This bug was fixed in the package linux-nvidia-6.14 - 6.14.0-1008.8
---------------
linux-nvidia-6.14 (6.14.0-1008.8) noble; urgency=medium
* noble/linux-nvidia-6.14: 6.14.0-1008.8 -proposed tracker (LP:
#2118798)
* Packaging resync (LP: #1786013)
- [Packaging] debian.nvidia-6.14/dkms-versions -- update from kernel-
versions (main/d2025.07.23)
* mt7925: Mediate extra wifi fixes (LP: #2118583)
- wifi: mt76: mt7925: prevent multiple scan commands
- wifi: mt76: mt7925: refine the sniffer commnad
- wifi: mt76: mt7925: ensure all MCU commands wait for response
* nvidia-ffa-ec: Fix FFH data response length (LP: #2118357)
- NVIDIA: SAUCE: Fix FFH data response length
* Add pincontrol driver for MT8901 chip (LP: #2117784)
- pinctrl: mediatek: Add EINT support for multiple addresses
- pinctrl: mediatek: Fix new design debounce issue
- NVIDIA: SAUCE: MEDIATEK: pinctrl: mediatek: Add gpio-range record in
pinctrl driver
- NVIDIA: SAUCE: MEDIATEK: pinctrl: mediatek: Add acpi support
- NVIDIA: SAUCE: MEDIATEK: pinctrl: mt8901: Add pinctrl driver
- [Config] nvidia-6.14: Update annotations to enable CONFIG_PINCTRL_MT8901
* mt7925: Extra wifi fixes (LP: #2117774)
- wifi: mt76: mt7925: fix the wrong config for tx interrupt
- wifi: mt76: mt7925: prevent NULL pointer dereference in
mt7925_sta_set_decap_offload()
* CVE-2025-38016
- HID: bpf: abort dispatch if device destroyed
* Fix incorrect iommu_groups with PCIe ACS (LP: #2116967)
- NVIDIA: SAUCE: PCI: Move REQ_ACS_FLAGS into pci_regs.h as
PCI_ACS_ISOLATED
- NVIDIA: SAUCE: PCI: Add pci_bus_isolation()
- NVIDIA: SAUCE: iommu: Compute iommu_groups properly for PCIe switches
- NVIDIA: SAUCE: iommu: Organize iommu_group by member size
- NVIDIA: SAUCE: PCI: Add pci_reachable_set()
- NVIDIA: SAUCE: PCI: Remove duplication in calling pci_acs_ctrl_enabled()
- NVIDIA: SAUCE: PCI: Use pci_quirk_mf_endpoint_acs() for
pci_quirk_amd_sb_acs()
- NVIDIA: SAUCE: PCI: Use pci_acs_ctrl_isolated() for pci_quirk_al_acs()
- NVIDIA: SAUCE: PCI: Widen the acs_flags to u32 within the quirk callback
- NVIDIA: SAUCE: PCI: Add pci_mfd_isolation()
- NVIDIA: SAUCE: iommu: Compute iommu_groups properly for PCIe MFDs
- NVIDIA: SAUCE: iommu: Validate that pci_for_each_dma_alias() matches the
groups
- NVIDIA: SAUCE: PCI: Add the ACS Enhanced Capability definitions
- NVIDIA: SAUCE: PCI: Enable ACS Enhanced bits for enable_acs and
config_acs
- NVIDIA: SAUCE: PCI: Check ACS DSP/USP redirect bits in
pci_enable_pasid()
- NVIDIA: SAUCE: PCI: Check ACS Extended flags for pci_bus_isolated()
* Backport: KVM: arm64: Map GPU device memory as cacheable (LP: #2116207)
- Revert "NVIDIA: SAUCE: KVM: arm64: determine memory type from VMA"
- KVM: arm64: Rename the device variable to s2_force_noncacheable
- KVM: arm64: Assume non-PFNMAP/MIXEDMAP VMAs can be mapped cacheable
- KVM: arm64: Block cacheable PFNMAP mapping
- KVM: arm64: Allow cacheable stage 2 mapping using VMA flags
- KVM: arm64: Expose new KVM cap for cacheable PFNMAP
* wifi: mt7925: Connecting to Wifi is not reliable (LP: #2116194)
- wifi: mt76: mt7925: Remove unnecessary if-check
- wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl
* Add missing NVIDIA HDA codec IDs (LP: #2115674)
- ALSA: hda/tegra: Add Tegra264 support
- ALSA: hda: Add missing NVIDIA HDA codec IDs
[ Ubuntu: 6.14.0-27.27 ]
* plucky/linux: 6.14.0-27.27 -proposed tracker (LP: #2117503)
* [Regression Updates] "PCI: Explicitly put devices into D0 when
initializing" breaks pci-pass-through in QEMU/KVM (LP: #2117494)
- PCI/PM: Set up runtime PM even for devices without PCI PM
[ Ubuntu: 6.14.0-25.25 ]
* plucky/linux: 6.14.0-25.25 -proposed tracker (LP: #2116362)
* Packaging resync (LP: #1786013)
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/s2025.06.16)
* [UBUNTU 25.04] lszcrypt output shows no cards because ap module has to be
loaded manually (LP: #2116061)
- [Config] s390: Build ap driver into the kernel
* CVE-2025-38083
- net_sched: prio: fix a race in prio_tune()
[ Ubuntu: 6.14.0-24.24 ]
* plucky/linux: 6.14.0-24.24 -proposed tracker (LP: #2114501)
* Packaging resync (LP: #1786013)
- [Packaging] update variants
- [Packaging] update annotations scripts
- [Packaging] debian.master/dkms-versions -- update from kernel-versions
(main/2025.06.16)
* Apple spi keyboard/trackpad not working 25.04 (LP: #2107976)
- iommu/vt-d: Restore context entry setup order for aliased devices
* Unexpected system reboot at loading GUI session on some AMD platforms
(LP: #2112462)
- drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush
- drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush
