: Fix swapped arguments to bsearch() in efi_status_to_*()

  * [SRU]Fix xe GPU suspend/resume crash on Battlemage (LP: #2141377)
    - drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally

  * Accumulative updates for Intel PTL-H component enabling PV rev3.0
    (LP: #2137272)
    - drm/i915/display: Optimize panel power-on wait time
    - HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume
      blocking
    - drm/xe/guc: Recommend GUC v70.49.4 for PTL, BMG
    - HID: Intel-thc-hid: Intel-thc: Use str_true_false() helper
    - HID: intel-thc-hid: intel-quicki2c: support ACPI config for advanced
      features
    - usb: typec: ucsi: Add SET_POWER_LEVEL UCSI command to debugfs

  * Questing update: upstream stable patchset 2026-03-04 (LP: #2142250)
    - bpf: Fix sleepable context for async callbacks
    - bpf: extract generic helper from process_timer_func()
    - bpf: Fix handling maps with no BTF and non-constant offsets for the
      bpf_wq
    - irqchip: Drop leftover brackets
    - irqchip: Pass platform device to platform drivers
    - arm64: dts: exynos: gs101: fix clock module unit reg sizes
    - ice: move service task start out of ice_init_pf()
    - ice: move ice_init_interrupt_scheme() prior ice_init_pf()
    - ice: ice_init_pf: destroy mutexes and xarrays on memory alloc failure
    - ice: move udp_tunnel_nic and misc IRQ setup into ice_init_pf()
    - ice: move ice_init_pf() out of ice_init_dev()
    - ice: extract ice_init_dev() from ice_init()
    - ice: move ice_deinit_dev() to the end of deinit paths
    - ice: remove duplicate call to ice_deinit_hw() on error paths
    - arm64: dts: qcom: lemans: Add missing quirk for HS only USB controller
    - tools/nolibc: x86: fix section mismatch caused by asm "mem*" functions
    - arm64: dts: ti: k3-j784s4: Fix I2C pinmux pull configuration
    - wifi: ath12k: enforce vdev limit in ath12k_mac_vdev_create()
    - ARM: dts: am33xx: Add missing serial console speed
    - arm64: tegra: Add pinctrl definitions for pcie-ep nodes
    - arm64: mm: Move KPTI helpers to mmu.c
    - arm64/mm: Allow __create_pgd_mapping() to propagate pgtable_alloc()
      errors
    - pwm: Simplify printf to emit chip->npwm in $debugfs/pwm
    - pwm: Use %u to printf unsigned int pwm_chip::npwm and pwm_chip::id
    - soc/tegra: fuse: speedo-tegra210: Update speedo IDs
    - iio: core: add missing mutex_destroy in iio_dev_release()
    - iio: core: Clean up device correctly on iio_device_alloc() failure
    - iommu/vt-d: Set INTEL_IOMMU_FLOPPY_WA depend on BLK_DEV_FD
    - of/fdt: Fix the len check in early_init_dt_check_for_elfcorehdr()
    - of/fdt: Fix the len check in early_init_dt_check_for_usable_mem_range()
    - rtla/tests: Extend action tests to 5s
    - rtla: Fix -a overriding -t argument
    - btrfs: make sure extent and csum paths are always released in
      scrub_raid56_parity_stripe()
    - iomap: allocate s_dio_done_wq for async reads as well
    - RDMA/irdma: Remove doorbell elision logic
    - selftests/landlock: Fix makefile header list
    - io_uring/kbuf: use READ_ONCE() for userspace-mapped memory
    - ALSA: wavefront: Clear substream pointers on close
    - btrfs: do not skip logging new dentries when logging a new name
    - btrfs: fix a potential path leak in print_data_reloc_error()
    - bpf, arm64: Do not audit capability check in do_jit()
    - btrfs: fix memory leak of fs_devices in degraded seed device path
    - iomap: account for unaligned end offsets when truncating read range
    - scripts/faddr2line: Fix "Argument list too long" error
    - sched/fair: Revert max_newidle_lb_cost bump
    - x86/ptrace: Always inline trivial accessors
    - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint()
      only
    - cpufreq: dt-platdev: Add JH7110S SOC to the allowlist
    - ACPI: fan: Workaround for 64-bit firmware bug
    - cpufreq: s5pv210: fix refcount leak
    - cpuidle: menu: Use residency threshold in polling state override
      decisions
    - livepatch: Match old_sympos 0 and 1 in klp_find_func()
    - fs/ntfs3: Support timestamps prior to epoch
    - kbuild: Use objtree for module signing key path
    - hfsplus: fix volume corruption issue for generic/070
    - hfsplus: fix volume corruption issue for generic/073
    - fs/ntfs3: check for shutdown in fsync
    - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU
    - wifi: cfg80211: stop radar detection in cfg80211_leave()
    - wifi: cfg80211: use cfg80211_leave() in iftype change
    - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC
      load
    - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet
    - btrfs: scrub: always update btrfs_scrub_progress::last_physical
    - gfs2: fix remote evict for read-only filesystems
    - gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad"
    - smb/server: fix return value of smb2_ioctl()
    - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV
    - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170
    - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135
    - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
    - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT
    - net: fec: ERR007885 Workaround for XDP TX path
    - ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2()
    - mlxsw: spectrum_router: Fix possible neighbour reference count leak
    -