This bug was fixed in the package linux-aws - 6.8.0-1030.32
---------------
linux-aws (6.8.0-1030.32) noble; urgency=medium
* noble/linux-aws: 6.8.0-1030.32 -proposed tracker (LP: #2110701)
* Create 64K page size AWS kernel for ARM (LP: #2083557)
- [Packaging]: aws: Add 64k page flavor
[ Ubuntu: 6.8.0-62.65 ]
* noble/linux: 6.8.0-62.65 -proposed tracker (LP: #2110737)
* Rotate the Canonical Livepatch key (LP: #2111244)
- [Config] Prepare for Canonical Livepatch key rotation
* KVM bug causes Firecracker crash when it runs the vCPU for the first time
(LP: #2109859)
- vhost: return task creation error instead of NULL
- kvm: retry nx_huge_page_recovery_thread creation
* CVE-2025-2312 cifs.upcall could access incorrect kerberos credentials cache
(LP: #2099914) // CVE-2025-2312
- CIFS: New mount option for cifs.upcall namespace resolution
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640)
- ASoC: wm8994: Add depends on MFD core
- ASoC: samsung: Add missing selects for MFD_WM8994
- seccomp: Stub for !CONFIG_SECCOMP
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS
request
- of/unittest: Add test that of_address_to_resource() fails on non-
translatable address
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- hwmon: (drivetemp) Set scsi command timeout to 10s
- ASoC: samsung: Add missing depends on I2C
- ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf()
- Revert "libfs: fix infinite directory reads for offset dir"
- libfs: Replace simple_offset end-of-directory detection
- Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad"
- ALSA: usb-audio: Add delay quirk for USB Audio Device
- Input: xpad - add support for Nacon Pro Compact
- Input: atkbd - map F23 key to support default copilot shortcut
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: xpad - add QH Electronics VID/PID
- Input: xpad - improve name of 8BitDo controller 2dc8:3106
- Input: xpad - add support for Nacon Evol-X Xbox One Controller
- Input: xpad - add support for wooting two he (arm)
- ASoC: codecs: es8316: Fix HW rate calculation for 48Mhz MCLK
- ASoC: cs42l43: Add codec force suspend/resume ops
- ALSA: hda/realtek: Fix volume adjustment issue on Lenovo ThinkBook 16P
Gen5
- libfs: Return ENOSPC when the directory offset range is exhausted
- Revert "libfs: Add simple_offset_empty()"
- libfs: Use d_children list to iterate simple_offset directories
- wifi: rtl8xxxu: add more missing rtl8192cu USB IDs
- HID: wacom: Initialize brightness of LED trigger
- Upstream stable to v6.6.75, v6.12.12
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21689
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21690
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21691
- cachestat: fix page cache statistics permission checking
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21692
- net: sched: fix ets qdisc OOB Indexing
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2025-21699
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
* Noble update: upstream stable patchset 2025-04-29 (LP: #2109640) //
CVE-2024-50157
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
* rtw89: Support hardware rfkill (LP: #2077384)
- wifi: rtw89: add support for hardware rfkill
* Introduce configfs-based interface for gpio-aggregator (LP: #2103496)
- gpio: introduce utilities for synchronous fake device creation
- bitmap: Define a cleanup function for bitmaps
- gpio: aggregator: simplify aggr_parse() with scoped bitmap
- gpio: aggregator: protect driver attr handlers against module unload
- gpio: aggregator: reorder functions to prepare for configfs introduction
- gpio: aggregator: unify function naming
- gpio: aggregator: add gpio_aggregator_{alloc, free}()
- gpio: aggregator: introduce basic configfs interface
- [Config] Enable DEV_SYNC_PROBE as module
- SAUCE: gpio: aggregator: Fix error code in gpio_aggregator_activate()
- gpio: aggregator: rename 'name' to 'key' in gpio_aggregator_parse()
- gpio: aggregator: expose aggregator created via legacy sysfs to configfs
- SAUCE: gpio: aggregator: fix "_sysfs" prefix check in
gpio_aggregator_make_group()
- SAUCE: gpio: aggregator: Fix gpio_aggregator_line_alloc() checking
- SAUCE: gpio: aggregator: Return an error if there are no GPIOs in
gpio_aggregator_parse()
- SAUCE: gpio: aggregator: Fix leak in gpio_aggregator_parse()
- gpio: aggregator: cancel deferred probe for devices created via configfs
- Documentation: gpio: document configfs interface for gpio-aggregator
- selftests: gpio: add test cases for gpio-aggregator
- SAUCE: selftests: gpio: gpio-aggregator: add a test case for _sysfs prefix
reservation
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449)
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()
- net: add exit_batch_rtnl() method
- gtp: use exit_batch_rtnl() method
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp().