* Fix ARL-U/H suspend issues (LP: #2112469)
- platform/x86/intel/pmc: Remove duplicate enum
- platform/x86:intel/pmc: Make tgl_core_generic_init() static
- platform/x86:intel/pmc: Create generic_core_init() for all platforms
- platform/x86/intel/pmc: Remove simple init functions
- platform/x86/intel/pmc: Add Arrow Lake U/H support to intel_pmc_core
driver
- platform/x86/intel/pmc: Fix Arrow Lake U/H NPU PCI ID
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174)
- s390/pci: Remove redundant bus removal and disable from
zpci_release_device()
- s390/pci: Prevent self deletion in disable_slot()
- s390/pci: Allow re-add of a reserved but not yet removed device
- s390/pci: Serialize device addition and removal
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174) // CVE-2025-37946
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has
child VFs
* [UBUNTU 24.04] s390/pci: Fix immediate re-add of PCI function after remove
(LP: #2114174) // CVE-2025-37974
- s390/pci: Fix missing check for zpci_create_device() error return
* HW accelerated video playback causes VCN timeout on VCN 4.0.5 (AMD Strix)
(LP: #2112582)
- drm/amdgpu: read back register after written for VCN v4.0.5
* kvmppc_set_passthru_irq_hv: Could not assign IRQ map traces are seen when
pci device is attached to kvm guest when "xive=off" is set (LP: #2109951)
- KVM: PPC: Book3S HV: Fix IRQ map warnings with XICS on pSeries KVM Guest
* System will restart while resuming with SATA HDD or nvme installed with
password set (LP: #2110090)
- PCI: Explicitly put devices into D0 when initializing
* VM boots slowly with large-BAR GPU Passthrough (Root Cause Fix SRU)
(LP: #2111861)
- mm: Provide address mask in struct follow_pfnmap_args
- vfio/type1: Convert all vaddr_get_pfns() callers to use vfio_batch
- vfio/type1: Catch zero from pin_user_pages_remote()
- vfio/type1: Use vfio_batch for vaddr_get_pfns()
- vfio/type1: Use consistent types for page counts
- vfio/type1: Use mapping page mask for pfnmaps
* Plucky update: v6.14.6 upstream stable release (LP: #2113881)
- Revert "rndis_host: Flag RNDIS modems as WWAN devices"
- ALSA: hda/realtek - Add more HP laptops which need mute led fixup
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
- ASoC: renesas: rz-ssi: Use NOIRQ_SYSTEM_SLEEP_PM_OPS()
- btrfs: fix COW handling in run_delalloc_nocow()
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
- drm/fdinfo: Protect against driver unbind
- EDAC/altera: Test the correct error reg offset
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- i2c: imx-lpi2c: Fix clock count when probe defers
- pinctrl: airoha: fix wrong PHY LED mapping and PHY2 LED defines
- perf/x86/intel: Only check the group flag for X86 leader
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum
offload
- mm/memblock: pass size instead of end to memblock_set_node()
- mm/memblock: repeat setting reserved region nid if array is doubled
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
- spi: tegra114: Don't fail set_cs_timing when delays are zero
- tracing: Do not take trace_event_sem in print_event_fields()
- x86/boot/sev: Support memory acceptance in the EFI stub under SVSM
- dm-integrity: fix a warning on invalid table line
- dm: always update the array size in realloc_argv on success
- drm/amdgpu: Fix offset for HDP remap in nbio v7.11
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
- iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream
ids
- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains
- iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57)
- platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep
cycles
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU
hotplug
- smb: client: fix zero length for mkdir POSIX create context
- cpufreq: Avoid using inconsistent policy->min and policy->max
- cpufreq: Fix setting policy limits when frequency tables are used
- bcachefs: Remove incorrect __counted_by annotation
- drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF
- ASoC: soc-core: Stop using of_property_read_bool() for non-boolean
properties
- ASoC: cs-amp-lib-test: Don't select SND_SOC_CS_AMP_LIB
- firmware: cs_dsp: tests: Depend on FW_CS_DSP rather then enabling it
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
- Revert "UBUNTU: SAUCE: powerpc64/ftrace: fix module loading without
patchable function entries"
- pinctrl: imx: Return NULL if no group is matched and found
- powerpc/boot: Check for ld-option support
- ASoC: Intel: sof_sdw: Add NULL check in asoc_sdw_rt_dmic_rtd_init()
- iommu/arm-smmu-v3: Add missing S2FWB feature detection
- ALSA: hda/realtek - Enable speaker for HP platform
- drm/i915/pxp: fix undefined reference to
`intel_pxp_gsccs_is_ready_for_sessions'
- wifi: iwlwifi: back off on continuous errors
- wifi: iwlwifi: don't warn if the NIC is gone in resume
- wifi: iwlwifi: fix the check for the SCRATCH register upon resume
- powerpc/boot: Fix dash warning
- xsk: Fix offset calculation in unaligned mode
- net/mlx5e: Use custom tunnel header for vxlan gbp
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- net/mlx5e: TC, Continue the attr process even if encap entry is invalid
- net/mlx5e: Fix lock order in mlx5e_tx_reporter_ptpsq_unhealthy_recover
- net/mlx5: E-switch, Fix error handling for enabling roce
- accel/ivpu: Correct DCT interrupt handling
- cpufreq: Introduce policy->boost_supported flag
- cpufreq: acpi: Set policy->boost_supported
- cpufreq: ACPI: Re-sync CPU boost state on system resume
- Bluetooth: hci_conn: Fix not setting conn_timeout for Broadcast Receiver
- Bluetooth: hci_conn: Fix not setting timeout for BIG Create Sync
- Bluetooth: btintel_pcie: Avoid redundant buffer allocation
- Bluetooth: btintel_pcie: Add additional to checks to clear TX/RX paths
- Bluetooth: L2CAP: copy RX timestamp to new fragments
- net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID
- octeon_ep_vf: Resolve netdevice usage count issue
- bnxt_en: improve TX timestamping FIFO configuration
- rtase: Modify the condition used to detect overflow in
rtase_calc_time_mitigation
- net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when
advised
- net: ethernet: mtk_eth_soc: sync mtk_clks_source_name array
- pds_core: make pdsc_auxbus_dev_del() void
- pds_core: specify auxiliary_device to be created
- ice: Don't check device type when checking GNSS presence
- ice: Remove unnecessary ice_is_e8xx() functions
- ice: fix Get Tx Topology AQ command error on E830
- idpf: fix offloads support for encapsulated packets
- scsi: ufs: core: Remove redundant query_complete trace
- drm/xe/guc: Fix capture of steering registers
- pinctrl: qcom: Fix PINGROUP definition for sm8750
- nvme-pci: fix queue unquiesce check on slot_reset
- drm/tests: shmem: Fix memleak
- drm/mipi-dbi: Fix blanking for non-16 bit formats
- net: dlink: Correct endianness handling of led_mode
- net: mdio: mux-meson-gxl: set reversed bit when using internal phy
- idpf: fix potential memory leak on kcalloc() failure
- idpf: protect shutdown from reset
- igc: fix lock order in igc_ptp_reset
- net: dsa: felix: fix broken taprio gate states after clock jump
- net: ipv6: fix UDPv6 GSO segmentation with NAT
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models
- bnxt_en: Fix ethtool selftest output in one of the failure cases
- bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan()
- bnxt_en: call pci_alloc_irq_vectors() after bnxt_reserve_rings()
- bnxt_en: Fix coredump logic to free allocated buffer
- bnxt_en: Fix ethtool -d byte order for 32-bit values
- nvme-tcp: fix premature queue removal and I/O failover
- nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS
- nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS
- ASoC: stm32: sai: skip useless iterations on kernel rate loop
- ASoC: stm32: sai: add a check on minimal kernel frequency
- bnxt_en: fix module unload sequence
- net: fec: ERR007885 Workaround for conventional TX
- net: hns3: store rx VLAN tag offload state for VF
- net: hns3: fix an interrupt residual problem
- net: hns3: fixed debugfs tm_qset size
- net: hns3: defer calling ptp_clock_register()
- net: vertexcom: mse102x: Fix possible stuck of SPI interrupt
- net: vertexcom: mse102x: Fix LEN_MASK
- net: vertexcom: mse102x: Add range check for CMD_RTS
- net: vertexcom: mse102x: Fix RX error handling
- accel/ivpu: Abort all jobs after command queue unregister
- accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW
- drm/xe: Invalidate L3 read-only cachelines for geometry streams too
- platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7
- ublk: add helper of ublk_need_map_io()
- ublk: properly serialize all FETCH_REQs
- ublk: move device reset into ublk_ch_release()
- ublk: improve detection and handling of ublk server exit
- ublk: remove __ublk_quiesce_dev()
- ublk: simplify aborting ublk request
- firmware: arm_ffa: Skip Rx buffer ownership release if not acquired
- arm64: dts: imx95: Correct the range of PCIe app-reg region
- ARM: dts: opos6ul: add ksz8081 phy properties
- arm64: dts: st: Adjust interrupt-controller for stm32mp25 SoCs