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output()
- net: xilinx: axienet: Fix IRQ coalescing packet count overflow
- net/mlx5: Fix RDMA TX steering prio
- net/mlx5e: Rely on reqid in IPsec tunnel mode
- net/mlx5e: Always start IPsec sequence number from 1
- drm/vmwgfx: Add new keep_resv BO param
- drm/v3d: Assign job pointer to NULL before signaling the fence
- soc: ti: pruss: Fix pruss APIs
- hwmon: (tmp513) Fix division of negative numbers
- i2c: mux: demux-pinctrl: check initial mux selection, too
- i2c: rcar: fix NACK handling when being a target
- hfs: Sanity check the root record
- fs: fix missing declaration of init_files
- kheaders: Ignore silly-rename files
- cachefiles: Parse the "secctx" immediately
- scsi: ufs: core: Honor runtime/system PM levels if set by host controller
drivers
- selftests: tc-testing: reduce rshift value
- ACPI: resource: acpi_dev_irq_override(): Check DMI match last
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and
.poll()
- RDMA/bnxt_re: Fix to export port num to ib_query_qp
- nvmet: propagate npwg topology
- ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA
- i2c: atr: Fix client detach
- mptcp: be sure to send ack when mptcp-level window re-opens
- mptcp: fix spurious wake-up on under memory pressure
- selftests: mptcp: avoid spurious errors on disconnect
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- vsock/virtio: cancel close work in the destructor
- vsock: reset socket state when de-assigning the transport
- nouveau/fence: handle cross device fences properly
- irqchip: Plug a OF node reference leak in platform_irqchip_probe()
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly
- drm/i915/fb: Relax clear color alignment to 64 bytes
- drm/amdgpu: always sync the GFX pipe on ctx switch
- ocfs2: fix deadlock in ocfs2_get_system_file_inode
- nfsd: add list_head nf_gc to struct nfsd_file
- x86/xen: fix SLS mitigation in xen_hypercall_iret()
- efi/zboot: Limit compression options to GZIP and ZSTD
- [Config] updateconfigs for HAVE_KERNEL_(LZ4|LZMA|LZO|XZ)
- net: ravb: Fix max TX frame size for RZ/V2M
- net/mlx5: SF, Fix add port error handling
- drm/vmwgfx: Unreserve BO on error
- i2c: testunit: on errors, repeat NACK until STOP
- hwmon: (ltc2991) Fix mixed signed/unsigned in DIV_ROUND_CLOSEST
- fs/qnx6: Fix building with GCC 15
- gpio: sim: lock up configfs that an instantiated device depends on
- gpio: sim: lock hog configfs items if present
- platform/x86: ISST: Add Clearwater Forest to support list
- drm/nouveau/disp: Fix missing backlight control on Macbook 5,1
- net/ncsi: fix locking in Get MAC Address handling
- drm/amd/display: Do not elevate mem_type change to full update
- drm/xe: Mark ComputeCS read mode as UC on iGPU
- drm/amdgpu/smu13: update powersave optimizations
- drm/amdgpu: fix fw attestation for MP0_14_0_{2/3}
- drm/amdgpu: disable gfxoff with the compute workload on gfx12
- drm/amd/display: Fix PSR-SU not support but still call the
amdgpu_dm_psr_enable
- Upstream stable to v6.6.73, v6.6.74, v6.12.11
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21672
- afs: Fix merge preference rule failure condition
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21682
- eth: bnxt: always recalculate features after XDP clearing, fix null-deref
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-53124
- net: fix data-races around sk->sk_forward_alloc
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-57924
- fs: relax assertions on failure to encode file handles
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-57951
- hrtimers: Handle CPU state correctly on hotplug
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-57949
- irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21668
- pmdomain: imx8mp-blk-ctrl: add missing loop break condition
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21684
- gpio: xilinx: Convert gpio_lock to raw spinlock
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21694
- fs/proc: fix softlockup in __read_vmcore (part 2)
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21665
- filemap: avoid truncating 64-bit offset to 32 bits
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21666
- vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21669
- vsock/virtio: discard packets if the transport changes
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21670
- vsock/bpf: return early if transport is not assigned
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21667
- iomap: avoid avoid truncating 64-bit offset to 32 bits
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2024-57948
- mac802154: check local interfaces before deleting sdata list
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21673
- smb: client: fix double free of TCP_Server_Info::hostname
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21697
- drm/v3d: Ensure job pointer is set to NULL after job completion
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21674
- net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21675
- net/mlx5: Clear port select structure when fail to create
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21676
- net: fec: handle page_pool_dev_alloc_pages error
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21678
- gtp: Destroy device along with udp socket's netns dismantle.
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21680
- pktgen: Avoid out-of-bounds access in get_imix_entries
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21681
- openvswitch: fix lockup on tx to unregistering netdev with carrier
* Noble update: upstream stable patchset 2025-04-16 (LP: #2107449) //
CVE-2025-21683
- bpf: Fix bpf_sk_select_reuseport() memory leak
* Packaging resync (LP: #1786013)
- [Packaging] update annotations scripts
-- Philip Cox <philip....@canonical.com> Wed, 28 May 2025 12:34:22
-0400
** Changed in: linux-aws (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-50157
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53124
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57924
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57948
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57949
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-57951
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21665
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21666