- arm64: dts: st: Use 128kB size for aliased GIC400 register access on
stm32mp25 SoCs
- block: introduce zone capacity helper
- btrfs: zoned: skip reporting zone for new block group
- kernel: param: rename locate_module_kobject
- kernel: globalize lookup_or_create_module_kobject()
- drivers: base: handle module_kobject creation
- btrfs: expose per-inode stable writes flag
- btrfs: pass struct btrfs_inode to btrfs_read_locked_inode()
- btrfs: pass struct btrfs_inode to btrfs_iget_locked()
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
- bcachefs: Change btree_insert_node() assertion to error
- dm: fix copying after src array boundaries
- Linux 6.14.6
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37903
- drm/amd/display: Fix slab-use-after-free in hdcp
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37904
- btrfs: fix the inode leak in btrfs_iget()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37905
- firmware: arm_scmi: Balance device refcount when destroying devices
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37906
- ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37907
- accel/ivpu: Fix locking order in ivpu_job_submit
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37908
- mm, slab: clean up slab->obj_exts always
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37933
- octeon_ep: Fix host hang issue during device reboot
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37909
- net: lan743x: Fix memleak issue when GSO enabled
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37910
- ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37894
- net: use sock_gen_put() when sk_state is TCP_TIME_WAIT
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37934
- ASoC: simple-card-utils: Fix pointer check in
graph_util_parse_link_direction
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37911
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37895
- bnxt_en: Fix error handling path in bnxt_init_chip()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37935
- net: ethernet: mtk_eth_soc: fix SER panic with 4GB+ RAM
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37891
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37912
- ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37913
- net_sched: qfq: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37914
- net_sched: ets: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37915
- net_sched: drr: Fix double list add in class with netem as child qdisc
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37916
- pds_core: remove write-after-free of client_id
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37917
- net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx
poll
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37918
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37919
- ASoC: amd: acp: Fix NULL pointer deref in acp_i2s_set_tdm_slot
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37896
- spi: spi-mem: Add fix to avoid divide error
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37920
- xsk: Fix race condition in AF_XDP generic RX path
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37921
- vxlan: vnifilter: Fix unlocked deletion of default FDB entry
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37897
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37898
- powerpc64/ftrace: fix module loading without patchable function entries
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37922
- book3s64/radix : Align section vmemmap start address to PAGE_SIZE
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37923
- tracing: Fix oob write in trace_seq_to_buffer()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37899
- ksmbd: fix use-after-free in session logoff
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37924
- ksmbd: fix use-after-free in kerberos authentication
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37926
- ksmbd: fix use-after-free in ksmbd_session_rpc_open
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37900
- iommu: Fix two issues in iommu_copy_struct_from_user()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37927
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37928
- dm-bufio: don't schedule in atomic context
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37990
- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37901
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37936
- perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's
value.
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37991
- parisc: Fix double SIGFPE crash
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37929
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37930
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
* Plucky update: v6.14.6 upstream stable release (LP: #2113881) //
CVE-2025-37931
- btrfs: adjust subpage bit start based on sectorsize
* Support Sony IMX471 camera sensor for Intel IPU7 platforms (LP: #2107320)
- SAUCE: media: ipu-bridge: Support imx471 sensor
* deadlock on cpu_hotplug_lock in __accept_page() (LP: #2109543)
- mm/page_alloc: fix deadlock on cpu_hotplug_lock in __accept_page()
* Plucky fails to boot on (older) Macs (LP: #2105402)
- SAUCE: hack: efi/libstub: enable t14s boot failure hack only on arm64
* CVE-2025-37798
- sch_htb: make htb_qlen_notify() idempotent
- sch_htb: make htb_deactivate() idempotent
- sch_drr: make drr_qlen_notify() idempotent
- sch_hfsc: make hfsc_qlen_notify() idempotent
- sch_qfq: make qfq_qlen_notify() idempotent
- sch_ets: make est_qlen_notify() idempotent
- selftests/tc-testing: Add a test case for FQ_CODEL with HTB parent
- selftests/tc-testing: Add a test case for FQ_CODEL with QFQ parent
- selftests/tc-testing: Add a test case for FQ_CODEL with HFSC parent
- selftests/tc-testing: Add a test case for FQ_CODEL with DRR parent
- selftests/tc-testing: Add a test case for FQ_CODEL with ETS parent
* CVE-2025-37997
- netfilter: ipset: fix region locking in hash types
* CVE-2025-37890
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child
qdisc
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
-- Jacob Martin <[email protected]> Fri, 25 Jul 2025 17:09:44
-0500
** Changed in: linux-nvidia-6.14 (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37798
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37890
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37891
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37894
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37895
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37896
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37897
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37898
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37899
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37900
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37901
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37903
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37904
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37905
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37906
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37907
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37908
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37909
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37910
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37911
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37912
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37913
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37914
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37915
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37916
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37917
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37918
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37919
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37920
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37921
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37922
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37923
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37924
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37926
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37927
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37928
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37929
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37930
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37931
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37933
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37934
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37935
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37936
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37946
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37974
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37990
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37991
** CVE added: https://cve.org/CVERecord?id=CVE-2025-37997
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38016
** CVE added: https://cve.org/CVERecord?id=CVE-2025-38083
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-nvidia-6.11 in Ubuntu.
https://bugs.launchpad.net/bugs/2118357
Title:
nvidia-ffa-ec: Fix FFH data response length
Status in linux-nvidia-6.11 package in Ubuntu:
Invalid
Status in linux-nvidia-6.14 package in Ubuntu:
Invalid
Status in linux-nvidia-6.11 source package in Noble:
Fix Committed
Status in linux-nvidia-6.14 source package in Noble:
Fix Released
Bug description:
While testing the FFA support for EC secure service communication we
found an issue.
While copying the data back into ACPI FFH packet,it uses the request
length. The response data can be largerthan request length. The
response length can't be fetched in thelinux FFH handler function. We
can copy all the bytes fromffa_data.data. The ACPI AML code will only
use the required number bytes from this.
This patch will fix this patch:
Fixes: d0038ee ("NVIDIA: SAUCE: Add support for EC secure service
communication")
We will need the patch for linux nvidia 6.11 kernel and 6.14 kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-nvidia-6.11/+bug/2118357/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