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21667
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21668
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21669
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21670
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21672
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21673
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21674
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21675
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21676
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21678
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21680
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21681
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21682
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21683
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21684
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21689
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21690
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21691
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21692
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21694
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21697
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21699
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-2312
** Changed in: linux-aws (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-49636
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-49728
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-53034
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-36945
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46753
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46812
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-46821
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53144
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-53168
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-56551
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-56608
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-56664
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-58093
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-8805
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21941
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21956
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21957
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21959
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21962
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21963
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21964
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21968
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21970
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21975
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21981
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21991
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21992
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21994
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21996
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21999
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22004
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22005
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22007
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22008
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22010
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22014
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22018
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22020
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22021
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22025
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22035
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22044
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22045
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22050
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22054
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22055
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22056
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22060
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22063
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22066
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22071
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22073
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22075
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22079
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22081
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22086
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22089
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-22097
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23136
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-23138
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-37785
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-38152
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-38575
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-38637
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-39728
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-39735
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/2083557
Title:
Create 64K page size AWS kernel for ARM
Status in linux-aws package in Ubuntu:
Invalid
Status in linux-aws-6.8 package in Ubuntu:
Invalid
Status in linux-aws source package in Jammy:
Fix Released
Status in linux-aws-6.8 source package in Jammy:
Fix Released
Status in linux-aws source package in Noble:
Fix Released
Status in linux-aws source package in Plucky:
Fix Committed
Bug description:
[Impact]
A 64k page size flavor was requested by AWS.
[Fix]
Add new flavor and configs for 64k page size on arm64.
[Test Case]
Compile and boot tested. `getconf PAGE_SIZE` evaluates to 65536.
[Where things could go wrong]
This is a packaging change which introduces a new flavor, so there is
very low chance of regression. The new flavor can be verified to be 64k
page size through the `getconf` command.
[Other Info]
SF #00392971
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/2083557/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
